Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding HTTPS on Prod version #214

Merged
merged 20 commits into from
Oct 30, 2020
Merged

Adding HTTPS on Prod version #214

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
20817d2
Adding HTTPS on Prod version
RichtXO Oct 4, 2020
5f5e855
Adding HTTPS on Prod version
RichtXO Oct 4, 2020
d321b54
Merge branch 'HTTPS' of https://github.com/YACS-RCOS/yacs.n into HTTPS
RichtXO Oct 6, 2020
bba929b
just testing the https deployment
RichtXO Oct 6, 2020
e45c1e8
Adding HTTPS on Prod version
RichtXO Oct 4, 2020
4c863c6
just testing the https deployment
RichtXO Oct 6, 2020
3203c79
Merge branch 'HTTPS' of https://github.com/YACS-RCOS/yacs.n into HTTPS
RichtXO Oct 6, 2020
663e549
Merge branch 'master' into HTTPS
RichtXO Oct 7, 2020
38e4153
Merge branch 'HTTPS' of https://github.com/YACS-RCOS/yacs.n into HTTPS
RichtXO Oct 7, 2020
03a5a7b
Adding the own certificate
RichtXO Oct 11, 2020
c8b5df0
Small changes
RichtXO Oct 11, 2020
0157a1b
Changes Josh requested!
RichtXO Oct 14, 2020
0f7947a
small changes of removing spaces
RichtXO Oct 14, 2020
cb2c106
removing the "\" character
RichtXO Oct 14, 2020
12bf378
idk what im doing... removing strings
RichtXO Oct 14, 2020
eea4a6c
forgot to add -f
RichtXO Oct 14, 2020
7058bfb
Adding HTTPS on Prod version
RichtXO Oct 4, 2020
c09af9b
Merge branch 'HTTPS' of https://github.com/YACS-RCOS/yacs.n into HTTPS
RichtXO Oct 30, 2020
57b1a8b
changes
RichtXO Oct 30, 2020
bb7067e
Merge branch 'master' into HTTPS
RichtXO Oct 30, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions docker-compose.production.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ services:
yacs_web:
ports:
- 80:80
- 443:443
environment:
# https://docs.docker.com/compose/compose-file/#variable-substitution
- HOST=${HOST:-localhost}
Expand Down
3 changes: 2 additions & 1 deletion ops/provision.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,8 @@ const infraSync = async () => {
// print ip
// USED IN GITHUB ACTIONS PIPELINE TO SHOW MESSAGE IN PR
// DO NOT REFORMAT
console.log(`http://${info.ipv4[0]}`)
console.log(`https://${info.ipv4[0]}`)

RichtXO marked this conversation as resolved.
Show resolved Hide resolved
}

infraSync()
1 change: 1 addition & 0 deletions src/web/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ RUN mkdir /app
COPY --from=build-stage /app/dist /app
COPY nginx.conf /etc/nginx/nginx.template.conf
COPY scripts/entrypoint.sh /usr/local/bin/entrypoint.sh
COPY certificate/ /etc/nginx/certificate

# get openssl to do crypt(3)
RUN \
Expand Down
4 changes: 4 additions & 0 deletions src/web/certificate/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# SSL Certificate for yacs-web

