Преглед изворни кода

New `bin/setup-ssl` script to generate valid SSL certificates #211

Mark Shust пре 5 година
родитељ
комит
0d5ea46df4
3 измењених фајлова са 34 додато и 3 уклоњено
  1. 4 2
      README.md
  2. 20 0
      compose/bin/setup-ssl
  3. 10 1
      images/nginx/1.13/Dockerfile

+ 4 - 2
README.md

@@ -37,7 +37,8 @@ View Dockerfiles:
 
 - [markoshust/magento-nginx (Docker Hub)](https://hub.docker.com/r/markoshust/magento-nginx/)
   - 1.13
-      - [`latest`, `1.13`, `1.13-7`](https://github.com/markshust/docker-magento/tree/master/images/nginx/1.13)
+      - [`latest`, `1.13`, `1.13-8`](https://github.com/markshust/docker-magento/tree/master/images/nginx/1.13)
+      - [`1.13-7`](https://github.com/markshust/docker-magento/tree/27.0.0/images/nginx/1.13)
       - [`1.13-6`](https://github.com/markshust/docker-magento/tree/20.1.1/images/nginx/1.13)
       - [`1.13-5`](https://github.com/markshust/docker-magento/tree/18.1.1/images/nginx/1.13)
       - [`1.13-4`](https://github.com/markshust/docker-magento/tree/18.0.1/images/nginx/1.13)
@@ -228,7 +229,7 @@ You'll now have an updated `bin/update` helper script, and can run it to update
 - `bin/node`: Run the node binary. Ex. `bin/node --version`
 - `bin/npm`: Run the npm binary. Ex. `bin/npm install`
 - `bin/pwa-studio`: (BETA) Start the PWA Studio server. Note that Chrome will throw SSL cert errors and not allow you to view the site, but Firefox will.
-- `bin/redis`: Run a command from the redis container. Ex `bin/redis redis-cli monitor`
+- `bin/redis`: Run a command from the redis container. Ex. `bin/redis redis-cli monitor`
 - `bin/remove`: Remove all containers.
 - `bin/removevolumes`: Remove all volumes.
 - `bin/restart`: Stop and then start all containers.
@@ -236,6 +237,7 @@ You'll now have an updated `bin/update` helper script, and can run it to update
 - `bin/rootnotty`: Run any CLI command as root with no TTY. Ex `bin/rootnotty chown -R app:app /var/www/html`
 - `bin/setup`: Run the Magento setup process to install Magento from the source code, with optional domain name. Defaults to `magento2.test`. Ex. `bin/setup magento2.test`
 - `bin/setup-pwa-studio`: (BETA) Install PWA Studio (requires NodeJS and Yarn to be installed on the host machine). Pass in your base site domain, otherwise the default `master-7rqtwti-mfwmkrjfqvbjk.us-4.magentosite.cloud` will be used. Ex: `bin/setup-pwa-studio magento2.test`
+- `bin/setup-ssl`: Generate an SSL certificate and install the cert authority on the host. Ex. `bin/setup-ssl magento2.test`
 - `bin/start`: Start all containers, good practice to use this instead of `docker-compose up -d`, as it may contain additional helpers.
 - `bin/status`: Check the container status.
 - `bin/stop`: Stop all containers.

+ 20 - 0
compose/bin/setup-ssl

@@ -0,0 +1,20 @@
+#!/bin/bash
+[ -z "$1" ] && echo "Please specify a domain (ex. mydomain.test)" && exit
+
+# Generate certificate authority and copy back to the host
+docker-compose exec -u root app mkcert -install
+docker cp $(docker-compose ps -q app|awk '{print $1}'):/root/.local/share/mkcert/rootCA.pem .
+echo "System password requested to install certificate authority on host..."
+sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain rootCA.pem
+rm rootCA.pem
+
+# Generate the certificate for the specified domain
+docker-compose exec -u root app mkcert $1
+echo "Renaming $1 certificate and moving to /etc/nginx/certs/..."
+docker-compose exec -u root app chown app:app $1.pem $1-key.pem
+docker-compose exec -u root app mv $1.pem /etc/nginx/certs/nginx.crt
+docker-compose exec -u root app mv $1-key.pem /etc/nginx/certs/nginx.key
+
+# Restart nginx to apply the updates
+echo "Restarting containers to apply updates..."
+bin/restart

+ 10 - 1
images/nginx/1.13/Dockerfile

@@ -6,9 +6,18 @@ RUN groupadd -g 1000 app \
 RUN touch /var/run/nginx.pid
 RUN mkdir /sock
 
-RUN apt-get update && apt-get install -y openssl
+RUN apt-get update && apt-get install -y \
+  curl \
+  libnss3-tools \
+  openssl
+
 RUN mkdir /etc/nginx/certs \
   && echo -e "\n\n\n\n\n\n\n" | openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/certs/nginx.key -out /etc/nginx/certs/nginx.crt
+RUN ( \
+  cd /usr/local/bin/ \
+  && curl -L https://github.com/FiloSottile/mkcert/releases/download/v1.4.1/mkcert-v1.4.1-linux-amd64 -o mkcert \
+  && chmod +x mkcert \
+  )
 
 COPY ./conf/nginx.conf /etc/nginx/
 COPY ./conf/default.conf /etc/nginx/conf.d/