mirror of
https://github.com/balena-io/open-balena.git
synced 2024-12-22 15:02:22 +00:00
99dd615e55
Add a service which will acquire certificates from an ACME cert provider, such as LetsEncrypt (), to allow an openBalena instance to use a publicly trusted certificate instead of the self-signed one it wil generate on setup. Change-type: patch Signed-off-by: Rich Bayliss <rich@balena.io>
33 lines
911 B
Bash
Executable File
33 lines
911 B
Bash
Executable File
#!/bin/sh
|
|
|
|
OPENBALENA_CERT=/etc/ssl/private/open-balena.pem
|
|
mkdir -p "$(dirname "${OPENBALENA_CERT}")"
|
|
|
|
if [ -f "/certs/open-balena.pem" ]; then
|
|
echo "Using certificate from cert-provider..."
|
|
cp /certs/open-balena.pem "${OPENBALENA_CERT}"
|
|
else
|
|
echo "Building certificate from environment variables..."
|
|
(
|
|
echo "${BALENA_HAPROXY_CRT}" | base64 -d
|
|
echo "${BALENA_HAPROXY_KEY}" | base64 -d
|
|
echo "${BALENA_ROOT_CA}" | base64 -d
|
|
) > "${OPENBALENA_CERT}"
|
|
fi
|
|
|
|
haproxy -f /usr/local/etc/haproxy/haproxy.cfg -W &
|
|
HAPROXY_PID=$!
|
|
|
|
while true; do
|
|
inotifywait -r -e create -e modify -e delete /certs
|
|
|
|
if [ -f "/certs/open-balena.pem" ]; then
|
|
echo "Updating certificate from cert-provider..."
|
|
cp /certs/open-balena.pem "${OPENBALENA_CERT}"
|
|
fi
|
|
|
|
echo "Certificate change detected. Reloading..."
|
|
kill -SIGUSR2 $HAPROXY_PID
|
|
sleep 1;
|
|
done
|