Cannot use Docker Secrets for TLS files
ChrisSamo632 opened this issue · 0 comments
ChrisSamo632 commented
It would be better if one was able to use Docker Secrets to make TLS certificate files available to the instance (it would need to not "fix" the file permissions on startup), e.g. allow the optional specification of a TLS_CERTS_DIR or such, which would be '/run/secrets':
version: '3.7'
services:
ldap:
image: osixia/openldap:1.2.3
hostname: ldap
...
phpldapadmin:
image: osixia/phpldapadmin:0.7.2
environment:
PHPLDAPADMIN_LDAP_HOSTS: "#PYTHON2BASH:[
{'ldap':[
{'server': [
{'tls': True},
{'port': 389}
]
}
]
}
]"
# secure user connections
PHPLDAPADMIN_HTTPS: "true"
# TODO: this _CERTS_DIR variable doesn't exist
PHPLDAPADMIN_HTTPS_CERTS_DIR: /run/secrets
PHPLDAPADMIN_HTTPS_CRT_FILENAME: php_ldap_admin_pem
PHPLDAPADMIN_HTTPS_KEY_FILENAME: php_ldap_admin_key
PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME: ca_pem
# secure ldap connections
PHPLDAPADMIN_LDAP_CLIENT_TLS: "true"
# TODO: this _CERTS_DIR variable doesn't exist
PHPLDAPADMIN_LDAP_CLIENT_TLS_CERTS_DIR: /run/secrets
PHPLDAPADMIN_LDAP_CLIENT_TLS_CRT_FILENAME: php_ldap_admin_pem
PHPLDAPADMIN_LDAP_CLIENT_TLS_KEY_FILENAME: php_ldap_admin_key
PHPLDAPADMIN_LDAP_CLIENT_TLS_CA_CRT_FILENAME: ca_pem
ports:
- target: 443
published: 6443
protocol: tcp
mode: ingress
volumes:
- phpldapadmin-data:/var/www/phpldapadmin
secrets:
- ca_pem
- php_ldap_admin_pem
- php_ldap_admin_key
volumes:
phpldapadmin-data:
secrets:
ca_pem:
file: ${PWD}/certs/ca.pem
...An alternative is probably to have a more generic "SWARM_MODE: 'true'" flag that can change startup/config logic specific for Swarm vs. Compose (use of Secrets probably not the only example)?