Automate self-signed SSL creation within the NGINX Dockerfile

This commit is contained in:
Jared 2018-03-06 17:20:17 -08:00
Родитель d747b269ab
Коммит 26d4c92df9
2 изменённых файлов: 9 добавлений и 20 удалений

Просмотреть файл

@ -13,7 +13,6 @@ Salesforce uses User Interface API to build the Salesforce1 and Lightning Experi
1. For Origin URL Pattern, enter `https://localhost:8443`. If you're deploying to heroku, enter `https://*.herokuapp.com` or `https://some-domain.herokuapp.com`. 1. For Origin URL Pattern, enter `https://localhost:8443`. If you're deploying to heroku, enter `https://*.herokuapp.com` or `https://some-domain.herokuapp.com`.
1. Clone the RecordViewer repository. 1. Clone the RecordViewer repository.
1. Set up [Docker](https://www.docker.com/). 1. Set up [Docker](https://www.docker.com/).
1. Create the SSL cert and key in the `nginx` folder. See [Set Up SSL](#set-up-ssl).
1. To build and start the servers, run this Docker Compose command. 1. To build and start the servers, run this Docker Compose command.
```sh ```sh
docker-compose build && docker-compose up -d docker-compose build && docker-compose up -d
@ -32,23 +31,6 @@ for i in {49000..49900}; do
done done
``` ```
### Set Up SSL
OAuth authentication requires SSL. The server expects SSL key information in the `/nginx/ssl.crt` and `/nginx/ssl.key` files in the project directory.
To create a self-signed SSL key:
1. `cd recordviewer/nginx`
1. `openssl genrsa -des3 -passout pass:x -out server.pass.key 2048`
1. `openssl rsa -passin pass:x -in server.pass.key -out ssl.key`
1. `openssl req -new -key ssl.key -out server.csr`
When prompted for a 'challenge password', press return, leaving the password empty.
1. `openssl x509 -req -days 365 -in server.csr -signkey ssl.key -out ssl.crt`
For more information, see these [Creating a Self-Signed SSL Certificate](https://devcenter.heroku.com/articles/ssl-certificate-self).
## Deploy to Heroku ## Deploy to Heroku
Please note that deploying the RecordViewer app to Heroku is optional. Please note that deploying the RecordViewer app to Heroku is optional.

Просмотреть файл

@ -5,8 +5,15 @@ FROM nginx
RUN rm -v /etc/nginx/nginx.conf RUN rm -v /etc/nginx/nginx.conf
ADD nginx.conf /etc/nginx/ ADD nginx.conf /etc/nginx/
ADD ssl.crt /etc/nginx/cert.crt RUN apt-get update && \
ADD ssl.key /etc/nginx/cert.key apt-get install -y openssl && \
cd /etc/nginx && \
openssl genrsa -des3 -passout pass:password1 -out cert.pass.key 2048 && \
openssl rsa -passin pass:password1 -in cert.pass.key -out cert.key && \
rm cert.pass.key && \
openssl req -new -key cert.key -out cert.csr \
-subj "/C=US/ST=California/L=San Francisco/O=Example/OU=Example/CN=example.com" && \
openssl x509 -req -days 365 -in cert.csr -signkey cert.key -out cert.crt
EXPOSE 443 EXPOSE 443
EXPOSE 80 EXPOSE 80