From 61d51e1d10a96e856ab179c914e55a38d6c813ec Mon Sep 17 00:00:00 2001 From: schlagmichdoch Date: Sun, 12 Feb 2023 02:33:35 +0100 Subject: [PATCH] removed files needed only for development from master and adapt docker-compose.yml for production --- docker-compose.yml | 19 ++----------- docker/fqdn.env | 1 - docker/nginx-with-openssl.Dockerfile | 3 -- docker/nginx/default.conf | 41 ---------------------------- docker/openssl/create.sh | 9 ------ docker/openssl/snapdropCA.cnf | 26 ------------------ docker/openssl/snapdropCert.cnf | 29 -------------------- 7 files changed, 2 insertions(+), 126 deletions(-) delete mode 100644 docker/fqdn.env delete mode 100644 docker/nginx-with-openssl.Dockerfile delete mode 100644 docker/nginx/default.conf delete mode 100755 docker/openssl/create.sh delete mode 100644 docker/openssl/snapdropCA.cnf delete mode 100644 docker/openssl/snapdropCert.cnf diff --git a/docker-compose.yml b/docker-compose.yml index a3982a8..5ff9305 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -6,22 +6,7 @@ services: working_dir: /home/node/app volumes: - ./:/home/node/app - command: ash -c "npm i && npm start" + command: ash -c "npm i && npm run start:prod" restart: unless-stopped - nginx: - build: - context: ./docker/ - dockerfile: nginx-with-openssl.Dockerfile - image: "nginx-with-openssl" - volumes: - - ./public:/usr/share/nginx/html - - ./docker/certs:/etc/ssl/certs - - ./docker/openssl:/mnt/openssl - - ./docker/nginx/default.conf:/etc/nginx/conf.d/default.conf ports: - - "8080:80" - - "8443:443" - env_file: ./docker/fqdn.env - entrypoint: /mnt/openssl/create.sh - command: ["nginx", "-g", "daemon off;"] - restart: unless-stopped + - "3000:3000" diff --git a/docker/fqdn.env b/docker/fqdn.env deleted file mode 100644 index 3302bc9..0000000 --- a/docker/fqdn.env +++ /dev/null @@ -1 +0,0 @@ -FQDN=localhost \ No newline at end of file diff --git a/docker/nginx-with-openssl.Dockerfile b/docker/nginx-with-openssl.Dockerfile deleted file mode 100644 index 4752a53..0000000 --- a/docker/nginx-with-openssl.Dockerfile +++ /dev/null @@ -1,3 +0,0 @@ -FROM nginx:alpine - -RUN apk add --no-cache openssl \ No newline at end of file diff --git a/docker/nginx/default.conf b/docker/nginx/default.conf deleted file mode 100644 index dbe5bd2..0000000 --- a/docker/nginx/default.conf +++ /dev/null @@ -1,41 +0,0 @@ -server { - listen 80; - - expires epoch; - - location / { - proxy_connect_timeout 300; - proxy_pass http://node:3000; - proxy_set_header Connection "upgrade"; - proxy_set_header Upgrade $http_upgrade; - } - - location /ca.crt { - alias /etc/ssl/certs/snapdropCA.crt; - } - - # To allow POST on static pages - error_page 405 =200 $uri; -} - -server { - listen 443 ssl http2; - ssl_certificate /etc/ssl/certs/snapdrop-dev.crt; - ssl_certificate_key /etc/ssl/certs/snapdrop-dev.key; - - expires epoch; - - location / { - proxy_connect_timeout 300; - proxy_pass http://node:3000; - proxy_set_header Connection "upgrade"; - proxy_set_header Upgrade $http_upgrade; - } - - location /ca.crt { - alias /etc/ssl/certs/snapdropCA.crt; - } - # To allow POST on static pages - error_page 405 =200 $uri; -} - diff --git a/docker/openssl/create.sh b/docker/openssl/create.sh deleted file mode 100755 index 7c081c3..0000000 --- a/docker/openssl/create.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh - -cnf_dir='/mnt/openssl/' -certs_dir='/etc/ssl/certs/' -openssl req -config ${cnf_dir}snapdropCA.cnf -new -x509 -days 1 -keyout ${certs_dir}snapdropCA.key -out ${certs_dir}snapdropCA.crt -openssl req -config ${cnf_dir}snapdropCert.cnf -new -out /tmp/snapdrop-dev.csr -keyout ${certs_dir}snapdrop-dev.key -openssl x509 -req -in /tmp/snapdrop-dev.csr -CA ${certs_dir}snapdropCA.crt -CAkey ${certs_dir}snapdropCA.key -CAcreateserial -extensions req_ext -extfile ${cnf_dir}snapdropCert.cnf -sha512 -days 1 -out ${certs_dir}snapdrop-dev.crt - -exec "$@" \ No newline at end of file diff --git a/docker/openssl/snapdropCA.cnf b/docker/openssl/snapdropCA.cnf deleted file mode 100644 index d8502c3..0000000 --- a/docker/openssl/snapdropCA.cnf +++ /dev/null @@ -1,26 +0,0 @@ -[ req ] -default_bits = 2048 -default_md = sha256 -default_days = 1 -encrypt_key = no -distinguished_name = subject -x509_extensions = x509_ext -string_mask = utf8only -prompt = no - -[ subject ] -organizationName = Snapdrop -OU = CA -commonName = snapdrop-CA - -[ x509_ext ] -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid:always,issuer - -# You only need digitalSignature below. *If* you don't allow -# RSA Key transport (i.e., you use ephemeral cipher suites), then -# omit keyEncipherment because that's key transport. - -basicConstraints = critical, CA:TRUE, pathlen:0 -keyUsage = critical, digitalSignature, keyEncipherment, cRLSign, keyCertSign - diff --git a/docker/openssl/snapdropCert.cnf b/docker/openssl/snapdropCert.cnf deleted file mode 100644 index 87202d8..0000000 --- a/docker/openssl/snapdropCert.cnf +++ /dev/null @@ -1,29 +0,0 @@ -[ req ] -default_bits = 2048 -default_md = sha256 -default_days = 1 -encrypt_key = no -distinguished_name = subject -req_extensions = req_ext -string_mask = utf8only -prompt = no - -[ subject ] -organizationName = PairDrop -OU = Development - -# Use a friendly name here because it's presented to the user. The server's DNS -# names are placed in Subject Alternate Names. Plus, DNS names here is deprecated -# by both IETF and CA/Browser Forums. If you place a DNS name here, then you -# must include the DNS name in the SAN too (otherwise, Chrome and others that -# strictly follow the CA/Browser Baseline Requirements will fail). - -commonName = ${ENV::FQDN} - -[ req_ext ] -subjectKeyIdentifier = hash -basicConstraints = CA:FALSE -keyUsage = digitalSignature, keyEncipherment -subjectAltName = DNS:${ENV::FQDN} -nsComment = "OpenSSL Generated Certificate" -extendedKeyUsage = serverAuth