Consolidate ca certs and site certs volumes
This commit is contained in:
parent
d94a27704c
commit
0cf09d3098
18
run.sh
18
run.sh
|
@ -1,20 +1,20 @@
|
|||
#!/bin/sh
|
||||
|
||||
CA_DIR=/ca
|
||||
CERT_FILE="${CA_DIR}/cert.pem"
|
||||
KEY_FILE="${CA_DIR}/key.pem"
|
||||
CERTS_DIR=/certs
|
||||
CA_CERT_FILE="${CERTS_DIR}/ca/cert.pem"
|
||||
CA_KEY_FILE="${CERTS_DIR}/ca/key.pem"
|
||||
|
||||
[ -e "${CERT_FILE}" -a -e "${KEY_FILE}" ] || \
|
||||
[ -e "${CA_CERT_FILE}" -a -e "${CA_KEY_FILE}" ] || \
|
||||
openssl req -new -newkey rsa:2048 -sha256 -days 1500 -nodes -x509 \
|
||||
-extensions v3_ca -subj "/C=/ST=/L=/O=/OU=/CN=proxy" \
|
||||
-keyout "${KEY_FILE}" -out "${CERT_FILE}"
|
||||
-keyout "${CA_KEY_FILE}" -out "${CA_CERT_FILE}"
|
||||
|
||||
mkdir -p /static
|
||||
cp -f "${CERT_FILE}" /static/ca.crt
|
||||
cp -f "${CA_CERT_FILE}" /static/ca.crt
|
||||
|
||||
[ -e /var/lib/ssl_db/index.txt ] || /usr/lib/squid/security_file_certgen -c \
|
||||
-s /var/lib/ssl_db -M 4MB
|
||||
chown -R squid:squid /var/lib/ssl_db
|
||||
[ -d "${CERTS_DIR}/ssl_db" ] || /usr/lib/squid/security_file_certgen -c \
|
||||
-s "${CERTS_DIR}/ssl_db" -M 4MB
|
||||
chown -R squid:squid "${CERTS_DIR}/ssl_db"
|
||||
|
||||
[ -e /var/cache/squid/swap.state ] || squid -z
|
||||
while [ -e /var/run/squid.pid ] ; do
|
||||
|
|
|
@ -28,7 +28,7 @@ http_access allow localhost
|
|||
http_access deny all
|
||||
|
||||
http_port 3128 ssl-bump \
|
||||
cert=/ca/cert.pem key=/ca/key.pem \
|
||||
cert=/certs/ca/cert.pem key=/certs/ca/key.pem \
|
||||
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
|
||||
|
||||
cache_dir aufs /var/cache/squid 200000 16 256
|
||||
|
@ -51,7 +51,7 @@ refresh_pattern . 0 20% 4320
|
|||
url_rewrite_children 4
|
||||
url_rewrite_program /rewrite.awk
|
||||
|
||||
sslcrtd_program /usr/lib/squid/security_file_certgen -s /var/lib/ssl_db -M 4MB
|
||||
sslcrtd_program /usr/lib/squid/security_file_certgen -s /certs/ssl_db -M 4MB
|
||||
acl step1 at_step SslBump1
|
||||
ssl_bump peek step1
|
||||
ssl_bump bump all
|
||||
|
|
Loading…
Reference in New Issue