mirror of
https://github.com/samply/bridgehead.git
synced 2026-03-31 22:40:14 +02:00
3cb1d70416
Updated the ovis-setup.sh script to improve handling of the trusted CA directory, ensuring that the oauth2-proxy uses the system trust store if the directory is missing. Adjusted logging messages for clarity regarding the detection of custom OIDC CA files, specifically focusing on .crt files. Additionally, added a new environment variable for TLS_CA_CERTIFICATES_DIR in the ovis-compose.yml file to support trusted CA certificates.
26 lines
967 B
Bash
26 lines
967 B
Bash
#!/bin/bash -e
|
|
|
|
if [ -n "$ENABLE_OVIS" ]; then
|
|
log INFO "OVIS setup detected -- will start OVIS services with local oauth2-proxy middleware."
|
|
TRUSTED_CA_DIR="/etc/bridgehead/trusted-ca-certs"
|
|
OVIS_OAUTH2_PROXY_PROVIDER_CA_FILES=""
|
|
|
|
if [ -d "$TRUSTED_CA_DIR" ]; then
|
|
shopt -s nullglob
|
|
ca_cert_candidates=("$TRUSTED_CA_DIR"/*.crt)
|
|
shopt -u nullglob
|
|
|
|
if [ ${#ca_cert_candidates[@]} -gt 0 ]; then
|
|
OVIS_OAUTH2_PROXY_PROVIDER_CA_FILES="$(IFS=,; printf '%s' "${ca_cert_candidates[*]}")"
|
|
log INFO "OVIS oauth2-proxy will trust OIDC provider CA files from $TRUSTED_CA_DIR (*.crt)."
|
|
else
|
|
log INFO "No *.crt files found in $TRUSTED_CA_DIR; oauth2-proxy will use system trust store only."
|
|
fi
|
|
else
|
|
log INFO "Trusted CA directory $TRUSTED_CA_DIR is missing; oauth2-proxy will use system trust store only."
|
|
fi
|
|
|
|
OVERRIDE+=" -f ./$PROJECT/modules/ovis-compose.yml"
|
|
add_private_oidc_redirect_url "/oauth2-ovis/callback"
|
|
fi
|