Freeradius certs & Docker

[KLelong]

Hi,
Any suggestions how I can incorporate certs for freeradius in the docker-stack ?
Docker-noob asking, but willing to learn ;-)

Thanks.

[bboy8012]

I would look at a git repo called 2stacks/docker-freeradius that should get you the start you need and then just map you certs in the volume mounted. Something that I didn't know until googling is you can't just map the /etc/raddb, you have to do individual files and folders.

[KLelong]

Thanks, but I created my own version.
I started with the version of this site and modified Dockerfile-freeradius . Near the end I added this :

RUN sed -i 's/private_key_password = whatever/private_key_password = <your_private_key_password>/'  /etc/freeradius/mods-available/eap
RUN sed -i 's/certdir = ${confdir}\/certs/certdir = ${confdir}\/certs\/2024/' /etc/freeradius/radiusd.conf
RUN mkdir /etc/freeradius/certs/2024
ADD ./2024/* /etc/freeradius/certs/2024
ADD make-certs /etc/freeradius
RUN chmod +x /etc/freeradius/make-certs
RUN /etc/freeradius/make-certs

Since I like to store my certs in a directory of my own I created the 2024 directory.
And the local 2024 directory contains my .cnf files. It contains also the make-file, although I don't know if that is needed. I could have copied it from the certs directory in the container's certs-dir though.
This is "make-certs" :

#!/bin/bash
CERTDIR="2024"
cd /etc/freeradius/certs
cp inner-server.cnf certs/$CERTDIR
cp xpextensions certs/$CERTDIR
cp bootstrap certs/$CERTDIR
cd $CERTDIR
./bootstrap

After the containers are started I need to extract the ca.pem/ca.der files from the container and distribute them to my users.

I would like to have my modifications separate, but I don't know how to do that yet.