Misc fixups for production setup

2020-06-11 14:41:42 -06:00 · 2020-06-11 14:41:42 -06:00 · 66fea5be40
parent 4ea197cabe
commit 66fea5be40
6 changed files with 36 additions and 25 deletions
--- a/Dockerfile.dev
+++ b/Dockerfile.dev
@ -32,6 +32,7 @@ RUN /tmp/docker-install-phase6.bash "$UID"
 USER docker
 WORKDIR /home/docker
 EXPOSE 6119
+EXPOSE 6120

 ENTRYPOINT ["/usr/local/bin/pid1.bash"]
 COPY scripts/pid1.bash /usr/local/bin/
--- a/Dockerfile.prod
+++ b/Dockerfile.prod
@ -34,12 +34,13 @@ RUN /tmp/docker-install-phase6.bash
 USER docker
 WORKDIR /home/docker
 EXPOSE 6119
+EXPOSE 6120

 ENTRYPOINT ["/usr/local/bin/pid1.bash"]
 COPY scripts/pid1.bash /usr/local/bin/

 RUN sudo deluser docker sudo
-ADD --chown=docker:docker . /home/docker/src
+COPY --chown=docker:docker . /home/docker/src
 WORKDIR /home/docker/src
 RUN yarn install
 RUN yarn run backend
--- a/2
+++ b/2
@ -18,7 +18,7 @@ image-prod: ## Build Docker image for production

 .PHONY: docker
 docker: image-dev ## Run shell with source code and deps inside Docker
-	scripts/docker.bash run -it --rm -v "$(PWD):/home/docker/src" -p 6119:6119 riju bash
+	scripts/docker.bash run -it --rm -v "$(PWD):/home/docker/src" -p 6119:6119 -p 6120:6120 riju bash

 .PHONY: deploy
 deploy: image-prod ## Deploy to Heroku
--- a/backend/src/server.ts
+++ b/backend/src/server.ts
@ -1,6 +1,6 @@
 "use strict";

-import * as fs from "fs";
+import * as http from "http";
 import * as https from "https";

 import * as appRoot from "app-root-path";
@ -13,6 +13,7 @@ import { langs } from "./langs";

 const host = process.env.HOST || "localhost";
 const port = parseInt(process.env.PORT) || 6119;
+const tlsPort = parseInt(process.env.TLS_PORT) || 6120;
 const useTLS = process.env.TLS ? true : false;

 const app = ws(express()).app;
@ -26,13 +27,6 @@ function getQueryParams(req: Request): URLSearchParams {
  return (req.query as unknown) as URLSearchParams;
 }

-app.use((req, res, next) => {
-  if (useTLS && req.headers["x-forwarded-proto"] !== "https") {
-    res.redirect(301, "https://" + req.hostname + req.originalUrl);
-  } else {
-    next();
-  }
-});
 app.get("/", (_, res) => {
  res.render(appRoot.path + "/frontend/pages/index", { langs });
 });
@ -67,8 +61,9 @@ app.ws("/api/v1/ws", (ws, req) => {
  }
 });

-const secureApp = useTLS
-  ? https.createServer(
+if (useTLS) {
+  https
+    .createServer(
      {
        key: Buffer.from(process.env.TLS_PRIVATE_KEY, "base64").toString(
          "ascii"
@ -79,8 +74,21 @@ const secureApp = useTLS
      },
      app
    )
-  : app;
-
-secureApp.listen(port, host, () =>
-  console.log(`Listening on http://${host}:${port}`)
-);
+    .listen(tlsPort, host, () =>
+      console.log(`Listening on https://${host}:${tlsPort}`)
+    );
+  http
+    .createServer((req, res) => {
+      res.writeHead(301, {
+        Location: "https://" + req.headers["host"] + req.url,
+      });
+      res.end();
+    })
+    .listen(port, host, () =>
+      console.log(`Listening on http://${host}:${port}`)
+    );
+} else {
+  app.listen(port, host, () =>
+    console.log(`Listening on http://${host}:${port}`)
+  );
+}
--- a/scripts/install.py
+++ b/scripts/install.py
@ -10,11 +10,11 @@ import sys
 import tempfile
 import time

-for pid in (
-    subprocess.run(["pgrep", "-x", "riju-install"], check=True, stdout=subprocess.PIPE)
-    .stdout.decode()
-    .splitlines()
-):
+result = subprocess.run(
+    ["pgrep", "-x", "riju-install"], check=True, stdout=subprocess.PIPE
+)
+assert result.returncode in {0, 1}
+for pid in result.stdout.decode().splitlines():
    print(f"Found existing process {pid}, trying to kill ...", file=sys.stderr)
    pid = int(pid)
    os.kill(pid, signal.SIGTERM)
--- a/scripts/riju-serve.bash
+++ b/scripts/riju-serve.bash
@ -4,11 +4,12 @@ set -e
 set -o pipefail

 TLS=1
-TLS_PRIVATE_KEY="$(base64 -d /etc/letsencrypt/live/riju.codes/privkey.pem)"
-TLS_CERTIFICATE="$(base64 -d /etc/letsencrypt/live/riju.codes/fullchain.pem)"
+TLS_PRIVATE_KEY="$(base64 /etc/letsencrypt/live/riju.codes/privkey.pem)"
+TLS_CERTIFICATE="$(base64 /etc/letsencrypt/live/riju.codes/fullchain.pem)"

 # Do this separately so that errors in command substitution will crash
 # the script.
 export TLS TLS_PRIVATE_KEY TLS_CERTIFICATE

-docker run --rm -p 0.0.0.0:80:6119 riju:prod
+docker run -e TLS -e TLS_PRIVATE_KEY -e TLS_CERTIFICATE \
+       --rm -p 0.0.0.0:80:6119 -p 0.0.0.0:443:6120 riju:prod