-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker-compose.yml
executable file
·50 lines (48 loc) · 1.45 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
version: '3.7'
services:
java-srv:
build: java-srv
ports:
- 80:8080
depends_on:
db:
condition: service_healthy
restart: true
db:
image: mariadb:latest
ports:
- 3306
healthcheck:
test: "pwd"
depends_on:
cert-gen:
condition: service_completed_successfully
environment:
- MYSQL_ALLOW_EMPTY_PASSWORD=true
- MYSQL_USER=maria
- MYSQL_PASSWORD=pass
volumes:
- ./db/sql:/docker-entrypoint-initdb.d
- ./certs:/etc/mysql/certs
command:
- --ssl-ca=/etc/mysql/certs/ca.crt
- --ssl-cert=/etc/mysql/certs/mysql.crt
- --ssl-key=/etc/mysql/certs/mysql.key
- --ssl=1
- --bind-address=0.0.0.0
cert-gen:
image: alpine
volumes:
- ./certs:/certs
entrypoint:
- /bin/sh
- -c
- |
apk add --no-cache openssl &&
openssl genpkey -algorithm RSA -out /certs/mysql.key -pkeyopt rsa_keygen_bits:2048 &&
openssl req -new -key /certs/mysql.key -out /certs/mysql.csr -subj "/CN=mysql/O=myorg/C=US" &&
openssl x509 -req -in /certs/mysql.csr -signkey /certs/mysql.key -out /certs/mysql.crt -days 365 &&
openssl genpkey -algorithm RSA -out /certs/ca.key -pkeyopt rsa_keygen_bits:2048 &&
openssl req -new -x509 -key /certs/ca.key -out /certs/ca.crt -days 1095 -subj "/CN=Certificate Authority/O=myorg/C=US" &&
chmod 600 /certs/* && chown 999:999 /certs/*
restart: "no"