Add reverse-proxy to manage endpoints easily (#124)

* Setup træfik (cc @jenaye) Update gitignores, add README part and .env Some fix * Fix build client * Change domain.com to smersh.lan * Update doc
matro7sh · Jul 21, 2021 · 16fe8be · 16fe8be
1 parent bc01bd0
commit 16fe8be
Show file tree

Hide file tree

Showing 21 changed files with 13,788 additions and 13,052 deletions.
diff --git a/.env b/.env
@@ -0,0 +1,11 @@
+API_DB_NAME=api
+API_DB_PASS=!ChangeMe!
+API_DB_USER=api-platform
+APP_ENV=dev
+CODI_DB_NAME=codimd
+CODI_DB_PASS=change_password
+CODI_DB_USER=codimd
+DOMAIN=smersh.lan
+JWT_KEY=secret-key
+SUBDOMAINS=(api|bitwarden|codimd)
+TRANSPORT=http://
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,4 @@
 .idea/
-.env
+*/.env
 .env.local
 data/
diff --git a/Makefile b/Makefile
@@ -43,7 +43,7 @@ load-data:
 reset-db: init-db load-data
 
 up: ## Start containers
-	$(DC_UP)
+	$(DC_UP) client api
 
 update-db-schema: ## Update database schema
 	$(BIN_CONSOLE) do:sc:up --force

diff --git a/README.md b/README.md
@@ -25,18 +25,20 @@ Smersh is a pentest oriented collaborative tool used to track the progress of yo
 # preview API (Symfony + Api Platform) :
 ![api](img/api.png)
 
-# Ports mapping
-| Container | Internal port | External port |
-| ------ | ----------- | ---- |
-| Vulcain | 443 | 8443 |
-| Api | 80 | 8000 |
-| Bitwarden | 80 | 8888 |
-| Db | 5432 | 5432 |
-| Mercure | 443, 80, 2019 | 1337 |
-| dev-tls | 80 | 80 |
-| php | 9000 | / |
-| CodiMD | 3000 | 3000 |
-| db-codiMD | 5432 | / |
+# Services
+In Smersh we are using the environment variable called `DOMAIN` declared in the `.env` at the root folder of the project.  
+You can override this variable as your own. Be sure to register the domain in your `/etc/hosts` that point to your local host.  
+As we use [træfik](https://github.com/traefik/traefik) as reverse-proxy, you can refer to [their documentation](https://docs.traefik.io) to learn how to customize this instance.
+
+| Container | Default DNS          |
+| --------- | -------------------- |
+| Api       | `api.{DOMAIN}`       |
+| Bitwarden | `bitwarden.{DOMAIN}` |
+| Client    | `{DOMAIN}`           |
+| Db        | NOT EXPOSED          |
+| php       | NOT EXPOSED          |
+| CodiMD    | `codimd.{DOMAIN}`    |
+| db-codiMD | NOT EXPOSED          |
 
 # Preview Report
 
@@ -53,7 +55,7 @@ Smersh is a pentest oriented collaborative tool used to track the progress of yo
 
 in `api` folder copy `.env-dist` to `.env` 
 
-Run `make upAll` then go to `http://localhost:4200` and use "jenaye:jenaye" to log in.
+Run `make initialize` then go to `http://{DOMAIN}` and use "jenaye:jenaye" to log in.
 
 
 
