diff --git a/.gitignore b/.gitignore index cedab0ea1..d178f8118 100644 --- a/.gitignore +++ b/.gitignore @@ -28,6 +28,7 @@ bin .project ${sys:DATA} *.log +.certs # User-specific stuff: .idea/workspace.xml diff --git a/.scripts/convert-to-p12.sh b/.scripts/convert-to-p12.sh index 53054ed82..79459146e 100755 --- a/.scripts/convert-to-p12.sh +++ b/.scripts/convert-to-p12.sh @@ -1,27 +1,29 @@ #!/bin/sh -certPath=${1:-"."} # if $1 is not passed, use current directory +set -e + +certPath=${1:-"."} serverCrt="$certPath/server.crt" serverKey="$certPath/server.key" -caCrt="$certPath/ca.crt" # Path to the Certificate Authority certificate +caCrt="$certPath/ca.crt" pkcs12File="$certPath/signaling.p12" -pkcs12Password=${2:-"changeme"} # if $2 is not passed, use "changeme" +pkcs12Password=${2:-"changeme"} mkdir -p $certPath -# Check if server.crt and server.key files exist if [ ! -f "$serverCrt" ] || [ ! -f "$serverKey" ]; then echo "server.crt or server.key files not found. Generating certificates..." - . "$(dirname "$0")/generate-certs.sh" $certPath + . "$(dirname "$0")/generate-certs.sh" "$certPath" fi -# Check if ca.crt file exists to create a full chain of certificates if [ -f "$caCrt" ]; then echo "ca.crt file found. Creating a full chain of certificates..." cat $serverCrt $caCrt > "$certPath/fullchain.crt" openssl pkcs12 -export -in "$certPath/fullchain.crt" -inkey $serverKey -name "apiserver" -out $pkcs12File -password pass:$pkcs12Password else - openssl pkcs12 -export -in $serverCrt -inkey $serverKey -name "apiserver" -out $pkcs12File -password pass:$pkcsPassword + openssl pkcs12 -export -in $serverCrt -inkey $serverKey -name "apiserver" -out $pkcs12File -password pass:$pkcs12Password fi +openssl pkcs12 -info -in "$pkcs12File" -noout -passin pass:"$pkcs12Password" # Verifies the keystore + echo "PKCS12 keystore has been created at $pkcs12File" diff --git a/.scripts/generate-certs.sh b/.scripts/generate-certs.sh index 4c10e6a7c..3e0d6f476 100755 --- a/.scripts/generate-certs.sh +++ b/.scripts/generate-certs.sh @@ -1,5 +1,7 @@ #!/bin/sh +set -e + basepath=${1:-"."} # if $1 is not passed, use current directory mkdir -p $basepath diff --git a/.scripts/init-postgres.sh b/.scripts/init-postgres.sh index 47ef29deb..fa66a7a9d 100644 --- a/.scripts/init-postgres.sh +++ b/.scripts/init-postgres.sh @@ -5,5 +5,5 @@ set -e # This scripts initializes the postgres database initdb /var/lib/postgresql/data pg_ctl start -D /var/lib/postgresql/data -npx prisma@5.9.1 migrate deploy --schema=/service/schema.prisma +npx prisma migrate deploy --schema=/service/schema.prisma pg_ctl stop -D /var/lib/postgresql/data \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 7e21d5b05..8083fb92e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -26,21 +26,21 @@ RUN chmod +x heplify ## FROM alpine:3.19 AS runner -ARG PKCS12_PASSWORD=changeme -ARG POSTGRES_USER=postgres -ARG POSTGRES_PASSWORD=postgres +ARG PKCS12_PASSWORD="changeme" +ARG POSTGRES_USER="postgres" +ARG POSTGRES_PASSWORD="postgres" ARG CA_CERT_SUBJECT="/CN=Self Signed CA" ARG SERVER_CERT_SUBJECT="/CN=localhost" -ARG PRISMA_VERSION=5.9.1 -ARG DATABASE_URL=postgres://$POSTGRES_USER:$POSTGRES_PASSWORD@localhost:5432/routr +ARG PRISMA_VERSION="5.9.1" +ARG DATABASE_URL="postgres://$POSTGRES_USER:$POSTGRES_PASSWORD@localhost:5432/routr" ENV PKCS12_PASSWORD=$PKCS12_PASSWORD \ - PATH_TO_CERTS=/etc/routr/certs \ - USER=fonoster \ + PATH_TO_CERTS="/etc/routr/certs" \ + USER="fonoster" \ GID=5000 \ UID=5000 \ - JAVA_HOME=/service/jre \ - EDGEPORT_RUNNER=/service/edgeport.sh \ + JAVA_HOME="/service/jre" \ + EDGEPORT_RUNNER="/service/edgeport.sh" \ TLS_ON=false \ VERIFY_CLIENT_CERT=false \ CA_CERT_SUBJECT=$CA_CERT_SUBJECT \ @@ -48,24 +48,25 @@ ENV PKCS12_PASSWORD=$PKCS12_PASSWORD \ DATABASE_URL=$DATABASE_URL \ IGNORE_LOOPBACK_FROM_LOCALNETS=true \ PRISMA_VERSION=$PRISMA_VERSION \ - START_INTERNAL_DB=true + START_INTERNAL_DB=true \ + LOG4J2="/etc/routr/log4j2.yaml" WORKDIR /service COPY mods/edgeport/edgeport.sh . COPY mods/edgeport/libs libs +COPY mods/pgdata/schema.prisma . +COPY mods/pgdata/migrations migrations +COPY mods/edgeport/etc/log4j2.yaml /etc/routr/log4j2.yaml COPY etc/edgeport.yaml config/edgeport.yaml -COPY config/log4j2.yaml mods/edgeport/etc/log4j2.yaml COPY .scripts/convert-to-p12.sh . COPY .scripts/generate-certs.sh . +COPY .scripts/init-postgres.sh . COPY --from=builder /work/dist dist COPY --from=builder /work/node_modules node_modules COPY --from=builder /work/package.json . COPY --from=builder /work/jre jre COPY --from=builder /work/heplify /usr/local/bin/ -COPY .scripts/init-postgres.sh . -COPY mods/pgdata/schema.prisma . -COPY mods/pgdata/migrations migrations RUN apk add --no-cache libcap nodejs npm openssl postgresql sed sngrep su-exec tini \ && npm install -g prisma@${PRISMA_VERSION} \ @@ -74,25 +75,26 @@ RUN apk add --no-cache libcap nodejs npm openssl postgresql sed sngrep su-exec t && adduser --disabled-password --gecos "" --ingroup ${USER} --home ${HOME} --uid ${UID} ${USER} \ && chown -R ${USER}:${USER} /service /etc/routr \ && chown -R postgres:postgres /var/lib/postgresql/data /run/postgresql /root/.npm \ - && chmod +x edgeport.sh convert-to-p12.sh init-postgres.sh \ + && chmod +x edgeport.sh convert-to-p12.sh init-postgres.sh generate-certs.sh \ && chmod 2777 /run/postgresql \ && setcap 'CAP_NET_RAW+eip' /usr/bin/sngrep \ && rm -rf /var/cache/apk/* /tmp/* \ - && rm -rf /root/.npm /root/.config /root/.cache /root/.local \ + && rm -rf /root/.npm /root/.config /root/.cache /root/.local package.json \ && apk del libcap # Re-mapping the signal from 143 to 0 ENTRYPOINT ["tini", "-v", "-e", "143", "--"] -CMD ["sh", "-c", "if [ \"$START_INTERNAL_DB\" = \"true\" ]; then \ +CMD ["/bin/sh", "-c", "if [ \"$START_INTERNAL_DB\" = \"true\" ]; then \ su-exec postgres /service/init-postgres.sh; \ su-exec postgres pg_ctl start -D /var/lib/postgresql/data --options='-h 0.0.0.0'; \ - fi && \ - DATABASE_URL=${DATABASE_URL} npx prisma@${PRISMA_VERSION} migrate deploy --schema=/service/schema.prisma && \ - su-exec $USER ./convert-to-p12.sh $PATH_TO_CERTS $PKCS12_PASSWORD && \ + fi; \ if [ -n \"$HEPLIFY_OPTIONS\" ]; then \ heplify $HEPLIFY_OPTIONS & \ - fi && \ - sed -i 's|keyStorePassword: .