feat(ssl): move certificate generation to runtime with persistent volume

Self-signed SSL certificates are now generated at first startup instead of being baked into the Docker image. Certificates persist in ./certs/ and are reused on subsequent runs. Users can provide their own certs
2026-02-17 08:58:44 +01:00
parent 742b0662a7
commit 6c75fe55d0
5 changed files with 68 additions and 35 deletions
--- a/Dockerfile.electrumx
+++ b/Dockerfile.electrumx
@@ -1,7 +1,7 @@
 FROM lukechilds/electrumx

 # Install curl (needed by entrypoint for RPC calls and IP detection)
-RUN apk add --no-cache curl || apt-get update && apt-get install -y --no-install-recommends curl && rm -rf /var/lib/apt/lists/*
+RUN apk add --no-cache curl openssl || apt-get update && apt-get install -y --no-install-recommends curl openssl && rm -rf /var/lib/apt/lists/*

 # Copy Palladium coin definition and patch ElectrumX
 COPY electrumx-patch/coins_plm.py /tmp/coins_plm.py
@@ -28,34 +28,6 @@ for target in [
 print('>> Patched ElectrumX with Palladium coin classes')
 PATCH

-RUN mkdir -p /certs && \
-    cat >/certs/openssl.cnf <<'EOF' && \
-    openssl req -x509 -nodes -newkey rsa:4096 -days 3650 \
-      -keyout /certs/server.key -out /certs/server.crt \
-      -config /certs/openssl.cnf && \
-    chmod 600 /certs/server.key && chmod 644 /certs/server.crt
-[req]
-distinguished_name = dn
-x509_extensions = v3_req
-prompt = no
-
-[dn]
-C  = IT
-ST = -
-L  = -
-O  = ElectrumX
-CN = plm.local
-
-[v3_req]
-keyUsage         = keyEncipherment, dataEncipherment, digitalSignature
-extendedKeyUsage = serverAuth
-subjectAltName   = @alt_names
-
-[alt_names]
-DNS.1 = plm.local
-IP.1  = 127.0.0.1
-EOF
-
 ENV SSL_CERTFILE=/certs/server.crt
 ENV SSL_KEYFILE=/certs/server.key