Merge branch '18-t6-0c-new-sc-feature-implementation-of-https-support-in-linstt' into 'master'

18 t6 0c new sc feature implementation of https support in linstt See merge request !2

Merge branch '18-t6-0c-new-sc-feature-implementation-of-https-support-in-linstt' into 'master'
18 t6 0c new sc feature implementation of https support in linstt See merge request !2
d64dac9c · Yoann HOUPERT · e2e56a75 · 9771403d · d64dac9c · d64dac9c
Commit d64dac9c authored Dec 06, 2017 by Yoann HOUPERT
Showing with 85 additions and 3 deletions

Dockerfile Dockerfile +2 -2

app.js app.js +11 -1

config.json config.json +1 -0

docker-compose.yml docker-compose.yml +1 -0

ssl/generateDockerCert.sh ssl/generateDockerCert.sh +70 -0

No files found.
--- a/Dockerfile
+++ b/Dockerfile
 FROM node:8-slim

 RUN apt-get update && apt-get install -y wget --no-install-recommends \
-    && wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - \
-    && sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list' \
    && apt-get update \
    && rm -rf /var/lib/apt/lists/* \
    && apt-get purge --auto-remove -y curl \
@@ -17,4 +15,6 @@ RUN yarn install

 COPY . /usr/src/app/linstt-poc

+RUN /usr/src/app/linstt-poc/ssl/generateDockerCert.sh
+
 CMD ["yarn", "start"]
--- a/app.js
+++ b/app.js
@@ -17,6 +17,8 @@
 * You should have received a copy of the GNU Affero General Public License
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */
+const https = require('https');
+const fs = require('fs');

 const app = require('express')();
 const fileUpload = require('express-fileupload');
@@ -30,8 +32,16 @@ console.log('starting routes linstt-controller...');
 app.use(bodyParser.raw({type: 'audio/wav', limit: '200mb'}));
 app.use(fileUpload());
 app.use('/', routes.routesFactory(config.orchestrator));
+
 app.listen(config.api, () => {
-  console.log('App listening on port 3000');
+  console.log('App HTTP listening on port 3000');
+});
+
+https.createServer({
+  key: fs.readFileSync('ssl/key.pem'),
+  cert: fs.readFileSync('ssl/cert.pem')
+}, app).listen(config.apiSsl, () => {
+  console.log('App HTTPS listening on port 3001');
 });

 console.log('routes started linstt-controller...');
--- a/config.json
+++ b/config.json
 {
 	"api": 3000,
+	"apiSsl": 3001,
 	"orchestrator": {
 		"gstreamer": {
 			"host": "linsttcontroller_kaldi_1",

--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -12,6 +12,7 @@ services:
      - ./media:/opt/media
    ports:
      - "3000:3000"
+      - "3001:3001"

  speech-enhencement:
    image: linagora/speech-enhencement

--- a/ssl/generateDockerCert.sh
+++ b/ssl/generateDockerCert.sh
+#!/bin/bash
+#
+# Generates client and server certificates used to enable HTTPS
+# remote authentication to a Docker daemon.
+#
+#     See http://docs.docker.com/articles/https/
+#
+# To start the Docker Daemon:
+#
+#     sudo docker -d                 \
+#         --tlsverify                \
+#         --tlscacert=ca.pem         \
+#         --tlscert=server-cert.pem  \
+#         --tlskey=server-key.pem    \
+#         -H=0.0.0.0:2376
+#
+# To connect to the Docker Daemon:
+#
+#     sudo docker                    \
+#         --tlsverify                \
+#         --tlscacert=ca.pem         \
+#         --tlscert=cert.pem         \
+#         --tlskey=key.pem           \
+#         -H=localhost:2376 version
+#
+# IMPORTANT: when connecting via IP instead of hostname you
+#            will need to substitute --tlsverify with --tls
+
+BASEDIR=$(dirname "$0")
+echo "$BASEDIR"
+cd $BASEDIR
+
+set -e
+set -x
+
+DAYS=1460
+PASS=$(openssl rand -hex 16)
+
+# remove certificates from previous execution.
+rm -f *.pem *.srl *.csr *.cnf
+
+
+# generate CA private and public keys
+echo 01 > ca.srl
+openssl genrsa -des3 -out ca-key.pem -passout pass:$PASS 2048
+openssl req -subj '/CN=*/' -new -x509 -days $DAYS -passin pass:$PASS -key ca-key.pem -out ca.pem
+
+# create a server key and certificate signing request (CSR)
+openssl genrsa -des3 -out server-key.pem -passout pass:$PASS 2048
+openssl req -new -key server-key.pem -out server.csr -passin pass:$PASS -subj '/CN=*/'
+
+# sign the server key with our CA
+openssl x509 -req -days $DAYS -passin pass:$PASS -in server.csr -CA ca.pem -CAkey ca-key.pem -out server-cert.pem
+
+# create a client key and certificate signing request (CSR)
+openssl genrsa -des3 -out key.pem -passout pass:$PASS 2048
+openssl req -subj '/CN=client' -new -key key.pem -out client.csr -passin pass:$PASS
+
+# create an extensions config file and sign
+echo extendedKeyUsage = clientAuth > extfile.cnf
+openssl x509 -req -days $DAYS -passin pass:$PASS -in client.csr -CA ca.pem -CAkey ca-key.pem -out cert.pem -extfile extfile.cnf
+
+# remove the passphrase from the client and server key
+openssl rsa -in server-key.pem -out server-key.pem -passin pass:$PASS
+openssl rsa -in key.pem -out key.pem -passin pass:$PASS
+
+# remove generated files that are no longer required
+rm -f ca-key.pem ca.srl client.csr extfile.cnf server.csr
+
+exit 0