diff --git a/README.md b/README.md index e0f7121..ec45c61 100644 --- a/README.md +++ b/README.md @@ -52,7 +52,7 @@ Finally, copy any changes you make outside of the container for commiting to you ### Production - Use docker-compose, or some other config management tool -- Directory volume mount SSL Certs `./ssl`: `/etc/ssl` +- Directory volume mount SSL Certs `./ssl`: `/etc/ssl/certs` - Certificate File: `cert.pem` - Certificate Key File: `key.pem` diff --git a/docker-compose.yml b/docker-compose.yml index 46417ce..9f5b34b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -35,7 +35,7 @@ services: - "./server-configs/:/var/www/MISP/app/Config/" - "./logs/:/var/www/MISP/app/tmp/logs/" - "./files/:/var/www/MISP/app/files" - - "./ssl/:/etc/ssl/" + - "./ssl/:/etc/ssl/certs" environment: - "CRON_USER_ID=1" - "REDIS_FQDN=redis" diff --git a/server/files/entrypoint_nginx.sh b/server/files/entrypoint_nginx.sh index bc05a03..40d0b31 100755 --- a/server/files/entrypoint_nginx.sh +++ b/server/files/entrypoint_nginx.sh @@ -55,9 +55,9 @@ init_misp_files(){ } init_ssl() { - if [[ (! -f /etc/ssl/cert.pem) || - (! -f /etc/ssl/key.pem) ]]; then - cd /etc/ssl + if [[ (! -f /etc/ssl/certs/cert.pem) || (! -f /etc/ssl/certs/key.pem) ]]; + then + cd /etc/ssl/certs openssl req -x509 -subj '/CN=localhost' -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 fi } diff --git a/server/files/etc/nginx/misp b/server/files/etc/nginx/misp index ad0b715..d08b628 100644 --- a/server/files/etc/nginx/misp +++ b/server/files/etc/nginx/misp @@ -21,8 +21,8 @@ server { log_not_found off; error_log /dev/stderr error; - ssl_certificate /etc/ssl/cert.pem; - ssl_certificate_key /etc/ssl/key.pem; + ssl_certificate /etc/ssl/certs/cert.pem; + ssl_certificate_key /etc/ssl/certs/key.pem; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; # about 40000 sessions ssl_session_tickets off;