don't use a keyfile for ssl cert (#265)

antondlr · web-flow · commit b9476cac5b51 · 2024-07-18T14:55:23.000+02:00
diff --git a/docker-assets/docker-entrypoint.sh b/docker-assets/docker-entrypoint.sh
@@ -38,8 +38,7 @@ if [ $SSL_ENABLED = true ] ; then
   ## generate cert if not present
   if [ ! -f /certs/cert.pem ] ; then
     mkdir -p /certs
-    openssl req -x509 -newkey rsa:4096 -keyout /certs/key.pem -out /certs/cert.pem -days 365 -passout pass:'sigmaprime' -subj "/C=AU/CN=siren/emailAddress=noreply@sigmaprime.io"
-    echo 'sigmaprime' > /certs/key.pass
+    openssl req -nodes -x509 -newkey rsa:4096 -keyout /certs/key.pem -out /certs/cert.pem -days 365 -subj "/C=AU/CN=siren/emailAddress=noreply@sigmaprime.io"
   fi
   ln -s /app/docker-assets/siren-https.conf /etc/nginx/conf.d/siren-https.conf
 fi
diff --git a/docker-assets/siren-https.conf b/docker-assets/siren-https.conf
@@ -3,7 +3,6 @@ server {
     listen              443 ssl;
     ssl_certificate     /certs/cert.pem;
     ssl_certificate_key /certs/key.pem;
-    ssl_password_file   /certs/key.pass;
     ssl_protocols       TLSv1.3;
     ssl_ciphers         HIGH:!aNULL:!MD5;
 
