From 1f5efdb730b90f8a73c5ab032eeee082059649a6 Mon Sep 17 00:00:00 2001 From: Tom Morton Date: Tue, 22 Oct 2019 08:23:39 -0400 Subject: [PATCH 1/6] Catalina Fix This edits the docker setup to pull the script cert-gen from my repository instead of the official Devilbox repo. This is temporary until the official repository is fixed. --- Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index bba88db..c0a776a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,7 +12,7 @@ LABEL \ ### Build arguments ### ARG VHOST_GEN_GIT_REF=0.15 -ARG CERT_GEN_GIT_REF=0.2 +ARG CERT_GEN_GIT_REF=0.3.1 ENV BUILD_DEPS \ git \ @@ -52,8 +52,8 @@ RUN set -x \ && rm -rf vhost*gen* \ \ # Install cert-gen - && wget --no-check-certificate -O /usr/bin/ca-gen https://raw.githubusercontent.com/devilbox/cert-gen/${CERT_GEN_GIT_REF}/bin/ca-gen \ - && wget --no-check-certificate -O /usr/bin/cert-gen https://raw.githubusercontent.com/devilbox/cert-gen/${CERT_GEN_GIT_REF}/bin/cert-gen \ + && wget --no-check-certificate -O /usr/bin/ca-gen https://raw.githubusercontent.com/tmort/cert-gen/${CERT_GEN_GIT_REF}/bin/ca-gen \ + && wget --no-check-certificate -O /usr/bin/cert-gen https://raw.githubusercontent.com/tmort/cert-gen/${CERT_GEN_GIT_REF}/bin/cert-gen \ && chmod +x /usr/bin/ca-gen \ && chmod +x /usr/bin/cert-gen \ \ From 059422000a9f5fa78e21f963551f03fd91a91c10 Mon Sep 17 00:00:00 2001 From: Tom Morton Date: Tue, 22 Oct 2019 08:25:29 -0400 Subject: [PATCH 2/6] Preparing for deploy on hub. --- Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index c0a776a..93c88e3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,10 @@ FROM httpd:2.4 -MAINTAINER "cytopia" +MAINTAINER "sixfoot3" LABEL \ - name="cytopia's apache 2.4 image" \ - image="devilbox/apache-2.4" \ - vendor="devilbox" \ + name="cytopia's apache 2.4 image with catalina edits" \ + image="tmort/apache-2.4" \ + vendor="sixfoot3" \ license="MIT" From d852bc250b44d94cbbe77a740c518148a5b38fc3 Mon Sep 17 00:00:00 2001 From: Tom Morton Date: Tue, 22 Oct 2019 10:39:24 -0400 Subject: [PATCH 3/6] Adding ability to define MAIN_VHOST_SSL_VALIDITY_PERIOD in Devilbox override to set validity period of SSL Certs. --- data/docker-entrypoint.d/08-cert-gen.sh | 20 ++++++++++++++++++-- data/docker-entrypoint.sh | 12 ++++++++++-- 2 files changed, 28 insertions(+), 4 deletions(-) diff --git a/data/docker-entrypoint.d/08-cert-gen.sh b/data/docker-entrypoint.d/08-cert-gen.sh index 845091c..976961d 100755 --- a/data/docker-entrypoint.d/08-cert-gen.sh +++ b/data/docker-entrypoint.d/08-cert-gen.sh @@ -17,6 +17,7 @@ cert_gen_generate_ca() { local crt="${2}" local verbose="${3}" local debug="${4}" + local def_days="${5:-}" # Create directories if [ ! -d "$( dirname "${key}" )" ]; then @@ -33,9 +34,16 @@ cert_gen_generate_ca() { verbose="" fi + # user defined custom days + if [ -z "${def_days}" ]; then + def_days="820" + else + def_days="${5}" + fi + # Generate CA if it does not exist yet if [ ! -f "${key}" ] || [ ! -f "${crt}" ]; then - run "ca-gen ${verbose} -c DE -s Berlin -l Berlin -o Devilbox -u Devilbox -n 'Devilbox