removed files needed only for development from master and adapt docker-compose.yml for production
This commit is contained in:
		
							parent
							
								
									64d69a0ed9
								
							
						
					
					
						commit
						61d51e1d10
					
				|  | @ -6,22 +6,7 @@ services: | |||
|     working_dir: /home/node/app | ||||
|     volumes: | ||||
|       - ./:/home/node/app | ||||
|     command: ash -c "npm i && npm start" | ||||
|     command: ash -c "npm i && npm run start:prod" | ||||
|     restart: unless-stopped | ||||
|   nginx: | ||||
|     build: | ||||
|       context: ./docker/ | ||||
|       dockerfile: nginx-with-openssl.Dockerfile | ||||
|     image: "nginx-with-openssl" | ||||
|     volumes: | ||||
|       - ./public:/usr/share/nginx/html | ||||
|       - ./docker/certs:/etc/ssl/certs | ||||
|       - ./docker/openssl:/mnt/openssl | ||||
|       - ./docker/nginx/default.conf:/etc/nginx/conf.d/default.conf | ||||
|     ports: | ||||
|       - "8080:80" | ||||
|       - "8443:443" | ||||
|     env_file: ./docker/fqdn.env | ||||
|     entrypoint: /mnt/openssl/create.sh | ||||
|     command: ["nginx", "-g", "daemon off;"] | ||||
|     restart: unless-stopped | ||||
|       - "3000:3000" | ||||
|  |  | |||
|  | @ -1 +0,0 @@ | |||
| FQDN=localhost | ||||
|  | @ -1,3 +0,0 @@ | |||
| FROM nginx:alpine | ||||
| 
 | ||||
| RUN apk add --no-cache openssl | ||||
|  | @ -1,41 +0,0 @@ | |||
| server { | ||||
|     listen       80; | ||||
| 
 | ||||
|     expires epoch; | ||||
| 
 | ||||
|     location / { | ||||
|         proxy_connect_timeout 300; | ||||
|         proxy_pass http://node:3000; | ||||
|         proxy_set_header Connection "upgrade"; | ||||
|         proxy_set_header Upgrade $http_upgrade; | ||||
|     } | ||||
| 
 | ||||
|     location /ca.crt { | ||||
|         alias /etc/ssl/certs/snapdropCA.crt; | ||||
|     } | ||||
| 
 | ||||
|     # To allow POST on static pages | ||||
|     error_page  405     =200 $uri; | ||||
| } | ||||
| 
 | ||||
| server { | ||||
|     listen       443 ssl http2; | ||||
|     ssl_certificate /etc/ssl/certs/snapdrop-dev.crt; | ||||
|     ssl_certificate_key /etc/ssl/certs/snapdrop-dev.key; | ||||
| 
 | ||||
|     expires epoch; | ||||
| 
 | ||||
|     location / { | ||||
|         proxy_connect_timeout 300; | ||||
|         proxy_pass http://node:3000; | ||||
|         proxy_set_header Connection "upgrade"; | ||||
|         proxy_set_header Upgrade $http_upgrade; | ||||
|     } | ||||
| 
 | ||||
|     location /ca.crt { | ||||
|         alias /etc/ssl/certs/snapdropCA.crt; | ||||
|     } | ||||
|     # To allow POST on static pages | ||||
|     error_page  405     =200 $uri; | ||||
| } | ||||
| 
 | ||||
|  | @ -1,9 +0,0 @@ | |||
| #!/bin/sh | ||||
| 
 | ||||
| cnf_dir='/mnt/openssl/' | ||||
| certs_dir='/etc/ssl/certs/' | ||||
| openssl req -config ${cnf_dir}snapdropCA.cnf -new -x509 -days 1 -keyout ${certs_dir}snapdropCA.key -out ${certs_dir}snapdropCA.crt | ||||
| openssl req -config ${cnf_dir}snapdropCert.cnf -new -out /tmp/snapdrop-dev.csr -keyout ${certs_dir}snapdrop-dev.key | ||||
| openssl x509 -req -in /tmp/snapdrop-dev.csr -CA ${certs_dir}snapdropCA.crt -CAkey ${certs_dir}snapdropCA.key -CAcreateserial -extensions req_ext -extfile ${cnf_dir}snapdropCert.cnf -sha512 -days 1 -out ${certs_dir}snapdrop-dev.crt | ||||
| 
 | ||||
| exec "$@" | ||||
|  | @ -1,26 +0,0 @@ | |||
| [ req ] | ||||
| default_bits       = 2048 | ||||
| default_md         = sha256 | ||||
| default_days       = 1 | ||||
| encrypt_key        = no | ||||
| distinguished_name = subject | ||||
| x509_extensions    = x509_ext | ||||
| string_mask        = utf8only | ||||
| prompt             = no | ||||
| 
 | ||||
| [ subject ] | ||||
| organizationName = Snapdrop | ||||
| OU               = CA | ||||
| commonName       = snapdrop-CA | ||||
| 
 | ||||
| [ x509_ext ] | ||||
| subjectKeyIdentifier      = hash | ||||
| authorityKeyIdentifier    = keyid:always,issuer | ||||
| 
 | ||||
| # You only need digitalSignature below. *If* you don't allow | ||||
| #   RSA Key transport (i.e., you use ephemeral cipher suites), then | ||||
| #   omit keyEncipherment because that's key transport. | ||||
| 
 | ||||
| basicConstraints = critical, CA:TRUE, pathlen:0 | ||||
| keyUsage         = critical, digitalSignature, keyEncipherment, cRLSign, keyCertSign | ||||
| 
 | ||||
|  | @ -1,29 +0,0 @@ | |||
| [ req ] | ||||
| default_bits        = 2048 | ||||
| default_md          = sha256 | ||||
| default_days        = 1 | ||||
| encrypt_key         = no | ||||
| distinguished_name  = subject | ||||
| req_extensions      = req_ext | ||||
| string_mask         = utf8only | ||||
| prompt              = no | ||||
| 
 | ||||
| [ subject ] | ||||
| organizationName    = PairDrop | ||||
| OU                  = Development | ||||
| 
 | ||||
| # Use a friendly name here because it's presented to the user. The server's DNS | ||||
| #   names are placed in Subject Alternate Names. Plus, DNS names here is deprecated | ||||
| #   by both IETF and CA/Browser Forums. If you place a DNS name here, then you | ||||
| #   must include the DNS name in the SAN too (otherwise, Chrome and others that | ||||
| #   strictly follow the CA/Browser Baseline Requirements will fail). | ||||
| 
 | ||||
| commonName           = ${ENV::FQDN} | ||||
| 
 | ||||
| [ req_ext ] | ||||
| subjectKeyIdentifier = hash | ||||
| basicConstraints     = CA:FALSE | ||||
| keyUsage             = digitalSignature, keyEncipherment | ||||
| subjectAltName       = DNS:${ENV::FQDN} | ||||
| nsComment            = "OpenSSL Generated Certificate" | ||||
| extendedKeyUsage     = serverAuth | ||||
		Loading…
	
		Reference in New Issue
	
	 schlagmichdoch
						schlagmichdoch