add ssl config

Dockerfile

 FROM node:8-slim
 
 RUN apt-get update && apt-get install -y wget --no-install-recommends \
-    && wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - \
-    && sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list' \
     && apt-get update \
     && rm -rf /var/lib/apt/lists/* \
     && apt-get purge --auto-remove -y curl \
@@ -17,4 +15,6 @@ RUN yarn install
 
 COPY . /usr/src/app/linstt-poc
 
+RUN /usr/src/app/linstt-poc/ssl/generateDockerCert.sh
+
 CMD ["yarn", "start"]

app.js

@@ -25,13 +25,23 @@ const bodyParser = require('body-parser');
 const config = require('./config.json');
 const routes = require('./lib/webserver/routes');
 
+const fs = require('fs');
+const https = require('https');
+
 console.log('starting routes linstt-controller...');
 
 app.use(bodyParser.raw({type: 'audio/wav', limit: '200mb'}));
 app.use(fileUpload());
 app.use('/', routes.routesFactory(config.orchestrator));
+
 app.listen(config.api, () => {
   console.log('App listening on port 3000');
 });
 
+https.createServer({
+  key: fs.readFileSync('ssl/key.pem'),
+  cert: fs.readFileSync('ssl/cert.pem')
+}, app).listen(config.apiSsl);
+
+
 console.log('routes started linstt-controller...');

config.json

 {
 	"api": 3000,
+	"apiSsl": 3001,
 	"orchestrator": {
 		"gstreamer": {
 			"host": "linsttcontroller_kaldi_1",

docker-compose.yml

@@ -12,6 +12,7 @@ services:
       - ./media:/opt/media
     ports:
       - "3000:3000"
+      - "3001:3001"
 
   speech-enhencement:
     image: linagora/speech-enhencement

ssl/generateDockerCert.sh

+#!/bin/bash
+#
+# Generates client and server certificates used to enable HTTPS
+# remote authentication to a Docker daemon.
+#
+#     See http://docs.docker.com/articles/https/
+#
+# To start the Docker Daemon:
+#
+#     sudo docker -d                 \
+#         --tlsverify                \
+#         --tlscacert=ca.pem         \
+#         --tlscert=server-cert.pem  \
+#         --tlskey=server-key.pem    \
+#         -H=0.0.0.0:2376
+#
+# To connect to the Docker Daemon:
+#
+#     sudo docker                    \
+#         --tlsverify                \
+#         --tlscacert=ca.pem         \
+#         --tlscert=cert.pem         \
+#         --tlskey=key.pem           \
+#         -H=localhost:2376 version
+#
+# IMPORTANT: when connecting via IP instead of hostname you
+#            will need to substitute --tlsverify with --tls
+
+BASEDIR=$(dirname "$0")
+echo "$BASEDIR"
+cd $BASEDIR
+
+set -e
+set -x
+
+DAYS=1460
+PASS=$(openssl rand -hex 16)
+
+# remove certificates from previous execution.
+rm -f *.pem *.srl *.csr *.cnf
+
+
+# generate CA private and public keys
+echo 01 > ca.srl
+openssl genrsa -des3 -out ca-key.pem -passout pass:$PASS 2048
+openssl req -subj '/CN=*/' -new -x509 -days $DAYS -passin pass:$PASS -key ca-key.pem -out ca.pem
+
+# create a server key and certificate signing request (CSR)
+openssl genrsa -des3 -out server-key.pem -passout pass:$PASS 2048
+openssl req -new -key server-key.pem -out server.csr -passin pass:$PASS -subj '/CN=*/'
+
+# sign the server key with our CA
+openssl x509 -req -days $DAYS -passin pass:$PASS -in server.csr -CA ca.pem -CAkey ca-key.pem -out server-cert.pem
+
+# create a client key and certificate signing request (CSR)
+openssl genrsa -des3 -out key.pem -passout pass:$PASS 2048
+openssl req -subj '/CN=client' -new -key key.pem -out client.csr -passin pass:$PASS
+
+# create an extensions config file and sign
+echo extendedKeyUsage = clientAuth > extfile.cnf
+openssl x509 -req -days $DAYS -passin pass:$PASS -in client.csr -CA ca.pem -CAkey ca-key.pem -out cert.pem -extfile extfile.cnf
+
+# remove the passphrase from the client and server key
+openssl rsa -in server-key.pem -out server-key.pem -passin pass:$PASS
+openssl rsa -in key.pem -out key.pem -passin pass:$PASS
+
+# remove generated files that are no longer required
+rm -f ca-key.pem ca.srl client.csr extfile.cnf server.csr
+
+exit 0