prod improvements

2019-09-06 13:50:17 +02:00 · 2019-09-06 13:50:17 +02:00 · e0bd8b16a8
commit e0bd8b16a8
parent c98460b3ee
4 changed files with 21 additions and 13 deletions
--- a/docker/prod/standalone/selfsigned/certs.Dockerfile
+++ b/docker/prod/standalone/selfsigned/certs.Dockerfile
@ -8,11 +8,10 @@ ENV OPENSSL_SERVER="${OPENSSL_SUBJ}/CN=localhost"
 ENV OPENSSL_CLIENT="${OPENSSL_SUBJ}/CN=localhost"
 ENV ADDITIONAL_DNS="dns:localhost,dns:127.0.0.1,dns:seb-server"

-VOLUME /certs
 WORKDIR /certs

-CMD secret=$(cat /config/secret) \
-    && echo ${secret} \
+CMD cp -a /host/config/. /config/ \
+    && secret=$(cat /config/secret) \
    && openssl genrsa -out ca-key.pem 2048 \
    && openssl req -new -x509 -key ca-key.pem -nodes -days 3600 -subj "${OPENSSL_CA}" -out ca.pem \
    && openssl req -newkey rsa:2048 -days 3600 -nodes -subj "${OPENSSL_SERVER}" -keyout server-key.pem -out server-req.pem \
@ -29,3 +28,7 @@ CMD secret=$(cat /config/secret) \
    && keytool -import -alias mariadb-ca -file ca.pem -keystore seb-server-truststore.pkcs12 -storepass ${secret} -srcstoretype PKCS12 -noprompt \
    && keytool -import -alias mariadb-client -file client-cert.pem -keystore seb-server-truststore.pkcs12 -storepass ${secret} -srcstoretype PKCS12 -noprompt \
    && keytool -import -alias mariadb-server -file server-cert.pem -keystore seb-server-keystore.pkcs12 -storepass ${secret} -srcstoretype PKCS12 -noprompt \
+    && chmod 777 -R . \
+    && cp seb-server-keystore.pkcs12 /host/config/ \
+    && cp seb-server-truststore.pkcs12 /host/config/ \
+    && rm /host/config/secret
--- a/docker/prod/standalone/selfsigned/config/.gitignore
+++ b/docker/prod/standalone/selfsigned/config/.gitignore
@ -1,3 +1,5 @@
 /secrets
 /secret
 /.secret
+/seb-server-keystore.pkcs12
+/seb-server-truststore.pkcs12
--- a/docker/prod/standalone/selfsigned/docker-compose.yml
+++ b/docker/prod/standalone/selfsigned/docker-compose.yml
@ -6,15 +6,16 @@ services:
        dockerfile: certs.Dockerfile
    container_name: gencerts
    volumes:
-        - ./certs:/certs
-        - ./config:/config
+        - seb-server-certs:/certs
+        - seb-server-config:/config
+        - ./config:/host/config
  
  mariadb: 
    image: "mariadb/server:10.3"
    container_name: seb-server-mariadb
    volumes:
-        - ./config:/etc/mysql/conf.d
-        - ./certs:/etc/mysql/certs
+        - seb-server-config:/etc/mysql/conf.d
+        - seb-server-certs:/etc/mysql/certs
        - seb-server-mariadb-data:/var/lib/mysql
    environment:
        - MYSQL_ROOT_PASSWORD_FILE=/etc/mysql/conf.d/secret
@ -35,8 +36,8 @@ services:
      container_name: seb-server
      
      volumes:
-        - ./config:/sebserver/config
-        - ./certs:/certs
+        - seb-server-config:/sebserver/config
+        - seb-server-certs:/certs
      environment:
        - ADDITIONAL_DNS=dns:127.0.0.1,dns:seb-server
      ports:
@ -58,3 +59,5 @@ networks:

 volumes:
  seb-server-mariadb-data:
+  seb-server-certs:
+  seb-server-config:
--- a/docker/prod/standalone/selfsigned/sebserver.Dockerfile
+++ b/docker/prod/standalone/selfsigned/sebserver.Dockerfile
@ -26,7 +26,6 @@ WORKDIR /sebserver
 COPY --from=1 /sebserver/target/seb-server-"$SEBSERVER_VERSION".jar /sebserver

 CMD secret=$(cat /sebserver/config/secret) \
-        && echo ${secret} \
        && exec java \
            -Xms64M \
            -Xmx1G \
@ -45,4 +44,5 @@ CMD secret=$(cat /sebserver/config/secret) \
            --sebserver.mariadb.password="${secret}" \
            --sebserver.password="${secret}"
        
+
 EXPOSE 443 8080 9090