improve ssl support

2025-11-01 18:38:06 +00:00 · 2019-12-15 20:39:29 +02:00
parent 5a08534e5a
commit 763c5d962b
3 changed files with 39 additions and 3 deletions
--- a/INSTALLATION.md
+++ b/INSTALLATION.md
@@ -36,11 +36,39 @@ docker kill dbunker
 You can run it again, after it was initalized. Use the following command:

 ```
-docker run -v /tmp/data:/databunker/data -p 3000:3000 \
+docker run -p 3000:3000 -v /tmp/data:/databunker/data \
  -e "DATABUNKER_MASTERKEY=**DATABUNKER_MASTERKEY**" \
  --rm --name dbunker paranoidguy/databunker
 ```

+# SSL certificates
+
+You can generate SSL certificates and place them in the /databunker/certs directory in the running container.
+
+For example you can do this by mounting **/databunker/certs** to a local **certs/** directory as:
+
+```
+docker run -p 3000:3000 -v /tmp/data:/databunker/data \
+  -v certs:/databunker/certs \
+  -e "DATABUNKER_MASTERKEY=**DATABUNKER_MASTERKEY**" \
+  --rm --name dbunker paranoidguy/databunker
+
+```
+
+So, you need to prepare server.crt and server.key files.
+
+## Generate self-signed certificates
+
+You can do the following command to generate one:
+
+```
+openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \
+    -subj "/C=UK/ST=/L=London/O=Your-company Ltd./CN=databunker.your-company.com" \
+    -keyout server.key -out server.crt
+```
+
+Where:
+
 # Create a test record

 You can download and run a small test script that will create a user record, user app record, user consent, etc...
--- a/databunker.yaml
+++ b/databunker.yaml
@@ -3,6 +3,10 @@ generic:
  # allow to create user object without login
  create_user_without_token: true
  #notification_url: "http://localhost/"
+ssl:
+  # ssl configuration
+  ssl_certificate: "/databunker/certs/server.crt"
+  ssl_certificate_key: "/databunker/certs/server.key"
 sms:
  # default country when sending out SMSM
  twilio_account: ""
--- a/src/bunker.go
+++ b/src/bunker.go
@@ -45,6 +45,10 @@ type Config struct {
 	Generic struct {
 		Create_user_without_token bool `yaml:"create_user_without_token"`
 	}
+	Ssl struct {
+		Ssl_certificate string `yaml:"ssl_certificate", envconfig:"SSL_CERTIFICATE"`
+		Ssl_certificate_key string `yaml:"ssl_certificate_key", envconfig:"SSL_CERTIFICATE_KEY"`
+	}
 	Sms struct {
 		Default_country string `yaml:"default_country"`
 		Twilio_account  string `yaml:"twilio_account"`
@@ -289,9 +293,9 @@ func main() {
        //os.Exit(0)
 	}()
 	
-	if _, err := os.Stat("./server.key"); !os.IsNotExist(err) {
+	if _, err := os.Stat(cfg.Ssl.Ssl_certificate); !os.IsNotExist(err) {
 		fmt.Printf("Loading ssl\n")
-		err := srv.ListenAndServeTLS( "server.ctr", "server.key")
+		err := srv.ListenAndServeTLS( cfg.Ssl.Ssl_certificate, cfg.Ssl.Ssl_certificate_key)
 		if err != nil {
 			log.Printf("ListenAndServeSSL: %s\n", err)
 		}