[nginx-proxy#754] Access docker daemon socketthrough https/tcp

arnaudschaeffer · Mar 15, 2021 · f1faad0 · f1faad0
1 parent 2e37798
commit f1faad0
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 20 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -31,6 +31,7 @@ ARG ACMESH_PATH=/home/acme.sh
 ENV COMPANION_VERSION=$GIT_DESCRIBE \
     DOCKER_HOST=unix:///var/run/docker.sock \
     PATH=$PATH:/app
+    DOCKER_OPTS="--key ~/.docker/key.pem --cacert ~/.docker/ca.pem --cert ~/.docker/cert.pem"
 
 # Install packages required by the image
 RUN apk add --no-cache --virtual .bin-deps \
@@ -45,11 +46,11 @@ RUN apk add --no-cache --virtual .bin-deps \
 COPY --from=go-builder /usr/local/bin/docker-gen /usr/local/bin/
 
 # Install acme.sh
-COPY /install_acme.sh /app/install_acme.sh
-RUN chmod +rx /app/install_acme.sh \
+COPY /install_acme.sh "/${ACMESH_PATH}/install_acme.sh"
+RUN chmod +rx "/${ACMESH_PATH}/install_acme.sh \"
     && sync \
     && /app/install_acme.sh \
-    && rm -f /app/install_acme.sh
+    && rm -f "/${ACMESH_PATH}/install_acme.sh"
 
 COPY /app/ /app/
 

diff --git a/app/entrypoint.sh b/app/entrypoint.sh
@@ -24,18 +24,18 @@ function check_docker_socket {
 
 function check_writable_directory {
     local dir="$1"
-#    if [[ $(get_self_cid) ]]; then
-#        if ! docker_api "/containers/$(get_self_cid)/json" | jq ".Mounts[].Destination" | grep -q "^\"$dir\"$"; then
-#            echo "Warning: '$dir' does not appear to be a mounted volume."
-#        fi
-#    else
-#        echo "Warning: can't check if '$dir' is a mounted volume without self container ID."
-#    fi
-#    if [[ ! -d "$dir" ]]; then
-#        echo "Error: can't access to '$dir' directory !" >&2
-#        echo "Check that '$dir' directory is declared as a writable volume." >&2
-#        exit 1
-#    fi
+    if [[ $(get_self_cid) ]]; then
+        if ! docker_api "/containers/$(get_self_cid)/json" | jq ".Mounts[].Destination" | grep -q "^\"$dir\"$"; then
+            echo "Warning: '$dir' does not appear to be a mounted volume."
+        fi
+    else
+        echo "Warning: can't check if '$dir' is a mounted volume without self container ID."
+    fi
+    if [[ ! -d "$dir" ]]; then
+        echo "Error: can't access to '$dir' directory !" >&2
+        echo "Check that '$dir' directory is declared as a writable volume." >&2
+        exit 1
+    fi
     if ! touch "$dir/.check_writable" 2>/dev/null ; then
         echo "Error: can't write to the '$dir' directory !" >&2
         echo "Check that '$dir' directory is export as a writable volume." >&2

diff --git a/app/functions.sh b/app/functions.sh
@@ -201,11 +201,10 @@ function docker_api {
     if [[ $DOCKER_HOST == unix://* ]]; then
         curl_opts+=(--unix-socket "${DOCKER_HOST#unix://}")
         scheme='http://localhost'
-    else
-        scheme="${LE_DOCKER_HOST}"
-        curl_opts+=(--cacert '/home/ubuntu/.docker/ca.pem')
-        curl_opts+=(--key '/home/ubuntu/.docker/key.pem')
-        curl_opts+=( --cert '/home/ubuntu/.docker/cert.pem')
+    fi
+    if [[ $DOCKER_HOST == https://* || $DOCKER_HOST == tcp://* ]]; then
+        scheme="${DOCKER_HOST}"
+        curl_opts+=("${DOCKER_OPTS}")
     fi
     [[ $method = "POST" ]] && curl_opts+=(-H 'Content-Type: application/json')
     echo "${curl_opts[@]}" -X "${method}" "${scheme}$1"