diff options
Diffstat (limited to 'docker/scripts/pre')
| -rwxr-xr-x | docker/scripts/pre/00_change_user.sh | 23 | ||||
| -rwxr-xr-x | docker/scripts/pre/01_write_certifiates_from_env.sh | 33 | ||||
| -rwxr-xr-x | docker/scripts/pre/02_make_snakeoil_certificates.sh | 91 | ||||
| -rwxr-xr-x | docker/scripts/pre/03_make_dhparam.sh | 28 | ||||
| -rwxr-xr-x | docker/scripts/pre/10_erlang_cookie.sh | 25 | ||||
| -rwxr-xr-x | docker/scripts/pre/20_ejabberd_config.sh | 38 |
6 files changed, 238 insertions, 0 deletions
diff --git a/docker/scripts/pre/00_change_user.sh b/docker/scripts/pre/00_change_user.sh new file mode 100755 index 000000000..3edeafb34 --- /dev/null +++ b/docker/scripts/pre/00_change_user.sh @@ -0,0 +1,23 @@ +#!/bin/bash +set -e + +source "${EJABBERD_HOME}/scripts/lib/base_config.sh" +source "${EJABBERD_HOME}/scripts/lib/config.sh" +source "${EJABBERD_HOME}/scripts/lib/base_functions.sh" +source "${EJABBERD_HOME}/scripts/lib/functions.sh" + + +readonly whoami=$(whoami) + + +change_ejabberd_run_user() { + echo "Change ejabberd install user to root..." + sed -i "s/INSTALLUSER=${EJABBERD_USER}/INSTALLUSER=${whoami}/" ${EJABBERDCTL} +} + + +[[ "${whoami}" == "root" ]] \ + && change_ejabberd_run_user + + +exit 0 diff --git a/docker/scripts/pre/01_write_certifiates_from_env.sh b/docker/scripts/pre/01_write_certifiates_from_env.sh new file mode 100755 index 000000000..509b27e20 --- /dev/null +++ b/docker/scripts/pre/01_write_certifiates_from_env.sh @@ -0,0 +1,33 @@ +#!/bin/bash +set -e + +source "${EJABBERD_HOME}/scripts/lib/base_config.sh" +source "${EJABBERD_HOME}/scripts/lib/config.sh" +source "${EJABBERD_HOME}/scripts/lib/base_functions.sh" +source "${EJABBERD_HOME}/scripts/lib/functions.sh" + +# Instead of having to mount a direction, specify the ssl certs +# via environment variables: +# `EJABBERD_SSLCERT_HOST` and `EJABBERD_SSLCERT_{domain_name}`. +# For example: `EJABBERD_SSLCERT_EXAMPLE_COM`. + +write_file_from_env() { + echo "Writing $1 to $2" + mkdir -p "$(dirname $2)" + echo "${!1}" > $2 +} + +# Write the host certificate +is_set ${EJABBERD_SSLCERT_HOST} \ + && write_file_from_env "EJABBERD_SSLCERT_HOST" ${SSLCERTHOST} + +# Write the domain certificates for each XMPP_DOMAIN +for xmpp_domain in ${XMPP_DOMAIN} ; do + var="EJABBERD_SSLCERT_$(echo $xmpp_domain | awk '{print toupper($0)}' | sed 's/\./_/g;s/-/_/g')" + if is_set ${!var} ; then + file_exist "${SSLCERTDIR}/${xmpp_domain}.pem" \ + || write_file_from_env "$var" "${SSLCERTDIR}/${xmpp_domain}.pem" + fi +done + +exit 0 diff --git a/docker/scripts/pre/02_make_snakeoil_certificates.sh b/docker/scripts/pre/02_make_snakeoil_certificates.sh new file mode 100755 index 000000000..0e7f21822 --- /dev/null +++ b/docker/scripts/pre/02_make_snakeoil_certificates.sh @@ -0,0 +1,91 @@ +#!/bin/bash +set -e + +source "${EJABBERD_HOME}/scripts/lib/base_config.sh" +source "${EJABBERD_HOME}/scripts/lib/config.sh" +source "${EJABBERD_HOME}/scripts/lib/base_functions.sh" +source "${EJABBERD_HOME}/scripts/lib/functions.sh" + + +make_snakeoil_certificate() { + local domain=$1 + local certfile=$2 + + openssl req -subj "/CN=${domain}" \ + -new \ + -newkey rsa:4096 \ + -days 365 \ + -nodes \ + -x509 \ + -keyout /tmp/selfsigned.key \ + -out /tmp/selfsigned.crt + + echo "Writing ssl cert and private key to '${certfile}'..." + cat /tmp/selfsigned.crt /tmp/selfsigned.key > ${certfile} + rm /tmp/selfsigned.crt /tmp/selfsigned.key +} + + +make_host_snakeoil_certificate() { + local IFS=@ + local domain='localhost' + local erlang_node=${ERLANG_NODE} + + if is_true ${erlang_node} ; then + domain=${HOSTNAME} + elif is_set ${erlang_node} ; then + set ${erlang_node} + local nodehost=$2 + if is_zero ${nodehost} ; then + domain=${HOSTNAME} + else + domain=${nodehost} + fi + fi + + echo -n "Missing ssl cert for your host. " + echo "Generating snakeoil ssl cert for ${domain}..." + + make_snakeoil_certificate ${domain} ${SSLCERTHOST} +} + + +make_domain_snakeoil_certificate() { + local domain=$1 + local certfile=$2 + + echo -n "Missing ssl cert for your xmpp domain. " + echo "Generating snakeoil ssl cert for ${domain}..." + + make_snakeoil_certificate ${domain} ${certfile} +} + + +## backward compatibility +# link old xmpp_domain.pem file to the first <domainname>.pem in XMPP_DOMAIN +readonly SSLCERTDOMAIN="${SSLCERTDIR}/xmpp_domain.pem" +if file_exist ${SSLCERTDOMAIN} ; then + for xmpp_domain in ${XMPP_DOMAIN} ; do + file_exist "${SSLCERTDIR}/${xmpp_domain}.pem" \ + || ln -s ${SSLCERTDOMAIN} "${SSLCERTDIR}/${xmpp_domain}.pem" + break + done +fi + + +is_true ${EJABBERD_SKIP_MAKE_SSLCERT} \ + && echo "Skip certificate generation" \ + && exit 0 + +# generate host ssl cert if missing +file_exist ${SSLCERTHOST} \ + || make_host_snakeoil_certificate + +# generate xmmp domain ssl certificates if missing +for xmpp_domain in ${XMPP_DOMAIN} ; do + domain_certfile="${SSLCERTDIR}/${xmpp_domain}.pem" + file_exist ${domain_certfile} \ + || make_domain_snakeoil_certificate ${xmpp_domain} ${domain_certfile} +done + +exit 0 diff --git a/docker/scripts/pre/03_make_dhparam.sh b/docker/scripts/pre/03_make_dhparam.sh new file mode 100755 index 000000000..e240210fc --- /dev/null +++ b/docker/scripts/pre/03_make_dhparam.sh @@ -0,0 +1,28 @@ +#!/bin/bash +set -e + +source "${EJABBERD_HOME}/scripts/lib/base_config.sh" +source "${EJABBERD_HOME}/scripts/lib/config.sh" +source "${EJABBERD_HOME}/scripts/lib/base_functions.sh" +source "${EJABBERD_HOME}/scripts/lib/functions.sh" + + +make_dhparam() { + local dhfile=$1 + local bits=$2 + + echo "Writing dh file to '${dhfile}'..." + openssl dhparam -out ${dhfile} ${bits} +} + + +is_true ${EJABBERD_SKIP_MAKE_DHPARAM} \ + && echo "Skip DH param generation" \ + && exit 0 + +if is_true ${EJABBERD_DHPARAM} ; then + file_exist ${SSLDHPARAM} \ + || make_dhparam ${SSLDHPARAM} 4096 +fi + +exit 0 diff --git a/docker/scripts/pre/10_erlang_cookie.sh b/docker/scripts/pre/10_erlang_cookie.sh new file mode 100755 index 000000000..bf276fc12 --- /dev/null +++ b/docker/scripts/pre/10_erlang_cookie.sh @@ -0,0 +1,25 @@ +#!/bin/bash +set -e + +source "${EJABBERD_HOME}/scripts/lib/base_config.sh" +source "${EJABBERD_HOME}/scripts/lib/config.sh" +source "${EJABBERD_HOME}/scripts/lib/base_functions.sh" +source "${EJABBERD_HOME}/scripts/lib/functions.sh" + + +set_erlang_cookie() { + echo "Set erlang cookie to ${ERLANG_COOKIE}..." + echo ${ERLANG_COOKIE} > ${ERLANGCOOKIEFILE} + chmod 400 ${ERLANGCOOKIEFILE} +} + + +file_exist ${FIRST_START_DONE_FILE} \ + && exit 0 + + +# set erlang cookie if ERLANG_COOKIE is set in environemt +is_set ${ERLANG_COOKIE} \ + && set_erlang_cookie + +exit 0 diff --git a/docker/scripts/pre/20_ejabberd_config.sh b/docker/scripts/pre/20_ejabberd_config.sh new file mode 100755 index 000000000..498648c5a --- /dev/null +++ b/docker/scripts/pre/20_ejabberd_config.sh @@ -0,0 +1,38 @@ +#!/bin/bash +set -e + +source "${EJABBERD_HOME}/scripts/lib/base_config.sh" +source "${EJABBERD_HOME}/scripts/lib/config.sh" +source "${EJABBERD_HOME}/scripts/lib/base_functions.sh" +source "${EJABBERD_HOME}/scripts/lib/functions.sh" + + +make_config() { + if [ ! -e ${CONFIGFILE} ]; then + echo "Generating ejabberd config file..." + cat ${CONFIGTEMPLATE} \ + | python -c "${PYTHON_JINJA2}" \ + > ${CONFIGFILE} + else + echo "ejabberd config file exists." + fi + + if [ ! -e ${CTLCONFIGFILE} ]; then + echo "Generating ejabberdctl config file..." + cat ${CTLCONFIGTEMPLATE} \ + | python -c "${PYTHON_JINJA2}" \ + > ${CTLCONFIGFILE} + else + echo "ejabberdctl config file exists." + fi +} + + +file_exist ${FIRST_START_DONE_FILE} \ + && exit 0 + + +# generate config file +make_config + +exit 0 |