From 66fea5be40533d337da52a72d65621cd10fa25c2 Mon Sep 17 00:00:00 2001
From: Radon Rosborough <radon.neon@gmail.com>
Date: Thu, 11 Jun 2020 14:41:42 -0600
Subject: [PATCH] Misc fixups for production setup

---
 Dockerfile.dev          |  1 +
 Dockerfile.prod         |  3 ++-
 Makefile                |  2 +-
 backend/src/server.ts   | 38 +++++++++++++++++++++++---------------
 scripts/install.py      | 10 +++++-----
 scripts/riju-serve.bash |  7 ++++---
 6 files changed, 36 insertions(+), 25 deletions(-)

diff --git a/Dockerfile.dev b/Dockerfile.dev
index aa2536a..db554bb 100644
--- a/Dockerfile.dev
+++ b/Dockerfile.dev
@@ -32,6 +32,7 @@ RUN /tmp/docker-install-phase6.bash "$UID"
 USER docker
 WORKDIR /home/docker
 EXPOSE 6119
+EXPOSE 6120
 
 ENTRYPOINT ["/usr/local/bin/pid1.bash"]
 COPY scripts/pid1.bash /usr/local/bin/
diff --git a/Dockerfile.prod b/Dockerfile.prod
index 4f260f1..ce45293 100644
--- a/Dockerfile.prod
+++ b/Dockerfile.prod
@@ -34,12 +34,13 @@ RUN /tmp/docker-install-phase6.bash
 USER docker
 WORKDIR /home/docker
 EXPOSE 6119
+EXPOSE 6120
 
 ENTRYPOINT ["/usr/local/bin/pid1.bash"]
 COPY scripts/pid1.bash /usr/local/bin/
 
 RUN sudo deluser docker sudo
-ADD --chown=docker:docker . /home/docker/src
+COPY --chown=docker:docker . /home/docker/src
 WORKDIR /home/docker/src
 RUN yarn install
 RUN yarn run backend
diff --git a/Makefile b/Makefile
index b820880..261f45b 100644
--- a/Makefile
+++ b/Makefile
@@ -18,7 +18,7 @@ image-prod: ## Build Docker image for production
 
 .PHONY: docker
 docker: image-dev ## Run shell with source code and deps inside Docker
-	scripts/docker.bash run -it --rm -v "$(PWD):/home/docker/src" -p 6119:6119 riju bash
+	scripts/docker.bash run -it --rm -v "$(PWD):/home/docker/src" -p 6119:6119 -p 6120:6120 riju bash
 
 .PHONY: deploy
 deploy: image-prod ## Deploy to Heroku
diff --git a/backend/src/server.ts b/backend/src/server.ts
index 0cb1a08..b71a093 100644
--- a/backend/src/server.ts
+++ b/backend/src/server.ts
@@ -1,6 +1,6 @@
 "use strict";
 
-import * as fs from "fs";
+import * as http from "http";
 import * as https from "https";
 
 import * as appRoot from "app-root-path";
@@ -13,6 +13,7 @@ import { langs } from "./langs";
 
 const host = process.env.HOST || "localhost";
 const port = parseInt(process.env.PORT) || 6119;
+const tlsPort = parseInt(process.env.TLS_PORT) || 6120;
 const useTLS = process.env.TLS ? true : false;
 
 const app = ws(express()).app;
@@ -26,13 +27,6 @@ function getQueryParams(req: Request): URLSearchParams {
   return (req.query as unknown) as URLSearchParams;
 }
 
-app.use((req, res, next) => {
-  if (useTLS && req.headers["x-forwarded-proto"] !== "https") {
-    res.redirect(301, "https://" + req.hostname + req.originalUrl);
-  } else {
-    next();
-  }
-});
 app.get("/", (_, res) => {
   res.render(appRoot.path + "/frontend/pages/index", { langs });
 });
@@ -67,8 +61,9 @@ app.ws("/api/v1/ws", (ws, req) => {
   }
 });
 
-const secureApp = useTLS
-  ? https.createServer(
+if (useTLS) {
+  https
+    .createServer(
       {
         key: Buffer.from(process.env.TLS_PRIVATE_KEY, "base64").toString(
           "ascii"
@@ -79,8 +74,21 @@ const secureApp = useTLS
       },
       app
     )
-  : app;
-
-secureApp.listen(port, host, () =>
-  console.log(`Listening on http://${host}:${port}`)
-);
+    .listen(tlsPort, host, () =>
+      console.log(`Listening on https://${host}:${tlsPort}`)
+    );
+  http
+    .createServer((req, res) => {
+      res.writeHead(301, {
+        Location: "https://" + req.headers["host"] + req.url,
+      });
+      res.end();
+    })
+    .listen(port, host, () =>
+      console.log(`Listening on http://${host}:${port}`)
+    );
+} else {
+  app.listen(port, host, () =>
+    console.log(`Listening on http://${host}:${port}`)
+  );
+}
diff --git a/scripts/install.py b/scripts/install.py
index e776d5d..a517979 100755
--- a/scripts/install.py
+++ b/scripts/install.py
@@ -10,11 +10,11 @@ import sys
 import tempfile
 import time
 
-for pid in (
-    subprocess.run(["pgrep", "-x", "riju-install"], check=True, stdout=subprocess.PIPE)
-    .stdout.decode()
-    .splitlines()
-):
+result = subprocess.run(
+    ["pgrep", "-x", "riju-install"], check=True, stdout=subprocess.PIPE
+)
+assert result.returncode in {0, 1}
+for pid in result.stdout.decode().splitlines():
     print(f"Found existing process {pid}, trying to kill ...", file=sys.stderr)
     pid = int(pid)
     os.kill(pid, signal.SIGTERM)
diff --git a/scripts/riju-serve.bash b/scripts/riju-serve.bash
index 13f0a9e..15269dd 100755
--- a/scripts/riju-serve.bash
+++ b/scripts/riju-serve.bash
@@ -4,11 +4,12 @@ set -e
 set -o pipefail
 
 TLS=1
-TLS_PRIVATE_KEY="$(base64 -d /etc/letsencrypt/live/riju.codes/privkey.pem)"
-TLS_CERTIFICATE="$(base64 -d /etc/letsencrypt/live/riju.codes/fullchain.pem)"
+TLS_PRIVATE_KEY="$(base64 /etc/letsencrypt/live/riju.codes/privkey.pem)"
+TLS_CERTIFICATE="$(base64 /etc/letsencrypt/live/riju.codes/fullchain.pem)"
 
 # Do this separately so that errors in command substitution will crash
 # the script.
 export TLS TLS_PRIVATE_KEY TLS_CERTIFICATE
 
-docker run --rm -p 0.0.0.0:80:6119 riju:prod
+docker run -e TLS -e TLS_PRIVATE_KEY -e TLS_CERTIFICATE \
+       --rm -p 0.0.0.0:80:6119 -p 0.0.0.0:443:6120 riju:prod