diff --git a/.github/workflows/publish_docker_image.yml b/.github/workflows/publish_docker_image.yml index f9cb75aa1..f14eb571b 100644 --- a/.github/workflows/publish_docker_image.yml +++ b/.github/workflows/publish_docker_image.yml @@ -39,8 +39,6 @@ jobs: push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - #build-args: | - # TLS_SERVER_KEY=${{ secrets.TLS_SERVER_KEY }} build-and-push-backend: runs-on: ubuntu-latest diff --git a/broker/Dockerfile b/broker/Dockerfile index 754e408d1..b17d78230 100644 --- a/broker/Dockerfile +++ b/broker/Dockerfile @@ -1,18 +1,13 @@ FROM eclipse-mosquitto:latest COPY mosquitto/config/ mosquitto/config/ +COPY entrypoint.sh entrypoint.sh -#ARG TLS_SERVER_KEY - -# RUN start='-----BEGIN PRIVATE KEY-----' && \ -# decoded_key=$(echo $TLS_SERVER_KEY|base64 -d) && \ -# end='-----END PRIVATE KEY-----'&& \ -# echo ${start} > mosquitto/config/certs/server-key.pem && \ -# echo ${decoded_key} >> mosquitto/config/certs/server-key.pem && \ -# echo ${end} >> mosquitto/config/certs/server-key.pem +RUN touch mosquitto/config/certs/server-key.pem +RUN chown -R 1883:1883 mosquitto/config/certs/server-key.pem EXPOSE 1883 USER 1883 -CMD ["mosquitto", "-p", "1883", "-c", "mosquitto/config/mosquitto.conf"] +CMD ./entrypoint.sh diff --git a/broker/README.md b/broker/README.md index c8112dfee..dbd7da3cf 100644 --- a/broker/README.md +++ b/broker/README.md @@ -12,20 +12,9 @@ See [Flotilla readme](../README.md#automatic-environment-setup) ### Manual environment setup -The best way to pass this is to store it **base 64-encoded** in a `.env` file in the root of flotilla, and docker compose loads this by default on startup. +The best way to pass this is to store it in a `.env` file in the root of flotilla, and docker compose loads this by default on startup. See [Using the “--env-file” option](https://docs.docker.com/compose/environment-variables/#using-the---env-file--option) for more information. -The key **has to be base64-encoded in the .env file**. -The key should be in be in 'pure format' (No start and end lines) before being encoded. - -You can encode the key in any base64 encoder online or: -To encode the key in a bash terminal, you can run - -``` -key="ACTUAL_KEY_HERE" -encoded_key=$(echo $key|base64) -``` - ## Running the broker From the flotilla root directory, run the following command: diff --git a/broker/entrypoint.sh b/broker/entrypoint.sh new file mode 100755 index 000000000..8a25bf794 --- /dev/null +++ b/broker/entrypoint.sh @@ -0,0 +1,12 @@ +# Set certificate key based on environment variable +# TLS_SERVER_KEY + +start='-----BEGIN PRIVATE KEY-----' +end='-----END PRIVATE KEY-----' + + +echo ${start} > mosquitto/config/certs/server-key.pem +echo ${TLS_SERVER_KEY} >> mosquitto/config/certs/server-key.pem +echo ${end} >> mosquitto/config/certs/server-key.pem + +mosquitto -p 1883 -c mosquitto/config/mosquitto.conf diff --git a/setup.sh b/setup.sh index 6ec4865bd..7dea9904e 100644 --- a/setup.sh +++ b/setup.sh @@ -73,11 +73,8 @@ echo -e "MQTT TLS Server key needed for the broker to communicate using TLS" echo -en "Input MQTT broker server key (copy-paste from KeyVault):\n" read -s broker_server_key -# base64 encode -encoded_key=$(echo $broker_server_key|base64) - -# save to .env file -echo -e "FLOTILLA_BROKER_SERVER_KEY='$encoded_key'" >> $flotilla_dir/.env +# Save to .env file +echo -e "FLOTILLA_BROKER_SERVER_KEY='$broker_server_key'" >> $flotilla_dir/.env echo -e "Added broker server key to .env file" echo -e "Broker setup - Done!"