add generate new tls host cert

build/Dockerfile

@@ -2,12 +2,13 @@ FROM golang:trixie AS build
 
 ARG VERSION
 
-RUN apt-get update && apt-get install -y \
+RUN apt-get update && apt-get install -y --no-install-recommends \
     build-essential \
     libsecret-1-dev \
     libfido2-dev \
     libcbor-dev \
-    pass
+    pass \
+    && rm -rf /var/lib/apt/lists/*
 
 # Build
 ADD https://github.com/ProtonMail/proton-bridge.git#${VERSION} /build/proton-bridge/
@@ -15,13 +16,13 @@ WORKDIR /build/proton-bridge/
 RUN sed -i 's/127.0.0.1/0.0.0.0/g' internal/constants/constants.go
 RUN make build-nogui vault-editor
 
-FROM debian:trixie
+FROM debian:trixie-slim
 
 EXPOSE 1025/tcp
 EXPOSE 1143/tcp
 
 # Install dependencies and protonmail bridge
-RUN apt-get update && apt-get install -y \
+RUN apt-get update && apt-get install -y --no-install-recommends \
     gnupg \
     pass \
     libsecret-1-0 \
@@ -31,6 +32,7 @@ RUN apt-get update && apt-get install -y \
 
 # Copy bash scripts
 COPY gpgparams entrypoint.sh /protonmail/
+COPY generate_new_certs.sh /root/generate_new_certs.sh
 WORKDIR /protonmail/
 
 # Copy protonmail

scripts/generate_new_certs.sh

@@ -0,0 +1,22 @@
+#!/bin/sh
+if [ -z "$1" ]; then
+  echo "Please add the hostname of the Docker Container Name where the Container Should Create a Cert for"
+  echo "like: $0 protonmail-bridge"
+  exit 1
+fi
+
+# 1. choose the hostname(s) you will actually type into your mail client
+HOSTS="$1,localhost,127.0.0.1"
+
+# 2. build the openssl SAN string automatically
+SAN=$(echo "$HOSTS" | tr ',' '\n' \
+  | sed -e 's/^[0-9.]*$/IP:&/' -e 's/^[^0-9.]*$/DNS:&/' \
+  | paste -sd,)
+
+# 3. generate key + cert in one shot
+openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 3650 \
+  -out cert.pem -subj '/CN=protonmail-bridge' \
+  -addext "subjectAltName=$SAN"
+
+# 4. quick sanity-check
+openssl x509 -in cert.pem -text -noout | grep -A1 "Subject Alternative"