From 2b0948ffcebe362a8f68aa72c6442b09e3790ad2 Mon Sep 17 00:00:00 2001
From: sthope <sthope@git.sthope>
Date: Thu, 2 Sep 2021 23:56:43 +0200
Subject: [PATCH] Update
 'docker_portainer_stacks/portainer/setup-dockerapi-slave-withtls'

---
 .../portainer/setup-dockerapi-slave-withtls      | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/docker_portainer_stacks/portainer/setup-dockerapi-slave-withtls b/docker_portainer_stacks/portainer/setup-dockerapi-slave-withtls
index b1f0361..764037d 100644
--- a/docker_portainer_stacks/portainer/setup-dockerapi-slave-withtls
+++ b/docker_portainer_stacks/portainer/setup-dockerapi-slave-withtls
@@ -4,7 +4,7 @@
 ###################################
 
 #### USAGE
-# clear;bash -c "$(wget -qLO - https://git.sthope.dev/sthope/sthope-examples/raw/branch/master/docker_portainer_stacks/portainer/setup-dockerapi-notls)"
+# clear;bash -c "$(wget -qLO - https://git.sthope.dev/sthope/sthope-examples/raw/branch/master/docker_portainer_stacks/portainer/setup-dockerapi-slave-withtls)"
 #
 
 openssl genrsa -out key.pem 4096
@@ -18,13 +18,13 @@ echo extendedKeyUsage = clientAuth > extfile-client.cnf
 openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem \
   -CAcreateserial -out cert.pem -extfile extfile-client.cnf
 
-chmod -v 0400 ca-key.pem key.pem server-key.pem
-chmod -v 0444 ca.pem server-cert.pem cert.pem
+# chmod -v 0400 ca-key.pem key.pem server-key.pem
+# chmod -v 0444 ca.pem server-cert.pem cert.pem
 
-mkdir ~/.certs
-cp ca.pem ~/.certs
-cp server-cert.pem ~/.certs
-cp server-key.pem ~/.certs
+mkdir -p /certs/
+cp ca.pem /certs/
+cp server-cert.pem /certs/
+cp server-key.pem /certs/
 
 p(){
 	port=$(( 100+( $(od -An -N2 -i /dev/random) )%(1023+1) ))
@@ -41,7 +41,7 @@ cat << EOF > /etc/systemd/system/docker.service.d/startup_options.conf
 # /etc/systemd/system/docker.service.d/override.conf
 [Service]
 ExecStart=
-ExecStart=/usr/bin/dockerd --tlsverify --tlscacert=/home/pi/.certs/ca.pem --tlscert=/home/pi/.certs/server-cert.pem --tlskey=/home/pi/.certs/server-key.pem -H fd:// -H tcp://0.0.0.0:$(p)
+ExecStart=/usr/bin/dockerd --tlsverify --tlscacert=/certs/ca.pem --tlscert=/certs/server-cert.pem --tlskey=/certs/server-key.pem -H fd:// -H tcp://0.0.0.0:$(p)
 EOF
 
 systemctl daemon-reload