Skip to content

Commit

Permalink
Allow local dev to use self-signed SSL.
Browse files Browse the repository at this point in the history
  • Loading branch information
@BusterNeece
BusterNeece committed Jul 29, 2024
1 parent a26a141 commit 15301cc
Show file tree
Hide file tree
Showing 6 changed files with 39 additions and 2 deletions.
2 changes: 2 additions & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@

# Local Dev/Editors
/build/dev/db_full.sql
/build/dev/ssl/*
!/build/dev/ssl/.gitkeep
/.idea
/dev.env
/docker-compose.override.yml
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ RUN mkdir -p /var/app/www \
&& addgroup -g 1000 app \
&& adduser -u 1000 -G app -h /var/app/ -s /bin/sh -D app \
&& addgroup app www-data \
&& mkdir -p /var/app/media /var/app/www /var/app/www_tmp /run/supervisord /logs \
&& mkdir -p /var/app/media /var/app/www /var/app/ssl /var/app/www_tmp /run/supervisord /logs \
&& chown -R app:app /var/app /logs

COPY --chown=app:app ./build/scripts/ /usr/local/bin
Expand Down
1 change: 1 addition & 0 deletions build/dev/Caddyfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@

:8080 {
root * /var/app/www/web
tls /var/app/ssl/ssl.crt /var/app/ssl/ssl.key

encode gzip
php_fastcgi 127.0.0.1:9000
Expand Down
35 changes: 35 additions & 0 deletions build/dev/entrypoint.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,41 @@ chmod 744 /container.env
shopt -s dotglob
rm -rf /var/app/www_tmp/*

# Set up self-signed SSL
export ACME_DIR="/var/app/ssl"
export APP_DIR="/var/app/www"

if [ -f "$ACME_DIR/default.crt" ]; then
rm -rf "$ACME_DIR/default.key" || true
rm -rf "$ACME_DIR/default.crt" || true
fi

if [ -f "$APP_DIR/build/dev/ssl/default.crt" ]; then
cp "$APP_DIR/build/dev/ssl/default.crt" "$ACME_DIR/ssl.crt"
cp "$APP_DIR/build/dev/ssl/default.key" "$ACME_DIR/ssl.key"
fi

# Generate a self-signed certificate if one doesn't exist in the certs path.
if [ ! -f "$ACME_DIR/default.crt" ]; then
echo "Generating self-signed certificate..."

openssl req -new -nodes -x509 -subj "/C=US/ST=Texas/L=Austin/O=IT/CN=localhost" \
-days 365 -extensions v3_ca \
-keyout "$ACME_DIR/default.key" \
-out "$ACME_DIR/default.crt"
fi

if [ ! -e "$ACME_DIR/ssl.crt" ]; then
rm -rf "$ACME_DIR/ssl.key" || true
rm -rf "$ACME_DIR/ssl.crt" || true

ln -s "$ACME_DIR/default.key" "$ACME_DIR/ssl.key"
ln -s "$ACME_DIR/default.crt" "$ACME_DIR/ssl.crt"
fi

chown -R app:app "$ACME_DIR" || true
chmod -R u=rwX,go=rX "$ACME_DIR" || true

# Composer install
cd /var/app/www

Expand Down
Empty file added build/dev/ssl/.gitkeep
View file
Empty file.
1 change: 0 additions & 1 deletion docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@ services:
restart: always
ports:
- "8080:8080"
- "5173:5173"
logging: &default-logging
options:
max-size: "1m"
Expand Down

0 comments on commit 15301cc

Please sign in to comment.