Allow users to set CERTDIR as an environment variable

[m0wer]

Reporting bugs/issues

• When reporting a bug/issue:

  • Ensure that you are using the latest release. true
  • Revert any custom modifications or environment varibles to insure they're not the cause. true

• Please provide the following information:

  • OS/distribution version (command for your OS may differ):

    
    user@host:~$ lsb_release -a
    No LSB modules are available.
    Distributor ID: Debian
    Description:    Debian GNU/Linux 9.8 (stretch)
    Release:        9.8
    Codename:       stretch

  
  * Docker version:
  ```bash
  user@host:~$ docker --version
  Docker version 18.09.5, build e8ff056dbc

  • Labels from container:

    user@host:~$ docker inspect goofball222/murmur:<tagname>
    ...
            "Labels": {
            "org.label-schema.build-date": "2019-04-01T02:00:28Z",
            "org.label-schema.license": "Apache-2.0",
            "org.label-schema.name": "Murmur Server",
            "org.label-schema.schema-version": "1.0",
            "org.label-schema.url": "https://github.com/goofball222/murmur",
            "org.label-schema.vcs-ref": "107157b",
            "org.label-schema.vcs-url": "https://github.com/goofball222/murmur.git",
            "org.label-schema.vendor": "The Goofball - goofball222@gmail.com",
            "org.label-schema.version": "1.2.19"
        }
    ...

  • Details on how to reproduce the trouble, if available:

I want to use some Let's Encrypt certs for this service. I mount them in readonly mode and I only mount the ones needed for the murmur server domain. When mounted on /opt/murmur/cert, the chown fails because it's a readonly filesystem. The certificates shouldn't be modified, not even the permissions, because murmur just needs to be able to read them.

A possible solution would be allowing the user to set the CERTDIR environment variable to somwhere outside of /opt/murmur and mount the certificates there. Then, you could run the image like this:

/usr/bin/docker run --rm --name "murmur" \
-e 'PUID=1000' -e 'PGID=1000' \
-e "CERTDIR=/etc/letsencrypt/live/[domain]" \
-v "/data/murmur/conf":/opt/murmur/config \
-v "/data/murmur/data":/opt/murmur/data \
-v "/data/murmur/log":/opt/murmur/log \
-v '/etc/localtime:/etc/localtime:ro' \
-v /etc/letsencrypt/live/[domain]:/etc/letsencrypt/live/[domain]/:ro \
-v /etc/letsencrypt/archive/[domain]:/etc/letsencrypt/archive/[domain]/:ro \
-p "64738:64738/tcp" \
-p "64738:64738/udp" \
"goofball222/murmur:latest"

Note mounting live and archive is needed for the symlinks to work, a simpler approach would be to just mount the whole /etc/letsencrypt directory.

[m0wer]

ping

[goofball222]

I'll take a look at what needs to be added/changed to support this when I can find a few spare minutes.

[m0wer]

ping, with the pull request I've opened works

[m0wer]

ping :(

[Jens-Ehrlich]

I have the same issue and would really appreciate the fix from @m0wer .

[m0wer]

@Jens-Ehrlich you can check my fork (m0wer/murmur) meanwhile, I rebase from this one periodically.

[BadCo-NZ]

I'll take a look at what needs to be added/changed to support this when I can find a few spare minutes.

Hi @goofball222, is there any update on this? Or should I use the container by @m0wer instead?