prod with debug flag
This commit is contained in:
anhefti
parent
e0bd8b16a8
commit
70c1c09432
3 changed files with 18 additions and 7 deletions
|
|
@ -22,7 +22,7 @@ CMD cp -a /host/config/. /config/ \
|
||||||
&& openssl x509 -req -in client-req.pem -days 3600 -CA ca.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem \
|
&& openssl x509 -req -in client-req.pem -days 3600 -CA ca.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem \
|
||||||
&& openssl verify -CAfile ca.pem server-cert.pem client-cert.pem \
|
&& openssl verify -CAfile ca.pem server-cert.pem client-cert.pem \
|
||||||
&& openssl pkcs12 -export -out client-cert.pkcs12 -in client-cert.pem -inkey client-key.pem -passout pass:${secret} \
|
&& openssl pkcs12 -export -out client-cert.pkcs12 -in client-cert.pem -inkey client-key.pem -passout pass:${secret} \
|
||||||
&& keytool -genkeypair -alias sebserver -dname "CN=localhost, OU=ETHZ, O=ETHZ, L=Zurich, S=Zurich, C=CH" -ext san="${ADDITIONAL_DNS}" -keyalg RSA -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore seb-server-keystore.pkcs12 -storepass ${secret} -validity 3650 \
|
&& keytool -genkeypair -alias sebserver -dname "CN=localhost, OU=ETHZ, O=ETHZ, L=Zurich, S=Zurich, C=CH" -ext san="${ADDITIONAL_DNS}" -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore seb-server-keystore.pkcs12 -storepass ${secret} -validity 3650 \
|
||||||
&& keytool -export -alias sebserver -keystore seb-server-keystore.pkcs12 -rfc -file sebserver.cert -storetype PKCS12 -storepass ${secret} -noprompt \
|
&& keytool -export -alias sebserver -keystore seb-server-keystore.pkcs12 -rfc -file sebserver.cert -storetype PKCS12 -storepass ${secret} -noprompt \
|
||||||
&& keytool -importcert -trustcacerts -alias sebserver -file sebserver.cert -keystore seb-server-truststore.pkcs12 -storetype PKCS12 -storepass ${secret} -noprompt \
|
&& keytool -importcert -trustcacerts -alias sebserver -file sebserver.cert -keystore seb-server-truststore.pkcs12 -storetype PKCS12 -storepass ${secret} -noprompt \
|
||||||
&& keytool -import -alias mariadb-ca -file ca.pem -keystore seb-server-truststore.pkcs12 -storepass ${secret} -srcstoretype PKCS12 -noprompt \
|
&& keytool -import -alias mariadb-ca -file ca.pem -keystore seb-server-truststore.pkcs12 -storepass ${secret} -srcstoretype PKCS12 -noprompt \
|
||||||
|
|
|
||||||
|
|
@ -40,6 +40,7 @@ services:
|
||||||
- seb-server-certs:/certs
|
- seb-server-certs:/certs
|
||||||
environment:
|
environment:
|
||||||
- ADDITIONAL_DNS=dns:127.0.0.1,dns:seb-server
|
- ADDITIONAL_DNS=dns:127.0.0.1,dns:seb-server
|
||||||
|
- DEBUG_MODE=false
|
||||||
ports:
|
ports:
|
||||||
- 443:443
|
- 443:443
|
||||||
- 80:8080
|
- 80:8080
|
||||||
|
|
|
||||||
|
|
@ -21,20 +21,21 @@ FROM openjdk:11-jre-stretch
|
||||||
|
|
||||||
ARG SEBSERVER_VERSION
|
ARG SEBSERVER_VERSION
|
||||||
ENV SEBSERVER_VERSION=${SEBSERVER_VERSION}
|
ENV SEBSERVER_VERSION=${SEBSERVER_VERSION}
|
||||||
|
ENV DEBUG_MODE=false
|
||||||
|
|
||||||
WORKDIR /sebserver
|
WORKDIR /sebserver
|
||||||
COPY --from=1 /sebserver/target/seb-server-"$SEBSERVER_VERSION".jar /sebserver
|
COPY --from=1 /sebserver/target/seb-server-"$SEBSERVER_VERSION".jar /sebserver
|
||||||
|
|
||||||
CMD secret=$(cat /sebserver/config/secret) \
|
CMD if [ "${DEBUG_MODE}" = "true" ] ; \
|
||||||
&& exec java \
|
then secret=$(cat /sebserver/config/secret) && exec java \
|
||||||
-Xms64M \
|
-Xms64M \
|
||||||
-Xmx1G \
|
-Xmx1G \
|
||||||
# Set this for SSL debunging
|
-Djavax.net.debug=ssl \
|
||||||
# -Djavax.net.debug=ssl \
|
|
||||||
-Dcom.sun.management.jmxremote \
|
-Dcom.sun.management.jmxremote \
|
||||||
-Dcom.sun.management.jmxremote.port=9090 \
|
-Dcom.sun.management.jmxremote.port=9090 \
|
||||||
-Dcom.sun.management.jmxremote.rmi.port=9090 \
|
-Dcom.sun.management.jmxremote.rmi.port=9090 \
|
||||||
-Djava.rmi.server.hostname=127.0.0.1 \
|
-Djava.rmi.server.hostname=127.0.0.1 \
|
||||||
|
# TODO secure the JMX connection (cueenrtly there is a premission problem with the secret file
|
||||||
-Dcom.sun.management.jmxremote.ssl=false \
|
-Dcom.sun.management.jmxremote.ssl=false \
|
||||||
-Dcom.sun.management.jmxremote.authenticate=false \
|
-Dcom.sun.management.jmxremote.authenticate=false \
|
||||||
-jar seb-server-"${SEBSERVER_VERSION}".jar \
|
-jar seb-server-"${SEBSERVER_VERSION}".jar \
|
||||||
|
|
@ -42,7 +43,16 @@ CMD secret=$(cat /sebserver/config/secret) \
|
||||||
--spring.config.location=file:/sebserver/config/,classpath:/config/ \
|
--spring.config.location=file:/sebserver/config/,classpath:/config/ \
|
||||||
--sebserver.certs.password="${secret}" \
|
--sebserver.certs.password="${secret}" \
|
||||||
--sebserver.mariadb.password="${secret}" \
|
--sebserver.mariadb.password="${secret}" \
|
||||||
--sebserver.password="${secret}"
|
--sebserver.password="${secret}" ; \
|
||||||
|
else secret=$(cat /sebserver/config/secret) && exec java \
|
||||||
|
-Xms64M \
|
||||||
|
-Xmx1G \
|
||||||
|
-jar seb-server-"${SEBSERVER_VERSION}".jar \
|
||||||
|
--spring.profiles.active=prod \
|
||||||
|
--spring.config.location=file:/sebserver/config/,classpath:/config/ \
|
||||||
|
--sebserver.certs.password="${secret}" \
|
||||||
|
--sebserver.mariadb.password="${secret}" \
|
||||||
|
--sebserver.password="${secret}" ; \
|
||||||
|
fi
|
||||||
|
|
||||||
EXPOSE 443 8080 9090
|
EXPOSE 443 8080 9090
|
||||||
Loading…
Reference in a new issue