49 lines
980 B

  1. #!/bin/bash
  2. set -e
  3. . lib/common
  4. LOCAL_CERTS_PATH=/etc/docker-auth/certs
  5. certs_path="$SERVICE_CONFIGSTORE$LOCAL_CERTS_PATH"
  6. mkdir -p "$certs_path"
  7. (
  8. cd "$certs_path"
  9. openssl req -x509 -newkey rsa:2048 -new -nodes \
  10. -keyout privkey.pem -out fullchain.pem \
  11. -subj "/C=FR/ST=Paris/L=Paris/O=ACME/OU=IT Department/CN=[domain.tld]"
  12. chmod 600 privkey.pem
  13. )
  14. cat <<EOF | ini_merge
  15. token:
  16. certificate: "$LOCAL_CERTS_PATH/fullchain.pem"
  17. key: "$LOCAL_CERTS_PATH/privkey.pem"
  18. EOF
  19. config-add "\
  20. services:
  21. $TARGET_SERVICE_NAME:
  22. volumes:
  23. - \"$certs_path:$LOCAL_CERTS_PATH:ro\"
  24. $BASE_SERVICE_NAME:
  25. volumes:
  26. - \"$certs_path:$LOCAL_CERTS_PATH:ro\"
  27. "
  28. realm=$(cat "$SERVICE_CONFIGSTORE/etc/docker-auth/realm") || exit 1
  29. relation-set registry-config "\
  30. token:
  31. realm: \"$realm/auth\"
  32. service: \"Docker registry\"
  33. issuer: \"Acme auth server\"
  34. autoredirect: false
  35. rootcertbundle: \"$LOCAL_CERTS_PATH/fullchain.pem\"
  36. "