Skip to content

Commit

Permalink
Merge pull request #85 from pondersource/enhance-tls-certs
Browse files Browse the repository at this point in the history 
Enhance TLS certificates and Firefox certificate trust
  • Loading branch information
@MahdiBaghbani
MahdiBaghbani authored Mar 4, 2024
2 parents 4d9c145 + ddce703 commit 2cdaef2
Show file tree
Hide file tree
Showing 240 changed files with 3,159 additions and 1,245 deletions.
27 changes: 17 additions & 10 deletions dev/efss.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,8 @@ function createEfss() {
-e DBHOST="maria${platform}${number}.docker" \
-e USER="${user}" \
-e PASS="${password}" \
-v "${ENV_ROOT}/docker/tls:/tls-host" \
-v "${ENV_ROOT}/docker/tls/certificates:/certificates" \
-v "${ENV_ROOT}/docker/tls/certificate-authority:/certificate-authority" \
-v "${ENV_ROOT}/temp/${platform}.sh:/${platform}-init.sh" \
-v "${ENV_ROOT}/docker/scripts/entrypoint.sh:/entrypoint.sh" \
"${image}"
Expand All @@ -72,10 +73,11 @@ function createEfss() {
waitForPort "${platform}${number}.docker" 443

# add self-signed certificates to os and trust them. (use >/dev/null 2>&1 to shut these up)
docker exec "${platform}${number}.docker" bash -c "cp /tls/*.crt /usr/local/share/ca-certificates/" >/dev/null 2>&1
docker exec "${platform}${number}.docker" bash -c "cp /tls-host/*.crt /usr/local/share/ca-certificates/" >/dev/null 2>&1
docker exec "${platform}${number}.docker" update-ca-certificates >/dev/null 2>&1
docker exec "${platform}${number}.docker" bash -c "cat /etc/ssl/certs/ca-certificates.crt >> /var/www/html/resources/config/ca-bundle.crt" >/dev/null 2>&1
docker exec "${platform}${number}.docker" bash -c "cp -f /certificates/*.crt /usr/local/share/ca-certificates/ || true" >/dev/null 2>&1
docker exec "${platform}${number}.docker" bash -c "cp -f /certificate-authority/*.crt /usr/local/share/ca-certificates/ || true" >/dev/null 2>&1
docker exec "${platform}${number}.docker" bash -c "cp -f /tls/*.crt /usr/local/share/ca-certificates/ || true" >/dev/null 2>&1
docker exec "${platform}${number}.docker" update-ca-certificates >/dev/null 2>&1
docker exec "${platform}${number}.docker" bash -c "cat /etc/ssl/certs/ca-certificates.crt >> /var/www/html/resources/config/ca-bundle.crt" >/dev/null 2>&1

# run init script inside efss.
docker exec -u www-data "${platform}${number}.docker" bash "/${platform}-init.sh"
Expand Down Expand Up @@ -118,11 +120,16 @@ createEfss nextcloud 2 michiel dejong
### Firefox ###
###############

docker run --detach --network=testnet \
--name=firefox \
-p 5800:5800 \
--shm-size 2g \
jlesage/firefox:latest \
docker run --detach --network=testnet \
--name=firefox \
-p 5800:5800 \
--shm-size 2g \
-e USER_ID="${UID}" \
-e GROUP_ID="${UID}" \
-e DARK_MODE=1 \
-v "${ENV_ROOT}/docker/tls/browsers/firefox/cert9.db:/config/profile/cert9.db:rw" \
-v "${ENV_ROOT}/docker/tls/browsers/firefox/cert_override.txt:/config/profile/cert_override.txt:rw" \
jlesage/firefox:latest \
>/dev/null 2>&1

# print instructions.
Expand Down
27 changes: 17 additions & 10 deletions dev/federatedgroups.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,8 +62,9 @@ function createEfss() {
-e DBHOST="maria${platform}${number}.docker" \
-e USER="${user}" \
-e PASS="${password}" \
-v "${ENV_ROOT}/docker/tls:/tls-host" \
-v "${ENV_ROOT}/temp/federatedgroups:/curls" \
-v "${ENV_ROOT}/docker/tls/certificates:/certificates" \
-v "${ENV_ROOT}/docker/tls/certificate-authority:/certificate-authority" \
-v "${ENV_ROOT}/temp/${platform}.sh:/${platform}-init.sh" \
-v "${ENV_ROOT}/docker/scripts/entrypoint.sh:/entrypoint.sh" \
-v "${ENV_ROOT}/${platform}/apps/customgroups:/var/www/html/apps/customgroups" \
Expand All @@ -76,10 +77,11 @@ function createEfss() {
waitForPort "${platform}${number}.docker" 443

