From 1f5efdb730b90f8a73c5ab032eeee082059649a6 Mon Sep 17 00:00:00 2001
From: Tom Morton <tmort@users.noreply.github.com>
Date: Tue, 22 Oct 2019 08:23:39 -0400
Subject: [PATCH 1/6] Catalina Fix
This edits the docker setup to pull the script cert-gen from my repository instead of the official Devilbox repo. This is temporary until the official repository is fixed.
---
Dockerfile | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/Dockerfile b/Dockerfile
index bba88db..c0a776a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,7 +12,7 @@ LABEL \
### Build arguments
###
ARG VHOST_GEN_GIT_REF=0.15
-ARG CERT_GEN_GIT_REF=0.2
+ARG CERT_GEN_GIT_REF=0.3.1
ENV BUILD_DEPS \
git \
@@ -52,8 +52,8 @@ RUN set -x \
&& rm -rf vhost*gen* \
\
# Install cert-gen
- && wget --no-check-certificate -O /usr/bin/ca-gen https://raw.githubusercontent.com/devilbox/cert-gen/${CERT_GEN_GIT_REF}/bin/ca-gen \
- && wget --no-check-certificate -O /usr/bin/cert-gen https://raw.githubusercontent.com/devilbox/cert-gen/${CERT_GEN_GIT_REF}/bin/cert-gen \
+ && wget --no-check-certificate -O /usr/bin/ca-gen https://raw.githubusercontent.com/tmort/cert-gen/${CERT_GEN_GIT_REF}/bin/ca-gen \
+ && wget --no-check-certificate -O /usr/bin/cert-gen https://raw.githubusercontent.com/tmort/cert-gen/${CERT_GEN_GIT_REF}/bin/cert-gen \
&& chmod +x /usr/bin/ca-gen \
&& chmod +x /usr/bin/cert-gen \
\
From 059422000a9f5fa78e21f963551f03fd91a91c10 Mon Sep 17 00:00:00 2001
From: Tom Morton <tmort@users.noreply.github.com>
Date: Tue, 22 Oct 2019 08:25:29 -0400
Subject: [PATCH 2/6] Preparing for deploy on hub.
---
Dockerfile | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/Dockerfile b/Dockerfile
index c0a776a..93c88e3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,10 +1,10 @@
FROM httpd:2.4
-MAINTAINER "cytopia" <cytopia@everythingcli.org>
+MAINTAINER "sixfoot3" <tom@sixfoot3.com>
LABEL \
- name="cytopia's apache 2.4 image" \
- image="devilbox/apache-2.4" \
- vendor="devilbox" \
+ name="cytopia's apache 2.4 image with catalina edits" \
+ image="tmort/apache-2.4" \
+ vendor="sixfoot3" \
license="MIT"
From d852bc250b44d94cbbe77a740c518148a5b38fc3 Mon Sep 17 00:00:00 2001
From: Tom Morton <tom@sixfoot3.com>
Date: Tue, 22 Oct 2019 10:39:24 -0400
Subject: [PATCH 3/6] Adding ability to define MAIN_VHOST_SSL_VALIDITY_PERIOD
in Devilbox override to set validity period of SSL Certs.
---
data/docker-entrypoint.d/08-cert-gen.sh | 20 ++++++++++++++++++--
data/docker-entrypoint.sh | 12 ++++++++++--
2 files changed, 28 insertions(+), 4 deletions(-)
diff --git a/data/docker-entrypoint.d/08-cert-gen.sh b/data/docker-entrypoint.d/08-cert-gen.sh
index 845091c..976961d 100755
--- a/data/docker-entrypoint.d/08-cert-gen.sh
+++ b/data/docker-entrypoint.d/08-cert-gen.sh
@@ -17,6 +17,7 @@ cert_gen_generate_ca() {
local crt="${2}"
local verbose="${3}"
local debug="${4}"
+ local def_days="${5:-}"
# Create directories
if [ ! -d "$( dirname "${key}" )" ]; then
@@ -33,9 +34,16 @@ cert_gen_generate_ca() {
verbose=""
fi
+ # user defined custom days
+ if [ -z "${def_days}" ]; then
+ def_days="820"
+ else
+ def_days="${5}"
+ fi
+
# Generate CA if it does not exist yet
if [ ! -f "${key}" ] || [ ! -f "${crt}" ]; then
- run "ca-gen ${verbose} -c DE -s Berlin -l Berlin -o Devilbox -u Devilbox -n 'Devilbox Root CA' -e 'cytopia@devilbox.org' ${key} ${crt}" "${DEBUG_LEVEL}"
+ run "ca-gen ${verbose} -c DE -s Berlin -l Berlin -o Devilbox -u Devilbox -n 'Devilbox Root CA' -e 'cytopia@devilbox.org' -d ${def_days} ${key} ${crt}" "${DEBUG_LEVEL}"
