lamassu/lamassu-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: properly handle certs on alpine docker

Browse source
This commit is contained in:
Rafael Taranto 2024-08-11 11:08:33 +01:00
parent d4f703b0fc
commit fd7c4362a3
5 changed files with 80 additions and 106 deletions
Download patch file Download diff file Expand all files Collapse all files

22
bin/lamassu-admin-server-entrypoint.sh Normal file
View file

@ -0,0 +1,22 @@
#!/usr/bin/env bash
set -e
CERT_FILES=(
/lamassu-data/certs/{Lamassu_CA,Lamassu_OP,Lamassu_OP_Root_CA}.pem
/lamassu-data/certs/Lamassu_OP_Root_CA.srl
/lamassu-data/private/{Lamassu_OP,Lamassu_OP_Root_CA}.key
)
if ! (( ${#CERT_FILES[@]} == $(ls "${CERT_FILES[@]}" 2>/dev/null | wc -l) )); then
echo "Some certificates are missing. Retrying in 5 seconds"
sleep 5
exit 1
fi
echo "Update certs on alpine"
cp /lamassu-data/certs/Lamassu_CA.pem /usr/local/share/ca-certificates
cp /lamassu-data/certs/Lamassu_OP_Root_CA.pem /usr/local/share/ca-certificates
update-ca-certificates
echo "Starting admin server..."
node /lamassu-server/bin/lamassu-admin-server

23
bin/lamassu-server-entrypoint.sh
View file

@ -1,20 +1,25 @@
#!/usr/bin/env bash #!/usr/bin/env bash
CERT_FILES=(
/lamassu-data/certs/{Lamassu_CA,Lamassu_OP,Lamassu_OP_Root_CA}.pem
/lamassu-data/certs/Lamassu_OP_Root_CA.srl
/lamassu-data/private/{Lamassu_OP,Lamassu_OP_Root_CA}.key
)
FILE_1=/etc/ssl/certs/Lamassu_CA.pem echo "Checking for Lamassu certificates..."
FILE_2=/etc/ssl/certs/Lamassu_OP.pem
FILE_3=/etc/ssl/certs/Lamassu_OP_Root_CA.pem
FILE_4=/etc/ssl/certs/Lamassu_OP_Root_CA.srl
FILE_5=/etc/ssl/private/Lamassu_OP.key
FILE_6=/etc/ssl/private/Lamassu_OP_Root_CA.key
echo "Checking for the existence of certificates..." if ! (( ${#CERT_FILES[@]} == $(ls "${CERT_FILES[@]}" 2>/dev/null | wc -l) )); then
if [[ ! -f "$FILE_1" || ! -f "$FILE_2" || ! -f "$FILE_3" || ! -f "$FILE_4" || ! -f "$FILE_5" || ! -f "$FILE_6" ]]; then echo "Some certificates are missing. Building them..."
echo "No Lamassu certificates found. Building them..."
bash /lamassu-server/tools/build-docker-certs.sh bash /lamassu-server/tools/build-docker-certs.sh
fi fi
echo "Upcate certs on alpine"
cp /lamassu-data/certs/Lamassu_CA.pem /usr/local/share/ca-certificates
cp /lamassu-data/certs/Lamassu_OP_Root_CA.pem /usr/local/share/ca-certificates
update-ca-certificates
echo "Executing migrations..." echo "Executing migrations..."
node /lamassu-server/bin/lamassu-migrate node /lamassu-server/bin/lamassu-migrate
echo "Starting server..." echo "Starting server..."
node /lamassu-server/bin/lamassu-server node /lamassu-server/bin/lamassu-server

