fix: properly handle certs on alpine docker

bin/lamassu-admin-server-entrypoint.sh

@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+set -e
+
+CERT_FILES=(
+  /lamassu-data/certs/{Lamassu_CA,Lamassu_OP,Lamassu_OP_Root_CA}.pem
+  /lamassu-data/certs/Lamassu_OP_Root_CA.srl
+  /lamassu-data/private/{Lamassu_OP,Lamassu_OP_Root_CA}.key
+)
+
+if ! (( ${#CERT_FILES[@]} == $(ls "${CERT_FILES[@]}" 2>/dev/null | wc -l) )); then
+    echo "Some certificates are missing. Retrying in 5 seconds"
+    sleep 5
+    exit 1
+fi
+
+echo "Update certs on alpine"
+cp /lamassu-data/certs/Lamassu_CA.pem /usr/local/share/ca-certificates
+cp /lamassu-data/certs/Lamassu_OP_Root_CA.pem /usr/local/share/ca-certificates
+update-ca-certificates
+
+echo "Starting admin server..."
+node /lamassu-server/bin/lamassu-admin-server

bin/lamassu-server-entrypoint.sh

@@ -1,20 +1,25 @@
 #!/usr/bin/env bash
+CERT_FILES=(
+  /lamassu-data/certs/{Lamassu_CA,Lamassu_OP,Lamassu_OP_Root_CA}.pem
+  /lamassu-data/certs/Lamassu_OP_Root_CA.srl
+  /lamassu-data/private/{Lamassu_OP,Lamassu_OP_Root_CA}.key
+)
 
-FILE_1=/etc/ssl/certs/Lamassu_CA.pem
+echo "Checking for Lamassu certificates..."
-FILE_2=/etc/ssl/certs/Lamassu_OP.pem
-FILE_3=/etc/ssl/certs/Lamassu_OP_Root_CA.pem
-FILE_4=/etc/ssl/certs/Lamassu_OP_Root_CA.srl
-FILE_5=/etc/ssl/private/Lamassu_OP.key
-FILE_6=/etc/ssl/private/Lamassu_OP_Root_CA.key
 
-echo "Checking for the existence of certificates..."
+if ! (( ${#CERT_FILES[@]} == $(ls "${CERT_FILES[@]}" 2>/dev/null | wc -l) )); then
-if [[ ! -f "$FILE_1" || ! -f "$FILE_2" || ! -f "$FILE_3" || ! -f "$FILE_4" || ! -f "$FILE_5" || ! -f "$FILE_6" ]]; then
+    echo "Some certificates are missing. Building them..."
-  echo "No Lamassu certificates found. Building them..."
+    bash /lamassu-server/tools/build-docker-certs.sh
-  bash /lamassu-server/tools/build-docker-certs.sh
 fi
 
+echo "Upcate certs on alpine"
+cp /lamassu-data/certs/Lamassu_CA.pem /usr/local/share/ca-certificates
+cp /lamassu-data/certs/Lamassu_OP_Root_CA.pem /usr/local/share/ca-certificates
+update-ca-certificates
+
 echo "Executing migrations..."
 node /lamassu-server/bin/lamassu-migrate
 
 echo "Starting server..."
 node /lamassu-server/bin/lamassu-server
+

build/server.Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.14 as build
+FROM alpine:3.14 AS build
 RUN apk add --no-cache nodejs npm git curl build-base net-tools python3 postgresql-dev
 
 WORKDIR lamassu-server
@@ -10,13 +10,13 @@ RUN npm install --production
 COPY . ./
 
 
-FROM alpine:3.14 as l-s-base
+FROM alpine:3.14 AS l-s-base
-RUN apk add --no-cache nodejs npm git curl bash libpq openssl
+RUN apk add --no-cache nodejs npm git curl bash libpq openssl ca-certificates
 
 COPY --from=build /lamassu-server /lamassu-server
 
 
-FROM l-s-base as l-s
+FROM l-s-base AS l-s
 
 RUN chmod +x /lamassu-server/bin/lamassu-server-entrypoint.sh
 
@@ -25,7 +25,7 @@ EXPOSE 3000
 ENTRYPOINT [ "/lamassu-server/bin/lamassu-server-entrypoint.sh" ]
 
 
-FROM alpine:3.14 as build-ui
+FROM alpine:3.14 AS build-ui
 RUN apk add --no-cache nodejs npm git curl build-base python3
 
 COPY ["new-lamassu-admin/package.json", "new-lamassu-admin/package-lock.json", "./"]
@@ -37,10 +37,11 @@ COPY new-lamassu-admin/ ./
 RUN npm run build
 
 
-FROM l-s-base as l-a-s
+FROM l-s-base AS l-a-s
 COPY --from=build-ui /build /lamassu-server/public
 
