diff --git a/.env.example b/.env.example index 12d2d52b..bf1dd1c8 100644 --- a/.env.example +++ b/.env.example @@ -54,6 +54,9 @@ BACKEND_PORT=8000 INBUCKET_UI_PORT=9000 MONGO_EXPRESS_PORT=8081 +# TLS +TLS_CERT_CN=localhost + # URL of the data base MONGO_URL=mongodb://db:27017/abrechnung diff --git a/README.md b/README.md index f2c1c823..4b44284a 100644 --- a/README.md +++ b/README.md @@ -11,10 +11,8 @@ digital und einfach möglich macht. - https://github.com/david-loe/abrechnung/assets/56305409/8b31b6a1-e6c4-4bd9-bb76-3871e046a201 - ## Pauschalbeträge [pauschbetrag-api](https://github.com/david-loe/pauschbetrag-api) @@ -54,6 +52,14 @@ Click below to launch a ready-to-use Gitpod workspace in your browser. > ℹ You can change ports and URLs in the `.env` file +#### TLS in development + +To use TLS in development (self signed certificate) + +1. set the `TLS_CERT_CN` in `.env` to your host name. +2. set `VITE_FRONTEND_URL` to `https://your-hostname` +3. and `VITE_BACKEND_URL` to `https://your-hostname/backend` + ## Schema ![Schema](schema.png) diff --git a/dev-tools/traefik/Dockerfile b/dev-tools/traefik/Dockerfile new file mode 100644 index 00000000..ff09078e --- /dev/null +++ b/dev-tools/traefik/Dockerfile @@ -0,0 +1,16 @@ +FROM traefik:v3.0 + +# Installiere OpenSSH auf einem Alpine-basierten Image +RUN apk update && apk add --no-cache openssl + +# Kopiere das Skript in das Container-Image +COPY gen-certs.sh / + +# Mache das Skript ausführbar +RUN chmod +x /gen-certs.sh + +# Setze das Skript als Entrypoint +ENTRYPOINT ["/gen-certs.sh"] + +# Setze Standardbefehle +CMD ["traefik"] \ No newline at end of file diff --git a/dev-tools/traefik/config.yml b/dev-tools/traefik/config.yml new file mode 100644 index 00000000..80c3d264 --- /dev/null +++ b/dev-tools/traefik/config.yml @@ -0,0 +1,28 @@ +tls: + certificates: + - certFile: /certificates/abrechnung.crt + keyFile: /certificates/abrechnung.key + +http: + routers: + backend: + rule: 'Host(`{{ env "TLS_CERT_CN" }}`) && PathPrefix(`/backend`)' + service: backend-abrechnung@docker + entryPoints: + - https + tls: {} + middlewares: + - stripprefix-backend + + frontend: + rule: 'Host(`{{ env "TLS_CERT_CN" }}`)' + service: frontend-abrechnung@docker + entryPoints: + - https + tls: {} + + middlewares: + stripprefix-backend: + stripPrefix: + prefixes: + - '/backend' diff --git a/dev-tools/traefik/gen-certs.sh b/dev-tools/traefik/gen-certs.sh new file mode 100644 index 00000000..3cf07a77 --- /dev/null +++ b/dev-tools/traefik/gen-certs.sh @@ -0,0 +1,16 @@ +#!/bin/sh + +# Verzeichnis für Zertifikate erstellen +mkdir -p /certificates + +# Generiere den privaten Schlüssel +openssl genrsa -out /certificates/abrechnung.key 2048 + +# Generiere ein selbstsigniertes Zertifikat +openssl req -new -x509 -nodes -sha256 -days 3650 \ + -key /certificates/abrechnung.key \ + -out /certificates/abrechnung.crt \ + -subj "/C=DE/ST=State/L=City/O=Company/OU=Department/CN=${TLS_CERT_CN}" + +# Starte Traefik +exec traefik "$@" diff --git a/dev-tools/traefik/traefik.yml b/dev-tools/traefik/traefik.yml new file mode 100644 index 00000000..abba5a08 --- /dev/null +++ b/dev-tools/traefik/traefik.yml @@ -0,0 +1,13 @@ +entryPoints: + https: + address: ':443' + +providers: + docker: + exposedByDefault: true + file: + filename: '/etc/traefik/config.yml' + +api: + dashboard: true + insecure: true diff --git a/docker-compose.yml b/docker-compose.yml index 5be35540..88782af2 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -73,5 +73,19 @@ services: - ME_CONFIG_BASICAUTH=false - ME_CONFIG_MONGODB_ENABLE_ADMIN=true + traefik: + build: + context: ./dev-tools/traefik + labels: + - traefik.enable=true + ports: + - 443:443 + volumes: + - ./dev-tools/traefik/config.yml:/etc/traefik/config.yml:ro + - ./dev-tools/traefik/traefik.yml:/etc/traefik/traefik.yml:ro + - /var/run/docker.sock:/var/run/docker.sock:ro + env_file: + - .env + volumes: db_data: