murmur icon indicating copy to clipboard operation
murmur copied to clipboard

Published 20 hours ago verified publisher icon goofball222

Allow users to set CERTDIR as an environment variable

Open m0wer opened this issue 5 years ago • 7 comments

Reporting bugs/issues

  • When reporting a bug/issue:

    • Ensure that you are using the latest release. true
    • Revert any custom modifications or environment varibles to insure they're not the cause. true

  • Please provide the following information:

    • OS/distribution version (command for your OS may differ):
    user@host:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux 9.8 (stretch)
Release:        9.8
Codename:       stretch
    • Docker version:
    user@host:~$ docker --version
Docker version 18.09.5, build e8ff056dbc
    • Labels from container:
    user@host:~$ docker inspect goofball222/murmur:<tagname>
...
            "Labels": {
            "org.label-schema.build-date": "2019-04-01T02:00:28Z",
            "org.label-schema.license": "Apache-2.0",
            "org.label-schema.name": "Murmur Server",
            "org.label-schema.schema-version": "1.0",
            "org.label-schema.url": "https://github.com/goofball222/murmur",
            "org.label-schema.vcs-ref": "107157b",
            "org.label-schema.vcs-url": "https://github.com/goofball222/murmur.git",
            "org.label-schema.vendor": "The Goofball - [email protected]",
            "org.label-schema.version": "1.2.19"
        }
...
    • Details on how to reproduce the trouble, if available:

I want to use some Let's Encrypt certs for this service. I mount them in readonly mode and I only mount the ones needed for the murmur server domain. When mounted on /opt/murmur/cert, the chown fails because it's a readonly filesystem. The certificates shouldn't be modified, not even the permissions, because murmur just needs to be able to read them.

A possible solution would be allowing the user to set the CERTDIR environment variable to somwhere outside of /opt/murmur and mount the certificates there. Then, you could run the image like this:

/usr/bin/docker run --rm --name "murmur" \
-e 'PUID=1000' -e 'PGID=1000' \
-e "CERTDIR=/etc/letsencrypt/live/[domain]" \
-v "/data/murmur/conf":/opt/murmur/config \
-v "/data/murmur/data":/opt/murmur/data \
-v "/data/murmur/log":/opt/murmur/log \
-v '/etc/localtime:/etc/localtime:ro' \
-v /etc/letsencrypt/live/[domain]:/etc/letsencrypt/live/[domain]/:ro \
-v /etc/letsencrypt/archive/[domain]:/etc/letsencrypt/archive/[domain]/:ro \
-p "64738:64738/tcp" \
-p "64738:64738/udp" \
"goofball222/murmur:latest"

Note mounting live and archive is needed for the symlinks to work, a simpler approach would be to just mount the whole /etc/letsencrypt directory.

m0wer avatar Apr 14 '19 09:04 m0wer