Made program generate SSL

2025-04-15 16:14:04 +02:00
parent 7519f21389
commit a5824f8b51
7 changed files with 39 additions and 56 deletions
--- a/19
+++ b/19
@@ -1,21 +1,13 @@
-FROM node:18-alpine as build
+FROM node:18-alpine AS build
 WORKDIR /build
 ADD . .
 RUN [ "npm", "ci" ]
-COPY <<EOF src/environments/environment.ts
-export const environment = {
-    apiEndpoint: `http://localhost/api`,
-    version: "v1.0.0",
-    vapid: {
-        pubkey: `${VAPID}`
-    },
-    production: true
-};
-EOF
 RUN [ "npm", "run", "build" ]

-FROM httpd:alpine as runtime
+FROM httpd:alpine AS runtime
+RUN apk add --no-cache certbot certbot-apache
 COPY httpd.conf /usr/local/apache2/conf/httpd.conf
+COPY cli.ini /etc/letsencrypt/cli.ini
 COPY --from=build /build/dist /usr/local/apache2/htdocs/
 COPY <<EOF /usr/local/apache2/htdocs/ipwa/.htaccess
 RewriteEngine on
@@ -25,4 +17,7 @@ RewriteRule ^ - [L]
 RewriteRule ^ /ipwa/index.html
 EOF
 RUN chmod +rx /usr/local/apache2/htdocs/ipwa/.htaccess
+COPY entrypoint.sh entrypoint.sh
 EXPOSE 80
+EXPOSE 443
+CMD ["sh", "entrypoint.sh"]
--- a/README.md
+++ b/README.md
@@ -5,18 +5,4 @@ This project depends on the [Backend server](https://github.com/Slasherss1/ipwa-

 ## Things to change
 Change following files:
- `Dockerfile`:
-    | Line | What to change | Note |
-    | --- | --- | --- |
-    | 7 | ``apiEndpoint: `http://localhost/api`,`` | Change url to backend endpoint |
-
- `httpd.conf`:
-    | Line | What to change | Note |
-    | --- | --- | --- |
-    | 233 | `ServerAdmin you@example.com` | Change to webmaster's email |
-    | 242 | `ServerName www.example.com` | Change to final domain name |
-    | 312 | `ServerName www.example.com` | See above |
-    | 314 | `SSLCertificateFile /cert/live/<domain>/cert.pem` | Change `<domain>` to the domain name above |
-    | 315 | `SSLCertificateKeyFile /cert/live/<domain>/privkey.pem` | Change `<domain>` to the domain name above |
-    | 316 | `SSLCertificateChainFile /cert/live/<domain>/chain.pem` | Change `<domain>` to the domain name above |
 - (Optional) `src/assets/icons/*` - You can change the icons to your own 
--- a/cli.ini
+++ b/cli.ini
@@ -0,0 +1,3 @@
+agree-tos = true
+apache-challenge-location = /usr/local/apache2
+apache-server-root = /usr/local/apache2
--- a/compose.yml
+++ b/compose.yml
@@ -2,4 +2,10 @@ services:
  front:
    build: .
    ports:
-      - 8080:80
+      - 80:80
+      - 443:443
+    environment:
+      - DOMAIN=
+      - EMAIL=
+    volumes:
+      - cert:/etc/letsencrypt
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+cat >> /usr/local/apache2/conf/httpd.conf <<EOF
+ServerName $DOMAIN
+ServerAdmin $EMAIL
+<VirtualHost *:80>
+    ServerName $DOMAIN
+</VirtualHost>
+EOF
+
+http -k start
+certbot --apache -n --keep -d $DOMAIN -m $EMAIL
+httpd -k stop
+
+
+httpd-foreground
--- a/httpd.conf
+++ b/httpd.conf
@@ -92,7 +92,7 @@ LoadModule auth_basic_module modules/mod_auth_basic.so
 #LoadModule cache_module modules/mod_cache.so
 #LoadModule cache_disk_module modules/mod_cache_disk.so
 #LoadModule cache_socache_module modules/mod_cache_socache.so
-#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
+LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
 #LoadModule socache_dbm_module modules/mod_socache_dbm.so
 #LoadModule socache_memcache_module modules/mod_socache_memcache.so
 #LoadModule socache_redis_module modules/mod_socache_redis.so
@@ -225,22 +225,6 @@ Group www-data
 # virtual host being defined.
 #

-#
-# ServerAdmin: Your address, where problems with the server should be
-# e-mailed.  This address appears on some server-generated pages, such
-# as error documents.  e.g. admin@your-domain.com
-#
-ServerAdmin you@example.com
-
-#
-# ServerName gives the name and port that the server uses to identify itself.
-# This can often be determined automatically, but we recommend you specify
-# it explicitly to prevent problems during startup.
-#
-# If your host doesn't have a registered DNS name, enter its IP address here.
-#
-ServerName www.example.com
-
 #
 # Deny access to the entirety of your server's filesystem. You must
 # explicitly permit access to web content directories in other 
@@ -308,14 +292,6 @@ RedirectMatch ^/$ /ipwa
    Alias "/var/www/certbot/.well-known/acme-challenge/"
 </Location>

-<VirtualHost *:443>
-    ServerName www.example.com
-    SSLEngine on
-    SSLCertificateFile /cert/live/<domain>/cert.pem
-    SSLCertificateKeyFile /cert/live/<domain>/privkey.pem
-    SSLCertificateChainFile /cert/live/<domain>/chain.pem
-</VirtualHost>
-
 #
 # DirectoryIndex: sets the file that Apache will serve if a directory
 # is requested.
@@ -569,6 +545,10 @@ Include conf/extra/proxy-html.conf
 #       starting without SSL on platforms with no /dev/random equivalent
 #       but a statically compiled-in mod_ssl.
 #
+
+SSLSessionCache         "shmcb:/usr/local/apache2/logs/ssl_cache(512000)"
+SSLSessionCacheTimeout  300
+
 <IfModule ssl_module>
 SSLRandomSeed startup builtin
 SSLRandomSeed connect builtin
--- a/src/environments/environment.ts
+++ b/src/environments/environment.ts
@@ -1,8 +1,6 @@
 export const environment = {
-    apiEndpoint: `https://${process.env['ORIGIN']}/api`,
+    apiEndpoint: `${window.location.origin}/api`,
    version: "v1.0.0",
-    vapid: {
-        pubkey: `${process.env['VAPID']}`
-    },
+    vapid: { pubkey: "" },
    production: true
 };