From c77368ee705db354bfd1b291c3b0f12e88d8033f Mon Sep 17 00:00:00 2001 From: andryyy Date: Tue, 12 Mar 2019 23:24:03 +0100 Subject: [PATCH] [ACME] Set mode 600 for key files --- data/Dockerfiles/acme/docker-entrypoint.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/data/Dockerfiles/acme/docker-entrypoint.sh b/data/Dockerfiles/acme/docker-entrypoint.sh index bb9a5a53..c8501168 100755 --- a/data/Dockerfiles/acme/docker-entrypoint.sh +++ b/data/Dockerfiles/acme/docker-entrypoint.sh @@ -42,7 +42,6 @@ mkdir -p ${ACME_BASE}/acme [[ -f ${ACME_BASE}/acme/private/privkey.pem ]] && mv ${ACME_BASE}/acme/private/privkey.pem ${ACME_BASE}/acme/key.pem [[ -f ${ACME_BASE}/acme/private/account.key ]] && mv ${ACME_BASE}/acme/private/account.key ${ACME_BASE}/acme/account.pem - reload_configurations(){ # Reading container IDs # Wrapping as array to ensure trimmed content when calling $NGINX etc. @@ -156,6 +155,7 @@ else exec env TRIGGER_RESTART=1 $(readlink -f "$0") fi fi +chmod 600 ${ACME_BASE}/key.pem log_f "Waiting for database... " no_nl while ! mysqladmin status --socket=/var/run/mysqld/mysqld.sock -u${DBUSER} -p${DBPASS} --silent; do @@ -196,6 +196,9 @@ while true; do log_f "Using existing Lets Encrypt account key ${ACME_BASE}/acme/account.pem" fi + chmod 600 ${ACME_BASE}/acme/key.pem + chmod 600 ${ACME_BASE}/acme/account.pem + # Skipping IP check when we like to live dangerously if [[ "${SKIP_IP_CHECK}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then SKIP_IP_CHECK=y