# node-livereload-tls (dockerized Livereload)
Containerized implementation of [node-livereload](https://www.npmjs.com/package/livereload) as forked by [Brian Hogan](https://github.com/napcs) ([github repo](https://github.com/napcs/node-livereload)). This container is based on Node running on Alpine and provides for easy version-pinning and node user UID/GID changes via build args. Time zone, monitored extensions, excluded files/directories and polling delays can be set via environment variables passed at runtime. The container runs under the non-root user *'node'* over the standard livereload port *35729* for compatibility with browser addons.
**VERSION 2.x: IMPORTANT CHANGES**
Starting with the 2.x version line, I’ve added two *very* important features:
- SSL/TLS support with auto-generated self-signed certificates if you don’t have your own certificates
- Healthcheck allowing for proper integration using docker-compose into a webstack
**Please note:** This container only generates notifications for livereload clients. It does NOT contain a webserver! Please see [Examples](#examples) and [Docker-Compose](#docker-compose) for how to add this to your webdev-stack.
## Contents
- [Private docker repository](#private-docker-repository)
- [Source/Issues](#sourceissues)
- [Environment variables](#environment-variables)
- [Volume mapping](#volume-mapping)
* [Certificate mount (HTTPS only)](#certificate-mount-https-only)
* [Content mount](#content-mount)
- [Commands](#commands)
- [Examples](#examples)
* [Run in HTTP (unsecured) mode](#run-in-http-unsecured-mode)
* [Run in HTTPS mode with supplied certificate](#run-in-https-mode-with-supplied-certificate)
* [Run in HTTPS mode with generated certificate](#run-in-https-mode-with-generated-certificate)
- [Livereload client](#livereload-client)
- [Permissions](#permissions)
* [Option 1: rebuild with different UID/GID](#option-1-rebuild-with-different-uidgid)
* [Option 2: specify runtime GID](#option-2-specify-runtime-gid)
* [Using Let’s Encrypt](#using-lets-encrypt)
- [Docker-Compose](#docker-compose)
- [Final thoughts](#final-thoughts)
## Private docker repository
If you prefer, you can also use my private repository to download possibly newer containers. Simply change `asifbacchus/livereload:tag` to `docker.asifbacchus.dev/livereload/livereload:tag`.
## Source/Issues
If you want the Dockerfile or if you want to bring an issue/request to my attention, please head to either my private [git server (preferred)](https://git.asifbacchus.dev/ab-docker/livereload) or [github](https://github.com/asifbacchus/livereload).
## Environment variables
All environment variables have sensible defaults and, thus, are *not* required to be set for the container to run successfully.
| variable | description | default |
| ------------- | ------------------------------------------------------------ | ------------------------------------------------------------ |
| TZ | Set the container's time zone. NO impact on runtime, included for convenience. | Etc/UTC |
| LR_PORT | Port over which Livereload will communicate. All clients presently expect port 35729, so I suggest leaving this alone. | 35729 |
| LR_EXTS | Defines monitored extensions. | html,xml,css,js,jsx,ts,tsx,php,py |
| LR_EXCLUDE | Comma-delimited regular-expressions (Regex) that define paths or files to ignore. These are *
appended* to the node-livereload upstream defaults which ignore everything in the `.git/`, `.svn/` and `.hg/` directories.
**
N.B.** You do *
not* have to use JavaScript format. The script will automatically convert things to JS-RegEx. You do, however, need to escape any special characters. | .vscode/,.idea/,.tmp$,.swp$/ |
| LR_DELAY | Time (ms) between polling for changed files. | 500 |
| LR_DEBUG | Print informational messages to the console. Allows you to see Livereload working. | true |
| LR_HTTPS | Use HTTPS and WSS. In other words, use a certificate for SSL/TLS operation. | true |
| CERT_HOSTNAME | If the container needs to generate a self-signed certificate, this is the hostname it will use. | Container hostname -- this almost *never* what you really want so don’t use this default. |
## Volume mapping
The container needs two mounts to function correctly in HTTPS mode and only one in HTTP mode:
### Certificate mount (HTTPS only)
If you do not bind-mount a directory, the container will create a volume for you. Bind-mounting or supplying a manually created volume is a much better option. The container reads certificates from this directory or, alternatively, will generate a certificate and key in this directory. Whatever you are mounting, it must map to */certs* in the container.
If you are mounting existing certificates:
- your certificate *must* be named *fullchain.pem* and be readable by the container user (UID=9999, GID=9999 by default)
- your private key *must* be named *privkey.pem* and be readable by the container user (UID=9999, GID=9999 by default)
> Important: The container runs as user *node* with UID and GID *9999* by default. You can change this by rebuilding the container or at runtime by supplying `--user "uid:gid"`. This may be necessary especially if you are bind-mounting since the container needs permissions to read both a supplied certificate *and* key. If it is generating said certificate and key, then obviously it needs *write* permissions to said mounted directory. If you are using a volume, permissions are easier. This is discussed in the [Permissions](#permissions) section.
