From cffc181dce6a7225ca3e519534422dd42f2921b2 Mon Sep 17 00:00:00 2001 From: Sando Date: Wed, 7 Sep 2022 15:03:32 +0200 Subject: [PATCH] Copy valid certs from LE jitsi web at startup cronjob to renew certs is not yet implemented. --- docker-compose.yml | 1 + eturnal/Dockerfile | 2 +- eturnal/rootfs/usr/sbin/run.sh | 27 +++++++++++++++++++++++++++ 3 files changed, 29 insertions(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 306d028bab..7e16351c94 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -353,6 +353,7 @@ services: - TURN_CREDENTIALS - TURN_RELAY_MIN_PORT - TURN_RELAY_MAX_PORT + - TURNS_HOST - DOCKER_HOST_ADDRESS - JVB_DISABLE_STUN depends_on: diff --git a/eturnal/Dockerfile b/eturnal/Dockerfile index 1e27043bb8..3617d2a7cd 100644 --- a/eturnal/Dockerfile +++ b/eturnal/Dockerfile @@ -16,7 +16,7 @@ RUN set -x \ && cp -r /opt/eturnal /rootfs/opt \ # RUNTIME: install runtime init && ARCH=$(uname -m | sed -e 's/x86_64/amd64/;s/aarch64/arm64/;s/armv7l/arm/;s/s390x/s390x/;s/ppc64le/ppc64le/') \ - && curl -fL -o /rootfs/tini https://github.com/krallin/tini/releases/download/v$TINI_VERSION/tini-$ARCH \ + && curl -fL -o /rootfs/tini https://github.com/krallin/tini/releases/download/v$TINI_VERSION/tini-$ARCH \ && chmod +x /rootfs/tini # RUNTIME: copy entrypoint script COPY rootfs /rootfs diff --git a/eturnal/rootfs/usr/sbin/run.sh b/eturnal/rootfs/usr/sbin/run.sh index d0bc0c6ad9..81b06325ea 100644 --- a/eturnal/rootfs/usr/sbin/run.sh +++ b/eturnal/rootfs/usr/sbin/run.sh @@ -32,8 +32,35 @@ eturnal: # port: 8081 # This is the default. # tls: false # This is the default. # vm_metrics: true # This is the default. + EOF +# tls certificates +TLS_CERT_FILE=$(find /etc/ -name fullchain.pem) +TLS_KEY_FILE=$(find /etc/ -name key.pem) +if [ ! -z $TLS_CERT_FILE ] || [ ! -z $TLS_KEY_FILE ]; then + echo " ## TLS certificate/key files (must be readable by 'eturnal' user!):" >> /opt/eturnal/etc/eturnal.yml + if [ ! -z $TLS_CERT_FILE ]; then + cp -p $TLS_CERT_FILE /opt/eturnal/tls + echo " tls_crt_file: /opt/eturnal/tls/fullchain.pem" >> /opt/eturnal/etc/eturnal.yml + fi + if [ ! -z $TLS_KEY_FILE ]; then + cp -p $TLS_KEY_FILE /opt/eturnal/tls + echo " tls_key_file: /opt/eturnal/tls/key.pem" >> /opt/eturnal/etc/eturnal.yml + fi +fi + +# change file permissions +chown 9000:9000 /opt/eturnal/etc/eturnal.yml +chmod 640 /opt/eturnal/etc/eturnal.yml +chown 9000:9000 /opt/eturnal/tls/* + +# start certificate renewal cronjob +#if [ ! -z $TURNS_HOST ] +#then +# crond -b -d +#fi + # TURN credentials if [ ! -z $TURN_CREDENTIALS ] then