17
build/server.Dockerfile
View file

@ -1,4 +1,4 @@
FROM alpine:3.14 as build FROM alpine:3.14 AS build
RUN apk add --no-cache nodejs npm git curl build-base net-tools python3 postgresql-dev RUN apk add --no-cache nodejs npm git curl build-base net-tools python3 postgresql-dev
WORKDIR lamassu-server WORKDIR lamassu-server
@ -10,13 +10,13 @@ RUN npm install --production
COPY . ./ COPY . ./
FROM alpine:3.14 as l-s-base FROM alpine:3.14 AS l-s-base
RUN apk add --no-cache nodejs npm git curl bash libpq openssl RUN apk add --no-cache nodejs npm git curl bash libpq openssl ca-certificates
COPY --from=build /lamassu-server /lamassu-server COPY --from=build /lamassu-server /lamassu-server
FROM l-s-base as l-s FROM l-s-base AS l-s
RUN chmod +x /lamassu-server/bin/lamassu-server-entrypoint.sh RUN chmod +x /lamassu-server/bin/lamassu-server-entrypoint.sh
@ -25,7 +25,7 @@ EXPOSE 3000
ENTRYPOINT [ "/lamassu-server/bin/lamassu-server-entrypoint.sh" ] ENTRYPOINT [ "/lamassu-server/bin/lamassu-server-entrypoint.sh" ]
FROM alpine:3.14 as build-ui FROM alpine:3.14 AS build-ui
RUN apk add --no-cache nodejs npm git curl build-base python3 RUN apk add --no-cache nodejs npm git curl build-base python3
COPY ["new-lamassu-admin/package.json", "new-lamassu-admin/package-lock.json", "./"] COPY ["new-lamassu-admin/package.json", "new-lamassu-admin/package-lock.json", "./"]
@ -37,10 +37,11 @@ COPY new-lamassu-admin/ ./
RUN npm run build RUN npm run build
FROM l-s-base as l-a-s FROM l-s-base AS l-a-s
COPY --from=build-ui /build /lamassu-server/public COPY --from=build-ui /build /lamassu-server/public
RUN chmod +x /lamassu-server/bin/lamassu-admin-server-entrypoint.sh
EXPOSE 443 EXPOSE 443
ENTRYPOINT [ "node" ] ENTRYPOINT [ "/lamassu-server/bin/lamassu-admin-server-entrypoint.sh" ]
CMD [ "/lamassu-server/bin/lamassu-admin-server" ]

