Skip to content
This repository was archived by the owner on Aug 6, 2025. It is now read-only.

Add mkcert for certificates #4

Merged
merged 9 commits into from
Feb 22, 2019
Merged

Add mkcert for certificates #4

merged 9 commits into from
Feb 22, 2019

Conversation

arnested
Copy link
Member

@arnested arnested commented Feb 15, 2019
edited
Loading 

$ docker-compose logs web
Attaching to balder
balder     | *** Running /etc/my_init.d/00_regen_ssh_host_keys.sh...
balder     | *** Running /etc/my_init.d/10_syslog-ng.init...
balder     | Feb 15 10:16:59 d249936382ad syslog-ng[14]: syslog-ng starting up; version='3.13.2'
balder     | *** Running /etc/my_init.d/mkcert.sh...
balder     | Using the local CA at "/mkcert" ✨
balder     | The local CA is now installed in the system trust store! ⚡️
balder     |
balder     | Using the local CA at "/mkcert" ✨
balder     |
balder     | Created a new certificate valid for the following names 📜
balder     |  - "balder.docker"
balder     |  - "*.balder.docker"
balder     |  - "local.docker"
balder     |
balder     | Reminder: X.509 wildcards only go one level deep, so this won't match a.b.balder.docker ℹ️
balder     |
balder     | The certificate is at "/etc/ssl/certs/ssl-cert-snakeoil.pem" and the key at "/etc/ssl/private/ssl-cert-snakeoil.key" ✅
balder     |
balder     | *** Booting runit daemon...
balder     | *** Runit started as PID 733
balder     | Feb 15 10:17:02 d249936382ad cron[744]: (CRON) INFO (pidfile fd = 3)
balder     | Feb 15 10:17:02 d249936382ad cron[744]: (CRON) INFO (Running @reboot jobs)

@arnested
Locate CA root in away that is preconfigured to work on both Mac and …
ea9f95f 
…Linux.

By searching for `rootCA.pem` and `rootCA-key.pem` in a folder beneath
`/mkcert` instead of assuming hardcoded locations we can make different
volumes for Mac and Linux regardless of whether we actually run Mac or
Linux.
@danquah
Copy link
Contributor

danquah commented Feb 21, 2019

This works for me on dory. Do need some where to document how ones docker-compose setup should be set up for this to work ... should should we just do it in this repo? In which case I'll just go ahead and update the readme

danquah
danquah reviewed Feb 21, 2019
View reviewed changes
danquah and others added 6 commits February 21, 2019 16:11
@danquah
Add documentation on how to integrate the mkcert support with Dory
3dc3721
@arnested
Create expected foldes in Dockerfile
84b752d 
Create expected foldes in Dockerfile so they will be created while
building the image instead of doing it when running the script (`/cert`)
and not at all (`/mkcert`).
@arnested
Improve documentation on mkcert part
4d8cff9
@arnested
Support Dinghy wildcard domains
1b72b0d 
Dinghys wildcard syntax is just prefix with a dot (`.example.com`) where
as mkcert uses an asterisk (`*.example.com`).

So we rewrite the `VIRTUAL_HOST` if it starts with a dot.

To do that we eed to split up the compound onliner finding the domains
in either `MKCERT_DOMAINS`, `VIRTUAL_HOST` or hostname. But that is
probably better for reading and understanding anyway (at least it is
easier to document all steps now).
@arnested
Add more documentation to mkcert.sh script
fc418de
@arnested
Be verbose about copying into /cert
0d1cd2f 
Make sure we are verbose in the log about which files we copy into
/cert.
@arnested arnested merged commit 5ded721 into master Feb 22, 2019
@arnested arnested deleted the mkcert branch February 22, 2019 10:20
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@danquah danquah danquah left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@arnested @danquah