Create per-daemon selfsigned certs
This commit is contained in:
parent
971057b801
commit
e0136abc34
2
Makefile
2
Makefile
|
@ -30,4 +30,4 @@ clean:
|
|||
.SUFFIXES:
|
||||
|
||||
# Somehow GNU make forgets these are intermediates if not explicitly stated, feel free to look into it *shrug*
|
||||
.INTERMEDIATE: $(BUILD_IDS)
|
||||
.SECONDARY: $(BUILD_IDS)
|
||||
|
|
|
@ -22,3 +22,8 @@ daemons/postgres/${BUILD_ID_OUT}: daemons/postgres/% : \
|
|||
daemons/postgres/postgresql.conf \
|
||||
data/ca/% \
|
||||
data/postgres-cert/%
|
||||
|
||||
daemons/murmurd/${BUILD_ID_OUT}: daemons/murmurd/% : \
|
||||
daemons/murmurd/murmur.ini \
|
||||
data/postgres-cert/% \
|
||||
data/selfsigned/%
|
||||
|
|
|
@ -0,0 +1,17 @@
|
|||
FROM alpine:latest
|
||||
ARG CONFIG=/etc/redxen/murmur/murmur.ini
|
||||
|
||||
RUN --network=host apk add qt5-qtbase-postgresql murmur
|
||||
|
||||
COPY --from=redxen.eu/data/ca:latest /redxen.eu/certs/ca.crt /etc/redxen/mumble-cert/ca.crt
|
||||
COPY --from=redxen.eu/data/selfsigned:latest /redxen.eu/certs/mumble.crt /etc/redxen/mumble-cert/mumble.crt
|
||||
COPY --from=redxen.eu/data/selfsigned:latest /redxen.eu/keys/mumble.key /etc/redxen/mumble-cert/mumble.key
|
||||
|
||||
COPY --from=redxen.eu/data/ca:latest /redxen.eu/certs/ca.crt /root/.postgresql/root.crt
|
||||
COPY --from=redxen.eu/data/postgres-cert:latest /redxen.eu/certs/murmur.crt /root/.postgresql/postgresql.crt
|
||||
COPY --from=redxen.eu/data/postgres-cert:latest /redxen.eu/keys/murmur.key /root/.postgresql/postgresql.key
|
||||
|
||||
ADD murmur.ini $CONFIG
|
||||
|
||||
ENV CONFIG $CONFIG
|
||||
CMD murmurd -fg -ini $CONFIG
|
|
@ -0,0 +1,32 @@
|
|||
database=murmur
|
||||
dbDriver=QPSQL
|
||||
dbUsername=murmur
|
||||
dbHost=localhost
|
||||
dbPort=5432
|
||||
#registerName="[RedXen] Good software lasts long!"
|
||||
#registerPassword=MUMBLE_REGISTER_PASS
|
||||
#registerUrl=https://redxen.eu/
|
||||
#registerHostname=redxen.eu
|
||||
#registerLocation=DE
|
||||
host=
|
||||
opusthreshold=10
|
||||
bandwidth=150000
|
||||
sslCA=/etc/redxen/mumble-cert/ca.crt
|
||||
sslCert=/etc/redxen/mumble-cert/mumble.crt
|
||||
sslKey=/etc/redxen/mumble-cert/mumble.key
|
||||
port=64738
|
||||
timeout=10
|
||||
users=500
|
||||
defaultchannel=1
|
||||
channelname="[\x20-\x7e]{4,32}"
|
||||
username="[\x20-\x7e]{2,32}"
|
||||
welcometext="
|
||||
<center><br />
|
||||
<h1>RedXen Community</h1><br />
|
||||
<a href="https://redxen.eu">[ Homepage ]</a> <a href="https://redxen.eu/telegram">[ Telegram ]</a> <a href="https://git.redxen.eu">[ Gitea ]</a> <a href="https://liberapay.com/RedXen/donate">[ Donate ]</a> <a href="mailto:caskd@redxen.eu">[ Contact ]</a><br />
|
||||
Enjoy your stay!<br />
|
||||
This server is powered by Alpine Linux<br />
|
||||
</center>
|
||||
|
||||
"
|
||||
|
|
@ -2,18 +2,32 @@ FROM alpine:latest as generator
|
|||
|
||||
RUN --network=host apk add openssl
|
||||
|
||||
RUN mkdir "/redxen.eu"
|
||||
COPY --from=redxen.eu/data/ca:latest "/redxen.eu" "/ca"
|
||||
|
||||
RUN mkdir -p "/redxen.eu/certs"
|
||||
RUN mkdir -p "/redxen.eu/keys"
|
||||
|
||||
WORKDIR "/redxen.eu"
|
||||
|
||||
RUN openssl genrsa -out private.key 4096
|
||||
RUN openssl req -new \
|
||||
-x509 \
|
||||
-days 365 \
|
||||
-key private.key \
|
||||
-out public.pem \
|
||||
-subj '/O=RedXen/CN=redxen.eu'
|
||||
# Mumble
|
||||
RUN openssl req \
|
||||
-new \
|
||||
-utf8 \
|
||||
-sha256 \
|
||||
-key /ca/keys/ca.key \
|
||||
-subj "/O=RedXen/CN=mumble" \
|
||||
-nodes \
|
||||
-keyout keys/mumble.key \
|
||||
-out /tmp/mumble.csr
|
||||
|
||||
RUN cat public.pem private.key > fullchain.crt
|
||||
RUN openssl x509 \
|
||||
-req \
|
||||
-in /tmp/mumble.csr \
|
||||
-days 365 \
|
||||
-CA /ca/certs/ca.crt \
|
||||
-CAkey /ca/keys/ca.key \
|
||||
-CAcreateserial \
|
||||
-out certs/mumble.crt
|
||||
|
||||
FROM scratch
|
||||
|
||||
|
|
Loading…
Reference in New Issue