mirror of
https://github.com/bitwarden/server.git
synced 2024-11-25 12:45:18 +01:00
93afa93b85
* change confd to hbs tool * use new repo owner
82 lines
3.6 KiB
Bash
82 lines
3.6 KiB
Bash
#!/bin/sh
|
|
|
|
# Translate environment variables for application settings
|
|
VAULT_SERVICE_URI=https://$BW_DOMAIN
|
|
MYSQL_CONNECTION_STRING="server=$BW_DB_SERVER;database=$BW_DB_DATABASE;user=$BW_DB_USERNAME;password=$BW_DB_PASSWORD"
|
|
POSTGRESQL_CONNECTION_STRING="Host=$BW_DB_SERVER;Database=$BW_DB_DATABASE;Username=$BW_DB_USERNAME;Password=$BW_DB_PASSWORD"
|
|
SQLSERVER_CONNECTION_STRING="Server=$BW_DB_SERVER;Database=$BW_DB_DATABASE;User Id=$BW_DB_USERNAME;Password=$BW_DB_PASSWORD;"
|
|
INTERNAL_IDENTITY_KEY=$(openssl rand -hex 30)
|
|
OIDC_IDENTITY_CLIENT_KEY=$(openssl rand -hex 30)
|
|
DUO_AKEY=$(openssl rand -hex 30)
|
|
|
|
export globalSettings__baseServiceUri__vault=${globalSettings__baseServiceUri__vault:-$VAULT_SERVICE_URI}
|
|
export globalSettings__installation__id=$BW_INSTALLATION_ID
|
|
export globalSettings__installation__key=$BW_INSTALLATION_KEY
|
|
export globalSettings__internalIdentityKey=${globalSettings__internalIdentityKey:-$INTERNAL_IDENTITY_KEY}
|
|
export globalSettings__oidcIdentityClientKey=${globalSettings__oidcIdentityClientKey:-$OIDC_IDENTITY_CLIENT_KEY}
|
|
export globalSettings__duo__aKey=${globalSettings__duo__aKey:-$DUO_AKEY}
|
|
|
|
export globalSettings__databaseProvider=$BW_DB_PROVIDER
|
|
export globalSettings__mysql__connectionString=${globalSettings__mysql__connectionString:-$MYSQL_CONNECTION_STRING}
|
|
export globalSettings__postgreSql__connectionString=${globalSettings__postgreSql__connectionString:-$POSTGRESQL_CONNECTION_STRING}
|
|
export globalSettings__sqlServer__connectionString=${globalSettings__sqlServer__connectionString:-$SQLSERVER_CONNECTION_STRING}
|
|
|
|
# Generate Identity certificate
|
|
if [ ! -f /etc/bitwarden/identity.pfx ]; then
|
|
openssl req \
|
|
-x509 \
|
|
-newkey rsa:4096 \
|
|
-sha256 \
|
|
-nodes \
|
|
-keyout /etc/bitwarden/identity.key \
|
|
-out /etc/bitwarden/identity.crt \
|
|
-subj "/CN=Bitwarden IdentityServer" \
|
|
-days 36500
|
|
|
|
openssl pkcs12 \
|
|
-export \
|
|
-out /etc/bitwarden/identity.pfx \
|
|
-inkey /etc/bitwarden/identity.key \
|
|
-in /etc/bitwarden/identity.crt \
|
|
-passout pass:$globalSettings__identityServer__certificatePassword
|
|
|
|
rm /etc/bitwarden/identity.crt
|
|
rm /etc/bitwarden/identity.key
|
|
fi
|
|
|
|
cp /etc/bitwarden/identity.pfx /app/Identity/identity.pfx
|
|
cp /etc/bitwarden/identity.pfx /app/Sso/identity.pfx
|
|
|
|
# Generate SSL certificates
|
|
if [ "$BW_ENABLE_SSL" == "true" -a ! -f /etc/bitwarden/ssl.key ]; then
|
|
openssl req \
|
|
-x509 \
|
|
-newkey rsa:4096 \
|
|
-sha256 \
|
|
-nodes \
|
|
-days 36500 \
|
|
-keyout /etc/bitwarden/${BW_SSL_KEY:-ssl.key} \
|
|
-out /etc/bitwarden/${BW_SSL_CERT:-ssl.crt} \
|
|
-reqexts SAN \
|
|
-extensions SAN \
|
|
-config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:${BW_DOMAIN:-localhost}\nbasicConstraints=CA:true")) \
|
|
-subj "/C=US/ST=California/L=Santa Barbara/O=Bitwarden Inc./OU=Bitwarden/CN=${BW_DOMAIN:-localhost}"
|
|
fi
|
|
|
|
# Launch a loop to rotate nginx logs on a daily basis
|
|
/bin/sh -c "/logrotate.sh loop >/dev/null 2>&1 &"
|
|
|
|
/usr/local/bin/hbs
|
|
|
|
# Enable/Disable services
|
|
sed -i "s/autostart=true/autostart=${BW_ENABLE_ADMIN}/" /etc/supervisor.d/admin.ini
|
|
sed -i "s/autostart=true/autostart=${BW_ENABLE_API}/" /etc/supervisor.d/api.ini
|
|
sed -i "s/autostart=true/autostart=${BW_ENABLE_EVENTS}/" /etc/supervisor.d/events.ini
|
|
sed -i "s/autostart=true/autostart=${BW_ENABLE_ICONS}/" /etc/supervisor.d/icons.ini
|
|
sed -i "s/autostart=true/autostart=${BW_ENABLE_IDENTITY}/" /etc/supervisor.d/identity.ini
|
|
sed -i "s/autostart=true/autostart=${BW_ENABLE_NOTIFICATIONS}/" /etc/supervisor.d/notifications.ini
|
|
sed -i "s/autostart=true/autostart=${BW_ENABLE_SCIM}/" /etc/supervisor.d/scim.ini
|
|
sed -i "s/autostart=true/autostart=${BW_ENABLE_SSO}/" /etc/supervisor.d/sso.ini
|
|
|
|
exec /usr/bin/supervisord
|