initial commit

docker/Dockerfile

@@ -0,0 +1,24 @@
+FROM alpine:3.14
+
+RUN apk add --no-cache bash curl less ca-certificates git tzdata zip gettext \
+    nginx curl supervisor certbot-nginx && \
+    rm -rf /var/cache/apk/* && mkdir -p /run/nginx
+
+STOPSIGNAL SIGINT
+EXPOSE 80
+EXPOSE 443
+ENTRYPOINT ["/usr/bin/supervisord","-c","/etc/supervisord.conf"]
+
+WORKDIR /usr/share/nginx/html
+# copy configuration files
+COPY docker/default.conf /etc/nginx/http.d/default.conf
+COPY docker/nginx.conf /etc/nginx/nginx.conf
+COPY docker/init_cert.sh /usr/local/init_cert.sh
+COPY docker/init_react_envs.sh /usr/local/init_react_envs.sh
+RUN chmod +x /usr/local/init_cert.sh && rm /etc/crontabs/root
+RUN chmod +x /usr/local/init_react_envs.sh
+
+# configure supervisor
+COPY docker/supervisord.conf /etc/supervisord.conf
+# copy build files
+COPY build/ /usr/share/nginx/html/

docker/README.md

@@ -0,0 +1,23 @@
+# Wiretrustee Dashboard
+Wiretrustee Dashboard is a the Wiretrustee Managemenet server UI. It allow users to signin, view setup keys and manage peers. This image is **not ready** for production use.
+## Tags
+```latest``` ```vX.X.X``` not available yet.
+
+```main``` builded on every PR being merged to the repository
+## How to use this image
+HTTP run:
+```shell
+docker run -d --rm -p 80:80 wiretrustee/dashboard:main
+```
+Using SSL certificate from Let's Encript®:
+```shell
+docker run -d --rm -p 80:80 -p 443:443 \
+  -e LETSENCRYPT_DOMAIN=app.mydomain.com \
+  -e LETSENCRYPT_EMAIL=hello@mydomain.com \
+  wiretrustee/dashboard:main
+```
+> For SSL generation, you need to run this image in a server with proper public IP and a domain name pointing to it.
+## Environment variables
+* ```NGINX_SSL_PORT``` Changes the port that Nginx listens to. Defaults to ```443```
+* ```LETSENCRYPT_DOMAIN``` Enables Certbot`s client execution for the specified domain. Defaults to ```none```
+* ```LETSENCRYPT_EMAIL``` Email used in Certbot`s client execution to register the certificate request. Defaults to ```example@local```

docker/default.conf

@@ -0,0 +1,16 @@
+# simple server configuration to replace nginx's default
+server {
+	listen 80 default_server;
+	listen [::]:80 default_server;
+
+    root /usr/share/nginx/html;
+
+    location / {
+        try_files $uri /index.html;
+    }
+	# You may need this to prevent return 404 recursion.
+	location = /404.html {
+		internal;
+	}
+
+}

docker/init_cert.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+set -ex
+LETSENCRYPT_DOMAIN=${LETSENCRYPT_DOMAIN:-"none"}
+LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL:-"example@local"}
+NGINX_SSL_PORT=${NGINX_SSL_PORT:-443}
+
+# If no domain is provided, skip certbot execution and configuration
+if [ "${LETSENCRYPT_DOMAIN}-x" == "none-x" ]; then
+    exit 0
+fi
+
+# Request a certificate
+# this also updates the nginx config file with new SSL entries
+certbot -n --nginx --agree-tos --email ${LETSENCRYPT_EMAIL} -d ${LETSENCRYPT_DOMAIN} --https-port ${NGINX_SSL_PORT}
+# Add cron job file
+cat <<EOF >/etc/crontabs/certbot
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+
+0 */12 * * * root certbot -q renew --nginx --https-port ${NGINX_SSL_PORT}
+EOF
+# start cron daemon
+supervisorctl start cron

