[ACME] Set mode 600 for key files

2019-03-12 23:24:03 +01:00 · 2019-03-12 23:24:03 +01:00 · c77368ee70
parent 5b8a983be2
commit c77368ee70
1 changed files with 4 additions and 1 deletions
--- a/data/Dockerfiles/acme/docker-entrypoint.sh
+++ b/data/Dockerfiles/acme/docker-entrypoint.sh
@ -42,7 +42,6 @@ mkdir -p ${ACME_BASE}/acme
 [[ -f ${ACME_BASE}/acme/private/privkey.pem ]] && mv ${ACME_BASE}/acme/private/privkey.pem ${ACME_BASE}/acme/key.pem
 [[ -f ${ACME_BASE}/acme/private/account.key ]] && mv ${ACME_BASE}/acme/private/account.key ${ACME_BASE}/acme/account.pem
 reload_configurations(){
  # Reading container IDs
  # Wrapping as array to ensure trimmed content when calling $NGINX etc.
@ -156,6 +155,7 @@ else
    exec env TRIGGER_RESTART=1 $(readlink -f "$0")
  fi
 fi
 chmod 600 ${ACME_BASE}/key.pem
 log_f "Waiting for database... " no_nl
 while ! mysqladmin status --socket=/var/run/mysqld/mysqld.sock -u${DBUSER} -p${DBPASS} --silent; do
@ -196,6 +196,9 @@ while true; do
    log_f "Using existing Lets Encrypt account key ${ACME_BASE}/acme/account.pem"
  fi
  chmod 600 ${ACME_BASE}/acme/key.pem
  chmod 600 ${ACME_BASE}/acme/account.pem
  # Skipping IP check when we like to live dangerously
  if [[ "${SKIP_IP_CHECK}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
    SKIP_IP_CHECK=y