removed files needed only for development from master and adapt docker-compose.yml for production

This commit is contained in:
schlagmichdoch 2023-02-12 02:33:35 +01:00
parent 64d69a0ed9
commit 61d51e1d10
7 changed files with 2 additions and 126 deletions

View file

@ -6,22 +6,7 @@ services:
working_dir: /home/node/app
volumes:
- ./:/home/node/app
command: ash -c "npm i && npm start"
command: ash -c "npm i && npm run start:prod"
restart: unless-stopped
nginx:
build:
context: ./docker/
dockerfile: nginx-with-openssl.Dockerfile
image: "nginx-with-openssl"
volumes:
- ./public:/usr/share/nginx/html
- ./docker/certs:/etc/ssl/certs
- ./docker/openssl:/mnt/openssl
- ./docker/nginx/default.conf:/etc/nginx/conf.d/default.conf
ports:
- "8080:80"
- "8443:443"
env_file: ./docker/fqdn.env
entrypoint: /mnt/openssl/create.sh
command: ["nginx", "-g", "daemon off;"]
restart: unless-stopped
- "3000:3000"

View file

@ -1 +0,0 @@
FQDN=localhost

View file

@ -1,3 +0,0 @@
FROM nginx:alpine
RUN apk add --no-cache openssl

View file

@ -1,41 +0,0 @@
server {
listen 80;
expires epoch;
location / {
proxy_connect_timeout 300;
proxy_pass http://node:3000;
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade;
}
location /ca.crt {
alias /etc/ssl/certs/snapdropCA.crt;
}
# To allow POST on static pages
error_page 405 =200 $uri;
}
server {
listen 443 ssl http2;
ssl_certificate /etc/ssl/certs/snapdrop-dev.crt;
ssl_certificate_key /etc/ssl/certs/snapdrop-dev.key;
expires epoch;
location / {
proxy_connect_timeout 300;
proxy_pass http://node:3000;
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade;
}
location /ca.crt {
alias /etc/ssl/certs/snapdropCA.crt;
}
# To allow POST on static pages
error_page 405 =200 $uri;
}

View file

@ -1,9 +0,0 @@
#!/bin/sh
cnf_dir='/mnt/openssl/'
certs_dir='/etc/ssl/certs/'
openssl req -config ${cnf_dir}snapdropCA.cnf -new -x509 -days 1 -keyout ${certs_dir}snapdropCA.key -out ${certs_dir}snapdropCA.crt
openssl req -config ${cnf_dir}snapdropCert.cnf -new -out /tmp/snapdrop-dev.csr -keyout ${certs_dir}snapdrop-dev.key
openssl x509 -req -in /tmp/snapdrop-dev.csr -CA ${certs_dir}snapdropCA.crt -CAkey ${certs_dir}snapdropCA.key -CAcreateserial -extensions req_ext -extfile ${cnf_dir}snapdropCert.cnf -sha512 -days 1 -out ${certs_dir}snapdrop-dev.crt
exec "$@"

View file

@ -1,26 +0,0 @@
[ req ]
default_bits = 2048
default_md = sha256
default_days = 1
encrypt_key = no
distinguished_name = subject
x509_extensions = x509_ext
string_mask = utf8only
prompt = no
[ subject ]
organizationName = Snapdrop
OU = CA
commonName = snapdrop-CA
[ x509_ext ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
# You only need digitalSignature below. *If* you don't allow
# RSA Key transport (i.e., you use ephemeral cipher suites), then
# omit keyEncipherment because that's key transport.
basicConstraints = critical, CA:TRUE, pathlen:0
keyUsage = critical, digitalSignature, keyEncipherment, cRLSign, keyCertSign

View file

@ -1,29 +0,0 @@
[ req ]
default_bits = 2048
default_md = sha256
default_days = 1
encrypt_key = no
distinguished_name = subject
req_extensions = req_ext
string_mask = utf8only
prompt = no
[ subject ]
organizationName = PairDrop
OU = Development
# Use a friendly name here because it's presented to the user. The server's DNS
# names are placed in Subject Alternate Names. Plus, DNS names here is deprecated
# by both IETF and CA/Browser Forums. If you place a DNS name here, then you
# must include the DNS name in the SAN too (otherwise, Chrome and others that
# strictly follow the CA/Browser Baseline Requirements will fail).
commonName = ${ENV::FQDN}
[ req_ext ]
subjectKeyIdentifier = hash
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment
subjectAltName = DNS:${ENV::FQDN}
nsComment = "OpenSSL Generated Certificate"
extendedKeyUsage = serverAuth