docker/init_react_envs.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+set -e
+
+if [[ -z "${AUTH0_DOMAIN}" ]]; then
+    echo "AUTH0_DOMAIN environment variable must be set"
+    exit 1
+fi
+
+if [[ -z "${AUTH0_CLIENT_ID}" ]]; then
+    echo "AUTH0_CLIENT_ID environment variable must be set"
+    exit 1
+fi
+
+if [[ -z "${AUTH0_AUDIENCE}" ]]; then
+    echo "AUTH0_AUDIENCE environment variable must be set"
+    exit 1
+fi
+
+if [[ -z "${WIRETRUSTEE_MGMT_API_ENDPOINT}" ]]; then
+    echo "WIRETRUSTEE_MGMT_API_ENDPOINT environment variable must be set"
+    exit 1
+fi
+
+AUTH0_DOMAIN=${AUTH0_DOMAIN}
+AUTH0_CLIENT_ID=${AUTH0_CLIENT_ID}
+AUTH0_AUDIENCE=${AUTH0_AUDIENCE}
+WIRETRUSTEE_MGMT_API_ENDPOINT=${WIRETRUSTEE_MGMT_API_ENDPOINT}
+
+# replace ENVs in the config
+ENV_STR="\$\$AUTH0_DOMAIN \$\$AUTH0_CLIENT_ID \$\$AUTH0_AUDIENCE \$\$WIRETRUSTEE_MGMT_API_ENDPOINT"
+MAIN_JS=$(find /usr/share/nginx/html/static/js/main.*js)
+cp "$MAIN_JS" "$MAIN_JS".copy
+envsubst "$ENV_STR" < "$MAIN_JS".copy > "$MAIN_JS"
+rm "$MAIN_JS".copy
+
+
+

