Skip to content

Commit

Permalink
Adding HTTPS on Prod version (#214)
Browse files Browse the repository at this point in the history 
* Adding HTTPS on Prod version

Added certs and open both port 80 and 443. Port 80 will redirect to port 443.
  • Loading branch information
@RichtXO
RichtXO authored Oct 30, 2020
1 parent 8a0ef2a commit dc82c3d
Show file tree
Hide file tree
Showing 9 changed files with 97 additions and 2 deletions.
1 change: 1 addition & 0 deletions docker-compose.production.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ services:
yacs_web:
ports:
- 80:80
- 443:443
environment:
# https://docs.docker.com/compose/compose-file/#variable-substitution
- HOST=${HOST:-localhost}
Expand Down
3 changes: 2 additions & 1 deletion ops/provision.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,8 @@ const infraSync = async () => {
// print ip
// USED IN GITHUB ACTIONS PIPELINE TO SHOW MESSAGE IN PR
// DO NOT REFORMAT
console.log(`http://${info.ipv4[0]}`)
console.log(`https://${info.ipv4[0]}`)

}

infraSync()
1 change: 1 addition & 0 deletions src/web/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ RUN mkdir /app
COPY --from=build-stage /app/dist /app
COPY nginx.conf /etc/nginx/nginx.template.conf
COPY scripts/entrypoint.sh /usr/local/bin/entrypoint.sh
COPY certificate/ /etc/nginx/certificate

# get openssl to do crypt(3)
RUN \
Expand Down
4 changes: 4 additions & 0 deletions src/web/certificate/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# SSL Certificate for yacs-web