# add self-signed certificates to os and trust them. (use >/dev/null 2>&1 to shut these up)
docker exec "${platform}${number}.docker" bash -c "cp /tls/*.crt /usr/local/share/ca-certificates/" >/dev/null 2>&1
docker exec "${platform}${number}.docker" bash -c "cp /tls-host/*.crt /usr/local/share/ca-certificates/" >/dev/null 2>&1
docker exec "${platform}${number}.docker" update-ca-certificates >/dev/null 2>&1
docker exec "${platform}${number}.docker" bash -c "cat /etc/ssl/certs/ca-certificates.crt >> /var/www/html/resources/config/ca-bundle.crt" >/dev/null 2>&1
docker exec "${platform}${number}.docker" bash -c "cp -f /certificates/*.crt /usr/local/share/ca-certificates/ || true" >/dev/null 2>&1
docker exec "${platform}${number}.docker" bash -c "cp -f /certificate-authority/*.crt /usr/local/share/ca-certificates/ || true" >/dev/null 2>&1
docker exec "${platform}${number}.docker" bash -c "cp -f /tls/*.crt /usr/local/share/ca-certificates/ || true" >/dev/null 2>&1
docker exec "${platform}${number}.docker" update-ca-certificates >/dev/null 2>&1
docker exec "${platform}${number}.docker" bash -c "cat /etc/ssl/certs/ca-certificates.crt >> /var/www/html/resources/config/ca-bundle.crt" >/dev/null 2>&1

# run init script inside efss.
docker exec -u www-data "${platform}${number}.docker" bash "/${platform}-init.sh"
Expand Down Expand Up @@ -150,11 +152,16 @@ federatedGroupsInsertIntoDB owncloud 2
### Firefox ###
###############

docker run --detach --network=testnet \
--name=firefox \
-p 5800:5800 \
--shm-size 2g \
jlesage/firefox:latest \
docker run --detach --network=testnet \
--name=firefox \
-p 5800:5800 \
--shm-size 2g \
-e USER_ID="${UID}" \
-e GROUP_ID="${UID}" \
-e DARK_MODE=1 \
-v "${ENV_ROOT}/docker/tls/browsers/firefox/cert9.db:/config/profile/cert9.db:rw" \
-v "${ENV_ROOT}/docker/tls/browsers/firefox/cert_override.txt:/config/profile/cert_override.txt:rw" \
jlesage/firefox:latest \
>/dev/null 2>&1

# print instructions.
Expand Down
31 changes: 20 additions & 11 deletions dev/sciencemesh.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,8 @@ function createEfss() {
-e DBHOST="maria${platform}${number}.docker" \
-e USER="${user}" \
-e PASS="${password}" \
-v "${ENV_ROOT}/docker/tls:/tls-host" \
-v "${ENV_ROOT}/docker/tls/certificates:/certificates" \
-v "${ENV_ROOT}/docker/tls/certificate-authority:/certificate-authority" \
-v "${ENV_ROOT}/temp/${platform}.sh:/${platform}-init.sh" \
-v "${ENV_ROOT}/docker/scripts/entrypoint.sh:/entrypoint.sh" \
-v "${ENV_ROOT}/${platform}/apps/sciencemesh:/var/www/html/apps/sciencemesh" \
Expand All @@ -84,10 +85,11 @@ function createEfss() {
waitForPort "${platform}${number}.docker" 443

