Merge pull request #91 from david-loe/feat/tls-in-dev

Add TLS for dev setup
david-loe · Sep 12, 2024 · 3af2825 · 3af2825
2 parents b83a80e + 9247696
commit 3af2825
Show file tree

Hide file tree

Showing 7 changed files with 98 additions and 2 deletions.
diff --git a/.env.example b/.env.example
@@ -54,6 +54,9 @@ BACKEND_PORT=8000
 INBUCKET_UI_PORT=9000
 MONGO_EXPRESS_PORT=8081
 
+# TLS
+TLS_CERT_CN=localhost
+
 # URL of the data base
 MONGO_URL=mongodb://db:27017/abrechnung
 

diff --git a/README.md b/README.md
@@ -11,10 +11,8 @@
 
 digital und einfach möglich macht.
 
-
 https://github.com/david-loe/abrechnung/assets/56305409/8b31b6a1-e6c4-4bd9-bb76-3871e046a201
 
-
 ## Pauschalbeträge
 
 [pauschbetrag-api](https://github.com/david-loe/pauschbetrag-api)
@@ -54,6 +52,14 @@ Click below to launch a ready-to-use Gitpod workspace in your browser.
 
 > ℹ You can change ports and URLs in the `.env` file
 
+#### TLS in development
+
+To use TLS in development (self signed certificate)
+
+1. set the `TLS_CERT_CN` in `.env` to your host name.
+2. set `VITE_FRONTEND_URL` to `https://your-hostname`
+3. and `VITE_BACKEND_URL` to `https://your-hostname/backend`
+
 ## Schema
 
 ![Schema](schema.png)
diff --git a/dev-tools/traefik/Dockerfile b/dev-tools/traefik/Dockerfile
@@ -0,0 +1,16 @@
+FROM traefik:v3.0
+
+# Installiere OpenSSH auf einem Alpine-basierten Image
+RUN apk update && apk add --no-cache openssl
+
+# Kopiere das Skript in das Container-Image
+COPY gen-certs.sh /
+
+# Mache das Skript ausführbar
+RUN chmod +x /gen-certs.sh
+
+# Setze das Skript als Entrypoint
+ENTRYPOINT ["/gen-certs.sh"]
+
+# Setze Standardbefehle
+CMD ["traefik"]
diff --git a/dev-tools/traefik/config.yml b/dev-tools/traefik/config.yml
@@ -0,0 +1,28 @@
+tls:
+  certificates:
+    - certFile: /certificates/abrechnung.crt
+      keyFile: /certificates/abrechnung.key
+
+http:
+  routers:
+    backend:
+      rule: 'Host(`{{ env "TLS_CERT_CN" }}`) && PathPrefix(`/backend`)'
+      service: backend-abrechnung@docker
+      entryPoints:
+        - https
+      tls: {}
+      middlewares:
+        - stripprefix-backend
+
+    frontend:
+      rule: 'Host(`{{ env "TLS_CERT_CN" }}`)'
+      service: frontend-abrechnung@docker
+      entryPoints:
+        - https
+      tls: {}
+
+  middlewares:
+    stripprefix-backend:
+      stripPrefix:
+        prefixes:
+          - '/backend'
diff --git a/dev-tools/traefik/gen-certs.sh b/dev-tools/traefik/gen-certs.sh
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+# Verzeichnis für Zertifikate erstellen
+mkdir -p /certificates
+
+# Generiere den privaten Schlüssel
+openssl genrsa -out /certificates/abrechnung.key 2048
+
+# Generiere ein selbstsigniertes Zertifikat
+openssl req -new -x509 -nodes -sha256 -days 3650 \
+  -key /certificates/abrechnung.key \
+  -out /certificates/abrechnung.crt \
+  -subj "/C=DE/ST=State/L=City/O=Company/OU=Department/CN=${TLS_CERT_CN}"
+
+# Starte Traefik
+exec traefik "$@"
diff --git a/dev-tools/traefik/traefik.yml b/dev-tools/traefik/traefik.yml
@@ -0,0 +1,13 @@
+entryPoints:
+  https:
+    address: ':443'
+
+providers:
+  docker:
+    exposedByDefault: true
+  file:
+    filename: '/etc/traefik/config.yml'
+
+api:
+  dashboard: true
+  insecure: true
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -73,5 +73,19 @@ services:
       - ME_CONFIG_BASICAUTH=false
       - ME_CONFIG_MONGODB_ENABLE_ADMIN=true
 
+  traefik:
+    build:
+      context: ./dev-tools/traefik
+    labels:
+      - traefik.enable=true
+    ports:
+      - 443:443
+    volumes:
+      - ./dev-tools/traefik/config.yml:/etc/traefik/config.yml:ro
+      - ./dev-tools/traefik/traefik.yml:/etc/traefik/traefik.yml:ro
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    env_file:
+      - .env
+
 volumes:
   db_data: