docker-compose HTTPS fix (ivanpaulovich#232)

* docker-compose HTTPS fix
pendenaor · Sep 15, 2020 · 2d889c6 · 2d889c6
1 parent 9aece74
commit 2d889c6
Show file tree

Hide file tree

Showing 16 changed files with 41 additions and 194 deletions.
diff --git a/.docker/docker-compose.override.yml b/.docker/docker-compose.override.yml
@@ -1,9 +1,10 @@
 version: '3.4'
 
 services:
-  # nginx:
-  #   volumes:
-  #     - ~/.aspnet/https:/https:ro
+  nginx:
+    volumes:
+      - ../.docker/https/localhost.crt:/etc/ssl/certs/localhost.crt:ro
+      - ../.docker/https/localhost.key:/etc/ssl/private/localhost.key:ro
   accounts-api:
     environment:
       - ASPNETCORE_ENVIRONMENT=Production
@@ -13,7 +14,7 @@ services:
       - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/localhost.pfx
       - PersistenceModule__DefaultConnection=Server=sql1;User Id=sa;Password=<YourStrong!Passw0rd>;Database=Accounts;
     volumes:
-      - ~/.aspnet/https:/https:ro
+      - ../.docker/https:/https:ro
   identity-server:
     environment:
       - ASPNETCORE_ENVIRONMENT=Production
@@ -22,7 +23,7 @@ services:
       - ASPNETCORE_Kestrel__Certificates__Default__Password=MyCertificatePassword
       - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/localhost.pfx
     volumes:
-      - ~/.aspnet/https:/https:ro
+      - ../.docker/https:/https:ro
   wallet-spa:
     stdin_open: true # docker run -i
     tty: true        # docker run -t

