Compare commits

...

7 Commits

Author SHA1 Message Date
762b97d19d refactor(livereload): update default exclusions
- use RegEx format
- still seems to be ignored, pending issue upstream
2021-07-24 04:09:37 -06:00
2889c153f3 feature(compose): nginx dependant on healthy livereload 2021-07-24 03:03:31 -06:00
dfa50ea6b5 feature: add healthcheck
- add express npm to allow creation of health endpoint
- create health end pt as callback to livereload server listening state
- configure healthcheck in container
- allows true 'stack' operation since other services can query status
2021-07-24 03:01:01 -06:00
41dcd6a5bb refactor(entrypoint): mod permissions on fullchain 2021-07-24 02:12:44 -06:00
2dbcd4a845 fix(entrypoint): fix permissions on generated certs
- set private key to be group readable
- create chain.pem from fullchain.pem
- generate dhparams for TLS1.2
2021-07-24 02:09:50 -06:00
81cfe975b4 refactor(entrypoint): move HTTP/S message to javascript 2021-07-23 23:45:58 -06:00
e83dce3304 fix(livereload): process env vars as strings not boolean 2021-07-23 23:04:44 -06:00
5 changed files with 93 additions and 34 deletions

11
.env
View File

@ -74,18 +74,19 @@ TLS13_ONLY=TRUE
#LR_PORT=35729
# LR_EXTS:
# Comma-delimited list of extensions to watch for changes and trigger a browser reload. This list *must* be quoted.
# Comma-delimited list of extensions to watch for changes and trigger a browser reload.
# REQUIRED: NO
# DEFAULT: "html,xml,css,js,jsx,ts,tsx,php,py"
# VALID OPTIONS: Any valid file extension(s)
LR_EXTS="html,xml,css,js,jsx,ts,tsx,php,py"
# LR_EXCLUDE:
# Comma-delimited list of files/directories to exclude from monitoring. This list *must* be quoted.
# Comma-delimited set of /regular-expressions/ defining what to exclude from monitoring in addition to the defaults.
# Upstream node-livereload lists the following as defaults: "/\.git\//,/\.svn\//,/\.hg\//"
# REQUIRED: NO
# DEFAULT: ".git/,.svn/,.vscode/,.idea/"
# VALID OPTIONS: Any valid files or directories/
LR_EXCLUDE=".git/,.svn/,.vscode/,.idea/"
# DEFAULT: "/\.vscode\//,/\.idea\//,/\.tmp/,/\.swp/"
# VALID OPTIONS: Any valid RegEx that matches files or directories
LR_EXCLUDE="/\.vscode\//,/\.idea\//,/\.tmp/,/\.swp/"
# LR_DELAY:
# Amount of time in milliseconds before detecting a change and sending a trigger for a browser reload. Useful if you need to allow time for background recompilation, etc.

View File

@ -45,13 +45,13 @@ ENV LR_DEBUG=true
ENV LR_HTTPS=true
ENV CERT_HOSTNAME=""
# install node-livereload as node user then switch back to root user
# install node-livereload and express as node user then switch back to root user
USER node
WORKDIR /home/node
RUN mkdir -p .npm-global/bin .npm-global/lib \
&& npm config set fund false \
&& npm config set update-notifier false \
&& npm install livereload --save
&& npm install livereload express --save
# copy scripts and fix-up all permissions
USER root
@ -63,6 +63,13 @@ RUN chown node:node /home/node/livereload.js \
&& chmod 755 /usr/local/bin/entrypoint.sh \
&& chmod 644 /etc/selfsigned.cnf
HEALTHCHECK \
--interval=10s \
--timeout=5s \
--start-period=60s \
--retries=3 \
CMD wget --spider -T 3 -q localhost:3000/api/v1/health || exit 1
# switch to node user, run entrypoint script by default
USER node
WORKDIR /home/node

