LasLabs · lasley · Jan 3, 2017 · Jan 3, 2017 · tedsalmon · Jan 3, 2017
diff --git a/.travis.yml b/.travis.yml
@@ -9,6 +9,6 @@ install:
   - docker build -t $TRAVIS_BUILD_NUMBER $TRAVIS_BUILD_DIR/
 
 script:
-  - docker run -d -p 8069:8069 --name $TRAVIS_BUILD_NUMBER -t $TRAVIS_BUILD_NUMBER
-  - sleep 10
+  - docker run -d -p 8080:8080 --name cfssl-exec-$TRAVIS_BUILD_NUMBER -t $TRAVIS_BUILD_NUMBER
+  - sleep 5
   - curl --fail http://localhost:8080/
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,56 @@
+FROM golang:alpine
+MAINTAINER Dave Lasley <dave@laslabs.com>
+
+# Install Build Dependencies
+
+ENV buildDeps "build-base \
+               gcc \
+               git \
+               libtool \
+               sqlite-dev"
+
+RUN apk add --no-cache $buildDeps
+
+# Install CFSSL
+
+RUN git clone --depth=1 https://github.com/cloudflare/cfssl.git $GOPATH/src/github.com/cloudflare/cfssl
+
+WORKDIR $GOPATH/src/github.com/cloudflare/cfssl
+
+RUN set -x \
+	&& go get github.com/GeertJohan/go.rice/rice \
+    && rice embed-go -i=./cli/serve \
+	&& cp -R $GOPATH/src/github.com/cloudflare/cfssl/vendor/github.com/cloudflare/cfssl_trust /etc/cfssl \
+	&& go build -o /usr/bin/cfssl ./cmd/cfssl \
+	&& go build -o /usr/bin/cfssljson ./cmd/cfssljson \
+	&& go build -o /usr/bin/mkbundle ./cmd/mkbundle \
+	&& go build -o /usr/bin/multirootca ./cmd/multirootca \
+	&& apk del $buildDeps \
+	&& rm -rf $GOPATH/src \
+	&& echo "Build complete."
+
+# Create and Change to PKI Dir
+RUN mkdir -p /var/pki
+WORKDIR /var/pki
+
+# Setup Environment
+ENV CFSSL_DATA=/var/pki
+
+ENV CFSSL_CERT=$CFSSL_DATA/ca.pem \
+    CFSSL_KEY=$CFSSL_DATA/ca_key.pem \
+    CFSSL_CSR=$CFSSL_DATA/csr_ca.json
+
+COPY ./docker-entrypoint.sh /
+
+# Create root certs & Init CA
+COPY ./etc/csr_ca.json $CFSSL_DATA/
+
+# Entrypoint & Command
+ENTRYPOINT ["/docker-entrypoint.sh"]
+
+CMD ["cfssl", \
+     "serve", \
+     "-address=0.0.0.0", \
+     "-port=8080", \
+     "-ca='/var/pki/ca.pem'", \
+     "-ca-key='/var/pki/ca-key.pem'"]
diff --git a/README.md b/README.md
@@ -39,7 +39,7 @@ pleasure:
 Known Issues / Roadmap
 ======================
 
-* 
+* Lack of HTTPS for API - https://github.com/cloudflare/cfssl/wiki/Add-HTTPS-endpoints-to-CFSSL
 
 Bug Tracker
 ===========

diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
@@ -0,0 +1,22 @@
+#!/bin/ash
+# Copyright 2016 LasLabs Inc.
+# # License MIT (https://opensource.org/licenses/MIT).
+
+set -e
+
+if [ ! -f $CFSSL_DATA/csr_ca.json ];
+then
+
+    cfssl gencert -initca $CFSSL_DATA/csr_ca.json | cfssljson -bare ca
+
+fi
+
+# Add cfssl as command if needed
+if [ "${1:0:1}" = '-' ]; then
+	set -- cfssl "$@"
+fi
+
+# As argument is not related to cfssl,
+# then assume that user wants to run their own process,
+# for example a `bash` shell to explore this image
+exec "$@"
diff --git a/etc/csr_ca.json b/etc/csr_ca.json
@@ -0,0 +1,16 @@
+{
+  "CN": "My Awesome CA",
+  "key": {
+    "algo": "rsa",
+    "size": 4096
+  },
+    "names": [
+       {
+         "C": "US",
+         "L": "Las Vegas",
+         "O": "LasLabs Inc.",
+         "OU": "CA Services",
+         "ST": "Nevada"
+       }
+    ]
+}