add overrides to control mod_md (TLS) settings

docker-compose.prod.yml

@@ -0,0 +1,11 @@
+services:
+  httpd:
+    ports:
+      - "${HTTP_PORT:-80}:80"
+      - "${HTTPS_PORT:-443}:443"
+    environment:
+      MD_CERTIFICATE_AUTHORITY: "https://acme-v02.api.letsencrypt.org/directory"
+      MD_CERTIFICATE_FILE: ""
+      MD_CERTIFICATE_KEY_FILE: ""
+      SERVER_NAME: "pacosako.jessemcdonald.info"
+    command: [ "httpd", "-D", "FOREGROUND" ]

docker-compose.staging.yml

@@ -0,0 +1,11 @@
+services:
+  httpd:
+    ports:
+      - "${HTTP_PORT:-80}:80"
+      - "${HTTPS_PORT:-443}:443"
+    environment:
+      MD_CERTIFICATE_AUTHORITY: "https://acme-staging-v02.api.letsencrypt.org/directory"
+      MD_CERTIFICATE_FILE: ""
+      MD_CERTIFICATE_KEY_FILE: ""
+      SERVER_NAME: "pacosako-staging.jessemcdonald.info"
+    command: [ "httpd", "-D", "FOREGROUND" ]

docker-compose.yml

@@ -1,19 +1,25 @@
 services:
   httpd:
+    image: paco_sako_httpd
     build:
       context: httpd
       network: host
     ports:
-      - "${HTTP_PORT:-80}:80"
+      - "${HTTP_PORT:-8088}:80"
-      - "${HTTPS_PORT:-443}:443"
+      - "${HTTPS_PORT:-8043}:443"
     networks:
       - front-tier
       - back-tier
     environment:
-      SERVER_NAME: "${SERVER_NAME:-pacosako.jessemcdonald.info}"
+      MD_CERTIFICATE_AUTHORITY: "https://acme-staging-v02.api.letsencrypt.org/directory"
+      MD_CERTIFICATE_FILE: "/usr/local/apache2/conf/testing.crt"
+      MD_CERTIFICATE_KEY_FILE: "/usr/local/apache2/conf/testing.key"
+      SERVER_NAME: "pacosako-dev"
       API_SERVER: "app:80"
+    command: [ "httpd", "-D", "FOREGROUND", "-D", "STATIC_CERT" ]
 
   app:
+    image: paco_sako_app
     build:
       context: app
       network: host

httpd/conf/sites/pacosako-ssl.conf

@@ -1,12 +1,15 @@
 <IfModule mod_ssl.c>
 <IfModule mod_md.c>
 <MDomainSet ${SERVER_NAME}>
-	#MDCertificateAuthority https://acme-v02.api.letsencrypt.org/directory
+	MDCertificateAuthority ${MD_CERTIFICATE_AUTHORITY}
-	MDCertificateAuthority https://acme-staging-v02.api.letsencrypt.org/directory
 	MDCertificateAgreement https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
+	<IfDefine STATIC_CERT>
+		MDCertificateFile ${MD_CERTIFICATE_FILE}
+		MDCertificateKeyFile ${MD_CERTIFICATE_KEY_FILE}
+		MDRenewMode manual
+	</IfDefine>
 	MDRequireHttps temporary
-	MDCertificateFile /usr/local/apache2/conf/testing.crt
+	MDPrivateKeys secp256r1 rsa3072
-	MDCertificateKeyFile /usr/local/apache2/conf/testing.key
 </MDomainSet>
 
 <VirtualHost *:443>