-
Notifications
You must be signed in to change notification settings - Fork 7
/
entrypoint.sh
163 lines (127 loc) · 3.91 KB
/
entrypoint.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
#!/bin/bash
# WORKDIR $CATALINA_HOME
if [ -z "$LETSENCRYPT_CERT_DIR" ] ; then
echo '$LETSENCRYPT_CERT_DIR not set'
exit 1
fi
if [ -z "$PKCS12_PASSWORD" ] ; then
echo '$PKCS12_PASSWORD not set'
exit 1
fi
if [ -z "$JKS_KEY_PASSWORD" ] ; then
echo '$JKS_KEY_PASSWORD not set'
exit 1
fi
if [ -z "$JKS_STORE_PASSWORD" ] ; then
echo '$JKS_STORE_PASSWORD not set'
exit 1
fi
# convert LetsEncrypt certificates
# https://community.letsencrypt.org/t/cry-for-help-windows-tomcat-ssl-lets-encrypt/22902/4
# remove existing keystores
rm -f "$P12_FILE"
rm -f "$JKS_FILE"
# convert PEM to PKCS12
openssl pkcs12 -export \
-in "$LETSENCRYPT_CERT_DIR"/fullchain.pem \
-inkey "$LETSENCRYPT_CERT_DIR"/privkey.pem \
-name "$KEY_ALIAS" \
-out "$P12_FILE" \
-password pass:"$PKCS12_PASSWORD"
# import PKCS12 into JKS
keytool -importkeystore \
-alias "$KEY_ALIAS" \
-destkeypass "$JKS_KEY_PASSWORD" \
-destkeystore "$JKS_FILE" \
-deststorepass "$JKS_STORE_PASSWORD" \
-srckeystore "$P12_FILE" \
-srcstorepass "$PKCS12_PASSWORD" \
-srcstoretype PKCS12
# change server configuration
if [ -n "$HTTP" ] ; then
HTTP_PARAM="--stringparam http $HTTP "
fi
if [ -n "$HTTP_SCHEME" ] ; then
HTTP_SCHEME_PARAM="--stringparam http.scheme $HTTP_SCHEME "
fi
if [ -n "$HTTP_PORT" ] ; then
HTTP_PORT_PARAM="--stringparam http.port $HTTP_PORT "
fi
if [ -n "$HTTP_PROXY_NAME" ] ; then
HTTP_PROXY_NAME_PARAM="--stringparam http.proxyName $HTTP_PROXY_NAME "
fi
if [ -n "$HTTP_PROXY_PORT" ] ; then
HTTP_PROXY_PORT_PARAM="--stringparam http.proxyPort $HTTP_PROXY_PORT "
fi
if [ -n "$HTTP_REDIRECT_PORT" ] ; then
HTTP_REDIRECT_PORT_PARAM="--stringparam http.redirectPort $HTTP_REDIRECT_PORT "
fi
if [ -n "$HTTP_CONNECTION_TIMEOUT" ] ; then
HTTP_CONNECTION_TIMEOUT_PARAM="--stringparam http.connectionTimeout $HTTP_CONNECTION_TIMEOUT "
fi
if [ -n "$HTTP_COMPRESSION" ] ; then
HTTP_COMPRESSION_PARAM="--stringparam http.compression $HTTP_COMPRESSION "
fi
if [ -n "$HTTPS" ] ; then
HTTPS_PARAM="--stringparam https $HTTPS "
fi
if [ -n "$HTTPS_SCHEME" ] ; then
HTTPS_SCHEME_PARAM="--stringparam https.scheme $HTTPS_SCHEME "
fi
if [ -n "$HTTPS_PORT" ] ; then
HTTPS_PORT_PARAM="--stringparam https.port $HTTPS_PORT "
fi
if [ -n "$HTTPS_MAX_THREADS" ] ; then
HTTPS_MAX_THREADS_PARAM="--stringparam https.maxThreads $HTTPS_MAX_THREADS "
fi
if [ -n "$HTTPS_CLIENT_AUTH" ] ; then
HTTPS_CLIENT_AUTH_PARAM="--stringparam https.clientAuth $HTTPS_CLIENT_AUTH "
fi
if [ -n "$HTTPS_PROXY_NAME" ] ; then
HTTPS_PROXY_NAME_PARAM="--stringparam https.proxyName $HTTPS_PROXY_NAME "
fi
if [ -n "$HTTPS_PROXY_PORT" ] ; then
HTTPS_PROXY_PORT_PARAM="--stringparam https.proxyPort $HTTPS_PROXY_PORT "
fi
if [ -n "$HTTPS_COMPRESSION" ] ; then
HTTPS_COMPRESSION_PARAM="--stringparam https.compression $HTTPS_COMPRESSION "
fi
if [ -n "$JKS_FILE" ] ; then
JKS_FILE_PARAM="--stringparam https.keystoreFile $JKS_FILE "
fi
if [ -n "$JKS_KEY_PASSWORD" ] ; then
JKS_KEY_PASSWORD_PARAM="--stringparam https.keystorePass $JKS_KEY_PASSWORD "
fi
if [ -n "$KEY_ALIAS" ] ; then
KEY_ALIAS_PARAM="--stringparam https.keyAlias $KEY_ALIAS "
fi
if [ -n "$JKS_STORE_PASSWORD" ] ; then
JKS_STORE_PASSWORD_PARAM="--stringparam https.keyPass $JKS_STORE_PASSWORD "
fi
transform="xsltproc \
--output conf/server.xml \
$HTTP_PARAM \
$HTTP_SCHEME_PARAM \
$HTTP_PORT_PARAM \
$HTTP_PROXY_NAME_PARAM \
$HTTP_PROXY_PORT_PARAM \
$HTTP_REDIRECT_PORT_PARAM \
$HTTP_CONNECTION_TIMEOUT_PARAM \
$HTTP_COMPRESSION_PARAM \
$HTTPS_PARAM \
$HTTPS_SCHEME_PARAM \
$HTTPS_PORT_PARAM \
$HTTPS_MAX_THREADS_PARAM \
$HTTPS_CLIENT_AUTH_PARAM \
$HTTPS_PROXY_NAME_PARAM \
$HTTPS_PROXY_PORT_PARAM \
$HTTPS_COMPRESSION_PARAM \
$JKS_FILE_PARAM \
$JKS_KEY_PASSWORD_PARAM \
$KEY_ALIAS_PARAM \
$JKS_STORE_PASSWORD_PARAM \
conf/letsencrypt-tomcat.xsl \
conf/server.xml"
eval "$transform"
# run Tomcat
catalina.sh run