generated from lazybytez/general-template
-
Notifications
You must be signed in to change notification settings - Fork 7
/
egg-maria-d-b-with-open-s-s-l.json
131 lines (131 loc) · 8.64 KB
/
egg-maria-d-b-with-open-s-s-l.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
{
"_comment": "DO NOT EDIT: FILE GENERATED AUTOMATICALLY BY PTERODACTYL PANEL - PTERODACTYL.IO",
"meta": {
"version": "PTDL_v1",
"update_url": null
},
"exported_at": "2021-07-13T11:34:23+02:00",
"name": "MariaDB with OpenSSL",
"author": "[email protected]",
"description": "One of the most popular database servers. Made by the original developers of MySQL. Guaranteed to stay open source. Including automated self-signed SSL certificate generation.",
"features": null,
"images": [
"quay.io\/parkervcp\/pterodactyl-images:db_mariadb"
],
"file_denylist": [],
"startup": "{ \/usr\/sbin\/mysqld & } && sleep 5 && mysql -u root",
"config": {
"files": "{\r\n \".my.cnf\": {\r\n \"parser\": \"file\",\r\n \"find\": {\r\n \"port\": \"port = {{server.build.default.port}}\",\r\n \"bind-address\": \"bind-address=0.0.0.0\"\r\n }\r\n }\r\n}",
"startup": "{\r\n \"done\": \"mysqld: ready for connections\"\r\n}",
"logs": "{}",
"stop": "shutdown; exit;"
},
"scripts": {
"installation": {
"script": "#!\/bin\/bash\r\n# Install installation time dependencies\r\napt-get -y update\r\napt-get -y install curl openssl\r\n# Prepare certificate\r\nif [ ! -d \"\/mnt\/server\/certificates\" ] || [ ! -f \"\/mnt\/server\/certificates\/ca.pem\" ] || [ \"${SSL_REGENERATE}\" == \"true\" ]; then\r\n# If certificates directory exists, remove it with its content\r\nrm -rf \/mnt\/server\/certificates\r\nmkdir -p \/mnt\/server\/certificates\r\ncd \/mnt\/server\/certificates\r\n# Generate certificates\r\ndistinguishedNameCA=\"\/C=${SSL_DN_COUNTRY_CODE}\/ST=${SSL_DN_STATE_NAME}\/L=${SSL_DN_LOCALITY_NAME}\/O=${SSL_DN_COMPANY_NAME}\/OU=${SSL_DN_ORGANIZATIONAL_UNIT_NAME}\/CN=${SSL_CA_DN_COMMON_NAME}\/emailAddress=${SSL_DN_EMAIL}\"\r\ndistinguishedNameServer=\"\/C=${SSL_DN_COUNTRY_CODE}\/ST=${SSL_DN_STATE_NAME}\/L=${SSL_DN_LOCALITY_NAME}\/O=${SSL_DN_COMPANY_NAME}\/OU=${SSL_DN_ORGANIZATIONAL_UNIT_NAME}\/CN=${SSL_SERVER_DN_COMMON_NAME}\/emailAddress=${SSL_DN_EMAIL}\"\r\ndistinguishedNameClient=\"\/C=${SSL_DN_COUNTRY_CODE}\/ST=${SSL_DN_STATE_NAME}\/L=${SSL_DN_LOCALITY_NAME}\/O=${SSL_DN_COMPANY_NAME}\/OU=${SSL_DN_ORGANIZATIONAL_UNIT_NAME}\/CN=${SSL_CLIENT_DN_COMMON_NAME}\/emailAddress=${SSL_DN_EMAIL}\"\r\necho \"Generating certificates...\"\r\nopenssl genrsa 2048 > ca-key.pem\r\nopenssl req -new -x509 -nodes -days ${SSL_EXPIRATION} -key ca-key.pem -out ca.pem -subj \"${distinguishedNameCA}\"\r\nopenssl req -newkey rsa:2048 -nodes -keyout server-key.pem -out server-req.pem -subj \"${distinguishedNameServer}\"\r\nopenssl rsa -in server-key.pem -out server-key.pem\r\nopenssl x509 -req -in server-req.pem -days ${SSL_EXPIRATION} -CA ca.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem\r\nopenssl req -newkey rsa:2048 -nodes -keyout client-key.pem -out client-req.pem -subj \"${distinguishedNameClient}\"\r\nopenssl rsa -in client-key.pem -out client-key.pem\r\nopenssl x509 -req -in client-req.pem -days ${SSL_EXPIRATION} -CA ca.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem\r\nrm -f *-req.pem\r\necho \"Verifying certificates...\"\r\nopenssl verify -CAfile ca.pem server-cert.pem client-cert.pem\r\ncd \/mnt\/server\r\nfi\r\n## Prepare config for installation\r\nif [ -f \/mnt\/server\/.my.cnf ]; then\r\nmv \/mnt\/server\/.my.cnf \/mnt\/server\/custom.my.cnf\r\ncurl https:\/\/raw.githubusercontent.com\/lazybytez\/custom-eggs\/master\/eggs\/mariadb-openssl\/install.my.cnf > \/mnt\/server\/.my.cnf\r\nelse\r\ncurl https:\/\/raw.githubusercontent.com\/lazybytez\/custom-eggs\/master\/eggs\/mariadb-openssl\/install.my.cnf > \/mnt\/server\/.my.cnf\r\nfi\r\n## Create directories and run installation\r\nmkdir -p \/mnt\/server\/run\/mysqld\r\nmkdir -p \/mnt\/server\/log\/mysql\r\nmkdir \/mnt\/server\/mysql\r\nmysql_install_db --defaults-file=\/mnt\/server\/.my.cnf\r\n# Copy backed up config back, when there is some\r\nif [ -f \/mnt\/server\/custom.my.cnf ]; then\r\nmv \/mnt\/server\/custom.my.cnf \/mnt\/server\/.my.cnf\r\nelse\r\ncurl https:\/\/raw.githubusercontent.com\/lazybytez\/custom-eggs\/master\/eggs\/mariadb-openssl\/my.cnf > \/mnt\/server\/.my.cnf\r\nfi",