diff --git a/.docker/init-db.sh b/.docker/init-db.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+dotnet tool update --global dotnet-ef --version 3.1.8
+dotnet ef database update --project ../accounts-api/src/Infrastructure --startup-project ../accounts-api/src/WebApi
diff --git a/.docker/localhost.crt b/.docker/localhost.crt
diff --git a/.docker/localhost.key b/.docker/localhost.key
diff --git a/.docker/makecert.sh b/.docker/makecert.sh
@@ -1,17 +1,4 @@
 #!/bin/bash
-openssl req -x509 -newkey rsa:2048 -keyout localhost.key -out localhost.crt -days 365 -nodes -config ./ssl-selfsigned.cnf
-openssl pkcs12 -export -out localhost.pfx -inkey localhost.key -in localhost.crt -name "Localhost selfsigned certificate" -password pass:MyCertificatePassword
-rm ~/.aspnet/https/localhost.key
-rm ~/.aspnet/https/localhost.crt
-rm ~/.aspnet/https/localhost.pfx
-rm ../wallet-spa/localhost.key
-rm ../wallet-spa/localhost.crt
-rm ../nginx/localhost.key
-rm ../nginx/localhost.crt
-cp localhost.key ~/.aspnet/https/localhost.key
-cp localhost.crt ~/.aspnet/https/localhost.crt
-cp localhost.pfx ~/.aspnet/https/localhost.pfx
-cp localhost.key ../wallet-spa/localhost.key
-cp localhost.crt ../wallet-spa/localhost.crt
-cp localhost.key ../nginx/localhost.key
-cp localhost.crt ../nginx/localhost.crt
+mkdir https
+openssl req -x509 -newkey rsa:2048 -keyout https/localhost.key -out https/localhost.crt -days 365 -nodes -config ssl-selfsigned.cnf
+openssl pkcs12 -export -out https/localhost.pfx -inkey https/localhost.key -in https/localhost.crt -name "Localhost selfsigned certificate" -password pass:MyCertificatePassword
diff --git a/.docker/startup-backend-only.sh b/.docker/startup-backend-only.sh
@@ -1,14 +1,13 @@
 #!/bin/bash
 echo "1. Building Docker images in silent mode. This may take few minutes..."
 echo -e "\n\n\tEnsure Docker is up and running.\n\n"
-docker-compose build accounts-api
-docker-compose build identity-server
+docker-compose build --quiet
 echo "2. Starting up SQL Server in Docker..."
 docker-compose up -d sql1
-echo "3. Installing Entity Framework Tool to migrate databases."
-dotnet tool update --global dotnet-ef --version 3.1.7
-echo "4. Generating accounts schema in DB..."
-dotnet ef database update --project ../accounts-api/src/Infrastructure --startup-project ../accounts-api/src/WebApi
-echo "5. Starting up Identity Server and Accounts applications."
+echo "3. Updating DB using Entity Framework Tool..."
+./init-db
+echo -e "4. Starting up applications:"
+echo -e "\tIdentity Server."
+echo -e "\tAccounts."
 docker-compose up -d identity-server
 docker-compose up -d accounts-api
diff --git a/.docker/startup.sh b/.docker/startup.sh
@@ -4,10 +4,11 @@ echo -e "\n\n\tEnsure Docker is up and running.\n\n"
 docker-compose build --quiet
 echo "2. Starting up SQL Server in Docker..."
 docker-compose up -d sql1
-echo "3. Installing Entity Framework Tool to migrate databases."
-dotnet tool update --global dotnet-ef --version 3.1.7
-echo "4. Generating accounts schema in DB..."
-dotnet ef database update --project ../accounts-api/src/Infrastructure --startup-project ../accounts-api/src/WebApi
-echo "5. Starting up Identity Server and Accounts applications."
+echo "3. Updating DB using Entity Framework Tool..."
+./init-db
+echo -e "4. Starting up applications:"
+echo -e "\tIdentity Server."
+echo -e "\tAccounts."
+echo -e "\tSPA."
 docker-compose up -d
-echo -e "6. Browse to $(tput setaf 3)https://wallet.local/$(tput sgr0)\n\nUse the following credentials to login into Identity Server:\n\n\tUsername:\t$(tput setaf 3)alice$(tput sgr0)\n\tPassword:\t$(tput setaf 3)alice$(tput sgr0)"
+echo -e "5. Browse to $(tput setaf 3)https://wallet.local/$(tput sgr0)\n\nUse the following credentials to login into Identity Server:\n\n\tUsername:\t$(tput setaf 3)alice$(tput sgr0)\n\tPassword:\t$(tput setaf 3)alice$(tput sgr0)"
diff --git a/.docker/trustcert-mac.sh b/.docker/trustcert-mac.sh
@@ -1,3 +1,3 @@
 #!/bin/bash
 # https://gist.github.com/epcim/03f66dfa85ad56604c7b8e6df79614e0
-sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain localhost.crt
+sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain https/localhost.crt
diff --git a/.docker/trustcert-windows.sh b/.docker/trustcert-windows.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+# https://gist.github.com/epcim/03f66dfa85ad56604c7b8e6df79614e0
+dotnet dev-certs https -ep https/localhost.pfx -p MyCertificatePassword
+dotnet dev-certs https --trust
diff --git a/Clean-Architecture-Manga.sln b/Clean-Architecture-Manga.sln
@@ -50,6 +50,14 @@ EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "IdentityServer", "identity-server\IdentityServer.csproj", "{01537DBF-3C0F-4B83-A089-0D12E5CA06C6}"
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = ".docker", ".docker", "{FAA0BAC6-0AA8-4908-A287-D550E9F9CBA8}"
+	ProjectSection(SolutionItems) = preProject
+		.docker\makecert.sh = .docker\makecert.sh
+		.docker\ssl-selfsigned.cnf = .docker\ssl-selfsigned.cnf
+		.docker\startup-backend-only.sh = .docker\startup-backend-only.sh
+		.docker\startup.sh = .docker\startup.sh
+		.docker\trustcert-mac.sh = .docker\trustcert-mac.sh
+		.docker\trustcert-windows.sh = .docker\trustcert-windows.sh
+	EndProjectSection
 EndProject
 Project("{E53339B2-1760-4266-BCC7-CA923CBCF16C}") = "docker-compose", ".docker\docker-compose.dcproj", "{A0517AF3-3B35-443A-80DC-FF94F10CF056}"
 EndProject

diff --git a/README.md b/README.md
@@ -37,6 +37,7 @@ Startup the whole solution:
 cd .docker
 ./makecert.sh
 ./trustcert-mac.sh
+#./trustcert-windows.sh
 ./startup.sh
 ```
 
@@ -62,6 +63,7 @@ If you prefer dotnet commands then start each service individually:
 ```sh
 dotnet dev-certs https --clean
 dotnet dev-certs https -ep $env:USERPROFILE\.aspnet\https\aspnetapp.pfx -p MyCertificatePassword
+dotnet dev-certs https --trust
 ```
 
 ### Spin up SQL Server in a Docker container

diff --git a/nginx/Dockerfile b/nginx/Dockerfile
@@ -1,5 +1,3 @@
 FROM nginx:latest
 
-COPY nginx.conf /etc/nginx/nginx.conf
-COPY localhost.crt /etc/ssl/certs/localhost.crt
-COPY localhost.key /etc/ssl/private/localhost.key
+COPY nginx.conf /etc/nginx/nginx.conf
diff --git a/nginx/localhost.crt b/nginx/localhost.crt
diff --git a/nginx/localhost.key b/nginx/localhost.key
diff --git a/wallet-spa/localhost.crt b/wallet-spa/localhost.crt
diff --git a/wallet-spa/localhost.key b/wallet-spa/localhost.key