docker/nginx.conf

@@ -0,0 +1,142 @@
+# /etc/nginx/nginx.conf
+daemon off;
+
+user nginx;
+
+# Set number of worker processes automatically based on number of CPU cores.
+worker_processes auto;
+
+# Enables the use of JIT for regular expressions to speed-up their processing.
+pcre_jit on;
+
+# Configures default error logger.
+error_log /proc/self/fd/2 warn;
+
+# Includes files with directives to load dynamic modules.
+include /etc/nginx/modules/*.conf;
+
+# Uncomment to include files with config snippets into the root context.
+# NOTE: This will be enabled by default in Alpine 3.15.
+#include /etc/nginx/conf.d/*.conf;
+
+events {
+	# The maximum number of simultaneous connections that can be opened by
+	# a worker process.
+	worker_connections 1024;
+    multi_accept on;
+}
+
+http {
+	# Includes mapping of file name extensions to MIME types of responses
+	# and defines the default type.
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	# Name servers used to resolve names of upstream servers into addresses.
+	# It's also needed when using tcpsocket and udpsocket in Lua modules.
+	#resolver 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001;
+
+	# Don't tell nginx version to the clients. Default is 'on'.
+	server_tokens off;
+
+	# Specifies the maximum accepted body size of a client request, as
+	# indicated by the request header Content-Length. If the stated content
+	# length is greater than this size, then the client receives the HTTP
+	# error code 413. Set to 0 to disable. Default is '1m'.
+	client_max_body_size 1m;
+
+	# Sendfile copies data between one FD and other from within the kernel,
+	# which is more efficient than read() + write(). Default is off.
+	sendfile on;
+
+	# Causes nginx to attempt to send its HTTP response head in one packet,
+	# instead of using partial frames. Default is 'off'.
+	tcp_nopush on;
+
+
+	# Enables the specified protocols. Default is TLSv1 TLSv1.1 TLSv1.2.
+	# TIP: If you're not obligated to support ancient clients, remove TLSv1.1.
+	ssl_protocols TLSv1.2 TLSv1.3;
+
+	# Path of the file with Diffie-Hellman parameters for EDH ciphers.
+	# TIP: Generate with: `openssl dhparam -out /etc/ssl/nginx/dh2048.pem 2048`
+	#ssl_dhparam /etc/ssl/nginx/dh2048.pem;
+
+	# Specifies that our cipher suits should be preferred over client ciphers.
+	# Default is 'off'.
+	ssl_prefer_server_ciphers on;
+
+	# Enables a shared SSL cache with size that can hold around 8000 sessions.
+	# Default is 'none'.
+	ssl_session_cache shared:SSL:2m;
+
+	# Specifies a time during which a client may reuse the session parameters.
+	# Default is '5m'.
+	ssl_session_timeout 1h;
+
+	# Disable TLS session tickets (they are insecure). Default is 'on'.
+	ssl_session_tickets off;
+
+
+	# Enable gzipping of responses.
+	gzip on;
+
+	# Set the Vary HTTP header as defined in the RFC 2616. Default is 'off'.
+	gzip_vary on;
+
+    # General gzip configurations
+    gzip_proxied any;
+    gzip_comp_level 9;
+    gzip_buffers 16 8k;
+    gzip_http_version 1.1;
+    gzip_disable "msie6";
+    # Compress the following MIME types.
+    gzip_types
+    application/atom+xml
+    application/javascript
+    application/x-javascript
+    application/json
+    application/ld+json
+    application/manifest+json
+    application/rss+xml
+    application/vnd.geo+json
+    application/vnd.ms-fontobject
+    application/x-font-ttf
+    application/x-web-app-manifest+json
+    application/xhtml+xml
+    application/xml
+    font/opentype
+    image/bmp
+    image/svg+xml
+    image/x-icon
+    text/cache-manifest
+    text/css
+    text/javascript
+    text/plain
+    text/vcard
+    text/vnd.rim.location.xloc
+    text/vtt
+    text/x-component
+    text/x-cross-domain-policy;
+	# Helper variable for proxying websockets.
+	map $http_upgrade $connection_upgrade {
+		default upgrade;
+		'' close;
+	}
+
+
+	# Specifies the main log format.
+	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+			'$status $body_bytes_sent "$http_referer" '
+			'"$http_user_agent" "$http_x_forwarded_for"';
+
+	# Sets the path, format, and configuration for a buffered log write.
+	access_log /proc/self/fd/1 main;
+
+
+	# Includes virtual hosts configs.
+	include /etc/nginx/http.d/*.conf;
+}
+
+# TIP: Uncomment if you use stream module.
+#include /etc/nginx/stream.conf;

docker/supervisord.conf

@@ -0,0 +1,67 @@
+[unix_http_server]
+file=/var/run/supervisor.sock
+chmod=0700
+username = dummy
+password = dummy
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=unix:///var/run/supervisor.sock
+username = dummy
+password = dummy
+
+[supervisord]
+nodaemon=true
+user=root
+
+pidfile=/run/supervisord.pid
+
+logfile=/proc/self/fd/1
+logfile_maxbytes=0
+loglevel=warn
+
+[program:cron]
+command=crond -f
+user=root
+priority=101
+numprocs=1
+autostart=0
+autorestart=true
+
+stdout_logfile=/proc/self/fd/1
+stdout_logfile_maxbytes=0
+stderr_logfile=/proc/self/fd/2
+stderr_logfile_maxbytes=0
+
+[program:nginx]
+command=/usr/sbin/nginx
+user=root
+priority=100
+numprocs=1
+autostart=1
+autorestart=true
+
+stdout_logfile=/proc/self/fd/1
+stdout_logfile_maxbytes=0
+stderr_logfile=/proc/self/fd/2
+stderr_logfile_maxbytes=0
+
+[program:init_cert]
+command=/usr/local/init_cert.sh
+user=root
+
+[program:init_react_envs]
+command=/usr/local/init_react_envs.sh
+user=root
+
+numprocs=1
+autostart=1
+autorestart=false
+startretries=1
+priority=200
+stdout_logfile=/proc/self/fd/1
+stdout_logfile_maxbytes=0
+stderr_logfile=/proc/self/fd/2
+stderr_logfile_maxbytes=0