-
Notifications
You must be signed in to change notification settings - Fork 4
/
docker-entrypoint.sh
38 lines (27 loc) · 1.62 KB
/
docker-entrypoint.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
#!/bin/bash
TRUSTSTORE_FILE="/opt/dataportal-backend/truststore/self-signed-truststore.jks"
TRUSTSTORE_PASS=${TRUSTSTORE_PASS:-changeit}
KEY_PASS=${KEY_PASS:-changeit}
shopt -s nullglob
IFS=$'\n'
ca_files=(certs/*.pem)
if [ ! "${#ca_files[@]}" -eq 0 ]; then
echo "# At least one CA file with extension *.pem found in certs folder -> starting dataportal backend with own CAs"
if [[ -f "$TRUSTSTORE_FILE" ]]; then
echo "## Truststore already exists -> resetting truststore"
rm "$TRUSTSTORE_FILE"
fi
keytool -genkey -alias self-signed-truststore -keyalg RSA -keystore "$TRUSTSTORE_FILE" -storepass "$TRUSTSTORE_PASS" -keypass "$KEY_PASS" -dname "CN=self-signed,OU=self-signed,O=self-signed,L=self-signed,S=self-signed,C=TE"
keytool -delete -alias self-signed-truststore -keystore "$TRUSTSTORE_FILE" -storepass "$TRUSTSTORE_PASS" -noprompt
for filename in "${ca_files[@]}"; do
echo "### ADDING CERT: $filename"
keytool -delete -alias "$filename" -keystore "$TRUSTSTORE_FILE" -storepass "$TRUSTSTORE_PASS" -noprompt > /dev/null 2>&1
keytool -importcert -alias "$filename" -file "$filename" -keystore "$TRUSTSTORE_FILE" -storepass "$TRUSTSTORE_PASS" -noprompt
done
echo "### JAVA_OPTS is set to $JAVA_OPTS"
java $JAVA_OPTS -Djavax.net.ssl.trustStore="$TRUSTSTORE_FILE" -Djavax.net.ssl.trustStorePassword="$TRUSTSTORE_PASS" -jar dataportal-backend.jar
else
echo "# No CA *.pem cert files found in /opt/dataportal-backend/certs -> starting dataportal backend without own CAs"
echo "### JAVA_OPTS is set to $JAVA_OPTS"
java $JAVA_OPTS -jar dataportal-backend.jar
fi