Merge pull request #5476 from FinnStutzenstein/https

Https
This commit is contained in:
Finn Stutzenstein 2020-07-24 10:59:37 +02:00 committed by GitHub
commit 5d7dc56684
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 72 additions and 24 deletions

3
.gitignore vendored
View File

@ -8,6 +8,9 @@
.env
*.code-workspace
# certs
*.pem
# Old OS3 files and folders
.coverage
.mypy_cache

View File

@ -1,10 +1,30 @@
# Development of OpenSlides 4
## Requirements
You need git, bash, docker, docker-compose, make and go installed.
Go is needed to install https://github.com/FiloSottile/mkcert. The development setup uses HTTPS per default. OpenSlides does not work with HTTP anymore since features are required (like http2) that only works in a secure environment.
## First time checkout
After cloning the repository you need to initialize all submodules, before you can start the development setup
Clone this repository:
$ git clone git@github.com:OpenSlides/OpenSlides.git
$ git checkout openslides4-dev
TODO: use `--recurse-submodules`, when master is OS4
After checking out the os4-branch you need to initialize all submodules and install a root-cert:
$ git submodule update --init
$ go get https://github.com/FiloSottile/mkcert
$ sudo mkcert -install
If you get an error, you might need to install `certutil`. For Debian: `sudo apt install libnss3-tools`.
Finally, start the dev server:
$ make run-dev
## Running tests

View File

@ -26,3 +26,6 @@ build-prod:
run-prod: | build-prod
docker-compose -f docker-compose.yml -f docker-compose.prod.yml up
reload-haproxy:
docker-compose -f docker-compose.yml -f docker-compose.dev.yml kill -s HUP haproxy

View File

@ -18,6 +18,8 @@ Read more about our [concept of OpenSlides 4.0](https://github.com/OpenSlides/Op
## Installation
NOTE: Do not use prod at the moment. It will not work. Please refer to the DEVELOPMENT.md!
Required software: Docker, docker-compose, make, git
For a non-development setup, clone this repo and run it via docker compose. The make command is a handy shortcut for this:

View File

@ -1,4 +1,4 @@
FROM haproxy
FROM haproxy:2.0-alpine
COPY src/haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
COPY src/prod-haproxy.cfg /usr/local/etc/haproxy/prod-haproxy.cfg
CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg", "-f", "/usr/local/etc/haproxy/prod-haproxy.cfg"]

View File

@ -1,4 +1,5 @@
FROM haproxy
FROM haproxy:2.0-alpine
COPY src/haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
COPY src/dev-haproxy.cfg /usr/local/etc/haproxy/dev-haproxy.cfg
COPY src/combined.pem /usr/local/etc/haproxy/combined.pem
CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg", "-f", "/usr/local/etc/haproxy/dev-haproxy.cfg"]

View File

@ -1,2 +1,3 @@
build-dev:
./prepare-cert.sh
docker build -t openslides-haproxy-dev -f Dockerfile.dev .

17
haproxy/prepare-cert.sh Executable file
View File

@ -0,0 +1,17 @@
#!/bin/bash
set -e
cd "$(dirname "$0")"
# check, if we already generated a cert
combined="src/combined.pem"
if [[ ! -f $combined ]]; then
echo "Creating certificates..."
cd src
mkcert -cert-file localhost.pem -key-file localhost-key.pem localhost 127.0.0.1
cat localhost.pem localhost-key.pem > combined.pem
echo "done"
else
echo "Certificate exists."
fi

View File

@ -1,5 +1,4 @@
backend backend_client
mode http
timeout tunnel 1h
server client client:9001 resolvers docker_resolver no-check
timeout server 60s
timeout connect 60s

View File

@ -1,12 +1,23 @@
global
log stdout format raw local0 debug
frontend http
bind *:8000
defaults
option http-use-htx
timeout connect 10s
timeout client 10s
timeout client-fin 10s
timeout server 10s
timeout server-fin 10s
timeout check 10s
timeout tunnel 10s
log global
option httplog
frontend https
mode http
option http-keep-alive
bind *:8000 ssl crt /usr/local/etc/haproxy/combined.pem alpn h2,http/1.1
default_backend backend_client # this is defined in the dev-*/prod-* file
timeout client 60s
acl action path_beg -i /system/action
use_backend backend_action if action
@ -30,23 +41,16 @@ resolvers docker_resolver
backend backend_action
mode http
server action backend:9002 resolvers docker_resolver check
timeout connect 60s
timeout server 60s
backend backend_presenter
mode http
server presenter backend:9003 resolvers docker_resolver check
timeout connect 60s
timeout server 60s
backend backend_autoupdate
mode http
server autoupdate autoupdate:9012 resolvers docker_resolver check
timeout connect 60s
timeout server 60s
timeout server 1h
server autoupdate autoupdate:9012 resolvers docker_resolver check ssl verify none alpn h2
backend backend_auth
mode http
server auth auth:9004 resolvers docker_resolver check
timeout connect 60s
timeout server 60s
server auth auth:9004 resolvers docker_resolver check

View File

@ -1,5 +1,3 @@
backend backend_client
mode http
server client client:9001 resolvers docker_resolver check
timeout server 60s
timeout connect 60s

@ -1 +1 @@
Subproject commit 94c3da7f70c76931cf426ea199eada3639dd27af
Subproject commit ce94d13217edc72f7d53e94fb93864d183cb53d3

@ -1 +1 @@
Subproject commit 065b42afff8a3bbd5568b1557f965363a97542c0
Subproject commit 197d552083287d418387556b99a755fa81abb29a