99
docker-compose.yaml
View file

@ -1,115 +1,62 @@
version: "3.8" version: "3.8"
networks:
lamassu-network:
ipam:
driver: default
config:
- subnet: "172.29.0.0/24"
services: services:
database:
container_name: postgres-db
image: postgres
restart: on-failure
environment:
- POSTGRES_DB=lamassu
- POSTGRES_USER=postgres
- POSTGRES_PASSWORD=postgres123
logging:
options:
max-size: 10m
max-file: "3"
ports:
- 15432:5432
volumes:
- ~/lamassu-data/psql:/var/lib/postgresql/data
networks:
- lamassu-network
healthcheck:
test: pg_isready -U postgres -d postgres
interval: 3s
timeout: 3s
retries: 10
lamassu-server: lamassu-server:
container_name: lamassu-server
build: build:
context: . context: .
dockerfile: build/server.Dockerfile dockerfile: build/server.Dockerfile
target: production-l-s target: l-s
restart: on-failure restart: on-failure
ports: ports:
- 3000:3000 - 3000:3000
volumes: volumes:
- ~/lamassu-data/certs:/etc/ssl/certs - ./lamassu-data:/lamassu-data
- ~/lamassu-data/private:/etc/ssl/private
- ~/lamassu-data/files:/opt/lamassu-server
- ~/lamassu-data/mnemonics:/etc/lamassu/mnemonics
- ~/lamassu-data/ofac:/var/lamassu/ofac
- ~/lamassu-data/blockchains:/mnt/blockchains
networks:
lamassu-network:
ipv4_address: 172.29.0.3
environment: environment:
- NODE_ENV=production - NODE_ENV=production
- POSTGRES_USER=postgres - POSTGRES_USER=postgres
- POSTGRES_PASSWORD=postgres123 - POSTGRES_PASSWORD=postgres123
- POSTGRES_HOST=postgres-db - POSTGRES_HOST=host.docker.internal
- POSTGRES_PORT=5432 - POSTGRES_PORT=5432
- POSTGRES_DB=lamassu - POSTGRES_DB=lamassu
- CA_PATH=/etc/ssl/certs/Lamassu_OP_Root_CA.pem - CA_PATH=/lamassu-data/certs/Lamassu_OP_Root_CA.pem
- CERT_PATH=/etc/ssl/certs/Lamassu_OP.pem - CERT_PATH=/lamassu-data/certs/Lamassu_OP.pem
- KEY_PATH=/etc/ssl/private/Lamassu_OP.key - KEY_PATH=/lamassu-data/private/Lamassu_OP.key
- MNEMONIC_PATH=/etc/lamassu/mnemonics/mnemonic.txt - MNEMONIC_PATH=/lamassu-data/mnemonics/mnemonic.txt
- BLOCKCHAIN_DIR=/mnt/blockchains - OFAC_DATA_DIR=/lamassu-data/ofac
- OFAC_DATA_DIR=/var/lamassu/ofac - ID_PHOTO_CARD_DIR=/lamassu-data/idphotocard
- ID_PHOTO_CARD_DIR=/opt/lamassu-server/idphotocard - FRONT_CAMERA_DIR=/lamassu-data/frontcamera
- FRONT_CAMERA_DIR=/opt/lamassu-server/frontcamera - OPERATOR_DATA_DIR=/lamassu-data/operatordata
- OPERATOR_DATA_DIR=/opt/lamassu-server/operatordata
- COIN_ATM_RADAR_URL=https://coinatmradar.info/api/lamassu/ - COIN_ATM_RADAR_URL=https://coinatmradar.info/api/lamassu/
- OFAC_SOURCES_NAMES=sdn_advanced,cons_advanced - OFAC_SOURCES_NAMES=sdn_advanced,cons_advanced
- OFAC_SOURCES_URLS=https://www.treasury.gov/ofac/downloads/sanctions/1.0/sdn_advanced.xml,https://www.treasury.gov/ofac/downloads/sanctions/1.0/cons_advanced.xml - OFAC_SOURCES_URLS=https://www.treasury.gov/ofac/downloads/sanctions/1.0/sdn_advanced.xml,https://www.treasury.gov/ofac/downloads/sanctions/1.0/cons_advanced.xml
- HOSTNAME=localhost - HOSTNAME=localhost
- LOG_LEVEL=info - LOG_LEVEL=info
depends_on:
database:
condition: service_healthy
lamassu-admin-server: lamassu-admin-server:
container_name: lamassu-admin-server
build: build:
context: . context: .
dockerfile: build/admin-server.Dockerfile dockerfile: build/server.Dockerfile
target: production-l-a-s target: l-a-s
restart: on-failure restart: on-failure
ports: ports:
- 443:443 - 443:443
volumes: volumes:
- ~/lamassu-data/certs:/etc/ssl/certs - ./lamassu-data:/lamassu-data
- ~/lamassu-data/private:/etc/ssl/private
- ~/lamassu-data/files:/opt/lamassu-server
- ~/lamassu-data/mnemonics:/etc/lamassu/mnemonics
- ~/lamassu-data/ofac:/var/lamassu/ofac
- ~/lamassu-data/blockchains:/mnt/blockchains
networks:
- lamassu-network
environment: environment:
- NODE_ENV=production - NODE_ENV=production
- POSTGRES_USER=postgres - POSTGRES_USER=postgres
- POSTGRES_PASSWORD=postgres123 - POSTGRES_PASSWORD=postgres123
- POSTGRES_HOST=postgres-db - POSTGRES_HOST=host.docker.internal
- POSTGRES_PORT=5432 - POSTGRES_PORT=5432
- POSTGRES_DB=lamassu - POSTGRES_DB=lamassu
- CA_PATH=/etc/ssl/certs/Lamassu_OP_Root_CA.pem - CA_PATH=/lamassu-data/certs/Lamassu_OP_Root_CA.pem
- CERT_PATH=/etc/ssl/certs/Lamassu_OP.pem - CERT_PATH=/lamassu-data/certs/Lamassu_OP.pem
- KEY_PATH=/etc/ssl/private/Lamassu_OP.key - KEY_PATH=/lamassu-data/private/Lamassu_OP.key
- MNEMONIC_PATH=/etc/lamassu/mnemonics/mnemonic.txt - MNEMONIC_PATH=/lamassu-data/mnemonics/mnemonic.txt
- BLOCKCHAIN_DIR=/mnt/blockchains - OFAC_DATA_DIR=/lamassu-data/ofac
- OFAC_DATA_DIR=/var/lamassu/ofac - ID_PHOTO_CARD_DIR=/lamassu-data/idphotocard
- ID_PHOTO_CARD_DIR=/opt/lamassu-server/idphotocard - FRONT_CAMERA_DIR=/lamassu-data/frontcamera
- FRONT_CAMERA_DIR=/opt/lamassu-server/frontcamera - OPERATOR_DATA_DIR=/lamassu-data/operatordata
- OPERATOR_DATA_DIR=/opt/lamassu-server/operatordata
- COIN_ATM_RADAR_URL=https://coinatmradar.info/api/lamassu/ - COIN_ATM_RADAR_URL=https://coinatmradar.info/api/lamassu/
- OFAC_SOURCES_NAMES=sdn_advanced,cons_advanced - OFAC_SOURCES_NAMES=sdn_advanced,cons_advanced
- OFAC_SOURCES_URLS=https://www.treasury.gov/ofac/downloads/sanctions/1.0/sdn_advanced.xml,https://www.treasury.gov/ofac/downloads/sanctions/1.0/cons_advanced.xml - OFAC_SOURCES_URLS=https://www.treasury.gov/ofac/downloads/sanctions/1.0/sdn_advanced.xml,https://www.treasury.gov/ofac/downloads/sanctions/1.0/cons_advanced.xml

