From 70c1c09432b7c07203404ce8655f3f7b1dcc02d6 Mon Sep 17 00:00:00 2001 From: anhefti Date: Fri, 6 Sep 2019 20:57:19 +0200 Subject: [PATCH] prod with debug flag --- .../standalone/selfsigned/certs.Dockerfile | 2 +- .../standalone/selfsigned/docker-compose.yml | 1 + .../selfsigned/sebserver.Dockerfile | 22 ++++++++++++++----- 3 files changed, 18 insertions(+), 7 deletions(-) diff --git a/docker/prod/standalone/selfsigned/certs.Dockerfile b/docker/prod/standalone/selfsigned/certs.Dockerfile index 0356a3e7..1882672b 100644 --- a/docker/prod/standalone/selfsigned/certs.Dockerfile +++ b/docker/prod/standalone/selfsigned/certs.Dockerfile @@ -22,7 +22,7 @@ CMD cp -a /host/config/. /config/ \ && openssl x509 -req -in client-req.pem -days 3600 -CA ca.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem \ && openssl verify -CAfile ca.pem server-cert.pem client-cert.pem \ && openssl pkcs12 -export -out client-cert.pkcs12 -in client-cert.pem -inkey client-key.pem -passout pass:${secret} \ - && keytool -genkeypair -alias sebserver -dname "CN=localhost, OU=ETHZ, O=ETHZ, L=Zurich, S=Zurich, C=CH" -ext san="${ADDITIONAL_DNS}" -keyalg RSA -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore seb-server-keystore.pkcs12 -storepass ${secret} -validity 3650 \ + && keytool -genkeypair -alias sebserver -dname "CN=localhost, OU=ETHZ, O=ETHZ, L=Zurich, S=Zurich, C=CH" -ext san="${ADDITIONAL_DNS}" -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore seb-server-keystore.pkcs12 -storepass ${secret} -validity 3650 \ && keytool -export -alias sebserver -keystore seb-server-keystore.pkcs12 -rfc -file sebserver.cert -storetype PKCS12 -storepass ${secret} -noprompt \ && keytool -importcert -trustcacerts -alias sebserver -file sebserver.cert -keystore seb-server-truststore.pkcs12 -storetype PKCS12 -storepass ${secret} -noprompt \ && keytool -import -alias mariadb-ca -file ca.pem -keystore seb-server-truststore.pkcs12 -storepass ${secret} -srcstoretype PKCS12 -noprompt \ diff --git a/docker/prod/standalone/selfsigned/docker-compose.yml b/docker/prod/standalone/selfsigned/docker-compose.yml index fcae8c82..757077d3 100644 --- a/docker/prod/standalone/selfsigned/docker-compose.yml +++ b/docker/prod/standalone/selfsigned/docker-compose.yml @@ -40,6 +40,7 @@ services: - seb-server-certs:/certs environment: - ADDITIONAL_DNS=dns:127.0.0.1,dns:seb-server + - DEBUG_MODE=false ports: - 443:443 - 80:8080 diff --git a/docker/prod/standalone/selfsigned/sebserver.Dockerfile b/docker/prod/standalone/selfsigned/sebserver.Dockerfile index 1a4c2aba..10304f3a 100644 --- a/docker/prod/standalone/selfsigned/sebserver.Dockerfile +++ b/docker/prod/standalone/selfsigned/sebserver.Dockerfile @@ -21,20 +21,21 @@ FROM openjdk:11-jre-stretch ARG SEBSERVER_VERSION ENV SEBSERVER_VERSION=${SEBSERVER_VERSION} +ENV DEBUG_MODE=false WORKDIR /sebserver COPY --from=1 /sebserver/target/seb-server-"$SEBSERVER_VERSION".jar /sebserver -CMD secret=$(cat /sebserver/config/secret) \ - && exec java \ +CMD if [ "${DEBUG_MODE}" = "true" ] ; \ + then secret=$(cat /sebserver/config/secret) && exec java \ -Xms64M \ -Xmx1G \ -# Set this for SSL debunging -# -Djavax.net.debug=ssl \ + -Djavax.net.debug=ssl \ -Dcom.sun.management.jmxremote \ -Dcom.sun.management.jmxremote.port=9090 \ -Dcom.sun.management.jmxremote.rmi.port=9090 \ -Djava.rmi.server.hostname=127.0.0.1 \ +# TODO secure the JMX connection (cueenrtly there is a premission problem with the secret file -Dcom.sun.management.jmxremote.ssl=false \ -Dcom.sun.management.jmxremote.authenticate=false \ -jar seb-server-"${SEBSERVER_VERSION}".jar \ @@ -42,7 +43,16 @@ CMD secret=$(cat /sebserver/config/secret) \ --spring.config.location=file:/sebserver/config/,classpath:/config/ \ --sebserver.certs.password="${secret}" \ --sebserver.mariadb.password="${secret}" \ - --sebserver.password="${secret}" - + --sebserver.password="${secret}" ; \ + else secret=$(cat /sebserver/config/secret) && exec java \ + -Xms64M \ + -Xmx1G \ + -jar seb-server-"${SEBSERVER_VERSION}".jar \ + --spring.profiles.active=prod \ + --spring.config.location=file:/sebserver/config/,classpath:/config/ \ + --sebserver.certs.password="${secret}" \ + --sebserver.mariadb.password="${secret}" \ + --sebserver.password="${secret}" ; \ + fi EXPOSE 443 8080 9090 \ No newline at end of file