Skip to content

Commit

Permalink
Point to certs directory instead of copying
Browse files Browse the repository at this point in the history
  • Loading branch information
ngan committed Apr 8, 2024
1 parent 14e7dbc commit 5812118
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 9 deletions.
3 changes: 3 additions & 0 deletions docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,9 @@ services:
- --gtid-mode=ON
- --enforce-gtid-consistency=ON
- --log-bin=mysql-bin.log
- --ssl-capath=/mysql-certs
- --ssl-cert=/mysql-certs/server-cert.pem
- --ssl-key=/mysql-certs/server-key.pem
build:
context: .
dockerfile: Dockerfile.mysql
Expand Down
13 changes: 4 additions & 9 deletions docker-entrypoint-initdb.d/generate_keys.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,11 @@

set -euo pipefail

cd /var/lib/mysql
cd /mysql-certs

# Generate a CA to test with

openssl req -new -newkey rsa:2048 -days 365 -nodes -sha256 -x509 -keyout ca-key.pem -out ca.pem -config <(
openssl req -new -quiet -newkey rsa:2048 -days 365 -nodes -sha256 -x509 -keyout ca-key.pem -out ca.pem -config <(
cat <<-EOF
[req]
distinguished_name = req_distinguished_name
Expand All @@ -29,7 +29,7 @@ EOF

domain=${MYSQL_HOST:-localhost}

openssl req -new -newkey rsa:2048 -nodes -sha256 -subj "/CN=$domain" -keyout server-key.pem -out server-csr.pem
openssl req -new -quiet -newkey rsa:2048 -nodes -sha256 -subj "/CN=$domain" -keyout server-key.pem -out server-csr.pem
openssl x509 -req -sha256 -CA ca.pem -CAkey ca-key.pem -set_serial 1 \
-extensions a \
-extfile <(echo "[a]
Expand All @@ -43,7 +43,7 @@ openssl x509 -req -sha256 -CA ca.pem -CAkey ca-key.pem -set_serial 1 \

# Generate a client certificate

openssl req -new -newkey rsa:2048 -nodes -sha256 -subj "/CN=MySQL Test Client Certificate" -keyout client-key.pem -out client-csr.pem
openssl req -new -quiet -newkey rsa:2048 -nodes -sha256 -subj "/CN=MySQL Test Client Certificate" -keyout client-key.pem -out client-csr.pem
openssl x509 -req -sha256 -CA ca.pem -CAkey ca-key.pem -set_serial 2 \
-extensions a \
-extfile <(echo "[a]
Expand All @@ -53,8 +53,3 @@ openssl x509 -req -sha256 -CA ca.pem -CAkey ca-key.pem -set_serial 2 \
-days 365 \
-in client-csr.pem \
-out client-cert.pem

# Copy the certificates to the shared directory so that it's accessible from the app
# container.

cp /var/lib/mysql/*.pem /mysql-certs

0 comments on commit 5812118

Please sign in to comment.