diff --git a/build/docker-compose.yml b/build/docker-compose.yml index b17125e..49e3c27 100644 --- a/build/docker-compose.yml +++ b/build/docker-compose.yml @@ -21,7 +21,7 @@ services: volumes: - boulder_data:/opt/boulder/labca - certificates:/opt/boulder/labca/certs - - nginx_html:/opt/wwwstatic + - nginx_html:/var/www/html - softhsm:/var/lib/softhsm/tokens networks: bouldernet: @@ -109,7 +109,7 @@ services: - /var/run/docker.sock:/var/run/docker.sock - ./docker-compose.yml:/opt/boulder/docker-compose.yml - ldata:/opt/labca/data - - nginx_html:/opt/wwwstatic + - nginx_html:/var/www/html - backup:/opt/backup - boulder_data:/opt/boulder/labca - certificates:/opt/boulder/labca/certs diff --git a/build/tmp.patch b/build/tmp.patch index 59f0cea..a0c3641 100644 --- a/build/tmp.patch +++ b/build/tmp.patch @@ -1,5 +1,5 @@ diff --git a/docker-compose.yml b/docker-compose.yml -index 71203004d..b17125e54 100644 +index 81a92bbe6..49e3c2797 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4,7 +4,7 @@ services: @@ -17,30 +17,19 @@ index 71203004d..b17125e54 100644 volumes: - - .:/opt/boulder:cached - - /home/labca/boulder_labca:/opt/boulder/labca -- - /home/labca/nginx_data/static:/opt/wwwstatic +- - /home/labca/nginx_data/static:/var/www/html - - ./.gocache:/root/.cache/go-build:cached - - /home/labca/boulder_labca/certs/.softhsm-tokens/:/var/lib/softhsm/tokens/ + - boulder_data:/opt/boulder/labca + - certificates:/opt/boulder/labca/certs -+ - nginx_html:/opt/wwwstatic ++ - nginx_html:/var/www/html + - softhsm:/var/lib/softhsm/tokens networks: bouldernet: ipv4_address: 10.77.77.77 -@@ -53,6 +52,7 @@ services: - - bmysql - - bconsul - - bpkilint -+ - control - entrypoint: labca/entrypoint.sh - working_dir: &boulder_working_dir /opt/boulder - logging: -@@ -87,35 +87,40 @@ services: - - bconsul: - image: hashicorp/consul:1.15.4 -+ depends_on: -+ - control +@@ -91,35 +90,37 @@ services: + depends_on: + - control volumes: - - /home/labca/boulder_labca:/opt/boulder/labca + - boulder_data:/opt/boulder/labca @@ -63,14 +52,14 @@ index 71203004d..b17125e54 100644 - /var/run/docker.sock:/var/run/docker.sock - - /home/labca/admin:/go/src/labca - - ./.gocache:/root/.cache/go-build -- - /home/labca/nginx_data/static:/opt/wwwstatic +- - /home/labca/nginx_data/static:/var/www/html - - /home/labca/backup:/opt/backup - - .:/opt/boulder - - /home/labca/boulder_labca:/opt/boulder/labca - - /home/labca/boulder_labca/certs/.softhsm-tokens/:/var/lib/softhsm/tokens/ + - ./docker-compose.yml:/opt/boulder/docker-compose.yml + - ldata:/opt/labca/data -+ - nginx_html:/opt/wwwstatic ++ - nginx_html:/var/www/html + - backup:/opt/backup + - boulder_data:/opt/boulder/labca + - certificates:/opt/boulder/labca/certs @@ -79,15 +68,15 @@ index 71203004d..b17125e54 100644 - 3000 depends_on: - bmysql + - control - working_dir: /go/src/labca - command: ./setup.sh -+ - control + working_dir: /opt/labca + command: bin/labca-gui logging: driver: "json-file" options: -@@ -132,28 +137,28 @@ services: +@@ -136,30 +137,28 @@ services: - 80:80 - 443:443 volumes: @@ -97,8 +86,8 @@ index 71203004d..b17125e54 100644 + - nginx_conf:/etc/nginx/conf.d + - nginx_ssl:/etc/nginx/ssl + - nginx_html:/var/www/html -+ depends_on: -+ - control + depends_on: + - control control: - image: *boulder_tools_image @@ -132,7 +121,7 @@ index 71203004d..b17125e54 100644 expose: - 3030 environment: -@@ -171,6 +176,15 @@ services: +@@ -177,6 +176,15 @@ services: volumes: dbdata: diff --git a/checkcrl b/checkcrl index 77af5d3..23a4b96 100755 --- a/checkcrl +++ b/checkcrl @@ -23,7 +23,7 @@ if [ crl/ -nt certs/index.html ]; then PKI_INT_CERT_BASE="/opt/boulder/labca/certs/webpki/issuer-01-cert" INT_BASE_NAME=$(basename $PKI_INT_CERT_BASE) - INT_CRL_NAME=${INT_BASE_NAME//-cert/-crl}.pem + INT_CRL_NAME=${INT_BASE_NAME/-cert/-crl}.pem PKI_ISSUER_NAME_ID=$(grep issuer_name_id /opt/labca/data/config.json | sed -e 's/.