add overrides to control mod_md (TLS) settings

2021-09-26 02:17:04 -05:00 · 2021-09-26 02:17:04 -05:00 · eb25d212ad
parent 647a95be5c
commit eb25d212ad
4 changed files with 38 additions and 7 deletions
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@ -0,0 +1,11 @@
+services:
+  httpd:
+    ports:
+      - "${HTTP_PORT:-80}:80"
+      - "${HTTPS_PORT:-443}:443"
+    environment:
+      MD_CERTIFICATE_AUTHORITY: "https://acme-v02.api.letsencrypt.org/directory"
+      MD_CERTIFICATE_FILE: ""
+      MD_CERTIFICATE_KEY_FILE: ""
+      SERVER_NAME: "pacosako.jessemcdonald.info"
+    command: [ "httpd", "-D", "FOREGROUND" ]
--- a/docker-compose.staging.yml
+++ b/docker-compose.staging.yml
@ -0,0 +1,11 @@
+services:
+  httpd:
+    ports:
+      - "${HTTP_PORT:-80}:80"
+      - "${HTTPS_PORT:-443}:443"
+    environment:
+      MD_CERTIFICATE_AUTHORITY: "https://acme-staging-v02.api.letsencrypt.org/directory"
+      MD_CERTIFICATE_FILE: ""
+      MD_CERTIFICATE_KEY_FILE: ""
+      SERVER_NAME: "pacosako-staging.jessemcdonald.info"
+    command: [ "httpd", "-D", "FOREGROUND" ]
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,19 +1,25 @@
 services:
  httpd:
+    image: paco_sako_httpd
    build:
      context: httpd
      network: host
    ports:
-      - "${HTTP_PORT:-80}:80"
-      - "${HTTPS_PORT:-443}:443"
+      - "${HTTP_PORT:-8088}:80"
+      - "${HTTPS_PORT:-8043}:443"
    networks:
      - front-tier
      - back-tier
    environment:
-      SERVER_NAME: "${SERVER_NAME:-pacosako.jessemcdonald.info}"
+      MD_CERTIFICATE_AUTHORITY: "https://acme-staging-v02.api.letsencrypt.org/directory"
+      MD_CERTIFICATE_FILE: "/usr/local/apache2/conf/testing.crt"
+      MD_CERTIFICATE_KEY_FILE: "/usr/local/apache2/conf/testing.key"
+      SERVER_NAME: "pacosako-dev"
      API_SERVER: "app:80"
+    command: [ "httpd", "-D", "FOREGROUND", "-D", "STATIC_CERT" ]

  app:
+    image: paco_sako_app
    build:
      context: app
      network: host
--- a/httpd/conf/sites/pacosako-ssl.conf
+++ b/httpd/conf/sites/pacosako-ssl.conf
@ -1,12 +1,15 @@
 <IfModule mod_ssl.c>
 <IfModule mod_md.c>
 <MDomainSet ${SERVER_NAME}>
-	#MDCertificateAuthority https://acme-v02.api.letsencrypt.org/directory
-	MDCertificateAuthority https://acme-staging-v02.api.letsencrypt.org/directory
+	MDCertificateAuthority ${MD_CERTIFICATE_AUTHORITY}
 	MDCertificateAgreement https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
+	<IfDefine STATIC_CERT>
+		MDCertificateFile ${MD_CERTIFICATE_FILE}
+		MDCertificateKeyFile ${MD_CERTIFICATE_KEY_FILE}
+		MDRenewMode manual
+	</IfDefine>
 	MDRequireHttps temporary
-	MDCertificateFile /usr/local/apache2/conf/testing.crt
-	MDCertificateKeyFile /usr/local/apache2/conf/testing.key
+	MDPrivateKeys secp256r1 rsa3072
 </MDomainSet>

 <VirtualHost *:443>