+RUN chmod +x /lamassu-server/bin/lamassu-admin-server-entrypoint.sh
+
 EXPOSE 443
 
-ENTRYPOINT [ "node" ]
+ENTRYPOINT [ "/lamassu-server/bin/lamassu-admin-server-entrypoint.sh" ]
-CMD [ "/lamassu-server/bin/lamassu-admin-server" ]

docker-compose.yaml

@@ -1,115 +1,62 @@
 version: "3.8"
 
-networks:
-  lamassu-network:
-    ipam:
-      driver: default
-      config:
-        - subnet: "172.29.0.0/24"
-
 services:
-  database:
-    container_name: postgres-db
-    image: postgres
-    restart: on-failure
-    environment:
-      - POSTGRES_DB=lamassu
-      - POSTGRES_USER=postgres
-      - POSTGRES_PASSWORD=postgres123
-    logging:
-      options:
-        max-size: 10m
-        max-file: "3"
-    ports:
-      - 15432:5432
-    volumes:
-      - ~/lamassu-data/psql:/var/lib/postgresql/data
-    networks:
-      - lamassu-network
-    healthcheck:
-      test: pg_isready -U postgres -d postgres
-      interval: 3s
-      timeout: 3s
-      retries: 10
-
   lamassu-server:
-    container_name: lamassu-server
     build:
       context: .
       dockerfile: build/server.Dockerfile
-      target: production-l-s
+      target: l-s
     restart: on-failure
     ports:
       - 3000:3000
     volumes:
-      - ~/lamassu-data/certs:/etc/ssl/certs
+      - ./lamassu-data:/lamassu-data
-      - ~/lamassu-data/private:/etc/ssl/private
-      - ~/lamassu-data/files:/opt/lamassu-server
-      - ~/lamassu-data/mnemonics:/etc/lamassu/mnemonics
-      - ~/lamassu-data/ofac:/var/lamassu/ofac
-      - ~/lamassu-data/blockchains:/mnt/blockchains
-    networks:
-      lamassu-network:
-        ipv4_address: 172.29.0.3
     environment:
       - NODE_ENV=production
       - POSTGRES_USER=postgres
       - POSTGRES_PASSWORD=postgres123
-      - POSTGRES_HOST=postgres-db
+      - POSTGRES_HOST=host.docker.internal
       - POSTGRES_PORT=5432
       - POSTGRES_DB=lamassu
-      - CA_PATH=/etc/ssl/certs/Lamassu_OP_Root_CA.pem
+      - CA_PATH=/lamassu-data/certs/Lamassu_OP_Root_CA.pem
-      - CERT_PATH=/etc/ssl/certs/Lamassu_OP.pem
+      - CERT_PATH=/lamassu-data/certs/Lamassu_OP.pem
-      - KEY_PATH=/etc/ssl/private/Lamassu_OP.key
+      - KEY_PATH=/lamassu-data/private/Lamassu_OP.key
-      - MNEMONIC_PATH=/etc/lamassu/mnemonics/mnemonic.txt
+      - MNEMONIC_PATH=/lamassu-data/mnemonics/mnemonic.txt
-      - BLOCKCHAIN_DIR=/mnt/blockchains
+      - OFAC_DATA_DIR=/lamassu-data/ofac
-      - OFAC_DATA_DIR=/var/lamassu/ofac
+      - ID_PHOTO_CARD_DIR=/lamassu-data/idphotocard
-      - ID_PHOTO_CARD_DIR=/opt/lamassu-server/idphotocard
+      - FRONT_CAMERA_DIR=/lamassu-data/frontcamera
-      - FRONT_CAMERA_DIR=/opt/lamassu-server/frontcamera
+      - OPERATOR_DATA_DIR=/lamassu-data/operatordata
-      - OPERATOR_DATA_DIR=/opt/lamassu-server/operatordata
       - COIN_ATM_RADAR_URL=https://coinatmradar.info/api/lamassu/
       - OFAC_SOURCES_NAMES=sdn_advanced,cons_advanced
       - OFAC_SOURCES_URLS=https://www.treasury.gov/ofac/downloads/sanctions/1.0/sdn_advanced.xml,https://www.treasury.gov/ofac/downloads/sanctions/1.0/cons_advanced.xml
       - HOSTNAME=localhost
       - LOG_LEVEL=info
-    depends_on:
-      database:
-        condition: service_healthy
 