# add self-signed certificates to os and trust them. (use >/dev/null 2>&1 to shut these up)
docker exec "${platform}${number}.docker" bash -c "cp /tls/*.crt /usr/local/share/ca-certificates/" >/dev/null 2>&1
docker exec "${platform}${number}.docker" bash -c "cp /tls-host/*.crt /usr/local/share/ca-certificates/" >/dev/null 2>&1
docker exec "${platform}${number}.docker" update-ca-certificates >/dev/null 2>&1
docker exec "${platform}${number}.docker" bash -c "cat /etc/ssl/certs/ca-certificates.crt >> /var/www/html/resources/config/ca-bundle.crt" >/dev/null 2>&1
docker exec "${platform}${number}.docker" bash -c "cp -f /certificates/*.crt /usr/local/share/ca-certificates/ || true" >/dev/null 2>&1
docker exec "${platform}${number}.docker" bash -c "cp -f /certificate-authority/*.crt /usr/local/share/ca-certificates/ || true" >/dev/null 2>&1
docker exec "${platform}${number}.docker" bash -c "cp -f /tls/*.crt /usr/local/share/ca-certificates/ || true" >/dev/null 2>&1
docker exec "${platform}${number}.docker" update-ca-certificates >/dev/null 2>&1
docker exec "${platform}${number}.docker" bash -c "cat /etc/ssl/certs/ca-certificates.crt >> /var/www/html/resources/config/ca-bundle.crt" >/dev/null 2>&1

# run init script inside efss.
docker exec -u www-data "${platform}${number}.docker" bash "/${platform}-init.sh"
Expand All @@ -114,7 +116,8 @@ function createReva() {
-e HOST="reva${platform}${number}" \
-p "${port}:80" \
-v "${ENV_ROOT}/reva:/reva" \
-v "${ENV_ROOT}/docker/tls:/etc/tls" \
-v "${ENV_ROOT}/docker/tls/certificates:/certificates" \
-v "${ENV_ROOT}/docker/tls/certificate-authority:/certificate-authority" \
-v "${ENV_ROOT}/docker/revad:/configs/revad" \
-v "${ENV_ROOT}/docker/scripts/reva-run.sh:/usr/bin/reva-run.sh" \
-v "${ENV_ROOT}/docker/scripts/reva-kill.sh:/usr/bin/reva-kill.sh" \
Expand Down Expand Up @@ -213,6 +216,7 @@ sciencemeshInsertIntoDB nextcloud 2
# Mesh directory for ScienceMesh invite flow.
docker run --detach --network=testnet \
--name=meshdir.docker \
-e HOST="meshdir" \
-v "${ENV_ROOT}/docker/scripts/stub.js:/ocm-stub/stub.js" \
pondersource/dev-stock-ocmstub \
>/dev/null 2>&1
Expand All @@ -221,11 +225,16 @@ docker run --detach --network=testnet \
### Firefox ###
###############

docker run --detach --network=testnet \
--name=firefox \
-p 5800:5800 \
--shm-size 2g \
jlesage/firefox:latest \
docker run --detach --network=testnet \
--name=firefox \
-p 5800:5800 \
--shm-size 2g \
-e USER_ID="${UID}" \
-e GROUP_ID="${UID}" \
-e DARK_MODE=1 \
-v "${ENV_ROOT}/docker/tls/browsers/firefox/cert9.db:/config/profile/cert9.db:rw" \
-v "${ENV_ROOT}/docker/tls/browsers/firefox/cert_override.txt:/config/profile/cert_override.txt:rw" \
jlesage/firefox:latest \
>/dev/null 2>&1

# print instructions.
Expand Down
27 changes: 17 additions & 10 deletions dev/solid-nextcloud-app.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,8 @@ function createEfss() {
-e DBHOST="maria${platform}${number}.docker" \
-e USER="${user}" \
-e PASS="${password}" \
-v "${ENV_ROOT}/docker/tls:/tls-host" \
-v "${ENV_ROOT}/docker/tls/certificates:/certificates" \
-v "${ENV_ROOT}/docker/tls/certificate-authority:/certificate-authority" \
-v "${ENV_ROOT}/temp/${platform}.sh:/${platform}-init.sh" \
-v "${ENV_ROOT}/docker/scripts/entrypoint.sh:/entrypoint.sh" \
-v "${ENV_ROOT}/nextcloud/apps/solid:/var/www/html/apps/solid" \
Expand All @@ -74,10 +75,11 @@ function createEfss() {
waitForPort "${platform}${number}.docker" 443

