Created
December 4, 2019 02:57
-
-
Save mengjiann/8a3bc7bcb0f6f35264c3e6ebce75cd79 to your computer and use it in GitHub Desktop.
Prepare the docker image for the SpringBoot app to connect to MySQL using SSL
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM openjdk:8-jdk | |
| # For alpine | |
| # RUN apk add --update openssl | |
| # RUN apk add coreutils | |
| # create a temp dir in which to work | |
| RUN OLDDIR="$PWD" | |
| RUN mkdir /tmp/rds-ca && cd /tmp/rds-ca | |
| # download the AWS RDS SSL bundle | |
| RUN wget https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem | |
| # split the bundle into individual certs (prefixed with xx) | |
| RUN csplit -sz rds-combined-ca-bundle.pem '/-BEGIN CERTIFICATE-/' '{*}' | |
| # import each cert individually | |
| RUN for CERT in xx*; do keytool -import -keystore /etc/ssl/certs/java/cacerts -storepass changeit -noprompt -alias rds$CERT -file "$CERT"; done | |
| # back out of the temp dir and delete it | |
| RUN cd "$OLDDIR" | |
| RUN rm -r /tmp/rds-ca | |
| # list the imported rds certs as a sanity check | |
| RUN keytool -list -keystore /etc/ssl/certs/java/cacerts -storepass changeit -noprompt | grep -i rds | |
| # copy application JAR to container | |
| COPY target/*.jar /app/myApp.jar | |
| EXPOSE 8080 | |
| ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-jar","/app/myApp.jar"] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment