From eb11b1311c02e5ed2f0e2db2628a0a7d8190129d Mon Sep 17 00:00:00 2001 From: Mauro Torrez Date: Sat, 12 Oct 2019 00:11:32 -0300 Subject: [PATCH] tls support --- 14.0/unit/Dockerfile | 11 +++++++++-- 15.0/unit/Dockerfile | 11 +++++++++-- 16.0/unit/Dockerfile | 11 +++++++++-- 17.0/unit/Dockerfile | 11 +++++++++-- Dockerfile-unit.template | 11 +++++++++-- 5 files changed, 45 insertions(+), 10 deletions(-) diff --git a/14.0/unit/Dockerfile b/14.0/unit/Dockerfile index 5e6aec0..f130e00 100644 --- a/14.0/unit/Dockerfile +++ b/14.0/unit/Dockerfile @@ -37,6 +37,7 @@ RUN set -ex; \ php-xml \ php-mbstring \ php-curl \ + ssl-cert \ ; \ \ rm -rf /var/lib/apt/lists/* @@ -101,13 +102,19 @@ RUN \ touch /var/www/html/index.php /var/www/html/index.php.remove; \ } \ && unitd --control unix:/var/run/control.unit.sock \ + && cat /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/private/ssl-cert-snakeoil.key | \ + curl -X PUT --data-binary @- --unix-socket /var/run/control.unit.sock \ + http://localhost/certificates/default \ && curl -X PUT --data-binary \ '{ \ "listeners": { \ "*:9000": { "pass": "routes/main" }, \ "*:9001": { "pass": "routes/dynamic" }, \ "*:9002": { "pass": "routes/static" }, \ - "*:9003": { "pass": "routes/direct" } \ + "*:9003": { "pass": "routes/direct" }, \ + "*:9011": { "pass": "routes/dynamic", "tls": { "certificate": "default" } }, \ + "*:9012": { "pass": "routes/static", "tls": { "certificate": "default" } }, \ + "*:9013": { "pass": "routes/direct", "tls": { "certificate": "default" } } \ }, \ "routes": { \ "main": [ \ @@ -159,7 +166,7 @@ RUN \ rm /var/www/html/index.php /var/www/html/index.php.remove; \ } -EXPOSE 9000 9001 9002 9003 +EXPOSE 9000 9001 9002 9003 9011 9012 9013 ENTRYPOINT ["/entrypoint.sh"] STOPSIGNAL SIGTERM CMD ["unitd", "--no-daemon", "--control", "unix:/var/run/control.unit.sock"] diff --git a/15.0/unit/Dockerfile b/15.0/unit/Dockerfile index 4a10e5d..fef836a 100644 --- a/15.0/unit/Dockerfile +++ b/15.0/unit/Dockerfile @@ -37,6 +37,7 @@ RUN set -ex; \ php-xml \ php-mbstring \ php-curl \ + ssl-cert \ ; \ \ rm -rf /var/lib/apt/lists/* @@ -101,13 +102,19 @@ RUN \ touch /var/www/html/index.php /var/www/html/index.php.remove; \ } \ && unitd --control unix:/var/run/control.unit.sock \ + && cat /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/private/ssl-cert-snakeoil.key | \ + curl -X PUT --data-binary @- --unix-socket /var/run/control.unit.sock \ + http://localhost/certificates/default \ && curl -X PUT --data-binary \ '{ \ "listeners": { \ "*:9000": { "pass": "routes/main" }, \ "*:9001": { "pass": "routes/dynamic" }, \ "*:9002": { "pass": "routes/static" }, \ - "*:9003": { "pass": "routes/direct" } \ + "*:9003": { "pass": "routes/direct" }, \ + "*:9011": { "pass": "routes/dynamic", "tls": { "certificate": "default" } }, \ + "*:9012": { "pass": "routes/static", "tls": { "certificate": "default" } }, \ + "*:9013": { "pass": "routes/direct", "tls": { "certificate": "default" } } \ }, \ "routes": { \ "main": [ \ @@ -159,7 +166,7 @@ RUN \ rm /var/www/html/index.php /var/www/html/index.php.remove; \ } -EXPOSE 9000 9001 9002 9003 +EXPOSE 9000 9001 9002 9003 9011 9012 9013 ENTRYPOINT ["/entrypoint.sh"] STOPSIGNAL SIGTERM CMD ["unitd", "--no-daemon", "--control", "unix:/var/run/control.unit.sock"] diff --git a/16.0/unit/Dockerfile b/16.0/unit/Dockerfile index be5fa7e..f83fa70 100644 --- a/16.0/unit/Dockerfile +++ b/16.0/unit/Dockerfile @@ -37,6 +37,7 @@ RUN set -ex; \ php-xml \ php-mbstring \ php-curl \ + ssl-cert \ ; \ \ rm -rf /var/lib/apt/lists/* @@ -101,13 +102,19 @@ RUN \ touch /var/www/html/index.php /var/www/html/index.php.remove; \ } \ && unitd --control unix:/var/run/control.unit.sock \ + && cat /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/private/ssl-cert-snakeoil.key | \ + curl -X PUT --data-binary @- --unix-socket /var/run/control.unit.sock \ + http://localhost/certificates/default \ && curl -X PUT --data-binary \ '{ \ "listeners": { \ "*:9000": { "pass": "routes/main" }, \ "*:9001": { "pass": "routes/dynamic" }, \ "*:9002": { "pass": "routes/static" }, \ - "*:9003": { "pass": "routes/direct" } \ + "*:9003": { "pass": "routes/direct" }, \ + "*:9011": { "pass": "routes/dynamic", "tls": { "certificate": "default" } }, \ + "*:9012": { "pass": "routes/static", "tls": { "certificate": "default" } }, \ + "*:9013": { "pass": "routes/direct", "tls": { "certificate": "default" } } \ }, \ "routes": { \ "main": [ \ @@ -159,7 +166,7 @@ RUN \ rm /var/www/html/index.php /var/www/html/index.php.remove; \ } -EXPOSE 9000 9001 9002 9003 +EXPOSE 9000 9001 9002 9003 9011 9012 9013 ENTRYPOINT ["/entrypoint.sh"] STOPSIGNAL SIGTERM CMD ["unitd", "--no-daemon", "--control", "unix:/var/run/control.unit.sock"] diff --git a/17.0/unit/Dockerfile b/17.0/unit/Dockerfile index 9c842d9..76a7e3d 100644 --- a/17.0/unit/Dockerfile +++ b/17.0/unit/Dockerfile @@ -37,6 +37,7 @@ RUN set -ex; \ php-xml \ php-mbstring \ php-curl \ + ssl-cert \ ; \ \ rm -rf /var/lib/apt/lists/* @@ -101,13 +102,19 @@ RUN \ touch /var/www/html/index.php /var/www/html/index.php.remove; \ } \ && unitd --control unix:/var/run/control.unit.sock \ + && cat /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/private/ssl-cert-snakeoil.key | \ + curl -X PUT --data-binary @- --unix-socket /var/run/control.unit.sock \ + http://localhost/certificates/default \ && curl -X PUT --data-binary \ '{ \ "listeners": { \ "*:9000": { "pass": "routes/main" }, \ "*:9001": { "pass": "routes/dynamic" }, \ "*:9002": { "pass": "routes/static" }, \ - "*:9003": { "pass": "routes/direct" } \ + "*:9003": { "pass": "routes/direct" }, \ + "*:9011": { "pass": "routes/dynamic", "tls": { "certificate": "default" } }, \ + "*:9012": { "pass": "routes/static", "tls": { "certificate": "default" } }, \ + "*:9013": { "pass": "routes/direct", "tls": { "certificate": "default" } } \ }, \ "routes": { \ "main": [ \ @@ -159,7 +166,7 @@ RUN \ rm /var/www/html/index.php /var/www/html/index.php.remove; \ } -EXPOSE 9000 9001 9002 9003 +EXPOSE 9000 9001 9002 9003 9011 9012 9013 ENTRYPOINT ["/entrypoint.sh"] STOPSIGNAL SIGTERM CMD ["unitd", "--no-daemon", "--control", "unix:/var/run/control.unit.sock"] diff --git a/Dockerfile-unit.template b/Dockerfile-unit.template index a35057b..52989ff 100644 --- a/Dockerfile-unit.template +++ b/Dockerfile-unit.template @@ -36,6 +36,7 @@ RUN set -ex; \ php-xml \ php-mbstring \ php-curl \ + ssl-cert \ ; \ \ rm -rf /var/lib/apt/lists/* @@ -100,13 +101,19 @@ RUN \ touch /var/www/html/index.php /var/www/html/index.php.remove; \ } \ && unitd --control unix:/var/run/control.unit.sock \ + && cat /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/private/ssl-cert-snakeoil.key | \ + curl -X PUT --data-binary @- --unix-socket /var/run/control.unit.sock \ + http://localhost/certificates/default \ && curl -X PUT --data-binary \ '{ \ "listeners": { \ "*:9000": { "pass": "routes/main" }, \ "*:9001": { "pass": "routes/dynamic" }, \ "*:9002": { "pass": "routes/static" }, \ - "*:9003": { "pass": "routes/direct" } \ + "*:9003": { "pass": "routes/direct" }, \ + "*:9011": { "pass": "routes/dynamic", "tls": { "certificate": "default" } }, \ + "*:9012": { "pass": "routes/static", "tls": { "certificate": "default" } }, \ + "*:9013": { "pass": "routes/direct", "tls": { "certificate": "default" } } \ }, \ "routes": { \ "main": [ \ @@ -158,7 +165,7 @@ RUN \ rm /var/www/html/index.php /var/www/html/index.php.remove; \ } -EXPOSE 9000 9001 9002 9003 +EXPOSE 9000 9001 9002 9003 9011 9012 9013 ENTRYPOINT ["/entrypoint.sh"] STOPSIGNAL SIGTERM CMD ["unitd", "--no-daemon", "--control", "unix:/var/run/control.unit.sock"]