From a5824f8b51e38ba53c968267385f593fdcfb4e2e Mon Sep 17 00:00:00 2001
From: Jan Szumotalski <jszumotalski@gmail.com>
Date: Tue, 15 Apr 2025 16:14:04 +0200
Subject: [PATCH] Made program generate SSL

---
 Dockerfile                      | 19 +++++++------------
 README.md                       | 14 --------------
 cli.ini                         |  3 +++
 compose.yml                     |  8 +++++++-
 entrypoint.sh                   | 15 +++++++++++++++
 httpd.conf                      | 30 +++++-------------------------
 src/environments/environment.ts |  6 ++----
 7 files changed, 39 insertions(+), 56 deletions(-)
 create mode 100644 cli.ini
 create mode 100644 entrypoint.sh

diff --git a/Dockerfile b/Dockerfile
index b1bbced..bbe31d5 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,21 +1,13 @@
-FROM node:18-alpine as build
+FROM node:18-alpine AS build
 WORKDIR /build
 ADD . .
 RUN [ "npm", "ci" ]
-COPY <<EOF src/environments/environment.ts
-export const environment = {
-    apiEndpoint: `http://localhost/api`,
-    version: "v1.0.0",
-    vapid: {
-        pubkey: `${VAPID}`
-    },
-    production: true
-};
-EOF
 RUN [ "npm", "run", "build" ]
 
-FROM httpd:alpine as runtime
+FROM httpd:alpine AS runtime
+RUN apk add --no-cache certbot certbot-apache
 COPY httpd.conf /usr/local/apache2/conf/httpd.conf
+COPY cli.ini /etc/letsencrypt/cli.ini
 COPY --from=build /build/dist /usr/local/apache2/htdocs/
 COPY <<EOF /usr/local/apache2/htdocs/ipwa/.htaccess
 RewriteEngine on
@@ -25,4 +17,7 @@ RewriteRule ^ - [L]
 RewriteRule ^ /ipwa/index.html
 EOF
 RUN chmod +rx /usr/local/apache2/htdocs/ipwa/.htaccess
+COPY entrypoint.sh entrypoint.sh
 EXPOSE 80
+EXPOSE 443
+CMD ["sh", "entrypoint.sh"]
\ No newline at end of file
diff --git a/README.md b/README.md
index 435078a..754d36a 100644
--- a/README.md
+++ b/README.md
@@ -5,18 +5,4 @@ This project depends on the [Backend server](https://github.com/Slasherss1/ipwa-
 