*|keyStorePassword: ${PKCS12_PASSWORD}|g' config/edgeport.yaml && \ - sed -i 's|trustStorePassword: .*|trustStorePassword: ${PKCS12_PASSWORD}|g' config/edgeport.yaml && \ - su-exec $USER node ./dist/runner"] + fi; \ + npx prisma migrate deploy --schema=/service/schema.prisma; \ + sed -i \"s|keyStorePassword:.*|keyStorePassword: $PKCS12_PASSWORD|g\" config/edgeport.yaml; \ + sed -i \"s|trustStorePassword:.*|trustStorePassword: $PKCS12_PASSWORD|g\" config/edgeport.yaml; \ + su-exec $USER ./convert-to-p12.sh $PATH_TO_CERTS $PKCS12_PASSWORD; \ + su-exec $USER node ./dist/runner" \ +] diff --git a/etc/certs/signaling.p12 b/etc/certs/signaling.p12 deleted file mode 100644 index 7167304b4..000000000 Binary files a/etc/certs/signaling.p12 and /dev/null differ diff --git a/mods/edgeport/Dockerfile b/mods/edgeport/Dockerfile index 8cdf33151..46fdb303f 100644 --- a/mods/edgeport/Dockerfile +++ b/mods/edgeport/Dockerfile @@ -17,21 +17,21 @@ RUN apk add --no-cache --update g++ openjdk17-jdk \ ## FROM alpine:3.19 AS runner -ARG PKCS12_PASSWORD=changeme -ARG PATH_TO_CERTS=/etc/routr/certs -ARG PATH_TO_LOGS=/opt/routr/logs +ARG PKCS12_PASSWORD="changeme" +ARG PATH_TO_CERTS="/etc/routr/certs" +ARG PATH_TO_LOGS="/opt/routr/logs" ARG CA_CERT_SUBJECT="/CN=Self Signed CA" ARG SERVER_CERT_SUBJECT="/CN=localhost" ENV PKCS12_PASSWORD=$PKCS12_PASSWORD \ PATH_TO_CERTS=$PATH_TO_CERTS \ PATH_TO_LOGS=$PATH_TO_LOGS \ - CONFIG_PATH=/etc/routr/edgeport.yaml \ + CONFIG_PATH="/etc/routr/edgeport.yaml" \ CA_CERT_SUBJECT=$CA_CERT_SUBJECT \ SERVER_CERT_SUBJECT=$SERVER_CERT_SUBJECT \ IGNORE_LOOPBACK_FROM_LOCALNETS=true \ - LOG4J2=/etc/routr/log4j2.yaml \ - JAVA_HOME=/opt/routr/jre + LOG4J2="/etc/routr/log4j2.yaml" \ + JAVA_HOME="/opt/routr/jre" WORKDIR /opt/routr diff --git a/package.json b/package.json index 170879367..2a016654d 100644 --- a/package.json +++ b/package.json @@ -22,7 +22,7 @@ "start:deps": "docker compose -f compose.dev.yaml up rtpengine redis postgres adminer -d", "stop:deps": "docker compose -f compose.dev.yaml down rtpengine redis postgres adminer", "db:migrate": "npx prisma migrate dev --schema ./mods/pgdata/schema.prisma --name changeme", - "generate:certs": "./.scripts/generate-certs.sh", + "generate:certs": "SERVER_CERT_SUBJECT='/CN=localhost' CA_CERT_SUBJECT='/CN=Self Signed CA' ./.scripts/generate-certs.sh .certs", "convert:certs": "./.scripts/convert-to-p12.sh && mv signaling.p12 etc/certs/", "transpile": "tsc", "make": "npm install && npm run build && npm run setup",