Release 1.33.2

fix: create ssl certs outside container

functions

@@ -149,7 +149,9 @@ service_create_container() {
 
   dokku_log_verbose_quiet "Securing connection to database"
   service_pause "$SERVICE" >/dev/null
-  "$DOCKER_BIN" container run --rm -i -v "$SERVICE_HOST_ROOT/data:/var/lib/postgresql/data" "$PLUGIN_IMAGE:$PLUGIN_IMAGE_VERSION" bash -s <"$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/scripts/enable_ssl.sh" &>/dev/null
+  "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/scripts/create_ssl_certs.sh" "$SERVICE_HOST_ROOT" &>/dev/null
+  "$DOCKER_BIN" container run --rm -i -v "$SERVICE_HOST_ROOT/data:/var/lib/postgresql/data" -v "$SERVICE_HOST_ROOT/certs:/var/lib/postgresql/certs" "$PLUGIN_IMAGE:$PLUGIN_IMAGE_VERSION" bash -s <"$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/scripts/enable_ssl.sh" &>/dev/null
+  rm -rf "$SERVICE_HOST_ROOT/certs"
 
   suppress_output "$DOCKER_BIN" container start "$(cat "$SERVICE_ROOT/ID")"
   service_port_reconcile_status "$SERVICE"

plugin.toml

@@ -1,4 +1,4 @@
 [plugin]
 description = "dokku postgres service plugin"
-version = "1.33.1"
+version = "1.33.2"
 [plugin.config]

scripts/create_ssl_certs.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+postgres_service_dir="$1"
+
+cd "$postgres_service_dir"
+mkdir certs && cd certs
+openssl req -new -newkey rsa:4096 -x509 -days 365000 -nodes -out server.crt -keyout server.key -batch

scripts/enable_ssl.sh

@@ -1,7 +1,10 @@
-#!/bin/bash
-pushd /var/lib/postgresql/data >/dev/null
-openssl req -new -newkey rsa:4096 -x509 -days 365000 -nodes -out server.crt -keyout server.key -batch
+#!/bin/sh
+
+cd /var/lib/postgresql/data
+
+cp ../certs/* .
+chown postgres:postgres server.key
 chmod 600 server.key
+
 sed -i "s/^#ssl = off/ssl = on/" postgresql.conf
 sed -i "s/^#ssl_ciphers =.*/ssl_ciphers = 'AES256+EECDH:AES256+EDH'/" postgresql.conf
-popd >/dev/null