"container": "mariadb:10.3",
"entrypoint": "bash"
}
},
"variables": [
{
"name": "Certificate Expiration",
"description": "The time until the generated certificate expires in days",
"env_variable": "SSL_EXPIRATION",
"default_value": "365",
"user_viewable": true,
"user_editable": true,
"rules": "required|numeric|gt:0"
},
{
"name": "Force Certificate Generation",
"description": "Enter \"true\" to force the installation script to regenerate the self-signed certificate, even if some certificate already exists.\r\nIf your current certificate expires, you can temporarily set this option to true to trigger the certificate generator when running the installation script.",
"env_variable": "SSL_REGENERATE",
"default_value": "false",
"user_viewable": true,
"user_editable": true,
"rules": "required|string|in:true,false"
},
{
"name": "DN: Coutry Name",
"description": "The country name (2 letter country code) supplied for the DN of your certificate.",
"env_variable": "SSL_DN_COUNTRY_CODE",
"default_value": "AU",
"user_viewable": true,
"user_editable": true,
"rules": "nullable|string|max:2"
},
{
"name": "DN: State Name",
"description": "The state name supplied for the DN of your certificate.",
"env_variable": "SSL_DN_STATE_NAME",
"default_value": "Some-State",
"user_viewable": true,
"user_editable": true,
"rules": "nullable|string"
},
{
"name": "DN: Locality Name",
"description": "The name of a location (e.g. city) supplied for the DN of your certificate",
"env_variable": "SSL_DN_LOCALITY_NAME",
"default_value": "",
"user_viewable": true,
"user_editable": true,
"rules": "nullable|string"
},
{
"name": "DN: Company Name",
"description": "The company name supplied for the DN of your certificate.",
"env_variable": "SSL_DN_COMPANY_NAME",
"default_value": "Internet Widgits Pty Ltd",
"user_viewable": true,
"user_editable": true,
"rules": "nullable|string"
},
{
"name": "DN: Organizational Unit Name",
"description": "The organizational unit name supplied for the DN of your certificate",
"env_variable": "SSL_DN_ORGANIZATIONAL_UNIT_NAME",
"default_value": "",
"user_viewable": true,
"user_editable": true,
"rules": "nullable|string"
},
{
"name": "DN: Email Address",
"description": "The email address supplied for the DN of your certificate",
"env_variable": "SSL_DN_EMAIL",
"default_value": "",
"user_viewable": true,
"user_editable": true,
"rules": "nullable|string"
},
{
"name": "CA DN: Common Name",
"description": "The common name (your FQDN or your name) supplied for the DN of your CA certificate. This should NOT match the \"Server DN: Common Name\" or \"Client DN: Common Name\".",
"env_variable": "SSL_CA_DN_COMMON_NAME",
"default_value": "",
"user_viewable": true,
"user_editable": true,
"rules": "required|string|max:64"
},
{
"name": "Server DN: Common Name",
"description": "The common name (your FQDN or your name) supplied for the DN of your server certificate. This should NOT match the \"CA DN: Common Name\".",
"env_variable": "SSL_SERVER_DN_COMMON_NAME",
"default_value": "",
"user_viewable": true,
"user_editable": true,
"rules": "required|string|max:64"
},
{
"name": "Client DN: Common Name",
"description": "The common name (your FQDN or your name) supplied for the DN of your client certificate. This should NOT match the \"CA DN: Common Name\".",
"env_variable": "SSL_CLIENT_DN_COMMON_NAME",
"default_value": "",
"user_viewable": true,
"user_editable": true,
"rules": "required|string|max:64"
}
]
}