Use HTTPS in development mode
This commit is contained in:
parent
e47b5fff17
commit
79ddac9da8
3
.gitignore
vendored
3
.gitignore
vendored
@ -8,6 +8,9 @@
|
||||
.env
|
||||
*.code-workspace
|
||||
|
||||
# certs
|
||||
*.pem
|
||||
|
||||
# Old OS3 files and folders
|
||||
.coverage
|
||||
.mypy_cache
|
||||
|
@ -1,10 +1,30 @@
|
||||
# Development of OpenSlides 4
|
||||
|
||||
## Requirements
|
||||
|
||||
You need git, bash, docker, docker-compose, make and go installed.
|
||||
|
||||
Go is needed to install https://github.com/FiloSottile/mkcert. The development setup uses HTTPS per default. OpenSlides does not work with HTTP anymore since features are required (like http2) that only works in a secure environment.
|
||||
|
||||
## First time checkout
|
||||
|
||||
After cloning the repository you need to initialize all submodules, before you can start the development setup
|
||||
Clone this repository:
|
||||
|
||||
$ git clone git@github.com:OpenSlides/OpenSlides.git
|
||||
$ git checkout openslides4-dev
|
||||
|
||||
TODO: use `--recurse-submodules`, when master is OS4
|
||||
|
||||
After checking out the os4-branch you need to initialize all submodules and install a root-cert:
|
||||
|
||||
$ git submodule update --init
|
||||
$ go get https://github.com/FiloSottile/mkcert
|
||||
$ sudo mkcert -install
|
||||
|
||||
If you get an error, you might need to install `certutil`. For Debian: `sudo apt install libnss3-tools`.
|
||||
|
||||
Finally, start the dev server:
|
||||
|
||||
$ make run-dev
|
||||
|
||||
## Running tests
|
||||
|
3
Makefile
3
Makefile
@ -26,3 +26,6 @@ build-prod:
|
||||
|
||||
run-prod: | build-prod
|
||||
docker-compose -f docker-compose.yml -f docker-compose.prod.yml up
|
||||
|
||||
reload-haproxy:
|
||||
docker-compose -f docker-compose.yml -f docker-compose.dev.yml kill -s HUP haproxy
|
||||
|
@ -18,6 +18,8 @@ Read more about our [concept of OpenSlides 4.0](https://github.com/OpenSlides/Op
|
||||
|
||||
## Installation
|
||||
|
||||
NOTE: Do not use prod at the moment. It will not work. Please refer to the DEVELOPMENT.md!
|
||||
|
||||
Required software: Docker, docker-compose, make, git
|
||||
|
||||
For a non-development setup, clone this repo and run it via docker compose. The make command is a handy shortcut for this:
|
||||
|
@ -1,4 +1,4 @@
|
||||
FROM haproxy
|
||||
FROM haproxy:2.0-alpine
|
||||
COPY src/haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
|
||||
COPY src/prod-haproxy.cfg /usr/local/etc/haproxy/prod-haproxy.cfg
|
||||
CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg", "-f", "/usr/local/etc/haproxy/prod-haproxy.cfg"]
|
||||
|
@ -1,4 +1,5 @@
|
||||
FROM haproxy
|
||||
FROM haproxy:2.0-alpine
|
||||
COPY src/haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
|
||||
COPY src/dev-haproxy.cfg /usr/local/etc/haproxy/dev-haproxy.cfg
|
||||
COPY src/combined.pem /usr/local/etc/haproxy/combined.pem
|
||||
CMD ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg", "-f", "/usr/local/etc/haproxy/dev-haproxy.cfg"]
|
||||
|
@ -1,2 +1,3 @@
|
||||
build-dev:
|
||||
./prepare-cert.sh
|
||||
docker build -t openslides-haproxy-dev -f Dockerfile.dev .
|
||||
|
17
haproxy/prepare-cert.sh
Executable file
17
haproxy/prepare-cert.sh
Executable file
@ -0,0 +1,17 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
cd "$(dirname "$0")"
|
||||
|
||||
# check, if we already generated a cert
|
||||
combined="src/combined.pem"
|
||||
|
||||
if [[ ! -f $combined ]]; then
|
||||
echo "Creating certificates..."
|
||||
cd src
|
||||
mkcert -cert-file localhost.pem -key-file localhost-key.pem localhost 127.0.0.1
|
||||
cat localhost.pem localhost-key.pem > combined.pem
|
||||
echo "done"
|
||||
else
|
||||
echo "Certificate exists."
|
||||
fi
|
@ -1,5 +1,4 @@
|
||||
backend backend_client
|
||||
mode http
|
||||
timeout tunnel 1h
|
||||
server client client:9001 resolvers docker_resolver no-check
|
||||
timeout server 60s
|
||||
timeout connect 60s
|
||||
|
@ -1,12 +1,23 @@
|
||||
global
|
||||
log stdout format raw local0 debug
|
||||
|
||||
frontend http
|
||||
bind *:8000
|
||||
defaults
|
||||
option http-use-htx
|
||||
timeout connect 10s
|
||||
timeout client 10s
|
||||
timeout client-fin 10s
|
||||
timeout server 10s
|
||||
timeout server-fin 10s
|
||||
timeout check 10s
|
||||
timeout tunnel 10s
|
||||
log global
|
||||
option httplog
|
||||
|
||||
frontend https
|
||||
mode http
|
||||
option http-keep-alive
|
||||
bind *:8000 ssl crt /usr/local/etc/haproxy/combined.pem alpn h2,http/1.1
|
||||
default_backend backend_client # this is defined in the dev-*/prod-* file
|
||||
|
||||
timeout client 60s
|
||||
|
||||
acl action path_beg -i /system/action
|
||||
use_backend backend_action if action
|
||||
|
||||
@ -30,23 +41,16 @@ resolvers docker_resolver
|
||||
backend backend_action
|
||||
mode http
|
||||
server action backend:9002 resolvers docker_resolver check
|
||||
timeout connect 60s
|
||||
timeout server 60s
|
||||
|
||||
backend backend_presenter
|
||||
mode http
|
||||
server presenter backend:9003 resolvers docker_resolver check
|
||||
timeout connect 60s
|
||||
timeout server 60s
|
||||
|
||||
backend backend_autoupdate
|
||||
mode http
|
||||
server autoupdate autoupdate:9012 resolvers docker_resolver check
|
||||
timeout connect 60s
|
||||
timeout server 60s
|
||||
timeout server 1h
|
||||
server autoupdate autoupdate:9012 resolvers docker_resolver check ssl verify none alpn h2
|
||||
|
||||
backend backend_auth
|
||||
mode http
|
||||
server auth auth:9004 resolvers docker_resolver check
|
||||
timeout connect 60s
|
||||
timeout server 60s
|
@ -1,5 +1,3 @@
|
||||
backend backend_client
|
||||
mode http
|
||||
server client client:9001 resolvers docker_resolver check
|
||||
timeout server 60s
|
||||
timeout connect 60s
|
||||
|
@ -1 +1 @@
|
||||
Subproject commit 94c3da7f70c76931cf426ea199eada3639dd27af
|
||||
Subproject commit ce94d13217edc72f7d53e94fb93864d183cb53d3
|
@ -1 +1 @@
|
||||
Subproject commit 065b42afff8a3bbd5568b1557f965363a97542c0
|
||||
Subproject commit 197d552083287d418387556b99a755fa81abb29a
|
Loading…
Reference in New Issue
Block a user