refactor(livereload): update default exclusions

- use RegEx format
- still seems to be ignored, pending issue upstream

.env

@@ -74,18 +74,19 @@ TLS13_ONLY=TRUE
 #LR_PORT=35729
 
 # LR_EXTS:
-# Comma-delimited list of extensions to watch for changes and trigger a browser reload. This list *must* be quoted.
+# Comma-delimited list of extensions to watch for changes and trigger a browser reload.
 # REQUIRED: NO
 # DEFAULT: "html,xml,css,js,jsx,ts,tsx,php,py"
 # VALID OPTIONS: Any valid file extension(s)
 LR_EXTS="html,xml,css,js,jsx,ts,tsx,php,py"
 
 # LR_EXCLUDE:
-# Comma-delimited list of files/directories to exclude from monitoring. This list *must* be quoted.
+# Comma-delimited set of /regular-expressions/ defining what to exclude from monitoring in addition to the defaults.
+# Upstream node-livereload lists the following as defaults: "/\.git\//,/\.svn\//,/\.hg\//"
 # REQUIRED: NO
-# DEFAULT: ".git/,.svn/,.vscode/,.idea/"
-# VALID OPTIONS: Any valid files or directories/
-LR_EXCLUDE=".git/,.svn/,.vscode/,.idea/"
+# DEFAULT: "/\.vscode\//,/\.idea\//,/\.tmp/,/\.swp/"
+# VALID OPTIONS: Any valid RegEx that matches files or directories
+LR_EXCLUDE="/\.vscode\//,/\.idea\//,/\.tmp/,/\.swp/"
 
 # LR_DELAY:
 # Amount of time in milliseconds before detecting a change and sending a trigger for a browser reload. Useful if you need to allow time for background recompilation, etc.

build/Dockerfile

@@ -45,13 +45,13 @@ ENV LR_DEBUG=true
 ENV LR_HTTPS=true
 ENV CERT_HOSTNAME=""
 
-# install node-livereload as node user then switch back to root user
+# install node-livereload and express as node user then switch back to root user
 USER node
 WORKDIR /home/node
 RUN mkdir -p .npm-global/bin .npm-global/lib \
     && npm config set fund false \
     && npm config set update-notifier false \
-    && npm install livereload --save
+    && npm install livereload express --save
 
 # copy scripts and fix-up all permissions
 USER root
@@ -63,6 +63,13 @@ RUN chown node:node /home/node/livereload.js \
     && chmod 755 /usr/local/bin/entrypoint.sh \
     && chmod 644 /etc/selfsigned.cnf
 
+HEALTHCHECK \
+    --interval=10s \
+    --timeout=5s \
+    --start-period=60s \
+    --retries=3 \
+    CMD wget --spider -T 3 -q localhost:3000/api/v1/health || exit 1
+
 # switch to node user, run entrypoint script by default
 USER node
 WORKDIR /home/node

build/entrypoint.sh

@@ -22,10 +22,20 @@ certificateGenerateNew() {
     printf "\nGenerating new self-signed certificate:\n"
     # shellcheck disable=SC3028
     if [ -z "$CERT_HOSTNAME" ]; then export CERT_HOSTNAME="$HOSTNAME"; fi
+    # create placeholder files to set permissions
+    touch /certs/fullchain.pem && chmod 644 /certs/fullchain.pem
+    touch /certs/privkey.pem && chmod 640 /certs/privkey.pem
+    # generate certificate
     if ! openssl req -new -x509 -days 365 -nodes -out /certs/fullchain.pem -keyout /certs/privkey.pem -config /etc/selfsigned.cnf; then
         printf "\nUnable to generate certificate. Is your 'certs' directory writable by this container?\n\n"
         exit 55
     fi
+    cp /certs/fullchain.pem /certs/chain.pem
+    # generate dh-params for TLS1.2
+    if ! openssl dhparam -dsaparam -out /certs/dhparam.pem 4096; then
+        printf "\nUnable to generate dh-params. Is you 'certs' directory writable by this container?\n\n"
+        exit 56
+    fi
 
     # print message to user
     printf "\n\nA self-signed certificate has been generated and saved in the location mounted to '/certs' in this container.\n"
@@ -99,7 +109,6 @@ if [ "$doServer" -eq 1 ]; then
 
