Update 'docker_portainer_stacks/portainer/setup-dockerapi-slave-withtls.sh'

docker_portainer_stacks/portainer/setup-dockerapi-slave-withtls.sh

@@ -6,25 +6,25 @@
 #### USAGE
 # clear;bash -c "$(wget -qLO - https://git.sthope.dev/sthope/sthope-examples/raw/branch/master/docker_portainer_stacks/portainer/setup-dockerapi-slave-withtls)"
 #
+mkdir -p /opt/certs
 
-openssl genrsa -out key.pem 4096
+openssl genrsa -out /opt/certs/key.pem 4096
 
 MY_IP=$(ip -4 route get 8.8.8.8 | awk {'print $7'} | tr -d '\n')
 
-openssl req -subj "/CN=$MY_IP" -new -key key.pem -out client.csr
+openssl req -subj "/CN=$MY_IP" -new -key /opt/certs/key.pem -out /opt/certs/client.csr
 
-echo extendedKeyUsage = clientAuth > extfile-client.cnf
+echo extendedKeyUsage = clientAuth > /opt/certs/extfile-client.cnf
 
-openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem \
+openssl x509 -req -days 365 -sha256 -in /opt/certs/client.csr -CA /opt/certs/ca.pem -CAkey /opt/certs/ca-key.pem \
-  -CAcreateserial -out cert.pem -extfile extfile-client.cnf
+  -CAcreateserial -out /opt/certs/cert.pem -extfile /opt/certs/extfile-client.cnf
 
 # chmod -v 0400 ca-key.pem key.pem server-key.pem
 # chmod -v 0444 ca.pem server-cert.pem cert.pem
 
-mkdir -p /certs/
+# cp ca.pem /certs/
-cp ca.pem /certs/
+# cp server-cert.pem /certs/
-cp server-cert.pem /certs/
+# cp server-key.pem /certs/
-cp server-key.pem /certs/
 
 p(){
 	port=$(( 100+( $(od -An -N2 -i /dev/random) )%(1023+1) ))
@@ -41,7 +41,7 @@ cat << EOF > /etc/systemd/system/docker.service.d/startup_options.conf
 # /etc/systemd/system/docker.service.d/override.conf
 [Service]
 ExecStart=
-ExecStart=/usr/bin/dockerd --tlsverify --tlscacert=/certs/ca.pem --tlscert=/certs/server-cert.pem --tlskey=/certs/server-key.pem -H fd:// -H tcp://0.0.0.0:$(p)
+ExecStart=/usr/bin/dockerd --tlsverify --tlscacert=/opt/certs/ca.pem --tlscert=/opt/certs/server-cert.pem --tlskey=/opt/certs/server-key.pem -H fd:// -H tcp://0.0.0.0:$(p)
 EOF
 
 systemctl daemon-reload