Root CA' -e 'cytopia@devilbox.org' ${key} ${crt}" "${DEBUG_LEVEL}" + run "ca-gen ${verbose} -c DE -s Berlin -l Berlin -o Devilbox -u Devilbox -n 'Devilbox Root CA' -e 'cytopia@devilbox.org' -d ${def_days} ${key} ${crt}" "${DEBUG_LEVEL}" fi } @@ -54,6 +62,7 @@ cert_gen_generate_cert() { local domains="${8}" local verbose="${9}" local debug="${10}" + local def_days="${11:-}" # If not enabled, skip SSL certificate eneration if [ "${enable}" != "1" ]; then @@ -83,6 +92,13 @@ cert_gen_generate_cert() { verbose="" fi + # user defined custom days + if [ -z "${def_days}" ]; then + def_days="820" + else + def_days="${11}" + fi + # Get domain name and alt_names cn= alt_names= @@ -98,5 +114,5 @@ cert_gen_generate_cert() { done alt_names="$( echo "${alt_names}" | xargs )" # tim - run "cert-gen ${verbose} -c DE -s Berlin -l Berlin -o Devilbox -u Devilbox -n '${cn}' -e 'admin@${cn}' -a '${alt_names}' ${ca_key} ${ca_crt} ${key} ${csr} ${crt}" "${debug}" + run "cert-gen ${verbose} -c DE -s Berlin -l Berlin -o Devilbox -u Devilbox -n '${cn}' -e 'admin@${cn}' -a '${alt_names}' -d ${def_days} ${ca_key} ${ca_crt} ${key} ${csr} ${crt}" "${debug}" } diff --git a/data/docker-entrypoint.sh b/data/docker-entrypoint.sh index 38b1ee4..eeb57fd 100755 --- a/data/docker-entrypoint.sh +++ b/data/docker-entrypoint.sh @@ -54,6 +54,13 @@ DEBUG_RUNTIME="$( env_get "DEBUG_RUNTIME" "0" )" log "info" "Runtime debug: ${DEBUG_RUNTIME}" "${DEBUG_LEVEL}" +### +### Does user have custom SSL validity settings? +### +MAIN_VHOST_SSL_VALIDITY_PERIOD="$( env_get "MAIN_VHOST_SSL_VALIDITY_PERIOD" "803" )" +log "info" "SSL Generation Validity period: ${MAIN_VHOST_SSL_VALIDITY_PERIOD}" "${DEBUG_LEVEL}" + + ### ### Change uid/gid ### @@ -201,7 +208,7 @@ vhost_gen_mass_vhost_tld \ ### ### Create Certificate Signing request ### -cert_gen_generate_ca "${CA_KEY}" "${CA_CRT}" "${DEBUG_RUNTIME}" "${DEBUG_LEVEL}" +cert_gen_generate_ca "${CA_KEY}" "${CA_CRT}" "${DEBUG_RUNTIME}" "${DEBUG_LEVEL}" "${MAIN_VHOST_SSL_VALIDITY_PERIOD}" ### @@ -217,7 +224,8 @@ cert_gen_generate_cert \ "/etc/httpd/cert/main/localhost.crt" \ "${MAIN_VHOST_SSL_CN}" \ "${DEBUG_RUNTIME}" \ - "${DEBUG_LEVEL}" + "${DEBUG_LEVEL}" \ + "${MAIN_VHOST_SSL_VALIDITY_PERIOD}" From 28b15a9894b593b9c5fa992e8aca2c9d49748ade Mon Sep 17 00:00:00 2001 From: Tom Morton Date: Tue, 22 Oct 2019 10:43:43 -0400 Subject: [PATCH 4/6] Adding original ca-gen repository given the new method of defining validity period. --- Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 93c88e3..4bad836 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,7 +12,7 @@ LABEL \ ### Build arguments ### ARG VHOST_GEN_GIT_REF=0.15 -ARG CERT_GEN_GIT_REF=0.3.1 +ARG CERT_GEN_GIT_REF=0.2 ENV BUILD_DEPS \ git \ @@ -52,8 +52,8 @@ RUN set -x \ && rm -rf vhost*gen* \ \ # Install cert-gen - && wget --no-check-certificate -O /usr/bin/ca-gen https://raw.githubusercontent.com/tmort/cert-gen/${CERT_GEN_GIT_REF}/bin/ca-gen \ - && wget --no-check-certificate -O /usr/bin/cert-gen https://raw.githubusercontent.com/tmort/cert-gen/${CERT_GEN_GIT_REF}/bin/cert-gen \ + && wget --no-check-certificate -O /usr/bin/ca-gen https://raw.githubusercontent.com/devilbox/cert-gen/${CERT_GEN_GIT_REF}/bin/ca-gen \ + && wget --no-check-certificate -O /usr/bin/cert-gen https://raw.githubusercontent.com/devilbox/cert-gen/${CERT_GEN_GIT_REF}/bin/cert-gen \ && chmod +x /usr/bin/ca-gen \ && chmod +x /usr/bin/cert-gen \ \ From 656f9f4281179e9bd85c6feca30f1f176d3d99e6 Mon Sep 17 00:00:00 2001 From: Tom Morton Date: Tue, 22 Oct 2019 11:12:19 -0400 Subject: [PATCH 5/6] Granting the ability for Vhost generation to set the validity period via create-vhost.sh. --- data/create-vhost.sh | 5 +++-- data/docker-entrypoint.sh | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/data/create-vhost.sh b/data/create-vhost.sh index a0a0220..75100bc 100755 --- a/data/create-vhost.sh +++ b/data/create-vhost.sh @@ -11,7 +11,8 @@ VHOST_TPL="${4}" CA_KEY="${5}" CA_CRT="${6}" GENERATE_SSL="${7}" -VERBOSE="${8:-}" +SSL_VALIDITY="${8}" +VERBOSE="${9:-}" if [ "${GENERATE_SSL}" = "1" ]; then if [ ! -d "/etc/httpd/cert/mass" ]; then @@ -23,7 +24,7 @@ if [ "${GENERATE_SSL}" = "1" ]; then _out_key="/etc/httpd/cert/mass/${VHOST_NAME}${VHOST_TLD}.key" _out_csr="/etc/httpd/cert/mass/${VHOST_NAME}${VHOST_TLD}.csr" _out_crt="/etc/httpd/cert/mass/${VHOST_NAME}${VHOST_TLD}.crt" - if ! cert-gen -v -c DE -s Berlin -l Berlin -o Devilbox -u Devilbox -n "${_domain}" -e "${_email}" -a "${_domains}" "${CA_KEY}" "${CA_CRT}" "${_out_key}" "${_out_csr}" "${_out_crt}"; then + if ! cert-gen -v -c DE -s Berlin -l Berlin -o Devilbox -u Devilbox -n "${_domain}" -e "${_email}" -a "${_domains}" -d "${SSL_VALIDITY}" "${CA_KEY}" "${CA_CRT}" "${_out_key}" "${_out_csr}" "${_out_crt}"; then echo "[FAILED] Failed to add SSL certificate for ${VHOST_NAME}${VHOST_TLD}" exit 1 fi diff --git a/data/docker-entrypoint.sh b/data/docker-entrypoint.sh index eeb57fd..8ed5509 100755 --- a/data/docker-entrypoint.sh +++ b/data/docker-entrypoint.sh @@ -252,7 +252,7 @@ if [ "${MASS_VHOST_ENABLE}" -eq "1" ]; then fi # Create watcherd sub commands - watcherd_add="create-vhost.sh '%%p' '%%n' '${MASS_VHOST_TLD}' '%%p/${MASS_VHOST_TPL}/' '${CA_KEY}' '${CA_CRT}' '1' '${verbose}'" + watcherd_add="create-vhost.sh '%%p' '%%n' '${MASS_VHOST_TLD}' '%%p/${MASS_VHOST_TPL}/' '${CA_KEY}' '${CA_CRT}' '1' '${MAIN_VHOST_SSL_VALIDITY_PERIOD}' '${verbose}'" watcherd_del="rm /etc/httpd/vhost.d/%%n.conf" watcherd_tri="${HTTPD_RELOAD}" From a03f169ada5630112286eacf66235c9c69bc6fee Mon Sep 17 00:00:00 2001 From: Tom Morton Date: Tue, 22 Oct 2019 11:43:02 -0400 Subject: [PATCH 6/6] Setting original docker maintainer credentials/name --- Dockerfile | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4bad836..f13d772 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,13 +1,12 @@ FROM httpd:2.4 -MAINTAINER "sixfoot3" +MAINTAINER "cytopia" LABEL \ - name="cytopia's apache 2.4 image with catalina edits" \ - image="tmort/apache-2.4" \ - vendor="sixfoot3" \ + name="cytopia's apache 2.4 image" \ + image="devilbox/apache-2.4" \ + vendor="devilbox" \ license="MIT" - ### ### Build arguments ###