Fix dnsdist autogenerated cert handling

Seji64 · Sep 20, 2024 · 0ea3b51 · 0ea3b51
1 parent 8e4612f
commit 0ea3b51
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 3 deletions.
diff --git a/configs/dnsdist/dnsdist.conf.template b/configs/dnsdist/dnsdist.conf.template
@@ -21,7 +21,7 @@ echo "end"
 echo ""
 
 if [ "${DNSDIST_ENABLE_DOT}" == "true" ] && [ "${DNSDIST_DOT_CERT_TYPE}" == "auto-self" ]; then
-    echo "newTLSCertificate('/etc/dnsdist/certs/tls.pem', {key='/etc/dnsdist/certs/tls.key'})"
+    echo "tlsCert = newTLSCertificate('/etc/dnsdist/certs/tls.pem', {key='/etc/dnsdist/certs/tls.key'})"
 fi
 
 echo ""
@@ -30,7 +30,11 @@ echo "addLocal('${DNSDIST_BIND_IP}:5300')"
 echo ""
 if [ "${DNSDIST_ENABLE_DOT}" == "true" ]; then
     echo "-- Add DoT bind"
-    echo "addTLSLocal('${DNSDIST_BIND_IP}:8530','/etc/dnsdist/certs/tls.pem','/etc/dnsdist/certs/tls.key')"
+    if [ "${DNSDIST_DOT_CERT_TYPE}" == "auto-self" ]; then
+        echo "addTLSLocal('${DNSDIST_BIND_IP}:8530',tlsCert)"
+    else
+        echo "addTLSLocal('${DNSDIST_BIND_IP}:8530','/etc/dnsdist/certs/tls.pem','/etc/dnsdist/certs/tls.key')"
+    fi
 else
     echo "-- TLS Endpoints disabled"
 fi

diff --git a/entrypoint.sh b/entrypoint.sh
@@ -9,7 +9,7 @@ if [ "${DNSDIST_ENABLE_DOT}" == "true" ]; then
   fi
 
   if [[ " ${VALID_CERT_TYPE_VALUES[*]} " =~ " ${DNSDIST_DOT_CERT_TYPE} " ]]; then
-    echo "[ERROR] The value of DNSDIST_DOT_CERT_TYPE is valid: $DNSDIST_DOT_CERT_TYPE"
+    echo "[INFO] The value of DNSDIST_DOT_CERT_TYPE is valid: $DNSDIST_DOT_CERT_TYPE"
   else
     echo "[ERROR] Invalid value for DNSDIST_DOT_CERT_TYPE: $DNSDIST_DOT_CERT_TYPE"
     exit 1