diff --git a/bin/spurious-server b/bin/spurious-server index 26ee477..955ee60 100755 --- a/bin/spurious-server +++ b/bin/spurious-server @@ -9,6 +9,7 @@ require 'eventmachine' require 'spurious/server/options' options = Spurious::Server::Options.new(ENV) +ENV['DOCKER_HOST'] = options.ssl_docker_host Excon.defaults[:write_timeout] = options.write_timeout Excon.defaults[:read_timeout] = options.read_timeout diff --git a/lib/spurious/server/options.rb b/lib/spurious/server/options.rb index 2a00e1d..89dc580 100644 --- a/lib/spurious/server/options.rb +++ b/lib/spurious/server/options.rb @@ -1,7 +1,7 @@ module Spurious module Server class Options - attr_reader :docker_full_path, :docker_host, :docker_port, :docker_api, :server_port, :server_ip, :write_timeout, :read_timeout + attr_reader :docker_full_path, :docker_host, :docker_port, :docker_api, :server_port, :server_ip, :write_timeout, :read_timeout, :cert_path def initialize(env) @docker_host = env['DOCKER_HOST'].nil? ? 'localhost' : env['DOCKER_HOST'][/\/\/([0-9a-z\.]+):/,1] @@ -11,8 +11,33 @@ def initialize(env) @server_ip = env.fetch('SPURIOUS_SERVER_IP', '0.0.0.0') @write_timeout = env.fetch('EXCON_WRITE_TIMEOUT', 30000) @read_timeout = env.fetch('EXCON_READ_TIMEOUT', 30000) + @cert_path = env.fetch('DOCKER_CERT_PATH', nil) + setup_ssl if @cert_path end + def ssl_docker_host + "https://#{docker_host}:#{docker_port}" + end + + protected + + def setup_ssl + Docker.options = { + :client_cert => valid_cert_path?('cert.pem'), + :client_key => valid_cert_path?('key.pem'), + :ssl_ca_file => valid_cert_path?('ca.pem') + } + end + + def valid_cert_path?(cert) + File.join(absolute_cert_path, cert).tap do |path| + raise "Could not find: #{path}, please check it exists in your DOCKER_CERTS_PATH folder" unless File.exists? path + end + end + + def absolute_cert_path + @absolute_cert_path ||= File.expand_path cert_path + end end end end