### Content mount
Obviously, this container needs something to monitor to determine whether changes have been made. This is accomplished via bind-mounting a directory from the host and is why 'polling' is necessary. Mount a directory with files to be monitored to */watch* in the container.
## Commands
The container’s entrypoint script recognizes a few commands that tell it what you want to do:
| command | description |
| --------- | ------------------------------------------------------------ |
| listen | Activate Livereload server using configured parameters.
Aliases: run \| server \| start
`docker run --rm ... asifbacchus/livereload listen` |
| shell | Start container but drop to an Ash shell. Alternatvely, if you supply a command, the container will run that command in the shell, output results and then exit.
`docker run -it --rm ... asifbacchus/livereload shell`
`docker run --rm ... asifbacchus/livereload shell ls -lAsh /certs` |
| new-cert | Generate a new self-signed certificate with CN=CERT_HOSTNAME and matching DNS.1 value. Certificate and private key will be stored in */certs* as *fullchain.pem* and *privkey.pem*, respectively.
I strongly suggest running the container with `--user "uid:gid"` where the *gid* corresponds to one matching your webserver user, for example. That way your webserver would have read access to the generated private key. More information in the [Permissions](#permissions) section.
For example, running `docker run --rm -u "9999:6001" -v /etc/mycerts:/certs -e CERT_HOSTNAME=sub.domain.tld asifbacchus/livereload new-cert` would generate a new certificate and key pair in the */etc/mycerts/* directory on the host. Importantly, the private key would be readable by GID 6001 which, in this example, might be your webdev programs group including your webserver and you as the web-dev. |
| show-cert | Display the currently loaded certificate. This can be either a generated or a supplied certificate. Great way to confirm you mounted the right one!
`docker run --rm -v /etc/mycerts:/certs asifbacchus/livereload show-cert` |
## Examples
### Run in HTTP (unsecured) mode
```bash
docker run -d --rm -v /var/www:/watch:ro -e LR_HTTPS=false -p 35729:35729 asifbacchus/livereload listen
```
- `-d --rm`: run in the background and remove container upon exit
- `-v ...`: mount directory to monitor
- `-e LR_HTTPS=false`: run in HTTP instead of default HTTPS mode
- `-p 35729:35729`: map on all interfaces port 35729 on the host --> port 35729 in container
- `listen`: start the Livereload server
> Depending on your environment, you may *not* want to expose your Livereload server on all interfaces! You may want to map your port to something like `127.0.0.1:35729:35729` and then establishing an SSH-tunnel from your client. This is completely dependent on your environment and beyond the scope of this readme, sorry.
### Run in HTTPS mode with supplied certificate
```bash
docker run -d --rm -v /etc/mycerts:/certs:ro -v /var/www:/watch:ro -p 35729:35729 asifbacchus/livereload listen
```
- all options same as above except we’ve included a bind-mount for the certificates
- HTTPS is the default operating mode, so it is *not necessary* to supply `LR_HTTPS=true`
### Run in HTTPS mode with generated certificate
You have two options for running with a self-signed generated certificate. If the container starts up in HTTPS mode and does not find an existing certificate, it will just make one for you. Alternatively, you can generate a certificate first and then run the container manually after -- there are use-cases for both options. Let’s start with the second option first:
```bash
# create volume
docker volume create livereload-certs
# generate a certificate readable by GID=6001 in new volume and exit
docker run --rm --user "9999:6001" -v livereload-certs:/certs -e CERT_HOSTNAME=webdev.mydomain.tld asifbacchus/livereload new-cert
# run container using our new certificate
docker run -d --rm -v livereload-certs:/certs:ro -v /home/janedoe/myWebProject:/watch:ro -p 35729:35729 asifbacchus/livereload listen
```
Or, do it all in one-shot:
```bash
# write new certificate readable by GID=5100 to a bind-mounted directory and run container in one-step
docker run -d --rm --user "9999:5100" -v /etc/mycerts:/certs -v /home/janedoe/myWebProject:/watch:ro -e CERT_HOSTNAME=webdev.myserver.tld -p 35729:35729 asifbacchus/livereload listen
```
## Livereload client
There aren’t a lot of currently updated Livereload clients and/or browser addons out there, but the ones that do exist seem to only work over HTTP. In fact, that was the impetus behind creating this container. I develop on both *.dev* and *.app* domains -- both of which *require* HTTPS. As a result, I couldn’t use any existing clients nor could I use the preconfigured node-livereload distribution via the command-line as version 1.x of this container did.
If you are running in an HTTP-permissive environment then lucky you! You can run this container in HTTP mode (`LR_HTTPS=false`) and use any of the clients and addons out there. If you want to use a snippet in your code instead of a client, simply insert this in the `