git Service of IN-Ulm e.V. Explore Help
Sign In
ulpeters
/
reverse-proxy
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
reverse-proxy
/
data
/
share-certs.sh

share-certs.sh 806 B
Permalink History Raw

12345678910111213141516171819202122232425262728 
  1. #!/bin/bash
    2. 

  2. 

  3. #---Objective---
    4. 

  4. # Replicates keys to another directory and make them world readable
    5. 

  5. # so other containers can make use of them.
    6. 

  6. 

  7. #---Context---
    8. 

  8. # acme-companion sets the root user as the key owner 
    9. 

  9. # and removes read permission for other users.
    10. 

  10. # Other containers run under unprivileged user IDs, e.g. 1000 or 9000,
    11. 

  11. # and cannot access the keys.
    12. 

  12. 

  13. # Define source and destination directories
    14. 

  14. src_dir="/etc/nginx/certs/"
    15. 

  15. dest_dir="/etc/nginx/certs-shared/"
    16. 

  16. mkdir -p $dest_dir
    17. 

  17. 

  18. # Copy the files and update permissions
    19. 

  19. cp --dereference --update -p $src_dir*.key $src_dir*.crt $dest_dir
    20. 

  20. chmod -R a+r $dest_dir
    21. 

  21. 

  22. # Delete files in the destination that are not in the source
    23. 

  23. for file in $dest_dir*; do
    24. 

  24.   base_file=$(basename "$file")
    25. 

  25.   if [[ ! -e $src_dir$base_file ]]; then
    26. 

  26.     rm "$file"
    27. 

  27.   fi
    28. 

  28. done
    29.