From c225d8bfcbcc3f88883015b465426767d0f06d25 Mon Sep 17 00:00:00 2001 From: Valtteri Valtia Date: Mon, 27 Apr 2020 12:27:14 +0300 Subject: [PATCH 1/3] Rahti: add certificate to store - If certificate exists under /rems/certs/ add it to cacerts certificate store before starting rems Signed-off-by: Valtteri Valtia --- Dockerfile | 2 ++ docker-entrypoint.sh | 13 +++++++++++++ 2 files changed, 15 insertions(+) diff --git a/Dockerfile b/Dockerfile index b931c4bce8..24839c9ce9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,3 +8,5 @@ ENTRYPOINT ["./docker-entrypoint.sh"] COPY empty-config.edn /rems/config/config.edn COPY target/uberjar/rems.jar /rems/rems.jar COPY docker-entrypoint.sh /rems/docker-entrypoint.sh + +RUN chmod 664 /usr/local/openjdk-11/lib/security/cacerts diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index ab6674965f..132ab4d119 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -4,6 +4,19 @@ cd rems [ -z "$COMMANDS" ] && COMMANDS="run" +certfile=$(ls /rems/certs) + +if [ ! -z ${certfile} ] && [ "${certfile}" != "null" ] ; then + keytool -importcert -cacerts -noprompt \ + -storepass changeit \ + -file /rems/certs/${certfile} \ + -alias ${certfile} + + keytool -storepasswd -cacerts \ + -storepass changeit \ + -new $(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 20) +fi + for COMMAND in $COMMANDS do if [ "${COMMAND}" = "run" ] ; then From e8d3af661372ad80c5747fe4d2be78611e1fda6f Mon Sep 17 00:00:00 2001 From: Valtteri Valtia Date: Wed, 29 Apr 2020 06:56:59 +0300 Subject: [PATCH 2/3] Add rems docker md fil:e Signed-off-by: Valtteri Valtia --- docs/docker.md | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 docs/docker.md diff --git a/docs/docker.md b/docs/docker.md new file mode 100644 index 0000000000..e8f5327c8f --- /dev/null +++ b/docs/docker.md @@ -0,0 +1,8 @@ +# Deploy Rems in docker + +1. Build rems with lein or copy rems.jar to target/uberjar/rems.jar +2. Build rems docker image. Use the docker file located in the root directory of rems git. +Example command: `docker build /path/to/rems/git/root/dir/ -t rems:tag` +2. Mount your config.edn file to /rems/config/config.edn in the container (Optional) +3. Mount certificate to be added to rems certificate store to /rems/certs/. +This process currecntly supports only one certificate. (Optional) From 833e1626b73961c827ca0073a131996102210480 Mon Sep 17 00:00:00 2001 From: Valtteri Valtia Date: Wed, 29 Apr 2020 09:46:11 +0300 Subject: [PATCH 3/3] Add docker md file to Dockerfile as reference (as comment) Signed-off-by: Valtteri Valtia --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index 24839c9ce9..7bd1978492 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,3 +1,5 @@ +# For documentation see docs/docker.md + FROM openjdk:11-jre-slim RUN mkdir /rems