19
tools/build-docker-certs.sh
View file

@ -3,22 +3,21 @@ set -e
export LOG_FILE=/tmp/install.log export LOG_FILE=/tmp/install.log
CERT_DIR=/etc/ssl/certs CONFIG_DIR=/lamassu-data
KEY_DIR=/etc/ssl/private
CONFIG_DIR=/etc/lamassu # certs
CERT_DIR=$CONFIG_DIR/certs
KEY_DIR=$CONFIG_DIR/private
LAMASSU_CA_PATH=$CERT_DIR/Lamassu_CA.pem LAMASSU_CA_PATH=$CERT_DIR/Lamassu_CA.pem
CA_KEY_PATH=$KEY_DIR/Lamassu_OP_Root_CA.key CA_KEY_PATH=$KEY_DIR/Lamassu_OP_Root_CA.key
CA_PATH=$CERT_DIR/Lamassu_OP_Root_CA.pem CA_PATH=$CERT_DIR/Lamassu_OP_Root_CA.pem
SERVER_KEY_PATH=$KEY_DIR/Lamassu_OP.key SERVER_KEY_PATH=$KEY_DIR/Lamassu_OP.key
SERVER_CERT_PATH=$CERT_DIR/Lamassu_OP.pem SERVER_CERT_PATH=$CERT_DIR/Lamassu_OP.pem
# other
MNEMONIC_DIR=$CONFIG_DIR/mnemonics MNEMONIC_DIR=$CONFIG_DIR/mnemonics
MNEMONIC_FILE=$MNEMONIC_DIR/mnemonic.txt MNEMONIC_FILE=$MNEMONIC_DIR/mnemonic.txt
BACKUP_DIR=/var/backups/postgresql OFAC_DATA_DIR=$CONFIG_DIR/ofac
BLOCKCHAIN_DIR=/mnt/blockchains
OFAC_DATA_DIR=/var/lamassu/ofac
ID_PHOTO_CARD_DIR=/opt/lamassu-server/idphotocard
FRONTCAMERA_DIR=/opt/lamassu-server/frontcamera
OPERATOR_DIR=/opt/lamassu-server/operatordata
decho () { decho () {
echo `date +"%H:%M:%S"` $1 echo `date +"%H:%M:%S"` $1
@ -35,7 +34,7 @@ MNEMONIC=$(/lamassu-server/bin/bip39 $SEED)
echo "$MNEMONIC" > $MNEMONIC_FILE echo "$MNEMONIC" > $MNEMONIC_FILE
mkdir -p $CERT_DIR mkdir -p $CERT_DIR
mkdir -p $CONFIG_DIR mkdir -p $KEY_DIR
decho "Generating SSL certificates..." decho "Generating SSL certificates..."