Fix #31 auto-generating SSL certs

README.md

@@ -52,7 +52,7 @@ Finally, copy any changes you make outside of the container for commiting to you
 ### Production
 -   Use docker-compose, or some other config management tool
 
--   Directory volume mount SSL Certs `./ssl`: `/etc/ssl`
+-   Directory volume mount SSL Certs `./ssl`: `/etc/ssl/certs`
     -   Certificate File: `cert.pem`
     -   Certificate Key File: `key.pem`
 

docker-compose.yml

@@ -35,7 +35,7 @@ services:
       - "./server-configs/:/var/www/MISP/app/Config/"
       - "./logs/:/var/www/MISP/app/tmp/logs/"
       - "./files/:/var/www/MISP/app/files"
-      - "./ssl/:/etc/ssl/"
+      - "./ssl/:/etc/ssl/certs"
     environment:
       - "CRON_USER_ID=1"
       - "REDIS_FQDN=redis"

server/files/entrypoint_nginx.sh

@@ -55,9 +55,9 @@ init_misp_files(){
 }
 
 init_ssl() {
-    if [[ (! -f /etc/ssl/cert.pem) ||
-          (! -f /etc/ssl/key.pem) ]]; then
-        cd /etc/ssl
+    if [[ (! -f /etc/ssl/certs/cert.pem) || (! -f /etc/ssl/certs/key.pem) ]];
+    then
+        cd /etc/ssl/certs
         openssl req -x509 -subj '/CN=localhost' -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
     fi
 }

server/files/etc/nginx/misp

@@ -21,8 +21,8 @@ server {
     log_not_found off;
     error_log  /dev/stderr error;
 
-    ssl_certificate /etc/ssl/cert.pem;
-    ssl_certificate_key /etc/ssl/key.pem;
+    ssl_certificate /etc/ssl/certs/cert.pem;
+    ssl_certificate_key /etc/ssl/certs/key.pem;
     ssl_session_timeout 1d;
     ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
     ssl_session_tickets off;