tuxmain/rust-rpxy
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

custom CAs also in alpine

Browse source
This commit is contained in:
Aleksandar N. Kostadinov 2024-09-19 22:44:41 +03:00
commit ea2b009b3d
No known key found for this signature in database
GPG key ID: DE37CA1CBFB3F811
2 changed files with 4 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
docker/README.md
View file

@ -19,7 +19,7 @@ See [`docker-compose.yml`](./docker-compose.yml) for the detailed configuration.
## Custom CAs for upstream TLS connections
To add a custom certificate, you must use a non-`slim` non-`webpki` image. Then mount `/usr/local/share/ca-certificates` in the container with your desired CAs each in a file like `myca.crt`. The certificates are accepted in PEM format but file extension must be `crt`.
To add a custom certificate, you must use a non-`webpki` image. Then mount `/usr/local/share/ca-certificates` in the container with your desired CAs each in a file like `myca.crt`. The certificates are accepted in PEM format but file extension must be `crt`.
e.g. `-v rpxy/ca-certificates:/usr/local/share/ca-certificates`

5
docker/entrypoint.sh
View file

@ -62,8 +62,6 @@ EOF
#######################################
function setup_ubuntu () {
update-ca-certificates
id ${USER} > /dev/null
# Check the existence of the user, if not exist, create it.
if [ $? -eq 1 ]; then
@ -131,6 +129,9 @@ else
exit 1
fi
# Add user CAs to OS trusted CA store (does not affect webpki)
update-ca-certificates
# Check the given user and its uid:gid
if [ $(id -u ${USER}) -ne ${USER_ID} -a $(id -g ${USER}) -ne ${GROUP_ID} ]; then
echo "${USER} exists or was previously created. However, its uid and gid are inconsistent. Please recreate your container."