From 7f735d26dbb64e42a7cf65eb8fcdb6c0dd87d560 Mon Sep 17 00:00:00 2001
From: Amir Raminfar <findamir@gmail.com>
Date: Tue, 13 Aug 2024 11:48:56 -0700
Subject: [PATCH] feat: reads certs locally if available (#3196)

---
 examples/docker.agents-with-certs.yml | 18 ++++++++++++++++++
 examples/docker.swarm.yml             |  4 ++--
 internal/support/cli/certs.go         | 13 +++++++++++++
 3 files changed, 33 insertions(+), 2 deletions(-)
 create mode 100644 examples/docker.agents-with-certs.yml

diff --git a/examples/docker.agents-with-certs.yml b/examples/docker.agents-with-certs.yml
new file mode 100644
index 00000000..0994ab58
--- /dev/null
+++ b/examples/docker.agents-with-certs.yml
@@ -0,0 +1,18 @@
+services:
+  agent:
+    image: amir20/dozzle:pr-3196
+    command: agent
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    secrets:
+      - source: cert
+        target: /dozzle_cert.pem
+      - source: key
+        target: /dozzle_key.pem
+    ports:
+      - 7070:7070
+secrets:
+  cert:
+    file: ./cert.pem
+  key:
+    file: ./key.pem
diff --git a/examples/docker.swarm.yml b/examples/docker.swarm.yml
index 2d68601b..1bc20e8c 100644
--- a/examples/docker.swarm.yml
+++ b/examples/docker.swarm.yml
@@ -1,6 +1,6 @@
 services:
-  my-dozzle-service:
-    image: amir20/dozzle:local-test
+  dozzle-service:
+    image: amir20/dozzle:latest
     environment:
       - DOZZLE_LEVEL=debug
       - DOZZLE_MODE=swarm
diff --git a/internal/support/cli/certs.go b/internal/support/cli/certs.go
index 4a80cbc0..3c8f8ada 100644
--- a/internal/support/cli/certs.go
+++ b/internal/support/cli/certs.go
@@ -3,9 +3,22 @@ package cli
 import (
 	"crypto/tls"
 	"embed"
+	"os"
+
+	log "github.com/sirupsen/logrus"
 )
 
 func ReadCertificates(certs embed.FS) (tls.Certificate, error) {
+	if pair, err := tls.LoadX509KeyPair("dozzle_cert.pem", "dozzle_key.pem"); err == nil {
+		log.Infof("Found dozzle certificate and key at ./dozzle_cert.pem and ./dozzle_key.pem")
+		return pair, nil
+	} else {
+		if !os.IsNotExist(err) {
+			log.Errorf("Failed to load dozzle certificate and key: %v", err)
+			log.Warnf("Falling back to shared certificate and key")
+		}
+	}
+
 	cert, err := certs.ReadFile("shared_cert.pem")
 	if err != nil {
 		return tls.Certificate{}, err