Added hability to import custom certs.

Dockerfile

@@ -25,7 +25,10 @@ COPY *.ini /usr/local/etc/php/conf.d/
 
 RUN ln -sf tinyfilemanager.php index.php
 
-CMD [ "php", "-S", "[::]:8080", "-t", "/var/www/html" ]
+RUN mkdir /certs
+COPY startup.sh /
+
+CMD [ "sh", "/startup.sh" ]
 
 EXPOSE 8080
 

Dockerfile.debug

@@ -29,6 +29,9 @@ COPY debug-files/* /var/www/html/
 
 RUN ln -sf tinyfilemanager.php index.php
 
-CMD [ "php", "-S", "[::]:8080", "-t", "/var/www/html" ]
+RUN mkdir /certs
+COPY startup.sh /
+
+CMD [ "sh", "/startup.sh" ]
 
 EXPOSE 8080

README-docker.md

@@ -55,7 +55,7 @@ Then the secret will be read from `filemanager.admin_pass` secret.
 With docker:
 ```
 docker run -it -p 8111:8080 -v /opt:/opt -e ADMIN_USER=admin -e ADMIN_PASS=password -e ROOT_FS=/opt/ \
-               -e SYSLOG_SERVER=192.168.1.131 -e SYSLOG_PORT=1514 -e SYSLOG_PROTO=udp -e SYSLOG_JSON=1 jpralvesatdocker/tinyfilemanager:2.5.2.1
+               -e SYSLOG_SERVER=192.168.1.131 -e SYSLOG_PORT=1514 -e SYSLOG_PROTO=udp -e SYSLOG_JSON=1 jpralvesatdocker/tinyfilemanager:2.5.2.3
 ```
 
 With docker-compose:
@@ -76,7 +76,7 @@ services:
             - SYSLOG_PORT=1514
             - SYSLOG_PROTO=udp
             - SYSLOG_JSON=1
-        image: jpralvesatdocker/tinyfilemanager:2.5.2.1
+        image: jpralvesatdocker/tinyfilemanager:2.5.2.3
 ```
 
 ## Building images
@@ -87,7 +87,7 @@ docker build . -t jpralvesatdocker/tinyfilemanager:latest
 docker build --build-arg RUNUSER=tinyuser . -t jpralvesatdocker/tinyfilemanager:latest-user
 ```
 
-## Adding custom CA certificate to image
+## Adding custom CA certificate to image (Option 1)
 
 The trusted CA file is the one provided by alpine distro and it is located in `/etc/ssl/certs/ca-certificates.crt`.
 Replacing this file with a copy of it with the self-signed certificate of the custom CA appended at the end works.
@@ -106,5 +106,27 @@ services:
             - ADMIN_USER=admin
             - ADMIN_PASS=pass
             - ROOT_FS=/opt
-        image: jpralvesatdocker/tinyfilemanager:2.5.2.1
+        image: jpralvesatdocker/tinyfilemanager:2.5.2.3
+```
+
+## Importing custom CA certs (Option 2)
+
+With the base image (running with root) it is possible to import custom CAs to the trusted store.
+The files with extension .pem or .crt are imported when container starts.
+
+```
+version: '3.3'
+
+services:
+    tinyfilemanager:
+        ports:
+            - '8111:8080'
+        volumes:
+            - '/opt:/opt'
+            - './certs/my-custom-cert.crt:/certs/my-custom-cert.crt'
+        environment:
+            - ADMIN_USER=admin
+            - ADMIN_PASS=pass
+            - ROOT_FS=/opt
+        image: jpralvesatdocker/tinyfilemanager:2.5.2.3
 ```

README.md

@@ -5,7 +5,7 @@ I give credit to the original author but added the following enhancements:
 
 - Docker images ready to be used. More instructions on this [document](README-docker.md).
 - Ability to change owner of files and folders (Root run image)
-- Added dynamic user variables to be used in docker images
+- Added dynamic user variables to be used in docker images (with file contents)
 - Updated external JS/CSS libraries to latest versions
 - Show binary files in HEX dump format
 - Support for webp images

startup.sh

@@ -0,0 +1,20 @@
+#!/bin/sh
+
+if [ "$(id -u)" -eq 0 ]; then
+  update=0
+  for f in /certs/*.pem /certs/*.crt; do
+    if [ -f "$f" ]; then
+      bn=$(basename "$f")
+      update=1
+      echo "import cert file ${bn}"
+      cp "$f" "/usr/local/share/ca-certificates/${bn}.crt"
+    fi
+  done
+  if [ "${update}" = "1" ]; then
+    update-ca-certificates
+  fi
+else
+  echo "User cannot import certs."
+fi
+
+exec php -S '[::]:8080' -t /var/www/html

tinyfilemanager.php

@@ -16,7 +16,7 @@ $CONFIG = '{"lang":"en","error_reporting":false,"show_hidden":false,"hide_Cols":
  */
 
 //TFM version
-define('VERSION', '2.5.2.2');
+define('VERSION', '2.5.2.3');
 
 //Application Title
 define('APP_TITLE', 'Tiny File Manager');