The public/private keypairs are default and should be changed before deployment to production!
Generate your own certificate and verify it with a CA!
18 changes: 18 additions & 0 deletions src/web/certificate/localhost.crt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
-----BEGIN CERTIFICATE-----
MIIC7TCCAdUCFFNNMUwxQFACL90EEGMsuY7R/RdiMA0GCSqGSIb3DQEBCwUAMDMx
CzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazERMA8GA1UECgwIUlBJIFJD
T1MwHhcNMjAxMDExMTkyMDA2WhcNMjExMDExMTkyMDA2WjAzMQswCQYDVQQGEwJV
UzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAoMCFJQSSBSQ09TMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArF6EHLgyojK2dgh6Jjeh8tQQ8fi5KjCJ
R+wBHncYjReyRJm2bFAc/OTVokyqsI+0qgY0WFdaknGP+QcE9BUk0lj0aBgvR/av
s/RvJCWrE0GCdI836Z6LHo/iddBDK2NYYnWurCN3QNP8SViZJdTftSQzflfMTQVR
Pv5tP1r5xaYWUjv94sSSq1gVS6JiYH/yyBags8hgj341yui2mbSfWtxJ174aMNXD
jYew/dhFLdMZAfRKIcWgHUEzCyS63Rzlr9EM/bfj+ypw25knpScmeV8O5BJ0xpnR
HkzQpCJ6r4oGQDuoaiwwdVMBhkCHYocxO8X+M42z4I8VsXpoaf3EiwIDAQABMA0G
CSqGSIb3DQEBCwUAA4IBAQAP6ZWZzIdflw6XjgZaY/rvlc2F+AbulbUGJ6P+YWWa
3yemYfTNPuerjb70Ey/jIdAuPvEYSkUMUObfx1JofqUhO+S21BRg9qjvFKrea+xv
umafzl7Hem6Aab3RP/iPgMCYBCm5+Ao+fNS80QndLJ3W3dTjE8Ej396bkDNL8sIz
sCjK5S9FQ80es+H3ju49UaiSa+Hwz5UpOcrn9o7VNXjtdilkeZtSyoGNmTTDvaG3
VLe6cln/W3sdRWw0X/FGzWD1bwUq9AorTt0nddKF6VKZe2QKczfeqdSZqjZ0EcdE
DDaQ6TxMz9fZBgZ5ELadjXn4moNz081nEyveUK/bF+X6
-----END CERTIFICATE-----
16 changes: 16 additions & 0 deletions src/web/certificate/localhost.csr
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICeDCCAWACAQAwMzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREw
DwYDVQQKDAhSUEkgUkNPUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AKxehBy4MqIytnYIeiY3ofLUEPH4uSowiUfsAR53GI0XskSZtmxQHPzk1aJMqrCP
tKoGNFhXWpJxj/kHBPQVJNJY9GgYL0f2r7P0byQlqxNBgnSPN+meix6P4nXQQytj
WGJ1rqwjd0DT/ElYmSXU37UkM35XzE0FUT7+bT9a+cWmFlI7/eLEkqtYFUuiYmB/
8sgWoLPIYI9+Ncrotpm0n1rcSde+GjDVw42HsP3YRS3TGQH0SiHFoB1BMwskut0c
5a/RDP234/sqcNuZJ6UnJnlfDuQSdMaZ0R5M0KQieq+KBkA7qGosMHVTAYZAh2KH
MTvF/jONs+CPFbF6aGn9xIsCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQAfkeBr
P6zQU8dy7lzgwlXSEnZyNuvk2Iplf9t4NgYGPiMcdEUWy5bSu85TQ2tKR0mFC0O6
iuByOuMxKrbvbQTFjJbpUROCxEbS3VEgY/kCVsnsJgohhS2Qno7zgFWKo7UyYUVD
3zawhrakU8ttrPpRGuBvqxSSF/GbHn1o6B2YI5EpdjR0mk8lyRdXCEY2EzXeKRQT
GHAmXl5iDmvVnworSl4xhGFcOc0DF1u07rdGOOiSSVQABsnSTkFTyE5EjRwykKh4
ZvZ1Q6DH4vg5enlujECOtPP1VjtNP1QhKid1gUQawSY2nzVESBa+L1oMfs3tvmpV
K3L6c0pciK831qqW
-----END CERTIFICATE REQUEST-----
27 changes: 27 additions & 0 deletions src/web/certificate/localhost.key
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEArF6EHLgyojK2dgh6Jjeh8tQQ8fi5KjCJR+wBHncYjReyRJm2
bFAc/OTVokyqsI+0qgY0WFdaknGP+QcE9BUk0lj0aBgvR/avs/RvJCWrE0GCdI83
6Z6LHo/iddBDK2NYYnWurCN3QNP8SViZJdTftSQzflfMTQVRPv5tP1r5xaYWUjv9
4sSSq1gVS6JiYH/yyBags8hgj341yui2mbSfWtxJ174aMNXDjYew/dhFLdMZAfRK
IcWgHUEzCyS63Rzlr9EM/bfj+ypw25knpScmeV8O5BJ0xpnRHkzQpCJ6r4oGQDuo
aiwwdVMBhkCHYocxO8X+M42z4I8VsXpoaf3EiwIDAQABAoIBAQCpmYYcTBFmDsgB
c23c1LiAmbDipXxryr4JCmo/c6ewjDRX03bvNBSRsQeTXiRE/eEhumEe2zS/CwZC
XWm+UF+eqPAyzDkZcdyIEGabBoVBuR+HWLQHJnx0YdbNXVH6CxIYLvrjXTIlk2+V
K5vk4YQMU8Zm9jSLREQg227a+8Tvd1Lq/P7fuNGwveaeVNa7cEDOlWHlxRm7OzMR
dON230v8vvODcC+cB/Ks/ns39LKwNUOd+X/ZfjexCNeQY7sJ7+SRpifGS5jrsbH8
jfB6XE30hxqr1j7j9y31LX3vITF+AX+uYMlD4haJ0504oZmdz1JE13pAdwUgCVy9
l6YyT/EBAoGBANUE5+Rth81sIx8uV29w8qMX6HopfwpzTXkPSxUGWohMEToqmXvw
NztxRIxTTNFkAc5m5+xeAidWyuJhmVsIHi74fIgmYgzYCQsLhBH50afyNj7z97op
l/HrkRWuJu+ummG2G0pmyBAOHOuhpvYUOdzjmDFt0vI+0CCdvoZwcMurAoGBAM8l
6jiAFacVssvbaMBXXOyaKXrdqPOGvamMHn4yNBwfkQ0H4cye8prkgNoJbXHU3sIe
8UCElcfUEbKWusMjagk85rAUkhuVGyZ1fN8i8DYASYMdeDwjDqnXG8J4N5kr9XK1
egrhF9RzLRns7PW/pi1f36yhtXZJEAl8pqLgSwqhAoGAdeCzGhrqbWiLvvN7+vU7
r7jJMuDHplbL5lPqLoZHjujZF6D/MjBpwAEb97MY7T40Ka2UZZ5X/sDuoHt1y4Qg
f8mN0CG9XHIn/u6udOwTcqZ8EjYbPe9KX9sFfEPU1AmA8NU/INrjls7YfiQEKmRi
6LMhQykM9HSB46qnBeou4OUCgYByOJzbBL1rwUoyoEw1arbBfAwNRLZJee2Q1MNn
oHUdYMaRodv/AVIS2Ja4I2Sm1NLzxS4P/ku8wRH1IKngueFZMKyfQOiDrwcmgLgX
LeO4UxY15wUKW+ZU/li/NZyqqBOSacDeyNlj+xJOblcG9uNBt9DVFuHBVG40XPhh
bT3ToQKBgQDNkoegBGEC94CDVsTeCO9i3dVELDNB+YzriU1sDlOZuaLpeN83tXia
a5wHkt2pK/JPLdOPUN1B663FG/70lCP8S103x/jvqHV0blWLzMHpuJoOnQdNjbDE
+wQr/TQeMxH7yeJsViutQOhTVf+jhsTy2LXTJfg1CgZeHShQmMuzRw==
-----END RSA PRIVATE KEY-----
16 changes: 15 additions & 1 deletion src/web/nginx.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,24 @@ http {
default_type application/octet-stream;
keepalive_timeout 65;

