mirror of
https://gitlab.archlinux.org/archlinux/aurweb.git
synced 2025-02-03 10:43:03 +01:00
2a3df086d3
Now, we have a full collection of services used to run
aurweb over HTTPS using a self-signed CA.
New Docker services:
- `ca` - Certificate authority services
- When the `ca` service is run, it will (if needed) generate
a CA certificate and leaf certificate for localhost AUR
access. This ca is then shared with things like nginx to
use the leaf certificate. Users can import
`./cache/ca.root.pem` into their browser or ca-certificates
as a root CA who issued aurweb's certificate.
- `git` - Start sshd and set it up for aur git access
- `cgit` - Serve cgit with uwsgi on port 3000
- `fastapi` - Serve our FastAPI app with `hypercorn` on port 8000
- `php-fpm` - Serve our PHP-wise aurweb
- `nginx` - Serve FastAPI, PHP and CGit with an HTTPS certificate.
- PHP: https://localhost:8443
- PHP CGit: https://localhost:8443/cgit
- FastAPI: https://localhost:8444
- FastAPI CGit: https://localhost:8444/cgit
Short of it: Run the following in a shell to run PHP and FastAPI
servers on port **8443** and **8444**, respectively.
$ docker-compose up nginx
This will host the PHP, FastAPI, CGit and Git ecosystems.
Git SSH can be knocked at `aur@localhost:2222` as long as you have a
valid public key in the aurweb database.
Signed-off-by: Kevin Morris <kevr@0cost.org>
36 lines
1 KiB
Bash
Executable file
36 lines
1 KiB
Bash
Executable file
#!/bin/bash
|
|
set -eou pipefail
|
|
|
|
if [ -f /cache/localhost.cert.pem ] && \
|
|
[ -f /cache/localhost.key.pem ] && \
|
|
[ -f /cache/ca.root.pem ]; then
|
|
echo "Already have certs, skipping."
|
|
exec "$@"
|
|
fi
|
|
|
|
openssl genrsa -des3 -out ca.key \
|
|
-passout pass:devca 2048
|
|
|
|
openssl req -x509 -new -nodes \
|
|
-key ca.key -sha256 -days 1825 \
|
|
-out /cache/ca.root.pem \
|
|
-subj "/C=US/ST=California/L=Nowhere/O=aurweb/CN=localhost" \
|
|
--passin pass:devca
|
|
|
|
# Generate keys for aurweb.
|
|
openssl req -nodes -newkey rsa:2048 -keyout /cache/localhost.key.pem \
|
|
-out localhost.csr \
|
|
-subj "/C=US/ST=California/L=Nowhere/O=aurweb/CN=localhost"
|
|
|
|
echo "$(hexdump -n 16 -e '4/4 "%08X" 1 "\n"' /dev/random)" \
|
|
> /cache/ca.root.srl
|
|
openssl x509 -req -in localhost.csr -CA /cache/ca.root.pem \
|
|
-CAkey ca.key -CAserial /cache/ca.root.srl \
|
|
-out /cache/localhost.cert.pem \
|
|
-days 825 -sha256 -extfile /docker/ca.ext \
|
|
--passin pass:devca
|
|
|
|
chmod 666 /cache/localhost.{key,cert}.pem
|
|
chmod 666 /cache/ca.root.pem
|
|
|
|
exec "$@"
|