Commit d64dac9c authored by Yoann HOUPERT's avatar Yoann HOUPERT

Merge branch '18-t6-0c-new-sc-feature-implementation-of-https-support-in-linstt' into 'master'

18 t6 0c new sc feature implementation of https support in linstt

See merge request !2
parents e2e56a75 9771403d
Pipeline #6828 passed with stage
in 26 seconds
FROM node:8-slim
RUN apt-get update && apt-get install -y wget --no-install-recommends \
&& wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - \
&& sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list' \
&& apt-get update \
&& rm -rf /var/lib/apt/lists/* \
&& apt-get purge --auto-remove -y curl \
......@@ -17,4 +15,6 @@ RUN yarn install
COPY . /usr/src/app/linstt-poc
RUN /usr/src/app/linstt-poc/ssl/generateDockerCert.sh
CMD ["yarn", "start"]
......@@ -17,6 +17,8 @@
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
const https = require('https');
const fs = require('fs');
const app = require('express')();
const fileUpload = require('express-fileupload');
......@@ -30,8 +32,16 @@ console.log('starting routes linstt-controller...');
app.use(bodyParser.raw({type: 'audio/wav', limit: '200mb'}));
app.use(fileUpload());
app.use('/', routes.routesFactory(config.orchestrator));
app.listen(config.api, () => {
console.log('App listening on port 3000');
console.log('App HTTP listening on port 3000');
});
https.createServer({
key: fs.readFileSync('ssl/key.pem'),
cert: fs.readFileSync('ssl/cert.pem')
}, app).listen(config.apiSsl, () => {
console.log('App HTTPS listening on port 3001');
});
console.log('routes started linstt-controller...');
{
"api": 3000,
"apiSsl": 3001,
"orchestrator": {
"gstreamer": {
"host": "linsttcontroller_kaldi_1",
......
......@@ -12,6 +12,7 @@ services:
- ./media:/opt/media
ports:
- "3000:3000"
- "3001:3001"
speech-enhencement:
image: linagora/speech-enhencement
......
#!/bin/bash
#
# Generates client and server certificates used to enable HTTPS
# remote authentication to a Docker daemon.
#
# See http://docs.docker.com/articles/https/
#
# To start the Docker Daemon:
#
# sudo docker -d \
# --tlsverify \
# --tlscacert=ca.pem \
# --tlscert=server-cert.pem \
# --tlskey=server-key.pem \
# -H=0.0.0.0:2376
#
# To connect to the Docker Daemon:
#
# sudo docker \
# --tlsverify \
# --tlscacert=ca.pem \
# --tlscert=cert.pem \
# --tlskey=key.pem \
# -H=localhost:2376 version
#
# IMPORTANT: when connecting via IP instead of hostname you
# will need to substitute --tlsverify with --tls
BASEDIR=$(dirname "$0")
echo "$BASEDIR"
cd $BASEDIR
set -e
set -x
DAYS=1460
PASS=$(openssl rand -hex 16)
# remove certificates from previous execution.
rm -f *.pem *.srl *.csr *.cnf
# generate CA private and public keys
echo 01 > ca.srl
openssl genrsa -des3 -out ca-key.pem -passout pass:$PASS 2048
openssl req -subj '/CN=*/' -new -x509 -days $DAYS -passin pass:$PASS -key ca-key.pem -out ca.pem
# create a server key and certificate signing request (CSR)
openssl genrsa -des3 -out server-key.pem -passout pass:$PASS 2048
openssl req -new -key server-key.pem -out server.csr -passin pass:$PASS -subj '/CN=*/'
# sign the server key with our CA
openssl x509 -req -days $DAYS -passin pass:$PASS -in server.csr -CA ca.pem -CAkey ca-key.pem -out server-cert.pem
# create a client key and certificate signing request (CSR)
openssl genrsa -des3 -out key.pem -passout pass:$PASS 2048
openssl req -subj '/CN=client' -new -key key.pem -out client.csr -passin pass:$PASS
# create an extensions config file and sign
echo extendedKeyUsage = clientAuth > extfile.cnf
openssl x509 -req -days $DAYS -passin pass:$PASS -in client.csr -CA ca.pem -CAkey ca-key.pem -out cert.pem -extfile extfile.cnf
# remove the passphrase from the client and server key
openssl rsa -in server-key.pem -out server-key.pem -passin pass:$PASS
openssl rsa -in key.pem -out key.pem -passin pass:$PASS
# remove generated files that are no longer required
rm -f ca-key.pem ca.srl client.csr extfile.cnf server.csr
exit 0
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment