Renamed CHEF_PORT to SSL_PORT

SSL_PORT will default to 443 when missing
Renamed validation_client_name
Updated README

Author: c-buisson

README.md

@@ -6,34 +6,37 @@ Image Size: 1.124 GB
 This is a fork of: [base/chef-server](https://registry.hub.docker.com/u/base/chef-server/).
 
 ## Environment
-Chef is running over HTTPS/443 by default. You can however change that to another port by updating the `CHEF_PORT` variable and the expose port `-p`.
+##### Protocol / Port
+Chef is running over HTTPS/443 by default.  
+You can however change that to another port by adding `-e SSL_PORT=new_port` to the `docker run` command below and update the expose port `-p` accordingly.
 
-## Start the container
-*Launch the container:*
+##### SSL certificate
+When Chef Server gets configured it creates an SSL certificate based on the container's FQDN (i.e "103d6875c1c5" which is the "CONTAINER ID"). This default behiavior has been changed to always produce an SSL certificate file named "chef-server.crt".  
+You can change the certificate name by adding  `-e CONTAINER_NAME=new_name` to the `docker run` command. Remember to reflect that change in config.rb!
 
-```
-$ docker run --privileged -e CHEF_PORT=443 --name chef-server -d -p 443:443 cbuisson/chef-server
-```
+##### DNS
+The container needs to be **DNS resolvable!**  
+Be sure **'chef-server'** or **$CONTAINER_NAME** is pointing to the container's IP!  
+This needs to be done to match the SSL certificate name with the `chef_server_url ` from knife's `config.rb` file.
 
-*Launch the container with logs volumes:*
+## Start the container
+Docker command:
 
+```bash
+$ docker run --privileged --name chef-server -d -p 443:443 cbuisson/chef-server
 ```
-$ docker run --privileged -e CHEF_PORT=443 --name chef-server -d -v ~/chef-logs:/var/log -v ~/install-chef-out:/root -p 443:443 cbuisson/chef-server
-```
-
-**Note:** By default `chef-server-ctl reconfigure` will create SSL certificates based on the container's FQDN (i.e "103d6875c1c5" which is its "CONTAINER ID"), I have changed that behiavior to always have a SSL certificate file named "chef-server.crt". You can change the certificate name by adding  `-e CONTAINER_NAME=new_name` to the `docker run` command. Remember to reflect that change in config.rb!
 
-'chef-server' or $CONTAINER_NAME **need to be DNS resolvable!**
+2 volumes directories are available: `/root` and `/var/log`. Feel free to optionally to use them while running the `docker run` command above by adding: `-v ~/chef-logs:/var/log -v ~/install-chef-out:/root`
 
 ## Setup knife
 
 Once Chef Server 12 is configured, you can download the Knife admin keys here:
 
-```
-curl -Ok https://chef-server:$CHEF_PORT/knife_admin_key.tar.gz
+```bash
+curl -Ok https://chef-server:$SSL_PORT/knife_admin_key.tar.gz
 ```
 
-Then un-tar that archive and point your config.rb to the `admin.pem` and `admin-validator.pem` files.
+Then un-tar that archive and point your config.rb to the `admin.pem` and `my_org-validator.pem` files.
 
 *config.rb* example:
 
@@ -43,9 +46,9 @@ log_location             STDOUT
 cache_type               'BasicFile'
 node_name                'admin'
 client_key               '/home/cbuisson/.chef/admin.pem'
-validation_client_name   'admin-validator'
-validation_key           '/home/cbuisson/.chef/admin-validator.pem'
-chef_server_url          'https://chef-server:$CHEF_PORT/organizations/my_org'
+validation_client_name   'my_org-validator'
+validation_key           '/home/cbuisson/.chef/my_org-validator.pem'
+chef_server_url          'https://chef-server:$SSL_PORT/organizations/my_org'
 ```
 
 When the config.rb file is ready, you will need to get the SSL certificate file from the container to access Chef Server:
@@ -74,4 +77,4 @@ However the webui is not required since you can interact with Chef-Server via th
 
 ##### Tags
 v1.0: Chef Server 11  
-v2.X: Chef Server 12
+v2.x: Chef Server 12

configure_chef.sh

@@ -1,13 +1,18 @@
-#/bin/bash -x
+#!/bin/bash -x
 
-cat > /etc/opscode/chef-server.rb << EOL
-nginx['enable_non_ssl']=false
-nginx['ssl_port']=$CHEF_PORT
-EOL
-if [[ ! -z $CONTAINER_NAME ]]; then
-  echo "nginx['server_name']=\"$CONTAINER_NAME\"" >> /etc/opscode/chef-server.rb
+# Create chef-server.rb with variables
+echo "nginx['enable_non_ssl']=false" > /etc/opscode/chef-server.rb
+
+if [[ -z $SSL_PORT ]]; then
+  echo "nginx['ssl_port']=443" >> /etc/opscode/chef-server.rb
 else
+  echo "nginx['ssl_port']=$SSL_PORT" >> /etc/opscode/chef-server.rb
+fi
+
+if [[ -z $CONTAINER_NAME ]]; then
   echo "nginx['server_name']=\"chef-server\"" >> /etc/opscode/chef-server.rb
+else
+  echo "nginx['server_name']=\"$CONTAINER_NAME\"" >> /etc/opscode/chef-server.rb
 fi
 
 chef-server-ctl reconfigure |tee /root/out.txt
@@ -17,7 +22,7 @@ CODE=1
 SECONDS=0
 TIMEOUT=60
 
-return=`curl -sf ${URL}`
+return=$(curl -sf ${URL})
 echo "${URL} returns: ${return}" |tee -a /root/out.txt
 
 if [[ -z "$return" ]]; then
@@ -47,7 +52,7 @@ if [[ -z "$return" ]]; then
   echo -e "\n\n$URL is available!\n" |tee -a /root/out.txt
   echo -e "\nSetting up admin user and default organization" |tee -a /root/out.txt
   chef-server-ctl user-create admin Admin User [email protected] "passwd"  --filename /etc/chef/admin.pem |tee -a /root/out.txt
-  chef-server-ctl org-create my_org "Default organization" --association_user admin --filename /etc/chef/admin-validator.pem |tee -a /root/out.txt
+  chef-server-ctl org-create my_org "Default organization" --association_user admin --filename /etc/chef/my_org-validator.pem |tee -a /root/out.txt
   echo -e "\nRunning: chef-server-ctl install chef-manage" |tee -a /root/out.txt
   chef-server-ctl install chef-manage |tee -a /root/out.txt
   echo -e "\nRunning: chef-server-ctl reconfigure" |tee -a /root/out.txt
@@ -56,7 +61,7 @@ if [[ -z "$return" ]]; then
   sed -i "s,/503.json;,/503.json;\n    error_page 497 =503 /500.json;,g" /var/opt/opscode/nginx/etc/chef_https_lb.conf
   sed -i '$i\    location /knife_admin_key.tar.gz {\n      default_type application/zip;\n      alias /etc/chef/knife_admin_key.tar.gz;\n    }' /var/opt/opscode/nginx/etc/chef_https_lb.conf
   echo -e "\nCreating tar file with the Knife keys" |tee -a /root/out.txt
-  cd /etc/chef/ && tar -cvzf knife_admin_key.tar.gz admin.pem admin-validator.pem
+  cd /etc/chef/ && tar -cvzf knife_admin_key.tar.gz admin.pem my_org-validator.pem
   echo -e "\nRestart Nginx..." |tee -a /root/out.txt
   chef-server-ctl restart nginx
   chef-server-ctl status |tee -a /root/out.txt