feat: support setting the path to certs (#4198)

2025-12-21 13:23:07 +01:00 · 2025-10-19 12:15:50 -07:00
parent 074f402d0f
commit 911f785e2c
8 changed files with 54 additions and 12 deletions
--- a/internal/support/cli/agent_command.go
+++ b/internal/support/cli/agent_command.go
@@ -27,7 +27,7 @@ func (a *AgentCmd) Run(args Args, embeddedCerts embed.FS) error {
 	if err != nil {
 		return fmt.Errorf("failed to create docker client: %w", err)
 	}
-	certs, err := ReadCertificates(embeddedCerts)
+	certs, err := ReadCertificates(embeddedCerts, args.CertPath, args.KeyPath)
 	if err != nil {
 		return fmt.Errorf("failed to read certificates: %w", err)
 	}
--- a/internal/support/cli/agent_test_command.go
+++ b/internal/support/cli/agent_test_command.go
@@ -14,7 +14,7 @@ type AgentTestCmd struct {
 }

 func (at *AgentTestCmd) Run(args Args, embeddedCerts embed.FS) error {
-	certs, err := ReadCertificates(embeddedCerts)
+	certs, err := ReadCertificates(embeddedCerts, args.CertPath, args.KeyPath)
 	if err != nil {
 		return fmt.Errorf("error reading certificates: %w", err)
 	}
--- a/internal/support/cli/args.go
+++ b/internal/support/cli/args.go
@@ -36,6 +36,8 @@ type Args struct {
 	TimeoutString    string              `arg:"--timeout,env:DOZZLE_TIMEOUT" default:"10s" help:"sets the timeout for docker client"`
 	Timeout          time.Duration       `arg:"-"`
 	Namespace        []string            `arg:"env:DOZZLE_NAMESPACE" help:"sets the namespace to use in k8s"`
+	CertPath         string              `arg:"--cert,env:DOZZLE_CERT" default:"dozzle_cert.pem" help:"path to custom TLS certificate"`
+	KeyPath          string              `arg:"--key,env:DOZZLE_KEY" default:"dozzle_key.pem" help:"path to custom TLS key"`
 	Healthcheck      *HealthcheckCmd     `arg:"subcommand:healthcheck" help:"checks if the server is running"`
 	Generate         *GenerateCmd        `arg:"subcommand:generate" help:"generates a configuration file for simple auth"`
 	Agent            *AgentCmd           `arg:"subcommand:agent" help:"starts the agent"`
--- a/internal/support/cli/certs.go
+++ b/internal/support/cli/certs.go
@@ -8,13 +8,13 @@ import (
 	"github.com/rs/zerolog/log"
 )

-func ReadCertificates(certs embed.FS) (tls.Certificate, error) {
-	if pair, err := tls.LoadX509KeyPair("dozzle_cert.pem", "dozzle_key.pem"); err == nil {
-		log.Info().Msg("Loaded custom dozzle certificate and key")
+func ReadCertificates(certs embed.FS, certPath, keyPath string) (tls.Certificate, error) {
+	if pair, err := tls.LoadX509KeyPair(certPath, keyPath); err == nil {
+		log.Info().Str("cert", certPath).Str("key", keyPath).Msg("Loaded custom dozzle certificate and key")
 		return pair, nil
 	} else {
 		if !os.IsNotExist(err) {
-			log.Fatal().Err(err).Msg("Failed to load custom dozzle certificate and key. Stopping...")
+			log.Fatal().Err(err).Str("cert", certPath).Str("key", keyPath).Msg("Failed to load custom dozzle certificate and key. Stopping...")
 		}
 	}

--- a/internal/support/cli/clients.go
+++ b/internal/support/cli/clients.go
@@ -51,7 +51,7 @@ func CreateMultiHostService(embeddedCerts embed.FS, args Args) *docker_support.M
 		go StartEvent(args, "server", localClient, "")
 	}

-	certs, err := ReadCertificates(embeddedCerts)
+	certs, err := ReadCertificates(embeddedCerts, args.CertPath, args.KeyPath)
 	if err != nil {
 		log.Fatal().Err(err).Msg("Could not read certificates")
 	}
--- a/internal/support/cli/health_command.go
+++ b/internal/support/cli/health_command.go
@@ -20,7 +20,7 @@ func (h *HealthcheckCmd) Run(args Args, embeddedCerts embed.FS) error {
 			return fmt.Errorf("failed to read file: %w", err)
 		}
 		agentAddress := string(data)
-		certs, err := ReadCertificates(embeddedCerts)
+		certs, err := ReadCertificates(embeddedCerts, args.CertPath, args.KeyPath)
 		if err != nil {
 			return fmt.Errorf("failed to read certificates: %w", err)
 		}