 ## Things to change
 Change following files:
-- `Dockerfile`:
-    | Line | What to change | Note |
-    | --- | --- | --- |
-    | 7 | ``apiEndpoint: `http://localhost/api`,`` | Change url to backend endpoint |
-
-- `httpd.conf`:
-    | Line | What to change | Note |
-    | --- | --- | --- |
-    | 233 | `ServerAdmin you@example.com` | Change to webmaster's email |
-    | 242 | `ServerName www.example.com` | Change to final domain name |
-    | 312 | `ServerName www.example.com` | See above |
-    | 314 | `SSLCertificateFile /cert/live/<domain>/cert.pem` | Change `<domain>` to the domain name above |
-    | 315 | `SSLCertificateKeyFile /cert/live/<domain>/privkey.pem` | Change `<domain>` to the domain name above |
-    | 316 | `SSLCertificateChainFile /cert/live/<domain>/chain.pem` | Change `<domain>` to the domain name above |
 - (Optional) `src/assets/icons/*` - You can change the icons to your own 
\ No newline at end of file
diff --git a/cli.ini b/cli.ini
new file mode 100644
index 0000000..17f5425
--- /dev/null
+++ b/cli.ini
@@ -0,0 +1,3 @@
+agree-tos = true
+apache-challenge-location = /usr/local/apache2
+apache-server-root = /usr/local/apache2
\ No newline at end of file
diff --git a/compose.yml b/compose.yml
index 96a8b03..96c0c2b 100644
--- a/compose.yml
+++ b/compose.yml
@@ -2,4 +2,10 @@ services:
   front:
     build: .
     ports:
-      - 8080:80
+      - 80:80
+      - 443:443
+    environment:
+      - DOMAIN=
+      - EMAIL=
+    volumes:
+      - cert:/etc/letsencrypt
\ No newline at end of file
diff --git a/entrypoint.sh b/entrypoint.sh
new file mode 100644
index 0000000..fd0f83b
--- /dev/null
+++ b/entrypoint.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+cat >> /usr/local/apache2/conf/httpd.conf <<EOF
+ServerName $DOMAIN
+ServerAdmin $EMAIL
+<VirtualHost *:80>
+    ServerName $DOMAIN
+</VirtualHost>
+EOF
+
+http -k start
+certbot --apache -n --keep -d $DOMAIN -m $EMAIL
+httpd -k stop
+
+
+httpd-foreground
\ No newline at end of file
diff --git a/httpd.conf b/httpd.conf
index 95df67d..b556e8b 100644
--- a/httpd.conf
+++ b/httpd.conf
@@ -92,7 +92,7 @@ LoadModule auth_basic_module modules/mod_auth_basic.so
 #LoadModule cache_module modules/mod_cache.so
 #LoadModule cache_disk_module modules/mod_cache_disk.so
 #LoadModule cache_socache_module modules/mod_cache_socache.so
-#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
+LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
 #LoadModule socache_dbm_module modules/mod_socache_dbm.so
 #LoadModule socache_memcache_module modules/mod_socache_memcache.so
 #LoadModule socache_redis_module modules/mod_socache_redis.so
@@ -225,22 +225,6 @@ Group www-data
 # virtual host being defined.
 #
 
-#
-# ServerAdmin: Your address, where problems with the server should be
-# e-mailed.  This address appears on some server-generated pages, such
-# as error documents.  e.g. admin@your-domain.com
-#
-ServerAdmin you@example.com
-
-#
-# ServerName gives the name and port that the server uses to identify itself.
-# This can often be determined automatically, but we recommend you specify
-# it explicitly to prevent problems during startup.
-#
-# If your host doesn't have a registered DNS name, enter its IP address here.
-#
-ServerName www.example.com
-
 #
 # Deny access to the entirety of your server's filesystem. You must
 # explicitly permit access to web content directories in other 
@@ -308,14 +292,6 @@ RedirectMatch ^/$ /ipwa
     Alias "/var/www/certbot/.well-known/acme-challenge/"
 </Location>
 
-<VirtualHost *:443>
-    ServerName www.example.com
-    SSLEngine on
-    SSLCertificateFile /cert/live/<domain>/cert.pem
-    SSLCertificateKeyFile /cert/live/<domain>/privkey.pem
-    SSLCertificateChainFile /cert/live/<domain>/chain.pem
-</VirtualHost>
-
 #
 # DirectoryIndex: sets the file that Apache will serve if a directory
 # is requested.
@@ -569,6 +545,10 @@ Include conf/extra/proxy-html.conf
 #       starting without SSL on platforms with no /dev/random equivalent
 #       but a statically compiled-in mod_ssl.
 #
+
+SSLSessionCache         "shmcb:/usr/local/apache2/logs/ssl_cache(512000)"
+SSLSessionCacheTimeout  300
+
 <IfModule ssl_module>
 SSLRandomSeed startup builtin
 SSLRandomSeed connect builtin
diff --git a/src/environments/environment.ts b/src/environments/environment.ts
index 5dbb8b5..7b5e3cf 100644
--- a/src/environments/environment.ts
+++ b/src/environments/environment.ts
@@ -1,8 +1,6 @@
 export const environment = {
-    apiEndpoint: `https://${process.env['ORIGIN']}/api`,
+    apiEndpoint: `${window.location.origin}/api`,
     version: "v1.0.0",
-    vapid: {
-        pubkey: `${process.env['VAPID']}`
-    },
+    vapid: { pubkey: "" },
     production: true
 };