Cleanup root folder

2025-04-24 16:56:16 -04:00 · 2020-07-14 22:12:10 +02:00 · 2020-07-14 22:12:10 +02:00 · 9bc2bd1d44
commit 9bc2bd1d44
parent 6725a60d04
7 changed files with 4 additions and 4 deletions
--- a/docker/fqdn.env
+++ b/docker/fqdn.env
@ -0,0 +1 @@
+FQDN=localhost
--- a/docker/nginx-with-openssl.Dockerfile
+++ b/docker/nginx-with-openssl.Dockerfile
@ -0,0 +1,3 @@
+FROM nginx:alpine
+
+RUN apk add --no-cache openssl
--- a/docker/nginx/default.conf
+++ b/docker/nginx/default.conf
@ -0,0 +1,75 @@
+server {
+    listen       80;
+    #server_name  your.domain;
+
+    #charset koi8-r;
+    #access_log  /var/log/nginx/host.access.log  main;
+
+    expires epoch;
+
+    location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+    }
+
+    location /server {
+        proxy_connect_timeout 300;
+        proxy_pass http://node:3000;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header X-Forwarded-for $remote_addr;
+    }
+
+    location /ca.crt {
+        alias /etc/ssl/certs/snapdropCA.crt;
+    }
+
+    #error_page  404              /404.html;
+
+    # redirect server error pages to the static page /50x.html
+    #
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+}
+
+server {
+    listen       443 ssl http2;
+    ssl_certificate /etc/ssl/certs/snapdrop-dev.crt;
+    ssl_certificate_key /etc/ssl/certs/snapdrop-dev.key;
+
+    #server_name  ;
+
+    #charset koi8-r;
+    #access_log  /var/log/nginx/host.access.log  main;
+
+    expires epoch;
+
+    location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+    }
+
+    location /server {
+        proxy_connect_timeout 300;
+        proxy_pass http://node:3000;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header X-Forwarded-for $remote_addr;
+    }
+
+    location /ca.crt {
+        alias /etc/ssl/certs/snapdropCA.crt;
+    }
+
+    #error_page  404              /404.html;
+
+    # redirect server error pages to the static page /50x.html
+    #
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+}
+
--- a/docker/openssl/create.sh
+++ b/docker/openssl/create.sh
@ -0,0 +1,9 @@
+#!/bin/sh
+
+cnf_dir='/mnt/openssl/'
+certs_dir='/etc/ssl/certs/'
+openssl req -config ${cnf_dir}snapdropCA.cnf -new -x509 -days 1 -keyout ${certs_dir}snapdropCA.key -out ${certs_dir}snapdropCA.crt
+openssl req -config ${cnf_dir}snapdropCert.cnf -new -out /tmp/snapdrop-dev.csr -keyout ${certs_dir}snapdrop-dev.key
+openssl x509 -req -in /tmp/snapdrop-dev.csr -CA ${certs_dir}snapdropCA.crt -CAkey ${certs_dir}snapdropCA.key -CAcreateserial -extensions req_ext -extfile ${cnf_dir}snapdropCert.cnf -sha512 -days 1 -out ${certs_dir}snapdrop-dev.crt
+
+exec "$@"
--- a/docker/openssl/snapdropCA.cnf
+++ b/docker/openssl/snapdropCA.cnf
@ -0,0 +1,26 @@
+[ req ]
+default_bits       = 2048
+default_md         = sha256
+default_days       = 1
+encrypt_key        = no
+distinguished_name = subject
+x509_extensions    = x509_ext
+string_mask        = utf8only
+prompt             = no
+
+[ subject ]
+organizationName = Snapdrop
+OU               = CA
+commonName       = snapdrop-CA
+
+[ x509_ext ]
+subjectKeyIdentifier      = hash
+authorityKeyIdentifier    = keyid:always,issuer
+
+# You only need digitalSignature below. *If* you don't allow
+#   RSA Key transport (i.e., you use ephemeral cipher suites), then
+#   omit keyEncipherment because that's key transport.
+
+basicConstraints = critical, CA:TRUE, pathlen:0
+keyUsage         = critical, digitalSignature, keyEncipherment, cRLSign, keyCertSign
+
--- a/docker/openssl/snapdropCert.cnf
+++ b/docker/openssl/snapdropCert.cnf
@ -0,0 +1,29 @@
+[ req ]
+default_bits        = 2048
+default_md          = sha256
+default_days        = 1
+encrypt_key         = no
+distinguished_name  = subject
+req_extensions      = req_ext
+string_mask         = utf8only
+prompt              = no
+
+[ subject ]
+organizationName    = Snapdrop
+OU                  = Development
+
+# Use a friendly name here because it's presented to the user. The server's DNS
+#   names are placed in Subject Alternate Names. Plus, DNS names here is deprecated
+#   by both IETF and CA/Browser Forums. If you place a DNS name here, then you
+#   must include the DNS name in the SAN too (otherwise, Chrome and others that
+#   strictly follow the CA/Browser Baseline Requirements will fail).
+
+commonName           = ${ENV::FQDN}
+
+[ req_ext ]
+subjectKeyIdentifier = hash
+basicConstraints     = CA:FALSE
+keyUsage             = digitalSignature, keyEncipherment
+subjectAltName       = DNS:${ENV::FQDN}
+nsComment            = "OpenSSL Generated Certificate"
+extendedKeyUsage     = serverAuth