File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -270,6 +270,14 @@ openssl req -x509 -nodes -newkey rsa:2048 -sha256 -keyout \
270270chmod 600 /etc/ssl/private/* .pem
271271```
272272
273+ Automatic TLS certificate generation
274+ ------------------------------
275+
276+ If ` ADDED_FLAGS ` contains ` --tls ` and file ` /etc/ssl/private/pure-ftpd.pem ` does not exists
277+ it is possible to generate self-signed certificate if ` TLS_CN ` , ` TLS_ORG ` and ` TLS_C ` are set.
278+
279+ Keep in mind that if no volume is set for ` /etc/ssl/private/ ` directory generated
280+ certificates won't be persisted and new ones will be generated on each start.
273281
274282Credits
275283-------------
Original file line number Diff line number Diff line change 2626 PURE_FTPD_FLAGS=" $PURE_FTPD_FLAGS --tls=1 "
2727fi
2828
29+ # If TLS flag is set and no certificate exists, generate it
30+ if [ ! -e /etc/ssl/private/pure-ftpd.pem ] && [[ " $PURE_FTPD_FLAGS " == * " --tls" * ]] && [ ! -z " $TLS_CN " && [ ! -z " $TLS_ORG " && [ ! -z " $TLS_C "
31+ then
32+ echo " Generating self-signed certificate"
33+ mkdir -p /etc/ssl/private
34+ openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 2048
35+ openssl req -subj " /CN=${TLS_CN} /O=${TLS_ORG} /C=${TLS_C} "
36+ -x509 -nodes -newkey rsa:2048 -sha256 -keyout \
37+ /etc/ssl/private/pure-ftpd.pem \
38+ -out /etc/ssl/private/pure-ftpd.pem
39+ chmod 600 /etc/ssl/private/* .pem
40+ fi
41+
2942# Add user
3043if [ ! -z " $FTP_USER_NAME " && [ ! -z " $FTP_USER_PASS " && [ ! -z " $FTP_USER_HOME "
3144then
You can’t perform that action at this time.
0 commit comments