From 05620f674828d313ce163668c8f4ee37e7a29f56 Mon Sep 17 00:00:00 2001
From: Aliaksandr BUDZKO <abudzko@takima.fr>
Date: Fri, 23 Jul 2021 10:08:21 +0200
Subject: [PATCH] feat: add docker

---
 .gitignore          |  4 ++-
 Dockerfile          | 18 ++++++++++
 data/nginx/app.conf | 26 +++++++++++++++
 docker-compose.yml  | 17 ++++++++++
 init_cert.sh        | 80 +++++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 144 insertions(+), 1 deletion(-)
 create mode 100644 Dockerfile
 create mode 100644 data/nginx/app.conf
 create mode 100644 docker-compose.yml
 create mode 100755 init_cert.sh

diff --git a/.gitignore b/.gitignore
index 8795c9b..284ab62 100644
--- a/.gitignore
+++ b/.gitignore
@@ -14,4 +14,6 @@ reports/
 
 *.BLOB
 
-*.MAP
\ No newline at end of file
+*.MAP
+
+data/certbot
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..b3ea353
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,18 @@
+#build stage
+FROM node:lts-stretch-slim as build-stage
+RUN mkdir /usr/src/app
+WORKDIR /usr/src/app
+ENV PATH /usr/src/app/node_modules/.bin:$PATH
+COPY package.json /usr/src/app/package.json
+
+RUN npm install --silent
+RUN npm install react-scripts -g --silent
+COPY . /usr/src/app
+
+RUN npm run build
+
+# production stage
+FROM nginx:1.13.12-alpine as production-stage
+COPY --from=build-stage /usr/src/app/build /usr/share/nginx/html
+EXPOSE 80
+CMD ["nginx", "-g", "daemon off;"]
\ No newline at end of file
diff --git a/data/nginx/app.conf b/data/nginx/app.conf
new file mode 100644
index 0000000..0256207
--- /dev/null
+++ b/data/nginx/app.conf
@@ -0,0 +1,26 @@
+server {
+    listen 80;
+
+    server_name staging-deadlock-demo.takima.io www.staging-deadlock-demo.takima.io;
+
+
+    location ^~ /.well-known/acme-challenge/ {
+        allow all;
+        root /var/www/certbot;
+    }
+
+
+}
+server {
+    listen 443 ssl;
+    server_name staging-deadlock-demo.takima.io www.staging-deadlock-demo.takima.io;
+
+    location / {
+            proxy_pass http://staging-deadlock-demo.takima.io;
+        }
+
+    ssl_certificate /etc/letsencrypt/live/staging-deadlock-demo.takima.io/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/staging-deadlock-demo.takima.io/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+}
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..7f83d7a
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,17 @@
+version: '3'
+services:
+  app:
+    build: .
+    container_name: "vitrine"
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./data/nginx:/etc/nginx/conf.d
+      - ./data/certbot/conf:/etc/letsencrypt
+      - ./data/certbot/www:/var/www/certbot
+  certbot:
+    image: certbot/certbot
+    volumes:
+      - ./data/certbot/conf:/etc/letsencrypts
+      - ./data/certbot/www:/var/www/certbot
\ No newline at end of file
diff --git a/init_cert.sh b/init_cert.sh
new file mode 100755
index 0000000..a2394bd
--- /dev/null
+++ b/init_cert.sh
@@ -0,0 +1,80 @@
+#!/bin/bash
+
+if ! [ -x "$(command -v docker-compose)" ]; then
+  echo 'Error: docker-compose is not installed.' >&2
+  exit 1
+fi
+
+domains=(staging-deadlock-demo.takima.io www.staging-deadlock-demo.takima.io)
+rsa_key_size=4096
+data_path="./data/certbot"
+email="deadlock@takima.io" # Adding a valid address is strongly recommended
+staging=0 # Set to 1 if you're testing your setup to avoid hitting request limits
+
+if [ -d "$data_path" ]; then
+  read -p "Existing data found for $domains. Continue and replace existing certificate? (y/N) " decision
+  if [ "$decision" != "Y" ] && [ "$decision" != "y" ]; then
+    exit
+  fi
+fi
+
+
+if [ ! -e "$data_path/conf/options-ssl-nginx.conf" ] || [ ! -e "$data_path/conf/ssl-dhparams.pem" ]; then
+  echo "### Downloading recommended TLS parameters ..."
+  mkdir -p "$data_path/conf"
+  curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf"
+  curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem"
+  echo
+fi
+
+echo "### Creating dummy certificate for $domains ..."
+path="/etc/letsencrypt/live/$domains"
+mkdir -p "$data_path/conf/live/$domains"
+docker-compose run --rm --entrypoint "\
+  openssl req -x509 -nodes -newkey rsa:$rsa_key_size -days 1\
+    -keyout '$path/privkey.pem' \
+    -out '$path/fullchain.pem' \
+    -subj '/CN=localhost'" certbot
+echo
+
+
+echo "### Starting nginx ..."
+docker-compose up --force-recreate -d app
+echo
+
+echo "### Deleting dummy certificate for $domains ..."
+docker-compose run --rm --entrypoint "\
+  rm -Rf /etc/letsencrypt/live/$domains && \
+  rm -Rf /etc/letsencrypt/archive/$domains && \
+  rm -Rf /etc/letsencrypt/renewal/$domains.conf" certbot
+echo
+
+
+echo "### Requesting Let's Encrypt certificate for $domains ..."
+#Join $domains to -d args
+domain_args=""
+for domain in "${domains[@]}"; do
+  domain_args="$domain_args -d $domain"
+done
+
+# Select appropriate email arg
+case "$email" in
+  "") email_arg="--register-unsafely-without-email" ;;
+  *) email_arg="--email $email" ;;
+esac
+
+# Enable staging mode if needed
+if [ $staging != "0" ]; then staging_arg="--staging"; fi
+
+docker-compose run --rm --entrypoint "\
+  certbot certonly --webroot -w /var/www/certbot \
+    $staging_arg \
+    $email_arg \
+    $domain_args \
+    --rsa-key-size $rsa_key_size \
+    --agree-tos \
+    --force-renewal" certbot
+echo
+
+echo "### Reloading nginx ..."
+docker-compose exec app app -s reload
-- 
GitLab