diff --git a/.gitignore b/.gitignore index c730f58..dfdb392 100644 --- a/.gitignore +++ b/.gitignore @@ -6,6 +6,8 @@ # Local Dev/Editors /build/dev/db_full.sql +/build/dev/ssl/* +!/build/dev/ssl/.gitkeep /.idea /dev.env /docker-compose.override.yml diff --git a/Dockerfile b/Dockerfile index c6e9617..c3f923c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,7 +23,7 @@ RUN mkdir -p /var/app/www \ && addgroup -g 1000 app \ && adduser -u 1000 -G app -h /var/app/ -s /bin/sh -D app \ && addgroup app www-data \ - && mkdir -p /var/app/media /var/app/www /var/app/www_tmp /run/supervisord /logs \ + && mkdir -p /var/app/media /var/app/www /var/app/ssl /var/app/www_tmp /run/supervisord /logs \ && chown -R app:app /var/app /logs COPY --chown=app:app ./build/scripts/ /usr/local/bin diff --git a/build/dev/Caddyfile b/build/dev/Caddyfile index b50546c..0426f46 100644 --- a/build/dev/Caddyfile +++ b/build/dev/Caddyfile @@ -6,6 +6,7 @@ :8080 { root * /var/app/www/web + tls /var/app/ssl/ssl.crt /var/app/ssl/ssl.key encode gzip php_fastcgi 127.0.0.1:9000 diff --git a/build/dev/entrypoint.sh b/build/dev/entrypoint.sh index 5f7a13e..7f65d8e 100644 --- a/build/dev/entrypoint.sh +++ b/build/dev/entrypoint.sh @@ -15,6 +15,41 @@ chmod 744 /container.env shopt -s dotglob rm -rf /var/app/www_tmp/* +# Set up self-signed SSL +export ACME_DIR="/var/app/ssl" +export APP_DIR="/var/app/www" + +if [ -f "$ACME_DIR/default.crt" ]; then + rm -rf "$ACME_DIR/default.key" || true + rm -rf "$ACME_DIR/default.crt" || true +fi + +if [ -f "$APP_DIR/build/dev/ssl/default.crt" ]; then + cp "$APP_DIR/build/dev/ssl/default.crt" "$ACME_DIR/ssl.crt" + cp "$APP_DIR/build/dev/ssl/default.key" "$ACME_DIR/ssl.key" +fi + +# Generate a self-signed certificate if one doesn't exist in the certs path. +if [ ! -f "$ACME_DIR/default.crt" ]; then + echo "Generating self-signed certificate..." + + openssl req -new -nodes -x509 -subj "/C=US/ST=Texas/L=Austin/O=IT/CN=localhost" \ + -days 365 -extensions v3_ca \ + -keyout "$ACME_DIR/default.key" \ + -out "$ACME_DIR/default.crt" +fi + +if [ ! -e "$ACME_DIR/ssl.crt" ]; then + rm -rf "$ACME_DIR/ssl.key" || true + rm -rf "$ACME_DIR/ssl.crt" || true + + ln -s "$ACME_DIR/default.key" "$ACME_DIR/ssl.key" + ln -s "$ACME_DIR/default.crt" "$ACME_DIR/ssl.crt" +fi + +chown -R app:app "$ACME_DIR" || true +chmod -R u=rwX,go=rX "$ACME_DIR" || true + # Composer install cd /var/app/www diff --git a/build/dev/ssl/.gitkeep b/build/dev/ssl/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/docker-compose.yml b/docker-compose.yml index 6d8f95e..ae6cb63 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -17,7 +17,6 @@ services: restart: always ports: - "8080:8080" - - "5173:5173" logging: &default-logging options: max-size: "1m"