@@ -146,7 +148,7 @@ Host smersh
   LocalForward 127.0.0.1:8888 127.0.0.1:8888
 
 ``` 
-then you can run `ssh smersh` and go to `http://localhost:4200`
+then you can run `ssh smersh` and go to `http://{DOMAIN}`
 
 
 ## How to Make Backup of database

diff --git a/api/.gitignore b/api/.gitignore
@@ -8,3 +8,5 @@ config/jwt/*.pem
 /phpunit.xml
 .phpunit.result.cache
 ###< phpunit/phpunit ###
+
+public/media/
diff --git a/api/generateJWT.sh b/api/generateJWT.sh
@@ -3,9 +3,9 @@ docker-compose exec php sh -c '
     set -e
     apk add openssl
     mkdir -p config/jwt
-    jwt_passphrase=${JWT_PASSPHRASE:-$(grep ''^JWT_PASSPHRASE='' .env | cut -f 2 -d ''='')}
+    jwt_passphrase="$(echo $JWT_PASSPHRASE)"
+    [ -z "$jwt_passphrase" ] && echo "Loading JWT_PASSPHRASE from .env file" && jwt_passphrase=${JWT_PASSPHRASE:-$(grep ''^JWT_PASSPHRASE='' .env | cut -f 2 -d ''='')}
     echo "$jwt_passphrase" | openssl genpkey -out config/jwt/private.pem -pass stdin -aes256 -algorithm rsa -pkeyopt rsa_keygen_bits:4096
     echo "$jwt_passphrase" | openssl pkey -in config/jwt/private.pem -passin stdin -out config/jwt/public.pem -pubout
-    setfacl -R -m u:www-data:rX -m u:"$(whoami)":rwX config/jwt
-    setfacl -dR -m u:www-data:rX -m u:"$(whoami)":rwX config/jwt
+    (setfacl -R -m u:www-data:rX -m u:"$(whoami)":rwX config/jwt && setfacl -dR -m u:www-data:rX -m u:"$(whoami)":rwX config/jwt) || chmod -R 755 config/jwt
 '
diff --git a/client/.dockerignore b/client/.dockerignore
@@ -0,0 +1,2 @@
+.git
+node_modules
diff --git a/client/Dockerfile b/client/Dockerfile
@@ -1,24 +1,48 @@
-# base image
-FROM node:12.2.0 AS client_angular
+FROM node:12.16.1-alpine AS runner
 
-# install chrome for protractor tests
-RUN wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add -
-RUN sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list'
-RUN apt-get update && apt-get install -yq google-chrome-stable
+WORKDIR /usr/src/app
 
-# set working directory
-WORKDIR /app
+ARG API_BASE_URL
+ARG TRANSPORT
+ENV API_BASE_URL $API_BASE_URL
+ENV TRANSPORT $TRANSPORT
+RUN echo "Api base url: ${TRANSPORT}${API_BASE_URL}"
 
-# add `/app/node_modules/.bin` to $PATH
-ENV PATH /app/node_modules/.bin:$PATH
+COPY package.json ./
+RUN npm install
+
+COPY . .
+
+RUN echo -e "\
+export const environment = { \n\
+  production: true, \n\
+  API_DOMAIN: '${API_BASE_URL}', \n\
+  TRANSPORT: '${TRANSPORT}', \n\
+  API_ENDPOINT: '/api', \n\
+  MAPS_KEY: '', \n\
+  version: '1.0.0', \n\
+  environment: 'prod', \n\
+} \n\
+" > src/environments/environment.prod.ts
+RUN echo -e "\
+export const environment = { \n\
+  production: true, \n\
+  API_DOMAIN: '${API_BASE_URL}', \n\
+  TRANSPORT: '${TRANSPORT}', \n\
+  API_ENDPOINT: '/api', \n\
+  MAPS_KEY: '', \n\
+  version: '1.0.0', \n\
+  environment: 'prod', \n\
+} \n\
+" > src/environments/environment.ts
 
-# install and cache app dependencies
-COPY package.json /app/package.json
+FROM node:12.16.1-alpine AS builder
+WORKDIR /usr/src/app
+COPY --from=runner /usr/src/app/ .
 RUN npm install
-RUN npm install -g @angular/cli@7.3.9
+RUN npm run build --configuration=prod
 
-# add app
-COPY . /app
+FROM nginx:1.15.8-alpine
 
-# start app
-CMD ng serve --host 0.0.0.0
+COPY --from=builder /usr/src/app/dist/front/ /usr/share/nginx/html
+COPY --from=builder /usr/src/app/docker/nginx.conf /etc/nginx/conf.d/default.conf
diff --git a/client/angular.json b/client/angular.json
@@ -44,7 +44,7 @@
               "outputHashing": "all",
               "sourceMap": false,
               "extractCss": true,
-              "namedChunks": false,
+              "namedChunks": true,
               "extractLicenses": true,
               "vendorChunk": false,
               "buildOptimizer": true,
@@ -66,7 +66,8 @@
         "serve": {
           "builder": "@angular-devkit/build-angular:dev-server",
           "options": {
-            "browserTarget": "front:build"
+            "browserTarget": "front:build",
+            "disableHostCheck": true
           },
           "configurations": {
             "production": {
@@ -130,4 +131,4 @@
   "cli": {
     "analytics": false
   }
-}
+}
diff --git a/client/docker/nginx.conf b/client/docker/nginx.conf
@@ -0,0 +1,8 @@
+server {
+  listen 80;
+  location / {
+    root /usr/share/nginx/html;
+    index index.html index.htm;
+    try_files $uri $uri/ /index.html =404;
+  }
+}