add an entrypoint script that allows setting secrets from a file; version the upstream containers

This commit is contained in:
kaysond 2021-11-24 22:43:49 -08:00 committed by nitnelave
parent df889ee2fe
commit 859ed97ca8
3 changed files with 27 additions and 3 deletions

View File

@ -1,5 +1,5 @@
# Build image # Build image
FROM rust:alpine AS chef FROM rust:alpine3.14 AS chef
RUN set -x \ RUN set -x \
# Add user # Add user
@ -40,7 +40,7 @@ RUN cargo build --release -p lldap \
&& ./app/build.sh && ./app/build.sh
# Final image # Final image
FROM alpine FROM alpine:3.14
RUN set -x \ RUN set -x \
# Add user # Add user
@ -54,16 +54,20 @@ RUN set -x \
# Create the /data folder # Create the /data folder
&& mkdir /data && chown app:app /data && mkdir /data && chown app:app /data
RUN apk add --no-cache bash
USER app USER app
WORKDIR /app WORKDIR /app
COPY --chown=app:app --from=builder /app/app/index.html /app/app/main.js app/ COPY --chown=app:app --from=builder /app/app/index.html /app/app/main.js app/
COPY --chown=app:app --from=builder /app/app/pkg app/pkg COPY --chown=app:app --from=builder /app/app/pkg app/pkg
COPY --chown=app:app --from=builder /app/target/release/lldap lldap COPY --chown=app:app --from=builder /app/target/release/lldap lldap
COPY docker-entrypoint.sh .
ENV LDAP_PORT=3890 ENV LDAP_PORT=3890
ENV HTTP_PORT=17170 ENV HTTP_PORT=17170
EXPOSE ${LDAP_PORT} ${HTTP_PORT} EXPOSE ${LDAP_PORT} ${HTTP_PORT}
CMD ["/app/lldap", "run", "--config-file", "/data/lldap_config.toml"] ENTRYPOINT ["/app/docker-entrypoint.sh"]
CMD ["run", "--config-file", "/data/lldap_config.toml"]

View File

@ -71,6 +71,8 @@ Configure the server by copying the `lldap_config.docker_template.toml` to
Environment variables should be prefixed with `LLDAP_` to override the Environment variables should be prefixed with `LLDAP_` to override the
configuration. configuration.
Secrets can also be set through a file. The filename should be specified by the variables `LLDAP_JWT_SECRET_FILE` or `LLDAP_USER_PASS_FILE`, and the file contents are loaded into the respective configuration parameters. Note that `_FILE` variables take precedence.
Example for docker compose: Example for docker compose:
```yaml ```yaml

18
docker-entrypoint.sh Executable file
View File

@ -0,0 +1,18 @@
#!/usr/bin/env bash
set -euo pipefail
for SECRET in LLDAP_JWT_SECRET LLDAP_LDAP_USER_PASS; do
FILE_VAR="${SECRET}_FILE"
SECRET_FILE="${!FILE_VAR:-}"
if [[ -n "$SECRET_FILE" ]]; then
if [[ -f "$SECRET_FILE" ]]; then
declare "$SECRET=$(cat $SECRET_FILE)"
export "$SECRET"
echo "[entrypoint] Set $SECRET from $SECRET_FILE"
else
echo "[entrypoint] Could not read contents of $SECRET_FILE (specified in $FILE_VAR)" >&2
fi
fi
done
exec /app/lldap "$@"