prod with debug flag

docker/prod/standalone/selfsigned/certs.Dockerfile

@@ -22,7 +22,7 @@ CMD cp -a /host/config/. /config/ \
     && openssl x509 -req -in client-req.pem -days 3600 -CA ca.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem \
     && openssl verify -CAfile ca.pem server-cert.pem client-cert.pem \
     && openssl pkcs12 -export -out client-cert.pkcs12 -in client-cert.pem -inkey client-key.pem -passout pass:${secret} \
-    && keytool -genkeypair -alias sebserver -dname "CN=localhost, OU=ETHZ, O=ETHZ, L=Zurich, S=Zurich, C=CH" -ext san="${ADDITIONAL_DNS}" -keyalg RSA -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore seb-server-keystore.pkcs12 -storepass ${secret} -validity 3650 \
+    && keytool -genkeypair -alias sebserver -dname "CN=localhost, OU=ETHZ, O=ETHZ, L=Zurich, S=Zurich, C=CH" -ext san="${ADDITIONAL_DNS}" -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore seb-server-keystore.pkcs12 -storepass ${secret} -validity 3650 \
     && keytool -export -alias sebserver -keystore seb-server-keystore.pkcs12 -rfc -file sebserver.cert -storetype PKCS12 -storepass ${secret} -noprompt \
     && keytool -importcert -trustcacerts -alias sebserver -file sebserver.cert -keystore seb-server-truststore.pkcs12 -storetype PKCS12 -storepass ${secret} -noprompt \
     && keytool -import -alias mariadb-ca -file ca.pem -keystore seb-server-truststore.pkcs12 -storepass ${secret} -srcstoretype PKCS12 -noprompt \

docker/prod/standalone/selfsigned/docker-compose.yml

@@ -40,6 +40,7 @@ services:
         - seb-server-certs:/certs
       environment:
         - ADDITIONAL_DNS=dns:127.0.0.1,dns:seb-server
+        - DEBUG_MODE=false
       ports:
           - 443:443
           - 80:8080

docker/prod/standalone/selfsigned/sebserver.Dockerfile

@@ -21,20 +21,21 @@ FROM openjdk:11-jre-stretch
 
 ARG SEBSERVER_VERSION
 ENV SEBSERVER_VERSION=${SEBSERVER_VERSION}
+ENV DEBUG_MODE=false
 
 WORKDIR /sebserver
 COPY --from=1 /sebserver/target/seb-server-"$SEBSERVER_VERSION".jar /sebserver
 
-CMD secret=$(cat /sebserver/config/secret) \
-        && exec java \
+CMD if [ "${DEBUG_MODE}" = "true" ] ; \
+        then secret=$(cat /sebserver/config/secret) && exec java \
             -Xms64M \
             -Xmx1G \
-# Set this for SSL debunging
-#            -Djavax.net.debug=ssl \
+            -Djavax.net.debug=ssl \
             -Dcom.sun.management.jmxremote \
             -Dcom.sun.management.jmxremote.port=9090 \
             -Dcom.sun.management.jmxremote.rmi.port=9090 \
             -Djava.rmi.server.hostname=127.0.0.1 \
+# TODO secure the JMX connection (cueenrtly there is a premission problem with the secret file
             -Dcom.sun.management.jmxremote.ssl=false \
             -Dcom.sun.management.jmxremote.authenticate=false \
             -jar seb-server-"${SEBSERVER_VERSION}".jar \
@@ -42,7 +43,16 @@ CMD secret=$(cat /sebserver/config/secret) \
             --spring.config.location=file:/sebserver/config/,classpath:/config/ \
             --sebserver.certs.password="${secret}" \ 
             --sebserver.mariadb.password="${secret}" \
-            --sebserver.password="${secret}"
-        
+            --sebserver.password="${secret}" ; \
+        else secret=$(cat /sebserver/config/secret) && exec java \
+            -Xms64M \
+            -Xmx1G \
+            -jar seb-server-"${SEBSERVER_VERSION}".jar \
+            --spring.profiles.active=prod \
+            --spring.config.location=file:/sebserver/config/,classpath:/config/ \
+            --sebserver.certs.password="${secret}" \ 
+            --sebserver.mariadb.password="${secret}" \
+            --sebserver.password="${secret}" ; \
+        fi
 
 EXPOSE 443 8080 9090