Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions templates/UmbracoDockerCompose/.env
Original file line number Diff line number Diff line change
@@ -1 +1,3 @@
DB_PASSWORD=Password1234
CERT_PASSWORD=CERT_PASS_FROM_TEMPLATE
HMAC_SECRET_KEY=HMAC_KEY_FROM_TEMPLATE
16 changes: 16 additions & 0 deletions templates/UmbracoDockerCompose/.template.config/template.json
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,22 @@
"toLower": true
},
"replaces": "umbraco_image"
},
"CertPassword": {
"type": "generated",
"generator": "guid",
"parameters": {
"defaultFormat": "N"
},
"replaces": "CERT_PASS_FROM_TEMPLATE"
},
"HmacSecretKey": {
"type": "generated",
"generator": "guid",
"parameters": {
"defaultFormat": "N"
},
"replaces": "HMAC_KEY_FROM_TEMPLATE"
}
}
}
8 changes: 7 additions & 1 deletion templates/UmbracoDockerCompose/docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,8 @@ services:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=https://+:8081;http://+:8080
- ASPNETCORE_Kestrel__Certificates__Default__Path=/https/aspnetcore.pfx
- ASPNETCORE_Kestrel__Certificates__Default__Password=DevOnlyPassword
- ASPNETCORE_Kestrel__Certificates__Default__Password=${CERT_PASSWORD}
- Umbraco__CMS__Imaging__HMACSecretKey=${HMAC_SECRET_KEY}
- ConnectionStrings__umbracoDbDSN=Server=umb_database;Database=umbracoDb;User Id=sa;Password=${DB_PASSWORD};TrustServerCertificate=true;
- ConnectionStrings__umbracoDbDSN_ProviderName=Microsoft.Data.SqlClient
# These volumes are bind mounts to the host machine's file system.
Expand Down Expand Up @@ -63,6 +64,11 @@ services:
create_host_path: true
- umb_logs:/app/umbraco/Logs
- umb_data:/app/umbraco
- type: bind
source: ./certs
target: /https
bind:
create_host_path: true
build:
context: .
dockerfile: UmbracoProject/Dockerfile
Expand Down
13 changes: 13 additions & 0 deletions templates/UmbracoDockerCompose/trust-cert.ps1
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
# Trusts the self-signed certificate generated by the Umbraco Docker container.
# Run this once after the first `docker compose up` to stop browser HTTPS warnings.
# Must be run as Administrator.

$cert = Join-Path $PSScriptRoot "certs\aspnetcore.crt"

if (-not (Test-Path $cert)) {
Write-Error "Certificate not found at $cert`nStart the container first with: docker compose up"
exit 1
}

Import-Certificate -FilePath $cert -CertStoreLocation Cert:\LocalMachine\Root | Out-Null
Write-Host "Certificate trusted. Restart your browser for changes to take effect."
29 changes: 29 additions & 0 deletions templates/UmbracoDockerCompose/trust-cert.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
#!/bin/bash
# Trusts the self-signed certificate generated by the Umbraco Docker container.
# Run this once after the first `docker compose up` to stop browser HTTPS warnings.
# Requires sudo on macOS and Linux.

CERT="$(dirname "$0")/certs/aspnetcore.crt"

if [ ! -f "$CERT" ]; then
echo "Certificate not found at $CERT"
echo "Start the container first with: docker compose up"
exit 1
fi

case "$(uname -s)" in
Darwin)
sudo security add-trusted-cert -d -r trustRoot \
-k /Library/Keychains/System.keychain "$CERT"
echo "Certificate trusted. Restart your browser for changes to take effect."
;;
Linux)
sudo cp "$CERT" /usr/local/share/ca-certificates/umbraco-dev.crt
sudo update-ca-certificates
echo "Certificate trusted. Restart your browser for changes to take effect."
;;
*)
echo "Unsupported OS. On Windows, run trust-cert.ps1 instead."
exit 1
;;
esac
13 changes: 0 additions & 13 deletions templates/UmbracoProject/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -25,19 +25,6 @@ COPY --from=publish /app/publish .
USER root
RUN apt-get update && apt-get install -y --no-install-recommends gosu openssl && rm -rf /var/lib/apt/lists/*

# Generate self-signed certificate for HTTPS
RUN mkdir -p /https && \
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /https/aspnetcore.key \
-out /https/aspnetcore.crt \
-subj "/CN=localhost" \
-addext "subjectAltName=DNS:localhost" && \
openssl pkcs12 -export -out /https/aspnetcore.pfx \
-inkey /https/aspnetcore.key \
-in /https/aspnetcore.crt \
-password pass:DevOnlyPassword && \
chmod 644 /https/aspnetcore.pfx

# Copy entrypoint script
COPY UmbracoProject/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
Expand Down
17 changes: 17 additions & 0 deletions templates/UmbracoProject/entrypoint.sh
Original file line number Diff line number Diff line change
Expand Up @@ -18,5 +18,22 @@ fix_ownership /app/wwwroot/css
fix_ownership /app/Views
fix_ownership /app/umbraco

# Generate self-signed certificate on first run.
# /https is bind-mounted to ./certs on the host, so aspnetcore.crt is accessible
# for trusting via the trust-cert scripts provided alongside docker-compose.yml.
if [ ! -f /https/aspnetcore.pfx ]; then
mkdir -p /https
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /https/aspnetcore.key \
-out /https/aspnetcore.crt \
-subj "/CN=localhost" \
-addext "subjectAltName=DNS:localhost"
openssl pkcs12 -export -out /https/aspnetcore.pfx \
-inkey /https/aspnetcore.key \
-in /https/aspnetcore.crt \
-password "pass:${ASPNETCORE_Kestrel__Certificates__Default__Password}"
chmod 644 /https/aspnetcore.pfx /https/aspnetcore.crt
fi

# Drop privileges and run the application as the app user
exec gosu "$APP_UID" dotnet UmbracoProject.dll
Loading