50 lines
980 B

#!/bin/bash
set -e
. lib/common
LOCAL_CERTS_PATH=/etc/docker-auth/certs
certs_path="$SERVICE_CONFIGSTORE$LOCAL_CERTS_PATH"
mkdir -p "$certs_path"
(
cd "$certs_path"
openssl req -x509 -newkey rsa:2048 -new -nodes \
-keyout privkey.pem -out fullchain.pem \
-subj "/C=FR/ST=Paris/L=Paris/O=ACME/OU=IT Department/CN=[domain.tld]"
chmod 600 privkey.pem
)
cat <<EOF | ini_merge
token:
certificate: "$LOCAL_CERTS_PATH/fullchain.pem"
key: "$LOCAL_CERTS_PATH/privkey.pem"
EOF
config-add "\
services:
$TARGET_SERVICE_NAME:
volumes:
- \"$certs_path:$LOCAL_CERTS_PATH:ro\"
$BASE_SERVICE_NAME:
volumes:
- \"$certs_path:$LOCAL_CERTS_PATH:ro\"
"
realm=$(cat "$SERVICE_CONFIGSTORE/etc/docker-auth/realm") || exit 1
relation-set registry-config "\
token:
realm: \"$realm/auth\"
service: \"Docker registry\"
issuer: \"Acme auth server\"
autoredirect: false
rootcertbundle: \"$LOCAL_CERTS_PATH/fullchain.pem\"
"