*:[ ]*//' | sed -e 's/,//g' | sed -e 's/\"//g') PKI_INT_CRL_LINK="" PKI_INT_CRL_VALIDITY="" diff --git a/gui/apply b/gui/apply index c70c67d..1895a5d 100755 --- a/gui/apply +++ b/gui/apply @@ -11,7 +11,7 @@ export PKI_INT_CERT_BASE="$dataDir/issuer-01-cert" cd /opt/boulder/labca $baseDir/apply-boulder -cd /opt/wwwstatic +cd /var/www/html PKI_ROOT_CRL_FILE=${PKI_ROOT_CERT_BASE/-cert/-crl}.pem if [ -e "$PKI_ROOT_CRL_FILE" ]; then diff --git a/patches/config_crl-storer.patch b/patches/config_crl-storer.patch index 4987aed..43ff5c6 100644 --- a/patches/config_crl-storer.patch +++ b/patches/config_crl-storer.patch @@ -14,7 +14,7 @@ index 3ab267b0f..3c6f5c6a2 100644 - "test/certs/webpki/int-ecdsa-c.cert.pem" + "test/certs/webpki/int-rsa-a.cert.pem" ], -+ "localStorePath": "/opt/wwwstatic/crl", ++ "localStorePath": "/var/www/html/crl", "s3Endpoint": "http://localhost:4501", "s3Bucket": "lets-encrypt-crls", "awsConfigFile": "test/config/crl-storer.ini", diff --git a/patches/docker-compose.patch b/patches/docker-compose.patch index 347bce6..0182358 100644 --- a/patches/docker-compose.patch +++ b/patches/docker-compose.patch @@ -1,5 +1,5 @@ diff --git a/docker-compose.yml b/docker-compose.yml -index d0a439f0f..71203004d 100644 +index d0a439f0f..81a92bbe6 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,3 +1,4 @@ @@ -19,14 +19,14 @@ index d0a439f0f..71203004d 100644 - - .:/boulder:cached + - .:/opt/boulder:cached + - /home/labca/boulder_labca:/opt/boulder/labca -+ - /home/labca/nginx_data/static:/opt/wwwstatic ++ - /home/labca/nginx_data/static:/var/www/html - ./.gocache:/root/.cache/go-build:cached - - ./test/certs/.softhsm-tokens/:/var/lib/softhsm/tokens/:cached + - /home/labca/boulder_labca/certs/.softhsm-tokens/:/var/lib/softhsm/tokens/ networks: bouldernet: ipv4_address: 10.77.77.77 -@@ -48,29 +51,21 @@ services: +@@ -48,29 +51,22 @@ services: - 4003:4003 # SFE depends_on: - bmysql @@ -50,6 +50,7 @@ index d0a439f0f..71203004d 100644 - # normal "docker compose up/run boulder", only when specifically invoked - # with a "docker compose up bsetup". - - setup ++ - control + entrypoint: labca/entrypoint.sh + working_dir: &boulder_working_dir /opt/boulder + logging: @@ -66,7 +67,7 @@ index d0a439f0f..71203004d 100644 networks: bouldernet: aliases: -@@ -84,46 +79,98 @@ services: +@@ -84,46 +80,103 @@ services: # small. command: mysqld --bind-address=0.0.0.0 --slow-query-log --log-output=TABLE --log-queries-not-using-indexes=ON logging: @@ -94,6 +95,8 @@ index d0a439f0f..71203004d 100644 bconsul: image: hashicorp/consul:1.15.4 ++ depends_on: ++ - control volumes: - - ./test/:/test/:cached + - /home/labca/boulder_labca:/opt/boulder/labca @@ -118,7 +121,7 @@ index d0a439f0f..71203004d 100644 + - /var/run/docker.sock:/var/run/docker.sock + - /home/labca/admin:/go/src/labca + - ./.gocache:/root/.cache/go-build -+ - /home/labca/nginx_data/static:/opt/wwwstatic ++ - /home/labca/nginx_data/static:/var/www/html + - /home/labca/backup:/opt/backup + - .:/opt/boulder + - /home/labca/boulder_labca:/opt/boulder/labca @@ -127,6 +130,7 @@ index d0a439f0f..71203004d 100644 + - 3000 + depends_on: + - bmysql ++ - control + working_dir: /go/src/labca + command: ./setup.sh + logging: @@ -148,6 +152,8 @@ index d0a439f0f..71203004d 100644 + - /home/labca/nginx_data/conf.d:/etc/nginx/conf.d + - /home/labca/nginx_data/ssl:/etc/nginx/ssl + - /home/labca/nginx_data/static:/var/www/html ++ depends_on: ++ - control + + control: + image: *boulder_tools_image diff --git a/patches/updater_continuous.patch b/patches/updater_continuous.patch index 95931b8..17d36bf 100644 --- a/patches/updater_continuous.patch +++ b/patches/updater_continuous.patch @@ -17,7 +17,7 @@ index 4597fd60a..5ee00d765 100644 + // If there is no .crl file yet, generate one (after a delay to let all other + // components start up fully). + // Dirty hack to check filesystem directly instead of using the crl-storer... -+ files, err := os.ReadDir("/opt/wwwstatic/crl/") ++ files, err := os.ReadDir("/var/www/html/crl/") + if err != nil { + return err + }