summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRoelof Rietbroek (@grace) <roelof@geod.uni-bonn.de>2018-04-23 15:54:17 +0200
committerFrédéric Guillot <fred@kanboard.net>2018-04-30 11:33:14 -0700
commit93846ee99033084290e885b59b048635916955e5 (patch)
tree24657349d4b9475abbd5cc6ed3bc75f7d6ff4e0c
parent0b475c18509c335087cc3158b5a7e616c1928286 (diff)
add SSL functionality to docker
-rw-r--r--Dockerfile8
-rw-r--r--docker/etc/nginx/nginx.conf3
-rwxr-xr-xdocker/usr/local/bin/entrypoint.sh6
3 files changed, 15 insertions, 2 deletions
diff --git a/Dockerfile b/Dockerfile
index 60c32d84..cb6adf49 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,13 +2,14 @@ FROM alpine:3.7
VOLUME /var/www/app/data
VOLUME /var/www/app/plugins
+VOLUME /etc/nginx/ssl
+EXPOSE 80 443
-EXPOSE 80
ARG VERSION
RUN apk update && \
- apk add unzip nginx bash ca-certificates s6 curl ssmtp mailx php7 php7-phar php7-curl \
+ apk add openssl unzip nginx bash ca-certificates s6 curl ssmtp mailx php7 php7-phar php7-curl \
php7-fpm php7-json php7-zlib php7-xml php7-dom php7-ctype php7-opcache php7-zip php7-iconv \
php7-pdo php7-pdo_mysql php7-pdo_sqlite php7-pdo_pgsql php7-mbstring php7-session \
php7-gd php7-mcrypt php7-openssl php7-sockets php7-posix php7-ldap php7-simplexml && \
@@ -26,5 +27,8 @@ RUN cd /tmp \
ADD docker/ /
+
+
+
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
CMD []
diff --git a/docker/etc/nginx/nginx.conf b/docker/etc/nginx/nginx.conf
index 6ba545f6..5ffbba0a 100644
--- a/docker/etc/nginx/nginx.conf
+++ b/docker/etc/nginx/nginx.conf
@@ -20,6 +20,9 @@ http {
server {
listen 80;
+ listen 443 ssl;
+ ssl_certificate /etc/nginx/ssl/kanboard.crt;
+ ssl_certificate_key /etc/nginx/ssl/kanboard.key;
server_name localhost;
index index.php;
root /var/www/app;
diff --git a/docker/usr/local/bin/entrypoint.sh b/docker/usr/local/bin/entrypoint.sh
index fe49c41b..61ce9207 100755
--- a/docker/usr/local/bin/entrypoint.sh
+++ b/docker/usr/local/bin/entrypoint.sh
@@ -1,5 +1,11 @@
#!/bin/bash
+#generate a new self signed SSL certificate when none is provided in the volume
+if [ ! -f /etc/nginx/ssl/kanboard.key ] || [ ! -f /etc/nginx/ssl/kanboard.crt ]
+then
+ openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/kanboard.key -out /etc/nginx/ssl/kanboard.crt -subj "/C=GB/ST=London/L=London/O=Self Signed/OU=IT Department/CN=kanboard.org"
+fi
+
chown -R nginx:nginx /var/www/app/data
chown -R nginx:nginx /var/www/app/plugins