removed files needed only for development from master and adapt docker-compose.yml for production
This commit is contained in:
schlagmichdoch
parent
64d69a0ed9
commit
61d51e1d10
|
|
@ -6,22 +6,7 @@ services:
|
||||||
working_dir: /home/node/app
|
working_dir: /home/node/app
|
||||||
volumes:
|
volumes:
|
||||||
- ./:/home/node/app
|
- ./:/home/node/app
|
||||||
command: ash -c "npm i && npm start"
|
command: ash -c "npm i && npm run start:prod"
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
nginx:
|
|
||||||
build:
|
|
||||||
context: ./docker/
|
|
||||||
dockerfile: nginx-with-openssl.Dockerfile
|
|
||||||
image: "nginx-with-openssl"
|
|
||||||
volumes:
|
|
||||||
- ./public:/usr/share/nginx/html
|
|
||||||
- ./docker/certs:/etc/ssl/certs
|
|
||||||
- ./docker/openssl:/mnt/openssl
|
|
||||||
- ./docker/nginx/default.conf:/etc/nginx/conf.d/default.conf
|
|
||||||
ports:
|
ports:
|
||||||
- "8080:80"
|
- "3000:3000"
|
||||||
- "8443:443"
|
|
||||||
env_file: ./docker/fqdn.env
|
|
||||||
entrypoint: /mnt/openssl/create.sh
|
|
||||||
command: ["nginx", "-g", "daemon off;"]
|
|
||||||
restart: unless-stopped
|
|
||||||
|
|
|
||||||
|
|
@ -1 +0,0 @@
|
||||||
FQDN=localhost
|
|
||||||
|
|
@ -1,3 +0,0 @@
|
||||||
FROM nginx:alpine
|
|
||||||
|
|
||||||
RUN apk add --no-cache openssl
|
|
||||||
|
|
@ -1,41 +0,0 @@
|
||||||
server {
|
|
||||||
listen 80;
|
|
||||||
|
|
||||||
expires epoch;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_connect_timeout 300;
|
|
||||||
proxy_pass http://node:3000;
|
|
||||||
proxy_set_header Connection "upgrade";
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /ca.crt {
|
|
||||||
alias /etc/ssl/certs/snapdropCA.crt;
|
|
||||||
}
|
|
||||||
|
|
||||||
# To allow POST on static pages
|
|
||||||
error_page 405 =200 $uri;
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 443 ssl http2;
|
|
||||||
ssl_certificate /etc/ssl/certs/snapdrop-dev.crt;
|
|
||||||
ssl_certificate_key /etc/ssl/certs/snapdrop-dev.key;
|
|
||||||
|
|
||||||
expires epoch;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_connect_timeout 300;
|
|
||||||
proxy_pass http://node:3000;
|
|
||||||
proxy_set_header Connection "upgrade";
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /ca.crt {
|
|
||||||
alias /etc/ssl/certs/snapdropCA.crt;
|
|
||||||
}
|
|
||||||
# To allow POST on static pages
|
|
||||||
error_page 405 =200 $uri;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
@ -1,9 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
cnf_dir='/mnt/openssl/'
|
|
||||||
certs_dir='/etc/ssl/certs/'
|
|
||||||
openssl req -config ${cnf_dir}snapdropCA.cnf -new -x509 -days 1 -keyout ${certs_dir}snapdropCA.key -out ${certs_dir}snapdropCA.crt
|
|
||||||
openssl req -config ${cnf_dir}snapdropCert.cnf -new -out /tmp/snapdrop-dev.csr -keyout ${certs_dir}snapdrop-dev.key
|
|
||||||
openssl x509 -req -in /tmp/snapdrop-dev.csr -CA ${certs_dir}snapdropCA.crt -CAkey ${certs_dir}snapdropCA.key -CAcreateserial -extensions req_ext -extfile ${cnf_dir}snapdropCert.cnf -sha512 -days 1 -out ${certs_dir}snapdrop-dev.crt
|
|
||||||
|
|
||||||
exec "$@"
|
|
||||||
|
|
@ -1,26 +0,0 @@
|
||||||
[ req ]
|
|
||||||
default_bits = 2048
|
|
||||||
default_md = sha256
|
|
||||||
default_days = 1
|
|
||||||
encrypt_key = no
|
|
||||||
distinguished_name = subject
|
|
||||||
x509_extensions = x509_ext
|
|
||||||
string_mask = utf8only
|
|
||||||
prompt = no
|
|
||||||
|
|
||||||
[ subject ]
|
|
||||||
organizationName = Snapdrop
|
|
||||||
OU = CA
|
|
||||||
commonName = snapdrop-CA
|
|
||||||
|
|
||||||
[ x509_ext ]
|
|
||||||
subjectKeyIdentifier = hash
|
|
||||||
authorityKeyIdentifier = keyid:always,issuer
|
|
||||||
|
|
||||||
# You only need digitalSignature below. *If* you don't allow
|
|
||||||
# RSA Key transport (i.e., you use ephemeral cipher suites), then
|
|
||||||
# omit keyEncipherment because that's key transport.
|
|
||||||
|
|
||||||
basicConstraints = critical, CA:TRUE, pathlen:0
|
|
||||||
keyUsage = critical, digitalSignature, keyEncipherment, cRLSign, keyCertSign
|
|
||||||
|
|
||||||
|
|
@ -1,29 +0,0 @@
|
||||||
[ req ]
|
|
||||||
default_bits = 2048
|
|
||||||
default_md = sha256
|
|
||||||
default_days = 1
|
|
||||||
encrypt_key = no
|
|
||||||
distinguished_name = subject
|
|
||||||
req_extensions = req_ext
|
|
||||||
string_mask = utf8only
|
|
||||||
prompt = no
|
|
||||||
|
|
||||||
[ subject ]
|
|
||||||
organizationName = PairDrop
|
|
||||||
OU = Development
|
|
||||||
|
|
||||||
# Use a friendly name here because it's presented to the user. The server's DNS
|
|
||||||
# names are placed in Subject Alternate Names. Plus, DNS names here is deprecated
|
|
||||||
# by both IETF and CA/Browser Forums. If you place a DNS name here, then you
|
|
||||||
# must include the DNS name in the SAN too (otherwise, Chrome and others that
|
|
||||||
# strictly follow the CA/Browser Baseline Requirements will fail).
|
|
||||||
|
|
||||||
commonName = ${ENV::FQDN}
|
|
||||||
|
|
||||||
[ req_ext ]
|
|
||||||
subjectKeyIdentifier = hash
|
|
||||||
basicConstraints = CA:FALSE
|
|
||||||
keyUsage = digitalSignature, keyEncipherment
|
|
||||||
subjectAltName = DNS:${ENV::FQDN}
|
|
||||||
nsComment = "OpenSSL Generated Certificate"
|
|
||||||
extendedKeyUsage = serverAuth
|
|
||||||
Loading…
Reference in New Issue