From b9aa44f1ce40e724c3209a97d13fb5e03e586dcf Mon Sep 17 00:00:00 2001
From: Carsten Karbach <c.karbach@fz-juelich.de>
Date: Wed, 29 Nov 2017 13:34:30 +0100
Subject: [PATCH] Add steps to configure certificates in container

---
 Dockerfile        |  6 ++++++
 build_docker.sh   | 18 ++++++++++++++++++
 setup.sh          | 24 ++++++++++++++++++++++++
 tests/runtests.sh |  0
 4 files changed, 48 insertions(+)
 create mode 100755 build_docker.sh
 create mode 100755 setup.sh
 mode change 100644 => 100755 tests/runtests.sh

diff --git a/Dockerfile b/Dockerfile
index 11c61c8..413c576 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -45,6 +45,12 @@ RUN php /var/www/html/EventsAPI/utils/install.php
 # DO not allow access to root doc
 RUN echo "deny from all" > /var/www/html/.htaccess
 
+ADD ./servercerts /etc/ssl/certs/
+ADD setup.sh /tmp/
+WORKDIR /tmp
+RUN ./setup.sh
+RUN rm -rf /tmp/*
+
 # Default command       
 CMD ["apachectl", "-D", "FOREGROUND"]
 
diff --git a/build_docker.sh b/build_docker.sh
new file mode 100755
index 0000000..67ff376
--- /dev/null
+++ b/build_docker.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+APACHE_SSL_CERT=./configs/certificates/ssl-cert-eventsapi.pem
+APACHE_SSL_CERT_KEY=./configs/certificates/ssl-cert-eventsapi.key
+
+# Create local relative folder for certificates
+mkdir ./servercerts
+if test -e "$APACHE_SSL_CERT";then
+	cp $APACHE_SSL_CERT ./servercerts/ssl-cert-eventsapi.pem
+fi
+if test -e "$APACHE_SSL_CERT_KEY";then
+	cp $APACHE_SSL_CERT_KEY ./servercerts/ssl-cert-eventsapi.key
+fi
+
+docker build -t karbach/eventsapi:v1 .
+
+#Clear automatically created folders
+rm -rf ./servercerts
diff --git a/setup.sh b/setup.sh
new file mode 100755
index 0000000..e67ecd5
--- /dev/null
+++ b/setup.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+if [[ $(/usr/bin/id -u) -ne 0 ]]; then
+    echo "This script requires root privileges." >&2
+    exit 1
+fi
+
+#Adjust the certificate to use, if a special certificate was injected
+SPECIALCERT=/etc/ssl/certs/ssl-cert-eventsapi.pem
+KEYNAME=ssl-cert-eventsapi.key
+SPECIALCERTKEY="/etc/ssl/certs/"$KEYNAME
+SSLCONFFILE=/etc/apache2/sites-available/default-ssl.conf
+if test -e "$SPECIALCERT";then
+	chmod 644 $SPECIALCERT
+	sed -i -e "\|^[ \t]\+SSLCertificateFile|s|SSLCertificateFile[ \t]\+.*|SSLCertificateFile "$SPECIALCERT"|" $SSLCONFFILE
+fi
+
+if test -e "$SPECIALCERTKEY";then
+	mv $SPECIALCERTKEY /etc/ssl/private
+	chmod 640 "/etc/ssl/private/"$KEYNAME
+	chown root:ssl-cert "/etc/ssl/private/"$KEYNAME
+	sed -i -e "\|^[ \t]\+SSLCertificateKeyFile|s|SSLCertificateKeyFile[ \t]\+.*|SSLCertificateKeyFile /etc/ssl/private/"$KEYNAME"|" $SSLCONFFILE
+fi
+
diff --git a/tests/runtests.sh b/tests/runtests.sh
old mode 100644
new mode 100755
-- 
GitLab