The public/private keypairs are default and should be changed before deployment to production!
Generate your own certificate and verify it with a CA!
18 changes: 18 additions & 0 deletions src/web/certificate/localhost.crt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
-----BEGIN CERTIFICATE-----
MIIC7TCCAdUCFFNNMUwxQFACL90EEGMsuY7R/RdiMA0GCSqGSIb3DQEBCwUAMDMx
CzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazERMA8GA1UECgwIUlBJIFJD
T1MwHhcNMjAxMDExMTkyMDA2WhcNMjExMDExMTkyMDA2WjAzMQswCQYDVQQGEwJV
UzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAoMCFJQSSBSQ09TMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArF6EHLgyojK2dgh6Jjeh8tQQ8fi5KjCJ
R+wBHncYjReyRJm2bFAc/OTVokyqsI+0qgY0WFdaknGP+QcE9BUk0lj0aBgvR/av
s/RvJCWrE0GCdI836Z6LHo/iddBDK2NYYnWurCN3QNP8SViZJdTftSQzflfMTQVR
Pv5tP1r5xaYWUjv94sSSq1gVS6JiYH/yyBags8hgj341yui2mbSfWtxJ174aMNXD
jYew/dhFLdMZAfRKIcWgHUEzCyS63Rzlr9EM/bfj+ypw25knpScmeV8O5BJ0xpnR
HkzQpCJ6r4oGQDuoaiwwdVMBhkCHYocxO8X+M42z4I8VsXpoaf3EiwIDAQABMA0G
CSqGSIb3DQEBCwUAA4IBAQAP6ZWZzIdflw6XjgZaY/rvlc2F+AbulbUGJ6P+YWWa
3yemYfTNPuerjb70Ey/jIdAuPvEYSkUMUObfx1JofqUhO+S21BRg9qjvFKrea+xv
umafzl7Hem6Aab3RP/iPgMCYBCm5+Ao+fNS80QndLJ3W3dTjE8Ej396bkDNL8sIz
sCjK5S9FQ80es+H3ju49UaiSa+Hwz5UpOcrn9o7VNXjtdilkeZtSyoGNmTTDvaG3
VLe6cln/W3sdRWw0X/FGzWD1bwUq9AorTt0nddKF6VKZe2QKczfeqdSZqjZ0EcdE
DDaQ6TxMz9fZBgZ5ELadjXn4moNz081nEyveUK/bF+X6
-----END CERTIFICATE-----
16 changes: 16 additions & 0 deletions src/web/certificate/localhost.csr
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICeDCCAWACAQAwMzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREw
DwYDVQQKDAhSUEkgUkNPUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AKxehBy4MqIytnYIeiY3ofLUEPH4uSowiUfsAR53GI0XskSZtmxQHPzk1aJMqrCP
tKoGNFhXWpJxj/kHBPQVJNJY9GgYL0f2r7P0byQlqxNBgnSPN+meix6P4nXQQytj
WGJ1rqwjd0DT/ElYmSXU37UkM35XzE0FUT7+bT9a+cWmFlI7/eLEkqtYFUuiYmB/
8sgWoLPIYI9+Ncrotpm0n1rcSde+GjDVw42HsP3YRS3TGQH0SiHFoB1BMwskut0c
5a/RDP234/sqcNuZJ6UnJnlfDuQSdMaZ0R5M0KQieq+KBkA7qGosMHVTAYZAh2KH
MTvF/jONs+CPFbF6aGn9xIsCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAfkeBr
P6zQU8dy7lzgwlXSEnZyNuvk2Iplf9t4NgYGPiMcdEUWy5bSu85TQ2tKR0mFC0O6
iuByOuMxKrbvbQTFjJbpUROCxEbS3VEgY/kCVsnsJgohhS2Qno7zgFWKo7UyYUVD
3zawhrakU8ttrPpRGuBvqxSSF/GbHn1o6B2YI5EpdjR0mk8lyRdXCEY2EzXeKRQT
GHAmXl5iDmvVnworSl4xhGFcOc0DF1u07rdGOOiSSVQABsnSTkFTyE5EjRwykKh4
ZvZ1Q6DH4vg5enlujECOtPP1VjtNP1QhKid1gUQawSY2nzVESBa+L1oMfs3tvmpV
K3L6c0pciK831qqW
-----END CERTIFICATE REQUEST-----
27 changes: 27 additions & 0 deletions src/web/certificate/localhost.key
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEArF6EHLgyojK2dgh6Jjeh8tQQ8fi5KjCJR+wBHncYjReyRJm2
bFAc/OTVokyqsI+0qgY0WFdaknGP+QcE9BUk0lj0aBgvR/avs/RvJCWrE0GCdI83
6Z6LHo/iddBDK2NYYnWurCN3QNP8SViZJdTftSQzflfMTQVRPv5tP1r5xaYWUjv9
4sSSq1gVS6JiYH/yyBags8hgj341yui2mbSfWtxJ174aMNXDjYew/dhFLdMZAfRK
IcWgHUEzCyS63Rzlr9EM/bfj+ypw25knpScmeV8O5BJ0xpnRHkzQpCJ6r4oGQDuo
aiwwdVMBhkCHYocxO8X+M42z4I8VsXpoaf3EiwIDAQABAoIBAQCpmYYcTBFmDsgB
c23c1LiAmbDipXxryr4JCmo/c6ewjDRX03bvNBSRsQeTXiRE/eEhumEe2zS/CwZC
XWm+UF+eqPAyzDkZcdyIEGabBoVBuR+HWLQHJnx0YdbNXVH6CxIYLvrjXTIlk2+V
K5vk4YQMU8Zm9jSLREQg227a+8Tvd1Lq/P7fuNGwveaeVNa7cEDOlWHlxRm7OzMR
dON230v8vvODcC+cB/Ks/ns39LKwNUOd+X/ZfjexCNeQY7sJ7+SRpifGS5jrsbH8
jfB6XE30hxqr1j7j9y31LX3vITF+AX+uYMlD4haJ0504oZmdz1JE13pAdwUgCVy9
l6YyT/EBAoGBANUE5+Rth81sIx8uV29w8qMX6HopfwpzTXkPSxUGWohMEToqmXvw
NztxRIxTTNFkAc5m5+xeAidWyuJhmVsIHi74fIgmYgzYCQsLhBH50afyNj7z97op
l/HrkRWuJu+ummG2G0pmyBAOHOuhpvYUOdzjmDFt0vI+0CCdvoZwcMurAoGBAM8l
6jiAFacVssvbaMBXXOyaKXrdqPOGvamMHn4yNBwfkQ0H4cye8prkgNoJbXHU3sIe
8UCElcfUEbKWusMjagk85rAUkhuVGyZ1fN8i8DYASYMdeDwjDqnXG8J4N5kr9XK1
egrhF9RzLRns7PW/pi1f36yhtXZJEAl8pqLgSwqhAoGAdeCzGhrqbWiLvvN7+vU7
r7jJMuDHplbL5lPqLoZHjujZF6D/MjBpwAEb97MY7T40Ka2UZZ5X/sDuoHt1y4Qg
f8mN0CG9XHIn/u6udOwTcqZ8EjYbPe9KX9sFfEPU1AmA8NU/INrjls7YfiQEKmRi
6LMhQykM9HSB46qnBeou4OUCgYByOJzbBL1rwUoyoEw1arbBfAwNRLZJee2Q1MNn
oHUdYMaRodv/AVIS2Ja4I2Sm1NLzxS4P/ku8wRH1IKngueFZMKyfQOiDrwcmgLgX
LeO4UxY15wUKW+ZU/li/NZyqqBOSacDeyNlj+xJOblcG9uNBt9DVFuHBVG40XPhh
bT3ToQKBgQDNkoegBGEC94CDVsTeCO9i3dVELDNB+YzriU1sDlOZuaLpeN83tXia
a5wHkt2pK/JPLdOPUN1B663FG/70lCP8S103x/jvqHV0blWLzMHpuJoOnQdNjbDE
+wQr/TQeMxH7yeJsViutQOhTVf+jhsTy2LXTJfg1CgZeHShQmMuzRw==
-----END RSA PRIVATE KEY-----
16 changes: 15 additions & 1 deletion src/web/nginx.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,24 @@ http {
default_type application/octet-stream;
keepalive_timeout 65;

server {

server{
listen 80;
listen [::]:80;
server_name ${HOST};
return 301 https://${HOST};
}

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;

ssl_certificate /etc/nginx/certificate/${HOST}.crt;
ssl_certificate_key /etc/nginx/certificate/${HOST}.key;

server_name ${HOST};


# simple secure admin panel, will change later
location ~* ^/admin {
auth_basic "Admin Panel";
Expand Down
13 changes: 13 additions & 0 deletions src/web/scripts/entrypoint.sh
100755 → 100644
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,19 @@ envsubst '\$HOST' < \
/etc/nginx/nginx.template.conf > \
/etc/nginx/nginx.conf


# If SSL Certificate folder isn't present, generate one
if [ ! -f /etc/nginx/certificate/$HOST.crt ] &&
[ ! -f /etc/nginx/certificate/$HOST.key ];then
mkdir /etc/nginx/certificate
cd /etc/nginx/certificate
openssl genrsa -passout pass:x -out $HOST.pass.key 2048
openssl rsa -passin pass:x -in $HOST.pass.key -out $HOST.key
rm $HOST.pass.key
openssl req -new -key $HOST.key -out $HOST.csr -subj "/C=US/ST=New York/O=RPI RCOS"
openssl x509 -req -days 365 -in $HOST.csr -signkey $HOST.key -out $HOST.crt
fi

# start nginx
echo "starting nginx:"
nginx -g "daemon off;"

0 comments on commit dc82c3d

Please sign in to comment.