totally misunderstood 'newTLSCertificate' function...trying other app…

…roach
Seji64 · Sep 20, 2024 · e2baeca · e2baeca
1 parent b6f5ea5
commit e2baeca
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 11 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -46,7 +46,7 @@ RUN apk update && apk upgrade
 RUN addgroup snidust && adduser -D -H -G snidust snidust
 
 # Install needed packages and clean up
-RUN apk add --no-cache jq tini dnsdist curl bash gnupg procps ca-certificates openssl dog lua5.4-filesystem ipcalc libcap nginx nginx-mod-stream supercronic && \
+RUN apk add --no-cache jq tini dnsdist curl bash gnupg procps ca-certificates openssl dog lua5.4-filesystem ipcalc libcap nginx nginx-mod-stream supercronic step-cli && \
     rm -f /etc/nginx/conf.d/*.conf && \
     rm -rf /var/cache/apk/*
 

diff --git a/configs/dnsdist/dnsdist.conf.template b/configs/dnsdist/dnsdist.conf.template
@@ -20,21 +20,13 @@ fi
 echo "end"
 echo ""
 
-if [ "${DNSDIST_ENABLE_DOT}" == "true" ] && [ "${DNSDIST_DOT_CERT_TYPE}" == "auto-self" ]; then
-    echo "tlsCert = newTLSCertificate('/etc/dnsdist/certs/tls.pem', {key='/etc/dnsdist/certs/tls.key'})"
-fi
-
 echo ""
 echo "-- Add plain DNS bind"
 echo "addLocal('${DNSDIST_BIND_IP}:5300')"
 echo ""
 if [ "${DNSDIST_ENABLE_DOT}" == "true" ]; then
     echo "-- Add DoT bind"
-    if [ "${DNSDIST_DOT_CERT_TYPE}" == "auto-self" ]; then
-        echo "addTLSLocal('${DNSDIST_BIND_IP}:8530',tlsCert)"
-    else
-        echo "addTLSLocal('${DNSDIST_BIND_IP}:8530','/etc/dnsdist/certs/tls.pem','/etc/dnsdist/certs/tls.key')"
-    fi
+    echo "addTLSLocal('${DNSDIST_BIND_IP}:8530','/etc/dnsdist/certs/tls.pem','/etc/dnsdist/certs/tls.key')"
 else
     echo "-- TLS Endpoints disabled"
 fi

diff --git a/entrypoint.sh b/entrypoint.sh
@@ -9,7 +9,9 @@ if [ "${DNSDIST_ENABLE_DOT}" == "true" ]; then
   fi
 
   if [[ " ${VALID_CERT_TYPE_VALUES[*]} " =~ " ${DNSDIST_DOT_CERT_TYPE} " ]]; then
-    echo "[INFO] The value of DNSDIST_DOT_CERT_TYPE is valid: $DNSDIST_DOT_CERT_TYPE"
+    if [ "${DNSDIST_DOT_CERT_TYPE}" == "auto-self" ]; then
+      /usr/bin/step certificate create dot.snidust.local /etc/dnsdist/certs/tls.pem /etc/dnsdist/certs/tls.key --profile self-signed --subtle --no-password --insecure
+    fi
   else
     echo "[ERROR] Invalid value for DNSDIST_DOT_CERT_TYPE: $DNSDIST_DOT_CERT_TYPE"
     exit 1