Allow to use a pre-existing SSL certificate

CHANGELOG.md

@@ -2,6 +2,10 @@
 
 ## Unreleased
 
+## [4.3.0-1] - 26/11/2018
+### Added
+* Allow to use a pre-existing `server.pem` file mounted into the container to serve the BackupPC UI over https
+
 ## [4.3.0] - 26/11/2018
 ### Changed
 * Update BackupPC to 4.2.0

README.md

@@ -160,6 +160,8 @@ docker run \
 
 Then you can access the UI through the secured URL https://YOUR_SERVER_IP/. Of course, as the SSL certificate is self-signed, your browser will alert you about this unsecured certificate.
 
+_NB: You can also use your own SSL certificate: merge together the private key and the certificate into a `server.pem` file (eg. `cat server.key server.crt > server.pem`), and mount `certificate.pem` on the container path `/etc/lighttpd/server.pem` (eg. `--volume /you/path/to/certificate.pem:/etc/lighttpd/server.pem`)._
+
 ### Advanced SSL use
 
 Instead of providing a very advanced SSL configuration in this Docker, and reinvent the wheel, it is advised to run your backuppc instance without SSL and without exposing the 8080 port, and launch a second container with a secured SSL reverse-proxy pointing to the BackupPC instance.

VERSION

@@ -1 +1 @@
-4.3.0
+4.3.0-1

files/entrypoint.sh

@@ -68,6 +68,8 @@ if [ -f /firstrun ]; then
 
 	# Prepare lighttpd
 	if [ "$USE_SSL" = true ]; then
+		# Do not generate a certificate if user already mapped the file with docker --volume
+		if [ ! -e /etc/lighttpd/server.pem ]; then
 			# Generate certificate file as needed
 			cd /etc/lighttpd
 			openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
@@ -79,6 +81,7 @@ if [ -f /firstrun ]; then
 			chown "$BACKUPPC_USERNAME":"$BACKUPPC_GROUPNAME" server.pem
 			chmod 0600 server.pem
 			rm -f server.pass.key server.key server.csr server.crt
+		fi
 		# Reconfigure lighttpd to use ssl
 		echo "ssl.engine = \"enable\"" >> /etc/lighttpd/lighttpd.conf
 		echo "ssl.pemfile = \"/etc/lighttpd/server.pem\"" >> /etc/lighttpd/lighttpd.conf