removed files needed only for development from master and adapt docker-compose.yml for production

2023-02-12 02:33:35 +01:00 · 2023-02-12 02:33:35 +01:00 · 61d51e1d10
commit 61d51e1d10
parent 64d69a0ed9
7 changed files with 2 additions and 126 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -6,22 +6,7 @@ services:
    working_dir: /home/node/app
    volumes:
      - ./:/home/node/app
-    command: ash -c "npm i && npm start"
+    command: ash -c "npm i && npm run start:prod"
    restart: unless-stopped
-  nginx:
-    build:
-      context: ./docker/
-      dockerfile: nginx-with-openssl.Dockerfile
-    image: "nginx-with-openssl"
-    volumes:
-      - ./public:/usr/share/nginx/html
-      - ./docker/certs:/etc/ssl/certs
-      - ./docker/openssl:/mnt/openssl
-      - ./docker/nginx/default.conf:/etc/nginx/conf.d/default.conf
    ports:
-      - "8080:80"
-      - "8443:443"
-    env_file: ./docker/fqdn.env
-    entrypoint: /mnt/openssl/create.sh
-    command: ["nginx", "-g", "daemon off;"]
-    restart: unless-stopped
+      - "3000:3000"
--- a/docker/fqdn.env
+++ b/docker/fqdn.env
@ -1 +0,0 @@
-FQDN=localhost
--- a/docker/nginx-with-openssl.Dockerfile
+++ b/docker/nginx-with-openssl.Dockerfile
@ -1,3 +0,0 @@
-FROM nginx:alpine
-
-RUN apk add --no-cache openssl
--- a/docker/nginx/default.conf
+++ b/docker/nginx/default.conf
@ -1,41 +0,0 @@
-server {
-    listen       80;
-
-    expires epoch;
-
-    location / {
-        proxy_connect_timeout 300;
-        proxy_pass http://node:3000;
-        proxy_set_header Connection "upgrade";
-        proxy_set_header Upgrade $http_upgrade;
-    }
-
-    location /ca.crt {
-        alias /etc/ssl/certs/snapdropCA.crt;
-    }
-
-    # To allow POST on static pages
-    error_page  405     =200 $uri;
-}
-
-server {
-    listen       443 ssl http2;
-    ssl_certificate /etc/ssl/certs/snapdrop-dev.crt;
-    ssl_certificate_key /etc/ssl/certs/snapdrop-dev.key;
-
-    expires epoch;
-
-    location / {
-        proxy_connect_timeout 300;
-        proxy_pass http://node:3000;
-        proxy_set_header Connection "upgrade";
-        proxy_set_header Upgrade $http_upgrade;
-    }
-
-    location /ca.crt {
-        alias /etc/ssl/certs/snapdropCA.crt;
-    }
-    # To allow POST on static pages
-    error_page  405     =200 $uri;
-}
-
--- a/docker/openssl/create.sh
+++ b/docker/openssl/create.sh
@ -1,9 +0,0 @@
-#!/bin/sh
-
-cnf_dir='/mnt/openssl/'
-certs_dir='/etc/ssl/certs/'
-openssl req -config ${cnf_dir}snapdropCA.cnf -new -x509 -days 1 -keyout ${certs_dir}snapdropCA.key -out ${certs_dir}snapdropCA.crt
-openssl req -config ${cnf_dir}snapdropCert.cnf -new -out /tmp/snapdrop-dev.csr -keyout ${certs_dir}snapdrop-dev.key
-openssl x509 -req -in /tmp/snapdrop-dev.csr -CA ${certs_dir}snapdropCA.crt -CAkey ${certs_dir}snapdropCA.key -CAcreateserial -extensions req_ext -extfile ${cnf_dir}snapdropCert.cnf -sha512 -days 1 -out ${certs_dir}snapdrop-dev.crt
-
-exec "$@"
--- a/docker/openssl/snapdropCA.cnf
+++ b/docker/openssl/snapdropCA.cnf
@ -1,26 +0,0 @@
-[ req ]
-default_bits       = 2048
-default_md         = sha256
-default_days       = 1
-encrypt_key        = no
-distinguished_name = subject
-x509_extensions    = x509_ext
-string_mask        = utf8only
-prompt             = no
-
-[ subject ]
-organizationName = Snapdrop
-OU               = CA
-commonName       = snapdrop-CA
-
-[ x509_ext ]
-subjectKeyIdentifier      = hash
-authorityKeyIdentifier    = keyid:always,issuer
-
-# You only need digitalSignature below. *If* you don't allow
-#   RSA Key transport (i.e., you use ephemeral cipher suites), then
-#   omit keyEncipherment because that's key transport.
-
-basicConstraints = critical, CA:TRUE, pathlen:0
-keyUsage         = critical, digitalSignature, keyEncipherment, cRLSign, keyCertSign
-
--- a/docker/openssl/snapdropCert.cnf
+++ b/docker/openssl/snapdropCert.cnf
@ -1,29 +0,0 @@
-[ req ]
-default_bits        = 2048
-default_md          = sha256
-default_days        = 1
-encrypt_key         = no
-distinguished_name  = subject
-req_extensions      = req_ext
-string_mask         = utf8only
-prompt              = no
-
-[ subject ]
-organizationName    = PairDrop
-OU                  = Development
-
-# Use a friendly name here because it's presented to the user. The server's DNS
-#   names are placed in Subject Alternate Names. Plus, DNS names here is deprecated
-#   by both IETF and CA/Browser Forums. If you place a DNS name here, then you
-#   must include the DNS name in the SAN too (otherwise, Chrome and others that
-#   strictly follow the CA/Browser Baseline Requirements will fail).
-
-commonName           = ${ENV::FQDN}
-
-[ req_ext ]
-subjectKeyIdentifier = hash
-basicConstraints     = CA:FALSE
-keyUsage             = digitalSignature, keyEncipherment
-subjectAltName       = DNS:${ENV::FQDN}
-nsComment            = "OpenSSL Generated Certificate"
-extendedKeyUsage     = serverAuth