feat: reads certs locally if available (#3196)

amir20 · web-flow · commit 7f735d26dbb6 · 2024-08-13T11:48:56.000-07:00
diff --git a/examples/docker.agents-with-certs.yml b/examples/docker.agents-with-certs.yml
@@ -0,0 +1,18 @@
+services:
+  agent:
+    image: amir20/dozzle:pr-3196
+    command: agent
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    secrets:
+      - source: cert
+        target: /dozzle_cert.pem
+      - source: key
+        target: /dozzle_key.pem
+    ports:
+      - 7070:7070
+secrets:
+  cert:
+    file: ./cert.pem
+  key:
+    file: ./key.pem
diff --git a/examples/docker.swarm.yml b/examples/docker.swarm.yml
@@ -1,6 +1,6 @@
 services:
-  my-dozzle-service:
-    image: amir20/dozzle:local-test
+  dozzle-service:
+    image: amir20/dozzle:latest
     environment:
       - DOZZLE_LEVEL=debug
       - DOZZLE_MODE=swarm
diff --git a/internal/support/cli/certs.go b/internal/support/cli/certs.go
@@ -3,9 +3,22 @@ package cli
 import (
 	"crypto/tls"
 	"embed"
+	"os"
+
+	log "github.com/sirupsen/logrus"
 )
 
 func ReadCertificates(certs embed.FS) (tls.Certificate, error) {
+	if pair, err := tls.LoadX509KeyPair("dozzle_cert.pem", "dozzle_key.pem"); err == nil {
+		log.Infof("Found dozzle certificate and key at ./dozzle_cert.pem and ./dozzle_key.pem")
+		return pair, nil
+	} else {
+		if !os.IsNotExist(err) {
+			log.Errorf("Failed to load dozzle certificate and key: %v", err)
+			log.Warnf("Falling back to shared certificate and key")
+		}
+	}
+
 	cert, err := certs.ReadFile("shared_cert.pem")
 	if err != nil {
 		return tls.Certificate{}, err
