systemcrash
commented
4 years ago Added os.Mkdir to create the "certs" dir for non-container users.
Closed systemcrash closed 4 years ago
systemcrash
commented
4 years ago Added os.Mkdir to create the "certs" dir for non-container users.
negbie
commented
4 years ago This should be improved. Mby it's better to introduce a new config option like TLSCertificates which holds a path like certs/. Default should be the current dir ".". With that you can call cert.NewCertificateAuthority(filepath.Join(config.Setting.TLSCertificates, "heplify-server")
If the user wants a different folder than the current binary folder for certs, he can create or mount it himself.
systemcrash
commented
4 years ago OK. Fixed. Thoughts?
I tested against "." and "./" in config.go and with various directories in the toml. All good.
negbie
commented
4 years ago Looks better. Please use as Config parameter name TLSCertFolder and mby the folder creation should be done by the user and not by heplify-server. Need to think about it.
systemcrash
commented
4 years ago Folder creation I think are better done by heplify-server - at least this way, the permissions and readability should be correct when running in a container. ( the whole point of this PR )
Edit: binaries run as nobody might encounter problems (fail to start?) if the path is full and not relative - but this is a signal to the user that something is misconfigured.
The one problem I can think of in containers: if someone sets the param (thinking it's on their local system), but doesn't map the volume.
negbie
commented
4 years ago Thanks! I would suggest to merge it like it is now and then think about auto folder creation. Could you please resolve the conflicts?
systemcrash
commented
4 years ago Good to go.
negbie
commented
4 years ago Thank you for the contribution!
now possible to expose this path as a volume via docker (so that you can provide your own certificates).