From 5d4a391c2d7fe78a3809480021af81898851e357 Mon Sep 17 00:00:00 2001
From: Giles Bradshaw <giles.bradshaw@sigyl.com>
Date: Thu, 6 Aug 2020 15:34:23 +0100
Subject: [PATCH] .

---
 docker-compose.yml | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 618fb8a..131ff82 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -11,8 +11,8 @@ services:
     environment:
       - MITM_PROXY=yes
       - HTTP_PORT=3128
-      - MITM_CERT=/local-mitm.crt
-      - MITM_KEY=/local-mitm.pem
+      - MITM_CERT=/run/secrets/ca-crt
+      - MITM_KEY=/run/secrets/ca-key
       - VISIBLE_HOSTNAME=git.local-domain
       - EXTRA_CONFIG1=tls_outgoing_options capath=/etc/ssl/certs \
         options=NO_SSLv3,NO_TLSv1 \
@@ -22,12 +22,12 @@ services:
         #ALL:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS \
       - EXTRA_CONFIG2=sslproxy_cipher ECDHE+ECDSA+AESGCM:ECDHE+RSA+AESGCM:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM #:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
     #  - CONFIG_DISABLE=yes
-    volumes:
+    #volumes:
       #- ./squid-4/squid.intercept.conf:/etc/squid4/squid.conf
       # - squid-cache:/apps/squid/var/cache/squid
       #- ./squid.intercept.conf:/etc/squid/squid.conf
-      - ./myCA/CA_crt.pem:/local-mitm.crt:ro
-      - ./myCA/CA_key.pem:/local-mitm.pem:ro
+      #- ./myCA/CA_crt.pem:/local-mitm.crt:ro
+      #- ./myCA/CA_key.pem:/local-mitm.pem:ro
     ports:
       - 3128:3128
     networks:
@@ -58,3 +58,9 @@ networks:
   externalnet:
     driver: overlay
     external: true
+
+secrets:
+  'ca-crt':
+    file: .secrets/ca/crt
+  'ca-key':
+    file: .secrets/ca.key