forked from ancsemi/Haven
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdocker-entrypoint.sh
More file actions
32 lines (28 loc) · 1.06 KB
/
Copy pathdocker-entrypoint.sh
File metadata and controls
32 lines (28 loc) · 1.06 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
#!/bin/sh
set -e
DATA="/data"
CERTS="$DATA/certs"
# Auto-generate self-signed SSL certs if none exist (skip if FORCE_HTTP=true)
# (HTTPS is needed for voice chat to work over the network)
if [ "${FORCE_HTTP:-false}" = "true" ]; then
echo "⚡ FORCE_HTTP=true — skipping SSL certificate generation"
elif [ ! -f "$CERTS/cert.pem" ] || [ ! -f "$CERTS/key.pem" ]; then
echo "🔐 Generating self-signed SSL certificate..."
mkdir -p "$CERTS"
openssl req -x509 -newkey rsa:2048 \
-keyout "$CERTS/key.pem" \
-out "$CERTS/cert.pem" \
-days 3650 -nodes \
-subj "/CN=Haven" \
-addext "subjectAltName=DNS:localhost,IP:127.0.0.1" \
2>/dev/null
chown node:node "$CERTS/cert.pem" "$CERTS/key.pem" 2>/dev/null || true
echo "✅ SSL certificate created"
fi
# Fix ownership on bind-mounted volumes (Synology / NAS friendly)
# Only recurse if the data dir isn't already owned by node (uid 1000)
OWNER=$(stat -c '%u' "$DATA" 2>/dev/null || echo "unknown")
if [ "$OWNER" != "1000" ]; then
chown -R node:node "$DATA" 2>/dev/null || true
fi
exec su-exec node "$@"