fi
}
@@ -54,6 +62,7 @@ cert_gen_generate_cert() {
local domains="${8}"
local verbose="${9}"
local debug="${10}"
+ local def_days="${11:-}"
# If not enabled, skip SSL certificate eneration
if [ "${enable}" != "1" ]; then
@@ -83,6 +92,13 @@ cert_gen_generate_cert() {
verbose=""
fi
+ # user defined custom days
+ if [ -z "${def_days}" ]; then
+ def_days="820"
+ else
+ def_days="${11}"
+ fi
+
# Get domain name and alt_names
cn=
alt_names=
@@ -98,5 +114,5 @@ cert_gen_generate_cert() {
done
alt_names="$( echo "${alt_names}" | xargs )" # tim
- run "cert-gen ${verbose} -c DE -s Berlin -l Berlin -o Devilbox -u Devilbox -n '${cn}' -e 'admin@${cn}' -a '${alt_names}' ${ca_key} ${ca_crt} ${key} ${csr} ${crt}" "${debug}"
+ run "cert-gen ${verbose} -c DE -s Berlin -l Berlin -o Devilbox -u Devilbox -n '${cn}' -e 'admin@${cn}' -a '${alt_names}' -d ${def_days} ${ca_key} ${ca_crt} ${key} ${csr} ${crt}" "${debug}"
}
diff --git a/data/docker-entrypoint.sh b/data/docker-entrypoint.sh
index 38b1ee4..eeb57fd 100755
--- a/data/docker-entrypoint.sh
+++ b/data/docker-entrypoint.sh
@@ -54,6 +54,13 @@ DEBUG_RUNTIME="$( env_get "DEBUG_RUNTIME" "0" )"
log "info" "Runtime debug: ${DEBUG_RUNTIME}" "${DEBUG_LEVEL}"
+###
+### Does user have custom SSL validity settings?
+###
+MAIN_VHOST_SSL_VALIDITY_PERIOD="$( env_get "MAIN_VHOST_SSL_VALIDITY_PERIOD" "803" )"
+log "info" "SSL Generation Validity period: ${MAIN_VHOST_SSL_VALIDITY_PERIOD}" "${DEBUG_LEVEL}"
+
+
###
### Change uid/gid
###
@@ -201,7 +208,7 @@ vhost_gen_mass_vhost_tld \
###
### Create Certificate Signing request
###
-cert_gen_generate_ca "${CA_KEY}" "${CA_CRT}" "${DEBUG_RUNTIME}" "${DEBUG_LEVEL}"
+cert_gen_generate_ca "${CA_KEY}" "${CA_CRT}" "${DEBUG_RUNTIME}" "${DEBUG_LEVEL}" "${MAIN_VHOST_SSL_VALIDITY_PERIOD}"
###
@@ -217,7 +224,8 @@ cert_gen_generate_cert \
"/etc/httpd/cert/main/localhost.crt" \
"${MAIN_VHOST_SSL_CN}" \
"${DEBUG_RUNTIME}" \
- "${DEBUG_LEVEL}"
+ "${DEBUG_LEVEL}" \
+ "${MAIN_VHOST_SSL_VALIDITY_PERIOD}"
From 28b15a9894b593b9c5fa992e8aca2c9d49748ade Mon Sep 17 00:00:00 2001
From: Tom Morton <tom@sixfoot3.com>
Date: Tue, 22 Oct 2019 10:43:43 -0400
Subject: [PATCH 4/6] Adding original ca-gen repository given the new method of
defining validity period.
---
Dockerfile | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/Dockerfile b/Dockerfile
index 93c88e3..4bad836 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,7 +12,7 @@ LABEL \
### Build arguments
###
ARG VHOST_GEN_GIT_REF=0.15
-ARG CERT_GEN_GIT_REF=0.3.1
+ARG CERT_GEN_GIT_REF=0.2
ENV BUILD_DEPS \
git \
@@ -52,8 +52,8 @@ RUN set -x \
&& rm -rf vhost*gen* \
\
# Install cert-gen
- && wget --no-check-certificate -O /usr/bin/ca-gen https://raw.githubusercontent.com/tmort/cert-gen/${CERT_GEN_GIT_REF}/bin/ca-gen \
- && wget --no-check-certificate -O /usr/bin/cert-gen https://raw.githubusercontent.com/tmort/cert-gen/${CERT_GEN_GIT_REF}/bin/cert-gen \
+ && wget --no-check-certificate -O /usr/bin/ca-gen https://raw.githubusercontent.com/devilbox/cert-gen/${CERT_GEN_GIT_REF}/bin/ca-gen \
+ && wget --no-check-certificate -O /usr/bin/cert-gen https://raw.githubusercontent.com/devilbox/cert-gen/${CERT_GEN_GIT_REF}/bin/cert-gen \
&& chmod +x /usr/bin/ca-gen \
&& chmod +x /usr/bin/cert-gen \
\
From 656f9f4281179e9bd85c6feca30f1f176d3d99e6 Mon Sep 17 00:00:00 2001
From: Tom Morton <tom@sixfoot3.com>
Date: Tue, 22 Oct 2019 11:12:19 -0400
Subject: [PATCH 5/6] Granting the ability for Vhost generation to set the
validity period via create-vhost.sh.