     # https pre-flight check
     if [ "$enableHTTPS" = "true" ]; then
-        printf "[SSL/TLS mode enabled]\n"
         certStatus="$(certificateCheckExist)"
         case "$certStatus" in
             noexist)
@@ -120,8 +129,6 @@ if [ "$doServer" -eq 1 ]; then
                 printf "[Certificate OK]\n"
                 ;;
         esac
-    else
-        printf "[HTTP mode enabled]\n"
     fi
     exec node livereload.js
     exit "$?"
@@ -164,6 +171,7 @@ exit 99
 # 52:    unable to read certificate/chain
 # 53:    unable to read private key
 # 55:    unable to generate new certificate
+# 56:    unable to generate dh-params
 # 99:  code error
 
 #EOF

build/livereload.js

@@ -1,7 +1,30 @@
 // implement node-livereload over an HTTPS connection
 
+// healthcheck function
+function healthcheck() {
+    const express = require('express');
+    const http = require('http');
+
+    const app = express();
+    const router = express.Router();
+
+    router.use((req, res, next) =>{
+        res.header('Access-Control-Allow-Methods', 'GET');
+        next();
+    });
+
+    router.get('/health', (req, res) =>{
+        res.status(200).send('Ok');
+    });
+
+    app.use('/api/v1', router);
+
+    const hServer = http.createServer(app);
+    hServer.listen(3000);
+}
+
 // load livereload module
-let livereload = require('livereload');
+const livereload = require('livereload');
 
 // set createServer options
 const fs = require('fs');
@@ -11,19 +34,28 @@ const options = {
     exclusions: process.env.LR_EXCLUDE,
     usePolling: true,
     delay: process.env.LR_DELAY,
-    debug: process.env.LR_DEBUG
 };
 
-if (process.env.LR_HTTPS) {
+// set debugging output as per LR_DEBUG
+if (process.env.LR_DEBUG === "true") {
+    options.debug = true
+    console.log("[Debug output ENABLED]");
+}
+
+// set HTTPS as per LR_HTTPS
+if (process.env.LR_HTTPS === "true") {
     options.https = {
         cert: fs.readFileSync('/certs/fullchain.pem'),
         key: fs.readFileSync('/certs/privkey.pem')
-
     };
+    console.log("[HTTPS mode]");
+}
+else {
+    console.log("[HTTP mode]");
 }
 
 // start server
-let server = livereload.createServer(options);
-server.watch('/watch')
+const lrServer = livereload.createServer(options, healthcheck);
+lrServer.watch('/watch')
 
 //#EOF

docker-compose.yml

@@ -5,29 +5,16 @@
 version: '2.4'
 
 services:
-  ab-nginx:
-    image: docker.asifbacchus.dev/nginx/ab-nginx:latest
-    container_name: ab-nginx
-    volumes:
-    - ./certs/certs:ro
-    - ${WATCHDIR}:/usr/share/nginx/html:ro
-    - ./nginx/config:/etc/nginx/config:ro
-    ports:
-    - "${NGINX_HTTP:-80}:80"
-    - "${NGINX_HTTPS:-443}:443"
-    environment:
-      - TZ=${TZ}
-      - SERVER_NAMES=${SERVER_NAMES}
-      - TLS13_ONLY=${TLS13_ONLY}
-    user: "8080:${GID:-8080}"
   livereload:
     image: docker.asifbacchus.dev/livereload/livereload:latest
     container_name: livereload
     volumes:
-    - ./certs:certs
-    - ${WATCHDIR}:/watch:ro
+      - ./certs:certs
+      - ${WATCHDIR}:/watch:ro
+    networks:
+      - network
     ports:
-    - "${LR_PORT:-35729}:${LR_PORT:-35729}"
+      - "${LR_PORT:-35729}:${LR_PORT:-35729}"
     environment:
       - TZ=${TZ}
       - LR_PORT=${LR_PORT}
@@ -39,5 +26,29 @@ services:
       - CERT_HOSTNAME=${CERT_HOSTNAME}
     user: "9999:${GID:-9999}"
     command: listen
+  ab-nginx:
+    image: docker.asifbacchus.dev/nginx/ab-nginx:latest
+    container_name: ab-nginx
+    depends_on:
+      livereload:
+        condition: service_healthy
+    volumes:
+      - ./certs/certs:ro
+      - ${WATCHDIR}:/usr/share/nginx/html:ro
+      - ./nginx/config:/etc/nginx/config:ro
+    networks:
+      - network
+    ports:
+      - "${NGINX_HTTP:-80}:80"
+      - "${NGINX_HTTPS:-443}:443"
+    environment:
+      - TZ=${TZ}
+      - SERVER_NAMES=${SERVER_NAMES}
+      - TLS13_ONLY=${TLS13_ONLY}
+    user: "8080:${GID:-8080}"
+
+networks:
+  network:
+    external: false
 
 #EOF