# add self-signed certificates to os and trust them. (use >/dev/null 2>&1 to shut these up)
docker exec "${platform}${number}.docker" bash -c "cp /tls/*.crt /usr/local/share/ca-certificates/" >/dev/null 2>&1
docker exec "${platform}${number}.docker" bash -c "cp /tls-host/*.crt /usr/local/share/ca-certificates/" >/dev/null 2>&1
docker exec "${platform}${number}.docker" update-ca-certificates >/dev/null 2>&1
docker exec "${platform}${number}.docker" bash -c "cat /etc/ssl/certs/ca-certificates.crt >> /var/www/html/resources/config/ca-bundle.crt" >/dev/null 2>&1
docker exec "${platform}${number}.docker" bash -c "cp -f /certificates/*.crt /usr/local/share/ca-certificates/ || true" >/dev/null 2>&1
docker exec "${platform}${number}.docker" bash -c "cp -f /certificate-authority/*.crt /usr/local/share/ca-certificates/ || true" >/dev/null 2>&1
docker exec "${platform}${number}.docker" bash -c "cp -f /tls/*.crt /usr/local/share/ca-certificates/ || true" >/dev/null 2>&1
docker exec "${platform}${number}.docker" update-ca-certificates >/dev/null 2>&1
docker exec "${platform}${number}.docker" bash -c "cat /etc/ssl/certs/ca-certificates.crt >> /var/www/html/resources/config/ca-bundle.crt" >/dev/null 2>&1

# run init script inside efss.
docker exec -u www-data "${platform}${number}.docker" bash "/${platform}-init.sh"
Expand Down Expand Up @@ -114,11 +116,16 @@ createEfss nextcloud 1 einstein relativity solid
### Firefox ###
###############

docker run --detach --network=testnet \
--name=firefox \
-p 5800:5800 \
--shm-size 2g \
jlesage/firefox:latest \
docker run --detach --network=testnet \
--name=firefox \
-p 5800:5800 \
--shm-size 2g \
-e USER_ID="${UID}" \
-e GROUP_ID="${UID}" \
-e DARK_MODE=1 \
-v "${ENV_ROOT}/docker/tls/browsers/firefox/cert9.db:/config/profile/cert9.db:rw" \
-v "${ENV_ROOT}/docker/tls/browsers/firefox/cert_override.txt:/config/profile/cert_override.txt:rw" \
jlesage/firefox:latest \
>/dev/null 2>&1

# print instructions.
Expand Down
2 changes: 1 addition & 1 deletion docker/configs/site.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
CustomLog ${APACHE_LOG_DIR}/access.log combined

SSLEngine on
SSLCertificateFile "/tls/server.cert"
SSLCertificateFile "/tls/server.crt"
SSLCertificateKeyFile "/tls/server.key"
</VirtualHost>
<VirtualHost *:80>
Expand Down
7 changes: 4 additions & 3 deletions docker/dockerfiles/ocmstub.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,10 @@ RUN git clone --depth 1 --branch main https://github.com/pondersource/ocm-stub

WORKDIR /ocm-stub

# Trust all the certificates:
ADD ./tls /tls
RUN cp /tls/*.crt /usr/local/share/ca-certificates/
# trust all the certificates:
COPY ./tls/certificates/* /tls/
COPY ./tls/certificate-authority/* /tls/
RUN ln --symbolic --force /tls/*.crt /usr/local/share/ca-certificates
RUN update-ca-certificates

RUN npm install
Expand Down
2 changes: 1 addition & 1 deletion docker/dockerfiles/owncloud-federatedgroups.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ RUN git clone \

RUN cd apps && ln --symbolic --force federatedgroups-git-repo/federatedgroups federatedgroups

COPY ./rd-sram/curls /curls
COPY ./scripts/federatedgroups /curls

# this file can be overrided in docker run or docker compose.yaml.
# example: docker run --volume new-init.sh:/init.sh:ro
Expand Down
5 changes: 3 additions & 2 deletions docker/dockerfiles/php-base.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,8 +90,9 @@ COPY ./configs/site.conf /configs-pondersource/site.conf
RUN ln --symbolic --force /configs-pondersource/site.conf /etc/apache2/sites-enabled/000-default.conf

# trust all the certificates:
COPY ./tls /tls
RUN cp /tls/*.crt /usr/local/share/ca-certificates/
COPY ./tls/certificates/* /tls/
COPY ./tls/certificate-authority/* /tls/
RUN ln --symbolic --force /tls/*.crt /usr/local/share/ca-certificates
RUN update-ca-certificates
RUN a2enmod ssl

Expand Down
Loading

0 comments on commit 2cdaef2

Please sign in to comment.