---
data/create-vhost.sh | 5 +++--
data/docker-entrypoint.sh | 2 +-
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/data/create-vhost.sh b/data/create-vhost.sh
index a0a0220..75100bc 100755
--- a/data/create-vhost.sh
+++ b/data/create-vhost.sh
@@ -11,7 +11,8 @@ VHOST_TPL="${4}"
CA_KEY="${5}"
CA_CRT="${6}"
GENERATE_SSL="${7}"
-VERBOSE="${8:-}"
+SSL_VALIDITY="${8}"
+VERBOSE="${9:-}"
if [ "${GENERATE_SSL}" = "1" ]; then
if [ ! -d "/etc/httpd/cert/mass" ]; then
@@ -23,7 +24,7 @@ if [ "${GENERATE_SSL}" = "1" ]; then
_out_key="/etc/httpd/cert/mass/${VHOST_NAME}${VHOST_TLD}.key"
_out_csr="/etc/httpd/cert/mass/${VHOST_NAME}${VHOST_TLD}.csr"
_out_crt="/etc/httpd/cert/mass/${VHOST_NAME}${VHOST_TLD}.crt"
- if ! cert-gen -v -c DE -s Berlin -l Berlin -o Devilbox -u Devilbox -n "${_domain}" -e "${_email}" -a "${_domains}" "${CA_KEY}" "${CA_CRT}" "${_out_key}" "${_out_csr}" "${_out_crt}"; then
+ if ! cert-gen -v -c DE -s Berlin -l Berlin -o Devilbox -u Devilbox -n "${_domain}" -e "${_email}" -a "${_domains}" -d "${SSL_VALIDITY}" "${CA_KEY}" "${CA_CRT}" "${_out_key}" "${_out_csr}" "${_out_crt}"; then
echo "[FAILED] Failed to add SSL certificate for ${VHOST_NAME}${VHOST_TLD}"
exit 1
fi
diff --git a/data/docker-entrypoint.sh b/data/docker-entrypoint.sh
index eeb57fd..8ed5509 100755
--- a/data/docker-entrypoint.sh
+++ b/data/docker-entrypoint.sh
@@ -252,7 +252,7 @@ if [ "${MASS_VHOST_ENABLE}" -eq "1" ]; then
fi
# Create watcherd sub commands
- watcherd_add="create-vhost.sh '%%p' '%%n' '${MASS_VHOST_TLD}' '%%p/${MASS_VHOST_TPL}/' '${CA_KEY}' '${CA_CRT}' '1' '${verbose}'"
+ watcherd_add="create-vhost.sh '%%p' '%%n' '${MASS_VHOST_TLD}' '%%p/${MASS_VHOST_TPL}/' '${CA_KEY}' '${CA_CRT}' '1' '${MAIN_VHOST_SSL_VALIDITY_PERIOD}' '${verbose}'"
watcherd_del="rm /etc/httpd/vhost.d/%%n.conf"
watcherd_tri="${HTTPD_RELOAD}"
From a03f169ada5630112286eacf66235c9c69bc6fee Mon Sep 17 00:00:00 2001
From: Tom Morton <tom@sixfoot3.com>
Date: Tue, 22 Oct 2019 11:43:02 -0400
Subject: [PATCH 6/6] Setting original docker maintainer credentials/name
---
Dockerfile | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/Dockerfile b/Dockerfile
index 4bad836..f13d772 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,13 +1,12 @@
FROM httpd:2.4
-MAINTAINER "sixfoot3" <tom@sixfoot3.com>
+MAINTAINER "cytopia" <cytopia@everythingcli.org>
LABEL \
- name="cytopia's apache 2.4 image with catalina edits" \
- image="tmort/apache-2.4" \
- vendor="sixfoot3" \
+ name="cytopia's apache 2.4 image" \
+ image="devilbox/apache-2.4" \
+ vendor="devilbox" \
license="MIT"
-
###
### Build arguments
###