ExternalVendorCode/open-balena
1
0
Fork 0
mirror of https://github.com/balena-io/open-balena.git synced 2025-01-08 22:12:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
99dd615e55
open-balena/haproxy/start-haproxy.sh

33 lines
911 B
Bash
Raw Normal View History

certs: Add support for an ACME certificate provider Add a service which will acquire certificates from an ACME cert provider, such as LetsEncrypt (), to allow an openBalena instance to use a publicly trusted certificate instead of the self-signed one it wil generate on setup. Change-type: patch Signed-off-by: Rich Bayliss <rich@balena.io>
2019-03-05 11:36:27 +00:00
#!/bin/sh
OPENBALENA_CERT=/etc/ssl/private/open-balena.pem
mkdir -p "$(dirname "${OPENBALENA_CERT}")"
if [ -f "/certs/open-balena.pem" ]; then
echo "Using certificate from cert-provider..."
cp /certs/open-balena.pem "${OPENBALENA_CERT}"
else
echo "Building certificate from environment variables..."
(
echo "${BALENA_HAPROXY_CRT}" | base64 -d
echo "${BALENA_HAPROXY_KEY}" | base64 -d
echo "${BALENA_ROOT_CA}" | base64 -d
) > "${OPENBALENA_CERT}"
fi
haproxy -f /usr/local/etc/haproxy/haproxy.cfg -W &
HAPROXY_PID=$!
while true; do
inotifywait -r -e create -e modify -e delete /certs
if [ -f "/certs/open-balena.pem" ]; then
echo "Updating certificate from cert-provider..."
cp /certs/open-balena.pem "${OPENBALENA_CERT}"
fi
echo "Certificate change detected. Reloading..."
kill -SIGUSR2 $HAPROXY_PID
sleep 1;
done
Reference in New Issue Copy Permalink