@@ -20,6 +20,61 @@ run_upgrade_if_needed_due_to_app_update() {
2020 fi
2121}
2222
23+ create_global_root_cert () {
24+ # Only run if env is set
25+ if env | grep -q NEXTCLOUD_TRUSTED_CERTIFICATES_; then
26+
27+ # Enable debug mode
28+ set -x
29+
30+ # Default vars
31+ CERTIFICATES_ROOT_DIR=" /var/www/html/data/certificates"
32+ CERTIFICATE_BUNDLE=" /var/www/html/resources/config/ca-bundle.crt"
33+
34+ # Retrieve default root cert bundle
35+ if ! [ -f " $SOURCE_LOCATION /resources/config/ca-bundle.crt" ; then
36+ echo " Root ca-bundle not found. Only concattening configured NEXTCLOUD_TRUSTED_CERTIFICATES files!"
37+ # Recreate cert file
38+ rm -f " $CERTIFICATE_BUNDLE "
39+ touch " $CERTIFICATE_BUNDLE "
40+ else
41+ # Write default bundle to the target ca file
42+ cat " $SOURCE_LOCATION /resources/config/ca-bundle.crt" > " $CERTIFICATES_ROOT_DIR /ca-bundle.crt"
43+ fi
44+
45+ # Remove old root certs and recreate them with current ones
46+ rm -r " $CERTIFICATES_ROOT_DIR "
47+ mkdir -p " $CERTIFICATES_ROOT_DIR "
48+
49+ # Iterate through certs
50+ TRUSTED_CERTIFICATES=" $( env | grep NEXTCLOUD_TRUSTED_CERTIFICATES_ | grep -oP ' ^[A-Z_a-z0-9]+' ) "
51+ mapfile -t TRUSTED_CERTIFICATES <<< " $TRUSTED_CERTIFICATES"
52+ for certificate in " ${TRUSTED_CERTIFICATES[@]} " ; do
53+
54+ # Create new line
55+ echo " " >> " $CERTIFICATE_BUNDLE "
56+
57+ # Check if variable is a simple switch. For example used by postgres and mysql tls connections
58+ if [ " ${! certificate} " != " yes" ; then
59+ # Write out cert to bundle
60+ echo " ${! certificate} " >> " $CERTIFICATE_BUNDLE "
61+ fi
62+
63+ # Create file in cer dir
64+ if ! [ -f " $CERTIFICATES_ROOT_DIR /$CERTIFICATE_NAME " ; then
65+ touch " $CERTIFICATES_ROOT_DIR /$CERTIFICATE_NAME "
66+ fi
67+
68+ done
69+
70+ # Print out bundle one last time
71+ cat " $CERTIFICATE_BUNDLE "
72+
73+ # Disable debug mode
74+ set +x
75+ fi
76+ }
77+
2378# Adjust DATABASE_TYPE to by Nextcloud supported value
2479if [ " $DATABASE_TYPE " = postgres ]; then
2580 export DATABASE_TYPE=pgsql
289344 echo " $NEXTCLOUD_TRUSTED_CERTIFICATES_MYSQL " > " /var/www/html/data/certificates/MYSQL"
290345 fi
291346
347+ # Create global root cert
348+ create_global_root_cert
349+
292350 echo " Installing with $DATABASE_TYPE database"
293351 # Set a default value for POSTGRES_PORT
294352 if [ -z " $POSTGRES_PORT " ; then
459517 rm " $NEXTCLOUD_DATA_DIR /update.failed"
460518 bash /notify.sh " Nextcloud update to $image_version successful!" " You may inspect the Nextcloud container logs for more information."
461519
520+ # Create global root cert
521+ create_global_root_cert
522+
462523 php /var/www/html/occ app:update --all
463524
464525 run_upgrade_if_needed_due_to_app_update
@@ -649,23 +710,8 @@ else
649710fi
650711# AIO app end # Do not remove or change this line!
651712
652- # Allow to add custom certs to Nextcloud's trusted cert store
653- if env | grep -q NEXTCLOUD_TRUSTED_CERTIFICATES_; then
654- set -x
655- TRUSTED_CERTIFICATES=" $( env | grep NEXTCLOUD_TRUSTED_CERTIFICATES_ | grep -oP ' ^[A-Z_a-z0-9]+' ) "
656- mapfile -t TRUSTED_CERTIFICATES <<< " $TRUSTED_CERTIFICATES"
657- CERTIFICATES_ROOT_DIR=" /var/www/html/data/certificates"
658- mkdir -p " $CERTIFICATES_ROOT_DIR "
659- for certificate in " ${TRUSTED_CERTIFICATES[@]} " ; do
660- # shellcheck disable=SC2001
661- CERTIFICATE_NAME=" $( echo " $certificate " | sed ' s|^NEXTCLOUD_TRUSTED_CERTIFICATES_||' ) "
662- if ! [ -f " $CERTIFICATES_ROOT_DIR /$CERTIFICATE_NAME " ; then
663- echo " ${! certificate} " > " $CERTIFICATES_ROOT_DIR /$CERTIFICATE_NAME "
664- php /var/www/html/occ security:certificates:import " $CERTIFICATES_ROOT_DIR /$CERTIFICATE_NAME "
665- fi
666- done
667- set +x
668- fi
713+ # Create global root cert
714+ create_global_root_cert
669715
670716# Notify push
671717if ! [ -d " /var/www/html/custom_apps/notify_push" ; then
0 commit comments