server {

RichtXO marked this conversation as resolved.
Show resolved Hide resolved
server{
listen 80;
listen [::]:80;
server_name ${HOST};
return 301 https://${HOST};
}

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;

ssl_certificate /etc/nginx/certificate/${HOST}.crt;
ssl_certificate_key /etc/nginx/certificate/${HOST}.key;

server_name ${HOST};


RichtXO marked this conversation as resolved.
Show resolved Hide resolved
# simple secure admin panel, will change later
location ~* ^/admin {
auth_basic "Admin Panel";
Expand Down
13 changes: 13 additions & 0 deletions src/web/scripts/entrypoint.sh
100755 → 100644
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,19 @@ envsubst '\$HOST' < \
/etc/nginx/nginx.template.conf > \
/etc/nginx/nginx.conf


# If SSL Certificate folder isn't present, generate one
if [ ! -f /etc/nginx/certificate/$HOST.crt ] &&
[ ! -f /etc/nginx/certificate/$HOST.key ];then
mkdir /etc/nginx/certificate
cd /etc/nginx/certificate
openssl genrsa -passout pass:x -out $HOST.pass.key 2048
openssl rsa -passin pass:x -in $HOST.pass.key -out $HOST.key
rm $HOST.pass.key
openssl req -new -key $HOST.key -out $HOST.csr -subj "/C=US/ST=New York/O=RPI RCOS"
openssl x509 -req -days 365 -in $HOST.csr -signkey $HOST.key -out $HOST.crt
fi

# start nginx
echo "starting nginx:"
nginx -g "daemon off;"