From cfad371195ec460e4be41225882334215bc68e53 Mon Sep 17 00:00:00 2001 From: Luke Klein Date: Tue, 14 Jan 2020 10:24:33 +1100 Subject: [PATCH 1/2] Added args for setting clientcert and image version --- Dockerfile | 4 +++- README.md | 2 +- arcts-ssl-entrypoint.sh | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index fc7208d..b796050 100755 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,6 @@ -FROM postgres:9.6 +ARG DB_VERSION=9.6 +FROM postgres:${DB_VERSION} +ARG CLIENT_CERT=1 COPY arcts-ssl-entrypoint.sh /usr/local/bin/ diff --git a/README.md b/README.md index e2f7ff5..fecef77 100755 --- a/README.md +++ b/README.md @@ -18,5 +18,5 @@ We are provisioning many short lived data services that require secure-by-defaul - Configure SSL options via environment variables - Allow certs to reside in a different directory (and configure via env) -- Support multiple versions of Postgres (Currently pinned to 9.6) +- Support multiple versions of Postgres (Currently pinned to 9.6) - Now defaults to 9.6 but can be built to any version by using the DB_VERSION arg at build time - TravisCI integration / Auto push to Hub diff --git a/arcts-ssl-entrypoint.sh b/arcts-ssl-entrypoint.sh index 1749867..13aa811 100755 --- a/arcts-ssl-entrypoint.sh +++ b/arcts-ssl-entrypoint.sh @@ -27,7 +27,7 @@ echo "Postgres initialized. Time to SSL."; if [ ! -s "$PGDATA/postgresql.crt" ]; then # Update HBA to require SSL and Client Cert auth head -n -1 /var/lib/postgresql/data/pg_hba.conf > /tmp/pg_hba.conf - echo "hostssl all all all md5 clientcert=1" >> /tmp/pg_hba.conf + echo "hostssl all all all md5 clientcert=$CLIENT_CERT" >> /tmp/pg_hba.conf mv /tmp/pg_hba.conf /var/lib/postgresql/data/pg_hba.conf # Create SSL certs From afdd287caa51d8d6df5413c8ffcc88f124ff5c66 Mon Sep 17 00:00:00 2001 From: Luke Klein Date: Tue, 14 Jan 2020 14:28:09 +1100 Subject: [PATCH 2/2] Changed arg to env --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index b796050..be1206c 100755 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ ARG DB_VERSION=9.6 FROM postgres:${DB_VERSION} -ARG CLIENT_CERT=1 +ENV CLIENT_CERT=1 COPY arcts-ssl-entrypoint.sh /usr/local/bin/