Consolidate ca certs and site certs volumes

run.sh

@@ -1,20 +1,20 @@
 #!/bin/sh
 
-CA_DIR=/ca
-CERT_FILE="${CA_DIR}/cert.pem"
-KEY_FILE="${CA_DIR}/key.pem"
+CERTS_DIR=/certs
+CA_CERT_FILE="${CERTS_DIR}/ca/cert.pem"
+CA_KEY_FILE="${CERTS_DIR}/ca/key.pem"
 
-[ -e "${CERT_FILE}" -a -e "${KEY_FILE}" ] || \
+[ -e "${CA_CERT_FILE}" -a -e "${CA_KEY_FILE}" ] || \
     openssl req -new -newkey rsa:2048 -sha256 -days 1500 -nodes -x509 \
         -extensions v3_ca -subj "/C=/ST=/L=/O=/OU=/CN=proxy" \
-        -keyout "${KEY_FILE}" -out "${CERT_FILE}"
+        -keyout "${CA_KEY_FILE}" -out "${CA_CERT_FILE}"
 
 mkdir -p /static
-cp -f "${CERT_FILE}" /static/ca.crt
+cp -f "${CA_CERT_FILE}" /static/ca.crt
 
-[ -e /var/lib/ssl_db/index.txt ] || /usr/lib/squid/security_file_certgen -c \
-    -s /var/lib/ssl_db -M 4MB
-chown -R squid:squid /var/lib/ssl_db
+[ -d "${CERTS_DIR}/ssl_db" ] || /usr/lib/squid/security_file_certgen -c \
+    -s "${CERTS_DIR}/ssl_db" -M 4MB
+chown -R squid:squid "${CERTS_DIR}/ssl_db"
 
 [ -e /var/cache/squid/swap.state ] || squid -z
 while [ -e /var/run/squid.pid ] ; do

squid.conf

@@ -28,7 +28,7 @@ http_access allow localhost
 http_access deny all
 
 http_port 3128 ssl-bump \
-  cert=/ca/cert.pem key=/ca/key.pem \
+  cert=/certs/ca/cert.pem key=/certs/ca/key.pem \
   generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
 
 cache_dir aufs /var/cache/squid 200000 16 256
@@ -51,7 +51,7 @@ refresh_pattern . 0 20% 4320
 url_rewrite_children 4
 url_rewrite_program /rewrite.awk
 
-sslcrtd_program /usr/lib/squid/security_file_certgen -s /var/lib/ssl_db -M 4MB
+sslcrtd_program /usr/lib/squid/security_file_certgen -s /certs/ssl_db -M 4MB
 acl step1 at_step SslBump1
 ssl_bump peek step1
 ssl_bump bump all