easy-rsa: Drop all mention of the vars file
* This exists to import/export a number of easy-rsa default values but creates headaches for old volumes due to changes where easy-rsa insists on loading the var file if the environment variable is set. * Going forward people should pass the variables via: `docker run -e EASYRSA_var ...` * Closes #608
This commit is contained in:
parent
c4b94369cd
commit
6ad931090b
|
@ -15,8 +15,7 @@ RUN echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing/" >> /etc/apk/reposi
|
|||
ENV OPENVPN=/etc/openvpn
|
||||
ENV EASYRSA=/usr/share/easy-rsa \
|
||||
EASYRSA_CRL_DAYS=3650 \
|
||||
EASYRSA_PKI=$OPENVPN/pki \
|
||||
EASYRSA_VARS_FILE=$OPENVPN/vars
|
||||
EASYRSA_PKI=$OPENVPN/pki
|
||||
|
||||
VOLUME ["/etc/openvpn"]
|
||||
|
||||
|
|
|
@ -15,7 +15,6 @@ RUN echo "http://dl-4.alpinelinux.org/alpine/edge/community/" >> /etc/apk/reposi
|
|||
ENV OPENVPN /etc/openvpn
|
||||
ENV EASYRSA /usr/share/easy-rsa
|
||||
ENV EASYRSA_PKI $OPENVPN/pki
|
||||
ENV EASYRSA_VARS_FILE $OPENVPN/vars
|
||||
|
||||
# Prevents refused client connection because of an expired CRL
|
||||
ENV EASYRSA_CRL_DAYS 3650
|
||||
|
|
|
@ -1,39 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
#
|
||||
# Import/export EasyRSA default settings
|
||||
#
|
||||
|
||||
if [ "$DEBUG" == "1" ]; then
|
||||
set -x
|
||||
fi
|
||||
|
||||
set -e
|
||||
|
||||
if [ $# -lt 1 ]; then
|
||||
echo "No command provided"
|
||||
echo
|
||||
echo "$0 export > /path/to/file"
|
||||
echo "$0 import < /path/to/file"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
cmd=$1
|
||||
shift
|
||||
|
||||
case "$cmd" in
|
||||
export)
|
||||
if [ -f "$EASYRSA_VARS_FILE" ]; then
|
||||
cat "$EASYRSA_VARS_FILE"
|
||||
else
|
||||
cat "$EASYRSA/vars.example"
|
||||
fi
|
||||
;;
|
||||
import)
|
||||
cat > "$EASYRSA_VARS_FILE"
|
||||
;;
|
||||
*)
|
||||
echo "Unknown cmd \"$cmd\""
|
||||
exit 2
|
||||
;;
|
||||
esac
|
|
@ -15,10 +15,6 @@ source "$OPENVPN/ovpn_env.sh"
|
|||
# Specify "nopass" as arg[2] to make the CA insecure (not recommended!)
|
||||
nopass=$1
|
||||
|
||||
# EasyRSA 3.0.7 introduced checks for $EASYRSA_VARS_FILE existence
|
||||
# in the init-pki script
|
||||
touch $EASYRSA_VARS_FILE
|
||||
|
||||
# Provides a sufficient warning before erasing pre-existing files
|
||||
easyrsa init-pki
|
||||
|
||||
|
|
Loading…
Reference in New Issue