zhangyiss/the-littlest-jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/the-littlest-jupyterhub.git synced 2025-12-18 21:54:05 +08:00
Code Issues Packages Projects Releases Wiki Activity

grant traefik write access to state/acme.json

Browse Source 
and ensure the file exists and is private before launching
This commit is contained in:
Min RK
2018-07-30 15:26:09 +02:00
parent 7f07bfbec4
commit 8e75a44502
2 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
tljh/systemd-units/traefik.service
View File

@@ -7,13 +7,14 @@ After=network.target
[Service] [Service]
User=root User=root
Restart=always Restart=always
# process only needs to write acme.json file, no other files # process only needs to write state/acme.json file, no other files
ProtectHome=tmpfs ProtectHome=tmpfs
ProtectSystem=strict ProtectSystem=strict
PrivateTmp=yes PrivateTmp=yes
PrivateDevices=yes PrivateDevices=yes
ProtectKernelTunables=yes ProtectKernelTunables=yes
ProtectKernelModules=yes ProtectKernelModules=yes
ReadWritePaths={install_prefix}/state/acme.json
WorkingDirectory={install_prefix}/state WorkingDirectory={install_prefix}/state
ExecStart={install_prefix}/hub/bin/traefik \ ExecStart={install_prefix}/hub/bin/traefik \
-c {install_prefix}/state/traefik.toml -c {install_prefix}/state/traefik.toml

5
tljh/traefik.py
View File

@@ -77,3 +77,8 @@ def ensure_traefik_config(state_dir):
with open(os.path.join(state_dir, "traefik.toml"), "w") as f: with open(os.path.join(state_dir, "traefik.toml"), "w") as f:
os.fchmod(f.fileno(), 0o744) os.fchmod(f.fileno(), 0o744)
f.write(new_toml) f.write(new_toml)
# ensure acme.json exists and is private
with open(os.path.join(state_dir, "acme.json"), "a") as f:
os.fchmod(f.fileno(), 0o600)