From 59414842dc4c319ac310af8d8ae86e32350597fc Mon Sep 17 00:00:00 2001 From: Tracey Jaquith Date: Sun, 3 Nov 2024 21:48:11 -0800 Subject: [PATCH] adding SELF_MANAGED_CERTS option --- Dockerfile | 1 + etc/Caddyfile.ctmpl | 27 ++++++++++++++++++++------- 2 files changed, 21 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index 838cbe2..79e896f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,6 +12,7 @@ ENV REVERSE_PROXY "" ENV ON_DEMAND_TLS_ASK "" ENV HTTP_DISABLED "" ENV ALLOWED_REMOTE_IPS "" +ENV SELF_MANAGED_CERTS "" ENV HOST_UNAME Linux # replaced at runtime: diff --git a/etc/Caddyfile.ctmpl b/etc/Caddyfile.ctmpl index 4c13d4b..f7feef9 100644 --- a/etc/Caddyfile.ctmpl +++ b/etc/Caddyfile.ctmpl @@ -18,13 +18,6 @@ http:// { } -#example.com { - # Specify the paths to your SSL certificate and private key - # xxx hostname => $dom - # tls /pv/CERTS/$dom.crt /pv/CERTS/$dom.key -#} - - # start off with nice, easy way(s) to get to nomad {{- $NAMES_INTO_NOMAD := env "FQDN" }} {{- $extra := env "NOMAD_ADDR_EXTRA" }} @@ -43,6 +36,11 @@ https://{{- . }} { tls { on_demand } + {{ end }} + {{ if ne (env "SELF_MANAGED_CERTS") "" }} + {{ $dom := . }} + {{ $dom := $dom | regexReplaceAll "^https*://" "" | regexReplaceAll ":[0-9][0-9]+.*$" "" | regexReplaceAll "^[^.]*[.]([^.]*[.][^.]*)$" "$1" | regexReplaceAll "^[^.]*[.]([^.]*[.][^.]*[.][^.]*)$" "$1" }} + tls /pv/CERTS/{{ $dom }}.crt /pv/CERTS/{{ $dom }}.key {{ end }} log } @@ -60,6 +58,11 @@ https://{{- . }} { tls { on_demand } + {{ end }} + {{ if ne (env "SELF_MANAGED_CERTS") "" }} + {{ $dom := $hosty }} + {{ $dom := $dom | regexReplaceAll "^https*://" "" | regexReplaceAll ":[0-9][0-9]+.*$" "" | regexReplaceAll "^[^.]*[.]([^.]*[.][^.]*)$" "$1" | regexReplaceAll "^[^.]*[.]([^.]*[.][^.]*[.][^.]*)$" "$1" }} + tls /pv/CERTS/{{ $dom }}.crt /pv/CERTS/{{ $dom }}.key {{ end }} log } @@ -74,6 +77,11 @@ https://{{ $hosty }} { tls { on_demand } + {{ end }} + {{ if ne (env "SELF_MANAGED_CERTS") "" }} + {{ $dom := $hosty }} + {{ $dom := $dom | regexReplaceAll "^https*://" "" | regexReplaceAll ":[0-9][0-9]+.*$" "" | regexReplaceAll "^[^.]*[.]([^.]*[.][^.]*)$" "$1" | regexReplaceAll "^[^.]*[.]([^.]*[.][^.]*[.][^.]*)$" "$1" }} + tls /pv/CERTS/{{ $dom }}.crt /pv/CERTS/{{ $dom }}.key {{ end }} log } @@ -133,6 +141,11 @@ http://{{ $hosty }} { tls { on_demand } + {{ end }} + {{ if ne (env "SELF_MANAGED_CERTS") "" }} + {{ $dom := $origin }} + {{ $dom := $dom | regexReplaceAll "^https*://" "" | regexReplaceAll ":[0-9][0-9]+.*$" "" | regexReplaceAll "^[^.]*[.]([^.]*[.][^.]*)$" "$1" | regexReplaceAll "^[^.]*[.]([^.]*[.][^.]*[.][^.]*)$" "$1" }} + tls /pv/CERTS/{{ $dom }}.crt /pv/CERTS/{{ $dom }}.key {{ end }} log }