View File

@ -22,10 +22,20 @@ certificateGenerateNew() {
printf "\nGenerating new self-signed certificate:\n"
# shellcheck disable=SC3028
if [ -z "$CERT_HOSTNAME" ]; then export CERT_HOSTNAME="$HOSTNAME"; fi
# create placeholder files to set permissions
touch /certs/fullchain.pem && chmod 644 /certs/fullchain.pem
touch /certs/privkey.pem && chmod 640 /certs/privkey.pem
# generate certificate
if ! openssl req -new -x509 -days 365 -nodes -out /certs/fullchain.pem -keyout /certs/privkey.pem -config /etc/selfsigned.cnf; then
printf "\nUnable to generate certificate. Is your 'certs' directory writable by this container?\n\n"
exit 55
fi
cp /certs/fullchain.pem /certs/chain.pem
# generate dh-params for TLS1.2
if ! openssl dhparam -dsaparam -out /certs/dhparam.pem 4096; then
printf "\nUnable to generate dh-params. Is you 'certs' directory writable by this container?\n\n"
exit 56
fi
# print message to user
printf "\n\nA self-signed certificate has been generated and saved in the location mounted to '/certs' in this container.\n"
@ -99,7 +109,6 @@ if [ "$doServer" -eq 1 ]; then
# https pre-flight check
if [ "$enableHTTPS" = "true" ]; then
printf "[SSL/TLS mode enabled]\n"
certStatus="$(certificateCheckExist)"
case "$certStatus" in
noexist)
@ -120,8 +129,6 @@ if [ "$doServer" -eq 1 ]; then
printf "[Certificate OK]\n"
;;
esac
else
printf "[HTTP mode enabled]\n"
fi
exec node livereload.js
exit "$?"
@ -164,6 +171,7 @@ exit 99
# 52: unable to read certificate/chain
# 53: unable to read private key
# 55: unable to generate new certificate
# 56: unable to generate dh-params
# 99: code error
#EOF

View File

@ -1,7 +1,30 @@
// implement node-livereload over an HTTPS connection
// healthcheck function
function healthcheck() {
const express = require('express');
const http = require('http');
const app = express();
const router = express.Router();
router.use((req, res, next) =>{
res.header('Access-Control-Allow-Methods', 'GET');
next();
});
router.get('/health', (req, res) =>{
res.status(200).send('Ok');
});
app.use('/api/v1', router);
const hServer = http.createServer(app);
hServer.listen(3000);
}
// load livereload module
let livereload = require('livereload');
const livereload = require('livereload');
// set createServer options
const fs = require('fs');
@ -11,19 +34,28 @@ const options = {
exclusions: process.env.LR_EXCLUDE,
usePolling: true,
delay: process.env.LR_DELAY,
debug: process.env.LR_DEBUG
};
if (process.env.LR_HTTPS) {
// set debugging output as per LR_DEBUG
if (process.env.LR_DEBUG === "true") {
options.debug = true
console.log("[Debug output ENABLED]");
}
// set HTTPS as per LR_HTTPS
if (process.env.LR_HTTPS === "true") {
options.https = {
cert: fs.readFileSync('/certs/fullchain.pem'),
key: fs.readFileSync('/certs/privkey.pem')
};
console.log("[HTTPS mode]");
}
else {
console.log("[HTTP mode]");
}
// start server
let server = livereload.createServer(options);
server.watch('/watch')
const lrServer = livereload.createServer(options, healthcheck);
lrServer.watch('/watch')
//#EOF

View File

@ -5,27 +5,14 @@
version: '2.4'
services:
ab-nginx:
image: docker.asifbacchus.dev/nginx/ab-nginx:latest
container_name: ab-nginx
volumes:
- ./certs/certs:ro
- ${WATCHDIR}:/usr/share/nginx/html:ro
- ./nginx/config:/etc/nginx/config:ro
ports:
- "${NGINX_HTTP:-80}:80"
- "${NGINX_HTTPS:-443}:443"
environment:
- TZ=${TZ}
- SERVER_NAMES=${SERVER_NAMES}
- TLS13_ONLY=${TLS13_ONLY}
user: "8080:${GID:-8080}"
livereload:
image: docker.asifbacchus.dev/livereload/livereload:latest
container_name: livereload
volumes:
- ./certs:certs
- ${WATCHDIR}:/watch:ro
networks:
- network
ports:
- "${LR_PORT:-35729}:${LR_PORT:-35729}"
environment:
@ -39,5 +26,29 @@ services:
- CERT_HOSTNAME=${CERT_HOSTNAME}
user: "9999:${GID:-9999}"
command: listen
ab-nginx:
image: docker.asifbacchus.dev/nginx/ab-nginx:latest
container_name: ab-nginx
depends_on:
livereload:
condition: service_healthy
volumes:
- ./certs/certs:ro
- ${WATCHDIR}:/usr/share/nginx/html:ro
- ./nginx/config:/etc/nginx/config:ro
networks:
- network
ports:
- "${NGINX_HTTP:-80}:80"
- "${NGINX_HTTPS:-443}:443"
environment:
- TZ=${TZ}
- SERVER_NAMES=${SERVER_NAMES}
- TLS13_ONLY=${TLS13_ONLY}
user: "8080:${GID:-8080}"
networks:
network:
external: false
#EOF