forked from mojaloop/database-lib
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdocker-compose.yaml
More file actions
65 lines (63 loc) · 2.58 KB
/
docker-compose.yaml
File metadata and controls
65 lines (63 loc) · 2.58 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
services:
cert-gen:
image: alpine
volumes:
- ./certs:/certs
command: >
sh -c "
if [ ! -f /certs/ca.pem ]; then
echo 'SSL certificates not found. Generating certificates...' &&
apk add --no-cache openssl &&
openssl genrsa -out /certs/ca-key.pem 2048 &&
openssl req -new -x509 -nodes -days 365 -key /certs/ca-key.pem -out /certs/ca.pem -subj '/C=US/ST=CA/L=San Francisco/O=Mojaloop/OU=Database/CN=MySQL_CA' &&
openssl genrsa -out /certs/server-key.pem 2048 &&
openssl req -new -key /certs/server-key.pem -out /certs/server.csr -subj '/C=US/ST=CA/L=San Francisco/O=Mojaloop/OU=Database/CN=mysql' &&
echo '[v3_req]' > /tmp/cert.conf &&
echo 'basicConstraints = CA:FALSE' >> /tmp/cert.conf &&
echo 'keyUsage = nonRepudiation, digitalSignature, keyEncipherment' >> /tmp/cert.conf &&
echo 'subjectAltName = @alt_names' >> /tmp/cert.conf &&
echo '[alt_names]' >> /tmp/cert.conf &&
echo 'DNS.1 = mysql' >> /tmp/cert.conf &&
echo 'DNS.2 = localhost' >> /tmp/cert.conf &&
echo 'IP.1 = 127.0.0.1' >> /tmp/cert.conf &&
openssl x509 -req -days 365 -in /certs/server.csr -CA /certs/ca.pem -CAkey /certs/ca-key.pem -CAcreateserial -out /certs/server-cert.pem -extensions v3_req -extfile /tmp/cert.conf &&
rm -f /certs/*.csr /certs/*.srl /tmp/cert.conf &&
chmod 644 /certs/ca.pem /certs/server-cert.pem &&
chmod 644 /certs/ca-key.pem /certs/server-key.pem &&
echo 'SSL certificates generated successfully!' &&
echo 'Generated certificate files with permissions:' &&
ls -la /certs/ &&
echo 'Certificate files should be readable by any user for CI compatibility.'
else
echo 'SSL certificates found. Ready to start MySQL.'
fi
"
restart: "no"
mysql:
image: mysql:8.0
depends_on:
cert-gen:
condition: service_completed_successfully
environment:
MYSQL_ROOT_PASSWORD: example_root_password
MYSQL_DATABASE: example_db
MYSQL_USER: example_user
MYSQL_PASSWORD: example_password
command:
- --ssl-ca=/etc/mysql/certs/ca.pem
- --ssl-cert=/etc/mysql/certs/server-cert.pem
- --ssl-key=/etc/mysql/certs/server-key.pem
- --bind-address=0.0.0.0
- --require_secure_transport=ON
ports:
- "3306:3306"
volumes:
- mysql_data:/var/lib/mysql
- ./certs:/etc/mysql/certs:ro
healthcheck:
test: ["CMD", "mysqladmin", "ping", "-h", "localhost"]
timeout: 5s
retries: 10
start_period: 30s
volumes:
mysql_data: