1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
#!/bin/sh
set -e
# if we are not bind mounting in certs or the user has not already generated certs
# create self-signed certs
if [ ! -f $RO_CERTS ] || [ ! -f $RO_KEYS ]; then
mkdir -p $RO_DATA
chmod 700 $RO_DATA
chown -R redoctober:redoctober $RO_DATA
# Generate private key with password "$RO_CERTPASSWD"
openssl genrsa -aes128 -passout pass:$RO_CERTPASSWD -out $RO_KEYS 2048
# Remove password from private key
openssl rsa -passin pass:$RO_CERTPASSWD -in $RO_KEYS -out $RO_KEYS
# Generate CSR (make sure the common name CN field matches your server
# address. It's set to "RO_COMMONNAME" environment variable here.)
openssl req -new -key $RO_KEYS -out $RO_DATA/server.csr -subj "/C=US/ST=California/L=Everywhere/CN=${RO_COMMONNAME}"
# Sign the CSR and create certificate
openssl x509 -req -days 365 -in $RO_DATA/server.csr -signkey $RO_KEYS -out $RO_CERTS
# Clean up
rm $RO_DATA/server.csr
chmod 600 $RO_CERTS $RO_KEYS
chown -R redoctober $RO_CERTS $RO_KEYS
echo
echo "Generated default certificates for RedOctobeer at $RO_CERTS and $RO_KEYS"
echo
fi
if [ "$1" = 'redoctober' ]; then
exec chpst -u redoctober "$@"
fi
exec "$@"
|
