prod improvements

docker/prod/standalone/selfsigned/certs.Dockerfile

@@ -8,11 +8,10 @@ ENV OPENSSL_SERVER="${OPENSSL_SUBJ}/CN=localhost"
 ENV OPENSSL_CLIENT="${OPENSSL_SUBJ}/CN=localhost"
 ENV ADDITIONAL_DNS="dns:localhost,dns:127.0.0.1,dns:seb-server"
 
-VOLUME /certs
 WORKDIR /certs
 
-CMD secret=$(cat /config/secret) \
+CMD cp -a /host/config/. /config/ \
-    && echo ${secret} \
+    && secret=$(cat /config/secret) \
     && openssl genrsa -out ca-key.pem 2048 \
     && openssl req -new -x509 -key ca-key.pem -nodes -days 3600 -subj "${OPENSSL_CA}" -out ca.pem \
     && openssl req -newkey rsa:2048 -days 3600 -nodes -subj "${OPENSSL_SERVER}" -keyout server-key.pem -out server-req.pem \
@@ -28,4 +27,8 @@ CMD secret=$(cat /config/secret) \
     && keytool -importcert -trustcacerts -alias sebserver -file sebserver.cert -keystore seb-server-truststore.pkcs12 -storetype PKCS12 -storepass ${secret} -noprompt \
     && keytool -import -alias mariadb-ca -file ca.pem -keystore seb-server-truststore.pkcs12 -storepass ${secret} -srcstoretype PKCS12 -noprompt \
     && keytool -import -alias mariadb-client -file client-cert.pem -keystore seb-server-truststore.pkcs12 -storepass ${secret} -srcstoretype PKCS12 -noprompt \
-    && keytool -import -alias mariadb-server -file server-cert.pem -keystore seb-server-keystore.pkcs12 -storepass ${secret} -srcstoretype PKCS12 -noprompt \
+    && keytool -import -alias mariadb-server -file server-cert.pem -keystore seb-server-keystore.pkcs12 -storepass ${secret} -srcstoretype PKCS12 -noprompt \
+    && chmod 777 -R . \
+    && cp seb-server-keystore.pkcs12 /host/config/ \
+    && cp seb-server-truststore.pkcs12 /host/config/ \
+    && rm /host/config/secret

docker/prod/standalone/selfsigned/config/.gitignore

@@ -1,3 +1,5 @@
 /secrets
 /secret
 /.secret
+/seb-server-keystore.pkcs12
+/seb-server-truststore.pkcs12

docker/prod/standalone/selfsigned/docker-compose.yml

@@ -6,15 +6,16 @@ services:
         dockerfile: certs.Dockerfile
     container_name: gencerts
     volumes:
-        - ./certs:/certs
+        - seb-server-certs:/certs
-        - ./config:/config
+        - seb-server-config:/config
+        - ./config:/host/config
   
   mariadb: 
     image: "mariadb/server:10.3"
     container_name: seb-server-mariadb
     volumes:
-        - ./config:/etc/mysql/conf.d
+        - seb-server-config:/etc/mysql/conf.d
-        - ./certs:/etc/mysql/certs
+        - seb-server-certs:/etc/mysql/certs
         - seb-server-mariadb-data:/var/lib/mysql
     environment:
         - MYSQL_ROOT_PASSWORD_FILE=/etc/mysql/conf.d/secret
@@ -35,8 +36,8 @@ services:
       container_name: seb-server
       
       volumes:
-        - ./config:/sebserver/config
+        - seb-server-config:/sebserver/config
-        - ./certs:/certs
+        - seb-server-certs:/certs
       environment:
         - ADDITIONAL_DNS=dns:127.0.0.1,dns:seb-server
       ports:
@@ -57,4 +58,6 @@ networks:
   seb-server-network:
 
 volumes:
-  seb-server-mariadb-data:
+  seb-server-mariadb-data:
+  seb-server-certs:
+  seb-server-config:

docker/prod/standalone/selfsigned/sebserver.Dockerfile

@@ -26,7 +26,6 @@ WORKDIR /sebserver
 COPY --from=1 /sebserver/target/seb-server-"$SEBSERVER_VERSION".jar /sebserver
 
 CMD secret=$(cat /sebserver/config/secret) \
-        && echo ${secret} \
         && exec java \
             -Xms64M \
             -Xmx1G \
@@ -43,6 +42,7 @@ CMD secret=$(cat /sebserver/config/secret) \
             --spring.config.location=file:/sebserver/config/,classpath:/config/ \
             --sebserver.certs.password="${secret}" \ 
             --sebserver.mariadb.password="${secret}" \
-            --sebserver.password="${secret}" 
+            --sebserver.password="${secret}"
+        
 
 EXPOSE 443 8080 9090