diff --git a/README.md b/README.md index 406f3fd..7207fcd 100644 --- a/README.md +++ b/README.md @@ -66,6 +66,11 @@ Configuration is via environmental variables. Please bear the following in mind * This tool needs to bind to LDAP as a user that has the permissions to modify everything under the base DN. * This interface is designed to work with a fresh LDAP server and should only be against existing, populated LDAP directories with caution and at your own risk. +#### Containers: using files/secrets to set configuration variables + +When running the user manager as a container you can append `_FILE` to any of the configuration variables and set the value to a filepath. Then when the container starts up it will set the appropriate configuration variable with the contents of the file. +For example, if you're using Docker Swarm and you've set the LDAP bind password as a Docker secret (`echo "myLDAPadminPassword" | docker secret create ldap_admin_bind_pwd -`) then you can set `LDAP_ADMIN_BIND_PWD_FILE=/run/secrets/ldap_admin_bind_pwd`. This will result in `LDAP_ADMIN_BIND_PWD` being set with the contents of `/run/secrets/ldap_admin_bind_pwd`. + ### Mandatory: diff --git a/entrypoint b/entrypoint index 5557de9..8f21b43 100644 --- a/entrypoint +++ b/entrypoint @@ -4,6 +4,17 @@ set -e ssl_dir="/opt/ssl" php_dir="/opt/ldap_user_manager" +env_file_replace() { + for env_file in $(env|grep _FILE=); do + read -a env <<< "$(echo "$env_file" | sed 's/\(.*\)_FILE=\(.*\)/\1 \2/')" + if [ -s "${env[1]}" ]; then + echo Setting "${env[0]}" from "${env[1]}" + export "${env[0]}"="$(cat "${env[1]}")" + else echo "${env[1]} does not exist or is empty. Leaving ${env[0]} unset" + fi + done +} + if [ ! "$SERVER_HOSTNAME" ]; then export SERVER_HOSTNAME="ldapusermanager.org"; fi if [ ! "$SERVER_PATH" ]; then export SERVER_PATH="/"; @@ -75,7 +86,7 @@ else echo "Generating openssl configuration" - cat <$confout + cat <$confout subjectAltName = DNS:${SERVER_HOSTNAME},IP:127.0.0.1 extendedKeyUsage = serverAuth EoCertConf @@ -161,12 +172,16 @@ EoHTTPSC fi +######################## +#If _FILE is set, read and export env_var from the referenced file's contents +env_file_replace + ######################## #Run Apache # first arg is `-f` or `--some-option` if [ "${1#-}" != "$1" ]; then - set -- apache2-foreground "$@" + set -- apache2-foreground "$@" fi exec "$@"