From: W. Trevor King Date: Wed, 5 Mar 2014 23:05:52 +0000 (-0800) Subject: ngircd: Add support for SSL=optional X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=aba80de08a623c66173bc6e4446111e9ad6311d5;p=dockerfile.git ngircd: Add support for SSL=optional If SSL.Ports is set and Global.Ports is not set, Global.Ports defaults to empty (not 6667), and you don't get a plaintext listener [1]. With the new 'optional' setting, explicitly declare Global.Ports so you have both an SSL listener (on 6697) and a plaintext listener (on 6667). [1]: http://arthur.barton.de/pipermail/ngircd-ml/2011-February/000471.html --- diff --git a/ngircd/README.md b/ngircd/README.md index 4ad3064..f02aaec 100644 --- a/ngircd/README.md +++ b/ngircd/README.md @@ -7,9 +7,9 @@ Run this [ngIRCd][] image with: > -e INFO="testing, testing" \ > -p 6667:6667 wking/ngircd -For [SSL / TLS][TLS], set the `SSL` environment variable to `yes` and -[volume-mount][volume-mount] your keys under the container's -`/etc/ngircd/ssl/`: +For [SSL / TLS][TLS], set the `SSL` environment variable to `yes` or +`optional` and [volume-mount][volume-mount] your keys under the +container's `/etc/ngircd/ssl/`: $ docker run -d --name ngircd-0 --hostname irc.example.net \ > … @@ -21,11 +21,13 @@ You'll [need][SSL-docs] at least `server-cert.pem` and `server-key.pem` in that directory. If you're using DH or DSA keys, you'll also want `dhparams.pem` with [Diffie–Hellman][DH] parameters; you can manage the file with OpenSSH's [dhparam][]). If you don't -want to require SSL, you can expose both the [encrypted port][6697] -and the [unencrypted port][6667]: +want to require SSL, set `SSL` to `optional` and expose both the +[encrypted port][6697] and the [unencrypted port][6667]: $ docker run -d --name ngircd-0 --hostname irc.example.net \ > … + > -e SSL=optional \ + > -v /etc/ssl/ngircd-0:/etc/ngircd/ssl \ > -p 6667:6667 -p 6697:6697 wking/ngircd You can optionally set a `GLOBAL_PASSWORD` environment variable to diff --git a/ngircd/setup-ngircd-config-from-environment.sh b/ngircd/setup-ngircd-config-from-environment.sh index f354471..d362d44 100755 --- a/ngircd/setup-ngircd-config-from-environment.sh +++ b/ngircd/setup-ngircd-config-from-environment.sh @@ -48,8 +48,12 @@ HOSTNAME=$(hostname -f) \ envsubst "${ENVSUBST}" < /etc/ngircd/ngircd.conf > /tmp/ngircd.conf && mv /tmp/ngircd.conf /etc/ngircd/ngircd.conf -if [ "${SSL}" = 'yes' ] +if [ "${SSL}" = 'yes' ] || [ "${SSL}" = 'optional' ] then + if [ "${SSL}" = 'optional' ] + then + sed -i 's/;Ports = 6667.*/Ports = 6667/' /etc/ngircd/ngircd.conf + fi sed -i \ -e 's/;\[SSL\]/[SSL]/' \ -e 's/;Ports = 6697, 9999/Ports = 6697/' \