MirrorMirror
/
riju
mirror of https://github.com/radian-software/riju.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Misc fixups for production setup

This commit is contained in:
Radon Rosborough 2020-06-11 14:41:42 -06:00
parent 4ea197cabe
commit 66fea5be40
6 changed files with 36 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Dockerfile.dev
View File

@ -32,6 +32,7 @@ RUN /tmp/docker-install-phase6.bash "$UID"
USER docker USER docker
WORKDIR /home/docker WORKDIR /home/docker
EXPOSE 6119 EXPOSE 6119
EXPOSE 6120
ENTRYPOINT ["/usr/local/bin/pid1.bash"] ENTRYPOINT ["/usr/local/bin/pid1.bash"]
COPY scripts/pid1.bash /usr/local/bin/ COPY scripts/pid1.bash /usr/local/bin/

3
Dockerfile.prod
View File

@ -34,12 +34,13 @@ RUN /tmp/docker-install-phase6.bash
USER docker USER docker
WORKDIR /home/docker WORKDIR /home/docker
EXPOSE 6119 EXPOSE 6119
EXPOSE 6120
ENTRYPOINT ["/usr/local/bin/pid1.bash"] ENTRYPOINT ["/usr/local/bin/pid1.bash"]
COPY scripts/pid1.bash /usr/local/bin/ COPY scripts/pid1.bash /usr/local/bin/
RUN sudo deluser docker sudo RUN sudo deluser docker sudo
ADD --chown=docker:docker . /home/docker/src COPY --chown=docker:docker . /home/docker/src
WORKDIR /home/docker/src WORKDIR /home/docker/src
RUN yarn install RUN yarn install
RUN yarn run backend RUN yarn run backend

2
Makefile
View File

@ -18,7 +18,7 @@ image-prod: ## Build Docker image for production
.PHONY: docker .PHONY: docker
docker: image-dev ## Run shell with source code and deps inside Docker docker: image-dev ## Run shell with source code and deps inside Docker
scripts/docker.bash run -it --rm -v "$(PWD):/home/docker/src" -p 6119:6119 riju bash scripts/docker.bash run -it --rm -v "$(PWD):/home/docker/src" -p 6119:6119 -p 6120:6120 riju bash
.PHONY: deploy .PHONY: deploy
deploy: image-prod ## Deploy to Heroku deploy: image-prod ## Deploy to Heroku

38
backend/src/server.ts
View File

@ -1,6 +1,6 @@
"use strict"; "use strict";
import * as fs from "fs"; import * as http from "http";
import * as https from "https"; import * as https from "https";
import * as appRoot from "app-root-path"; import * as appRoot from "app-root-path";
@ -13,6 +13,7 @@ import { langs } from "./langs";
const host = process.env.HOST || "localhost"; const host = process.env.HOST || "localhost";
const port = parseInt(process.env.PORT) || 6119; const port = parseInt(process.env.PORT) || 6119;
const tlsPort = parseInt(process.env.TLS_PORT) || 6120;
const useTLS = process.env.TLS ? true : false; const useTLS = process.env.TLS ? true : false;
const app = ws(express()).app; const app = ws(express()).app;
@ -26,13 +27,6 @@ function getQueryParams(req: Request): URLSearchParams {
return (req.query as unknown) as URLSearchParams; return (req.query as unknown) as URLSearchParams;
} }
app.use((req, res, next) => {
if (useTLS && req.headers["x-forwarded-proto"] !== "https") {
res.redirect(301, "https://" + req.hostname + req.originalUrl);
} else {
next();
}
});
app.get("/", (_, res) => { app.get("/", (_, res) => {
res.render(appRoot.path + "/frontend/pages/index", { langs }); res.render(appRoot.path + "/frontend/pages/index", { langs });
}); });
@ -67,8 +61,9 @@ app.ws("/api/v1/ws", (ws, req) => {
} }
}); });
const secureApp = useTLS if (useTLS) {
? https.createServer( https
.createServer(
{ {
key: Buffer.from(process.env.TLS_PRIVATE_KEY, "base64").toString( key: Buffer.from(process.env.TLS_PRIVATE_KEY, "base64").toString(
"ascii" "ascii"
@ -79,8 +74,21 @@ const secureApp = useTLS
}, },
app app
) )
: app; .listen(tlsPort, host, () =>
console.log(`Listening on https://${host}:${tlsPort}`)
secureApp.listen(port, host, () => );
console.log(`Listening on http://${host}:${port}`) http
); .createServer((req, res) => {
res.writeHead(301, {
Location: "https://" + req.headers["host"] + req.url,
});
res.end();
})
.listen(port, host, () =>
console.log(`Listening on http://${host}:${port}`)
);
} else {
app.listen(port, host, () =>
console.log(`Listening on http://${host}:${port}`)
);
}

10
scripts/install.py
View File

@ -10,11 +10,11 @@ import sys
import tempfile import tempfile
import time import time
for pid in ( result = subprocess.run(
subprocess.run(["pgrep", "-x", "riju-install"], check=True, stdout=subprocess.PIPE) ["pgrep", "-x", "riju-install"], check=True, stdout=subprocess.PIPE
.stdout.decode() )
.splitlines() assert result.returncode in {0, 1}
): for pid in result.stdout.decode().splitlines():
print(f"Found existing process {pid}, trying to kill ...", file=sys.stderr) print(f"Found existing process {pid}, trying to kill ...", file=sys.stderr)
pid = int(pid) pid = int(pid)
os.kill(pid, signal.SIGTERM) os.kill(pid, signal.SIGTERM)

7
scripts/riju-serve.bash
View File

@ -4,11 +4,12 @@ set -e
set -o pipefail set -o pipefail
TLS=1 TLS=1
TLS_PRIVATE_KEY="$(base64 -d /etc/letsencrypt/live/riju.codes/privkey.pem)" TLS_PRIVATE_KEY="$(base64 /etc/letsencrypt/live/riju.codes/privkey.pem)"
TLS_CERTIFICATE="$(base64 -d /etc/letsencrypt/live/riju.codes/fullchain.pem)" TLS_CERTIFICATE="$(base64 /etc/letsencrypt/live/riju.codes/fullchain.pem)"
# Do this separately so that errors in command substitution will crash # Do this separately so that errors in command substitution will crash
# the script. # the script.
export TLS TLS_PRIVATE_KEY TLS_CERTIFICATE export TLS TLS_PRIVATE_KEY TLS_CERTIFICATE
docker run --rm -p 0.0.0.0:80:6119 riju:prod docker run -e TLS -e TLS_PRIVATE_KEY -e TLS_CERTIFICATE \
--rm -p 0.0.0.0:80:6119 -p 0.0.0.0:443:6120 riju:prod