|
|
#!/bin/bash
set -e
. lib/common
LOCAL_CERTS_PATH=/etc/docker-auth/certs
certs_path="$SERVICE_CONFIGSTORE$LOCAL_CERTS_PATH"
mkdir -p "$certs_path"
( cd "$certs_path" openssl req -x509 -newkey rsa:2048 -new -nodes \ -keyout privkey.pem -out fullchain.pem \ -subj "/C=FR/ST=Paris/L=Paris/O=ACME/OU=IT Department/CN=[domain.tld]" chmod 600 privkey.pem )
cat <<EOF | ini_merge
token: certificate: "$LOCAL_CERTS_PATH/fullchain.pem" key: "$LOCAL_CERTS_PATH/privkey.pem"
EOF
config-add "\ services: $TARGET_SERVICE_NAME: volumes: - \"$certs_path:$LOCAL_CERTS_PATH:ro\" $BASE_SERVICE_NAME: volumes: - \"$certs_path:$LOCAL_CERTS_PATH:ro\" "
realm=$(cat "$SERVICE_CONFIGSTORE/etc/docker-auth/realm") || exit 1
relation-set registry-config "\ token: realm: \"$realm/auth\" service: \"Docker registry\" issuer: \"Acme auth server\" autoredirect: false rootcertbundle: \"$LOCAL_CERTS_PATH/fullchain.pem\" "
|