   lamassu-admin-server:
-    container_name: lamassu-admin-server
     build:
       context: .
-      dockerfile: build/admin-server.Dockerfile
+      dockerfile: build/server.Dockerfile
-      target: production-l-a-s
+      target: l-a-s
     restart: on-failure
     ports:
       - 443:443
     volumes:
-      - ~/lamassu-data/certs:/etc/ssl/certs
+      - ./lamassu-data:/lamassu-data
-      - ~/lamassu-data/private:/etc/ssl/private
-      - ~/lamassu-data/files:/opt/lamassu-server
-      - ~/lamassu-data/mnemonics:/etc/lamassu/mnemonics
-      - ~/lamassu-data/ofac:/var/lamassu/ofac
-      - ~/lamassu-data/blockchains:/mnt/blockchains
-    networks:
-      - lamassu-network
     environment:
       - NODE_ENV=production
       - POSTGRES_USER=postgres
       - POSTGRES_PASSWORD=postgres123
-      - POSTGRES_HOST=postgres-db
+      - POSTGRES_HOST=host.docker.internal
       - POSTGRES_PORT=5432
       - POSTGRES_DB=lamassu
-      - CA_PATH=/etc/ssl/certs/Lamassu_OP_Root_CA.pem
+      - CA_PATH=/lamassu-data/certs/Lamassu_OP_Root_CA.pem
-      - CERT_PATH=/etc/ssl/certs/Lamassu_OP.pem
+      - CERT_PATH=/lamassu-data/certs/Lamassu_OP.pem
-      - KEY_PATH=/etc/ssl/private/Lamassu_OP.key
+      - KEY_PATH=/lamassu-data/private/Lamassu_OP.key
-      - MNEMONIC_PATH=/etc/lamassu/mnemonics/mnemonic.txt
+      - MNEMONIC_PATH=/lamassu-data/mnemonics/mnemonic.txt
-      - BLOCKCHAIN_DIR=/mnt/blockchains
+      - OFAC_DATA_DIR=/lamassu-data/ofac
-      - OFAC_DATA_DIR=/var/lamassu/ofac
+      - ID_PHOTO_CARD_DIR=/lamassu-data/idphotocard
-      - ID_PHOTO_CARD_DIR=/opt/lamassu-server/idphotocard
+      - FRONT_CAMERA_DIR=/lamassu-data/frontcamera
-      - FRONT_CAMERA_DIR=/opt/lamassu-server/frontcamera
+      - OPERATOR_DATA_DIR=/lamassu-data/operatordata
-      - OPERATOR_DATA_DIR=/opt/lamassu-server/operatordata
       - COIN_ATM_RADAR_URL=https://coinatmradar.info/api/lamassu/
       - OFAC_SOURCES_NAMES=sdn_advanced,cons_advanced
       - OFAC_SOURCES_URLS=https://www.treasury.gov/ofac/downloads/sanctions/1.0/sdn_advanced.xml,https://www.treasury.gov/ofac/downloads/sanctions/1.0/cons_advanced.xml

tools/build-docker-certs.sh

@@ -3,22 +3,21 @@ set -e
 
 export LOG_FILE=/tmp/install.log
 
-CERT_DIR=/etc/ssl/certs
+CONFIG_DIR=/lamassu-data
-KEY_DIR=/etc/ssl/private
+
-CONFIG_DIR=/etc/lamassu
+# certs
+CERT_DIR=$CONFIG_DIR/certs
+KEY_DIR=$CONFIG_DIR/private
 LAMASSU_CA_PATH=$CERT_DIR/Lamassu_CA.pem
 CA_KEY_PATH=$KEY_DIR/Lamassu_OP_Root_CA.key
 CA_PATH=$CERT_DIR/Lamassu_OP_Root_CA.pem
 SERVER_KEY_PATH=$KEY_DIR/Lamassu_OP.key
 SERVER_CERT_PATH=$CERT_DIR/Lamassu_OP.pem
+
+# other
 MNEMONIC_DIR=$CONFIG_DIR/mnemonics
 MNEMONIC_FILE=$MNEMONIC_DIR/mnemonic.txt
-BACKUP_DIR=/var/backups/postgresql
+OFAC_DATA_DIR=$CONFIG_DIR/ofac
-BLOCKCHAIN_DIR=/mnt/blockchains
-OFAC_DATA_DIR=/var/lamassu/ofac
-ID_PHOTO_CARD_DIR=/opt/lamassu-server/idphotocard
-FRONTCAMERA_DIR=/opt/lamassu-server/frontcamera
-OPERATOR_DIR=/opt/lamassu-server/operatordata
 
 decho () {
   echo `date +"%H:%M:%S"` $1
@@ -35,7 +34,7 @@ MNEMONIC=$(/lamassu-server/bin/bip39 $SEED)
 echo "$MNEMONIC" > $MNEMONIC_FILE
 
 mkdir -p $CERT_DIR
-mkdir -p $CONFIG_DIR
+mkdir -p $KEY_DIR
 
 decho "Generating SSL certificates..."