Rest-server docker ... configuration issue

Community
1

hello,
i want to install roon-server using official docker image… Docker but i dont wanna use tradition user/pass but certificates…

So i am wondering how to pass these flags to the docker
–tls turn on TLS support
–tls-cert string TLS certificate path
–tls-key string TLS key path

Also wiki documented steps - where priv_key was generated, in that case whats tls-cert?
openssl req -newkey rsa:2048 -nodes -x509 -keyout private_key -out public_key -days 365 -addext “subjectAltName = IP:127.0.0.1,DNS:yourdomain.com”

Last one … is regarding the docker params
what exactly is /my/data - is it hardcoded for docker somehow …
docker run -p 8000:8000 -v /my/data:/data --name rest_server restic/rest-server

bc doc says it will store data to /data … so no clue whats /my/data/

edit2:
seems it can be set via nginx proxy … so in that case all i do is use user/pass and tls will be handled by nging ,… right?

Still when i want to script commands … i will have to put user/pass into the restic backup cmd… isnt that a sec flaw?

Thanks!

2

There is no TLS Client Authentication support in any official version of the rest-server. --tls* flags are only to enable HTTPS and use TLS to encrypt normal HTTP requests. The status of TLS Client Authentication is tracked here: TLS Client Authentication

3

what exactly is /my/data - is it hardcoded for docker somehow …

In the context of the below command, it is the path on the local filesystem where you want to store your data.

docker run -p 8000:8000 -v /my/data:/data --name rest_server restic/rest-server

“/my/data” is a directory outside the container (on the host).
“/data” is the path inside the container that the directory from the host will be mounted at.

The “/data” is the part of the command you don’t want to alter, but you do want to alter “/my/data” to point to wherever you actually want to store the data (which in this case, is the restic repository) on the host.

The docker documentation has a bunch more info about the --v syntax if you want more info: Bind mounts | Docker Docs