antipode.info/docker-backuppc
3
0
Fork 0
mirror of https://github.com/adferrand/docker-backuppc.git synced 2023-11-05 04:40:26 +01:00
Code Issues Releases Wiki Activity

Allow to use a pre-existing SSL certificate

Browse Source
This commit is contained in:
Adrien Ferrand 2018-11-27 01:23:38 +01:00
parent 73c821944f
commit 011a825b85
4 changed files with 21 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG.md
View File

@ -2,6 +2,10 @@
## Unreleased ## Unreleased
## [4.3.0-1] - 26/11/2018
### Added
* Allow to use a pre-existing `server.pem` file mounted into the container to serve the BackupPC UI over https
## [4.3.0] - 26/11/2018 ## [4.3.0] - 26/11/2018
### Changed ### Changed
* Update BackupPC to 4.2.0 * Update BackupPC to 4.2.0

2
README.md
View File

@ -160,6 +160,8 @@ docker run \
Then you can access the UI through the secured URL https://YOUR_SERVER_IP/. Of course, as the SSL certificate is self-signed, your browser will alert you about this unsecured certificate. Then you can access the UI through the secured URL https://YOUR_SERVER_IP/. Of course, as the SSL certificate is self-signed, your browser will alert you about this unsecured certificate.
_NB: You can also use your own SSL certificate: merge together the private key and the certificate into a `server.pem` file (eg. `cat server.key server.crt > server.pem`), and mount `certificate.pem` on the container path `/etc/lighttpd/server.pem` (eg. `--volume /you/path/to/certificate.pem:/etc/lighttpd/server.pem`)._
### Advanced SSL use ### Advanced SSL use
Instead of providing a very advanced SSL configuration in this Docker, and reinvent the wheel, it is advised to run your backuppc instance without SSL and without exposing the 8080 port, and launch a second container with a secured SSL reverse-proxy pointing to the BackupPC instance. Instead of providing a very advanced SSL configuration in this Docker, and reinvent the wheel, it is advised to run your backuppc instance without SSL and without exposing the 8080 port, and launch a second container with a secured SSL reverse-proxy pointing to the BackupPC instance.

2
VERSION
View File

@ -1 +1 @@
4.3.0 4.3.0-1

25
files/entrypoint.sh
View File

@ -68,17 +68,20 @@ if [ -f /firstrun ]; then
# Prepare lighttpd # Prepare lighttpd
if [ "$USE_SSL" = true ]; then if [ "$USE_SSL" = true ]; then
# Generate certificate file as needed # Do not generate a certificate if user already mapped the file with docker --volume
cd /etc/lighttpd if [ ! -e /etc/lighttpd/server.pem ]; then
openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 # Generate certificate file as needed
openssl rsa -passin pass:x -in server.pass.key -out server.key cd /etc/lighttpd
openssl req -new -key server.key -out server.csr \ openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
-subj "/C=UK/ST=Warwickshire/L=Leamington/O=OrgName/OU=IT Department/CN=example.com" openssl rsa -passin pass:x -in server.pass.key -out server.key
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt openssl req -new -key server.key -out server.csr \
cat server.key server.crt > server.pem -subj "/C=UK/ST=Warwickshire/L=Leamington/O=OrgName/OU=IT Department/CN=example.com"
chown "$BACKUPPC_USERNAME":"$BACKUPPC_GROUPNAME" server.pem openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
chmod 0600 server.pem cat server.key server.crt > server.pem
rm -f server.pass.key server.key server.csr server.crt chown "$BACKUPPC_USERNAME":"$BACKUPPC_GROUPNAME" server.pem
chmod 0600 server.pem
rm -f server.pass.key server.key server.csr server.crt
fi
# Reconfigure lighttpd to use ssl # Reconfigure lighttpd to use ssl
echo "ssl.engine = \"enable\"" >> /etc/lighttpd/lighttpd.conf echo "ssl.engine = \"enable\"" >> /etc/lighttpd/lighttpd.conf
echo "ssl.pemfile = \"/etc/lighttpd/server.pem\"" >> /etc/lighttpd/lighttpd.conf echo "ssl.pemfile = \"/etc/lighttpd/server.pem\"" >> /etc/lighttpd/lighttpd.conf