Add SSL Certificate

Openfire can now work with the SSL certificate of the server on which the container is running.
EndMove · Apr 1, 2021 · b520dcc · b520dcc
1 parent 4c339e2
commit b520dcc
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 1 deletion.
diff --git a/Dockerfile b/Dockerfile
@@ -29,6 +29,11 @@ RUN apt-get -y update \
 COPY ["copyright", "LICENSE", "entrypoint.sh", "/usr/local/bin/"]
 RUN chmod 755 /usr/local/bin/entrypoint.sh
 
+# create ssl folder
+RUN mkdir /usr/share/openfire/ssl; \
+  chmod -R 0750 /usr/share/openfire/ssl; \
+  chown -R ${OPENFIRE_USER}:${OPENFIRE_USER} /usr/share/openfire/ssl
+
 # expose ports
 EXPOSE 5222/tcp 5223/tcp 5229/tcp 5262/tcp 5263/tcp 5269/tcp 5270/tcp 5275/tcp 5276/tcp 7070/tcp 7443/tcp 7777/tcp 9090/tcp 9091/tcp
 

diff --git a/README.md b/README.md
@@ -112,6 +112,26 @@ This Openfire installation script provides two important volume locations to tra
 --volume /home/openfire/log:/var/log/openfire
 ````
 
+### Openfire - SSL Certificate
+
+> To benefit from the SSL certificate of your server under Openfire place it under the name `ssl.pem` in this volume.
+> Note: all communications between Openfire and users except those from the web interface ports: 9091 & 9090 are managed and encrypted using RSA, by Openfire automatically.
+
+````sh
+# in container location:
+/usr/share/openfire/ssl
+
+# recommended docker volume:
+--volume /home/certificate/cert:/usr/share/openfire/ssl:ro
+````
+
+Ceci est un exemple du contenu du dossier `/home/certificate/cert`
+
+````txt
+.
+└── ssl.pem
+````
+
 ## Update ?
 
 When an update of Openfire is available and I updated the repository you just have to remove and install again the container to migrate to the new version.
@@ -123,4 +143,4 @@ __WARNING__: this requires that you store the Openfire data as recommended above
 - [x] Log file available out of container.
 - [x] Configuration file, security and embedded-database available out of the container.
 - [x] Makes available all the ports available in Openfire version 4.6.2.
-- [ ] Allows the import of SSL certificates that are external to the container.
+- [x] Allows the import of SSL certificates that are external to the container.
diff --git a/build_version b/build_version
@@ -0,0 +1 @@
+4.6.2
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -36,6 +36,15 @@ initialization() {
   chmod -R 0755 ${OPENFIRE_LOG_DIR}
   chown -R ${OPENFIRE_USER}:${OPENFIRE_USER} ${OPENFIRE_LOG_DIR}
 
+  # manage certificate if available
+  if [ -e /usr/share/openfire/ssl/ssl.pem ]; then
+    [ -e ${OPENFIRE_DATA_DIR}/conf/security/keystore ] && rm -f ${OPENFIRE_DATA_DIR}/conf/security/keystore
+    [ -e ${OPENFIRE_DATA_DIR}/conf/security/ssl-tmp.pem ] && rm -f ${OPENFIRE_DATA_DIR}/conf/security/ssl-tmp.pem
+    cp -f /usr/share/openfire/ssl/ssl.pem ${OPENFIRE_DATA_DIR}/conf/security/ssl-tmp.pem
+    cd ${OPENFIRE_DATA_DIR}/conf/security/
+    printf "changeit\nchangeit\nyes" | keytool -import -v -keystore keystore -alias openfire-docker -file ssl-tmp.pem
+  fi
+
   # create build version file and update it
   CURRENT_VERSION=1.0.0
   [ -f ${OPENFIRE_DATA_DIR}/openfire_version ] && CURRENT_VERSION=$(cat ${OPENFIRE_DATA_DIR}/openfire_version)