diff --git a/Containers/nextcloud/config/postgres.config.php b/Containers/nextcloud/config/postgres.config.php new file mode 100644 index 00000000..38f980fe --- /dev/null +++ b/Containers/nextcloud/config/postgres.config.php @@ -0,0 +1,9 @@ + array( + 'mode' => 'verify-ca', + 'rootcert' => '/var/www/html/data/certificates/POSTGRES', + ), + ); +} diff --git a/Containers/nextcloud/entrypoint.sh b/Containers/nextcloud/entrypoint.sh index 25d549e0..1e0ada44 100644 --- a/Containers/nextcloud/entrypoint.sh +++ b/Containers/nextcloud/entrypoint.sh @@ -241,6 +241,12 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then ); DATADIR_PERMISSION_CONF + # Write out postgres root cert + if [ -n "$NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES" ]; then + mkdir /var/www/html/data/certificates + echo "$NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES" > "/var/www/html/data/certificates/POSTGRES" + fi + echo "Installing with $DATABASE_TYPE database" # Set a default value for POSTGRES_PORT if [ -z "$POSTGRES_PORT" ]; then diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh index e1bbf974..859c6309 100644 --- a/Containers/notify-push/start.sh +++ b/Containers/notify-push/start.sh @@ -66,8 +66,13 @@ if [ "$POSTGRES_USER" = nextcloud ]; then export POSTGRES_USER fi +# Postgres root cert +if [ -f "/nextcloud/data/certificates/POSTGRES" ]; then + POSTGRES_CERT="?sslmode=verify-ca&sslrootcert=/nextcloud/data/certificates/POSTGRES" +fi + # Set sensitive values as env -export DATABASE_URL="$DATABASE_TYPE://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB" +export DATABASE_URL="$DATABASE_TYPE://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB$POSTGRES_CERT" export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST/$REDIS_DB_INDEX" # Run it