mirror of
https://gitlab.archlinux.org/archlinux/aurweb.git
synced 2025-02-03 10:43:03 +01:00
3b1809e2ea
Now, when a `./cache/production.{cert,key}.pem` pair is found, it is
used in place of any certificates generated by the `ca` service.
This allows users to customize the certificate that the FastAPI
ASGI server uses as well as the front-end nginx certificates.
Optional:
- ./cache/production.cert.pem
- ./cache/production.key.pem
Fallback:
- ./cache/localhost.cert.pem + ./cache/root.ca.pem (chain)
- ./cache/localhost.key.pem
Signed-off-by: Kevin Morris <kevr@0cost.org>
35 lines
1 KiB
Bash
Executable file
35 lines
1 KiB
Bash
Executable file
#!/bin/bash
|
|
set -eou pipefail
|
|
|
|
# If production.{cert,key}.pem exists, prefer them. This allows
|
|
# user customization of the certificates that FastAPI uses.
|
|
# Otherwise, fallback to localhost.{cert,key}.pem, generated by `ca`.
|
|
|
|
CERT=/cache/production.cert.pem
|
|
KEY=/cache/production.key.pem
|
|
|
|
DEST_CERT=/etc/ssl/certs/web.cert.pem
|
|
DEST_KEY=/etc/ssl/private/web.key.pem
|
|
|
|
# Setup a config for our mysql db.
|
|
cp -vf conf/config.dev conf/config
|
|
sed -i "s;YOUR_AUR_ROOT;$(pwd);g" conf/config
|
|
sed -ri 's/^(host) = .+/\1 = mariadb/' conf/config
|
|
sed -ri 's/^(user) = .+/\1 = aur/' conf/config
|
|
sed -ri 's/^;?(password) = .+/\1 = aur/' conf/config
|
|
|
|
# Setup http(s) stuff.
|
|
sed -ri "s|^(aur_location) = .+|\1 = https://localhost:8444|" conf/config
|
|
sed -ri 's/^(disable_http_login) = .+/\1 = 1/' conf/config
|
|
|
|
if [ -f "$CERT" ]; then
|
|
cp -vf "$CERT" "$DEST_CERT"
|
|
cp -vf "$KEY" "$DEST_KEY"
|
|
else
|
|
cat /cache/localhost.cert.pem /cache/ca.root.pem > "$DEST_CERT"
|
|
cp -vf /cache/localhost.key.pem "$DEST_KEY"
|
|
fi
|
|
|
|
cp -vf /docker/config/nginx.conf /etc/nginx/nginx.conf
|
|
|
|
exec "$@"
|