Mount nginx data in consistent location; fix dependencies

build/docker-compose.yml

@@ -21,7 +21,7 @@ services:
     volumes:
       - boulder_data:/opt/boulder/labca
       - certificates:/opt/boulder/labca/certs
-      - nginx_html:/opt/wwwstatic
+      - nginx_html:/var/www/html
       - softhsm:/var/lib/softhsm/tokens
     networks:
       bouldernet:
@@ -109,7 +109,7 @@ services:
       - /var/run/docker.sock:/var/run/docker.sock
       - ./docker-compose.yml:/opt/boulder/docker-compose.yml
       - ldata:/opt/labca/data
-      - nginx_html:/opt/wwwstatic
+      - nginx_html:/var/www/html
       - backup:/opt/backup
       - boulder_data:/opt/boulder/labca
       - certificates:/opt/boulder/labca/certs

build/tmp.patch

@@ -1,5 +1,5 @@
 diff --git a/docker-compose.yml b/docker-compose.yml
-index 71203004d..b17125e54 100644
+index 81a92bbe6..49e3c2797 100644
 --- a/docker-compose.yml
 +++ b/docker-compose.yml
 @@ -4,7 +4,7 @@ services:
@@ -17,30 +17,19 @@ index 71203004d..b17125e54 100644
      volumes:
 -      - .:/opt/boulder:cached
 -      - /home/labca/boulder_labca:/opt/boulder/labca
--      - /home/labca/nginx_data/static:/opt/wwwstatic
+-      - /home/labca/nginx_data/static:/var/www/html
 -      - ./.gocache:/root/.cache/go-build:cached
 -      - /home/labca/boulder_labca/certs/.softhsm-tokens/:/var/lib/softhsm/tokens/
 +      - boulder_data:/opt/boulder/labca
 +      - certificates:/opt/boulder/labca/certs
-+      - nginx_html:/opt/wwwstatic
++      - nginx_html:/var/www/html
 +      - softhsm:/var/lib/softhsm/tokens
      networks:
        bouldernet:
          ipv4_address: 10.77.77.77
-@@ -53,6 +52,7 @@ services:
-       - bmysql
-       - bconsul
-       - bpkilint
-+      - control
-     entrypoint: labca/entrypoint.sh
-     working_dir: &boulder_working_dir /opt/boulder
-     logging:
-@@ -87,35 +87,40 @@ services:
- 
-   bconsul:
-     image: hashicorp/consul:1.15.4
-+    depends_on:
-+      - control
+@@ -91,35 +90,37 @@ services:
+     depends_on:
+       - control
      volumes:
 -      - /home/labca/boulder_labca:/opt/boulder/labca
 +      - boulder_data:/opt/boulder/labca
@@ -63,14 +52,14 @@ index 71203004d..b17125e54 100644
        - /var/run/docker.sock:/var/run/docker.sock
 -      - /home/labca/admin:/go/src/labca
 -      - ./.gocache:/root/.cache/go-build
--      - /home/labca/nginx_data/static:/opt/wwwstatic
+-      - /home/labca/nginx_data/static:/var/www/html
 -      - /home/labca/backup:/opt/backup
 -      - .:/opt/boulder
 -      - /home/labca/boulder_labca:/opt/boulder/labca
 -      - /home/labca/boulder_labca/certs/.softhsm-tokens/:/var/lib/softhsm/tokens/
 +      - ./docker-compose.yml:/opt/boulder/docker-compose.yml
 +      - ldata:/opt/labca/data
-+      - nginx_html:/opt/wwwstatic
++      - nginx_html:/var/www/html
 +      - backup:/opt/backup
 +      - boulder_data:/opt/boulder/labca
 +      - certificates:/opt/boulder/labca/certs
@@ -79,15 +68,15 @@ index 71203004d..b17125e54 100644
        - 3000
      depends_on:
        - bmysql
+       - control
 -    working_dir: /go/src/labca
 -    command: ./setup.sh
-+      - control
 +    working_dir: /opt/labca
 +    command: bin/labca-gui
      logging:
        driver: "json-file"
        options:
-@@ -132,28 +137,28 @@ services:
+@@ -136,30 +137,28 @@ services:
        - 80:80
        - 443:443
      volumes:
@@ -97,8 +86,8 @@ index 71203004d..b17125e54 100644
 +      - nginx_conf:/etc/nginx/conf.d
 +      - nginx_ssl:/etc/nginx/ssl
 +      - nginx_html:/var/www/html
-+    depends_on:
-+      - control
+     depends_on:
+       - control
  
    control:
 -    image: *boulder_tools_image
@@ -132,7 +121,7 @@ index 71203004d..b17125e54 100644
      expose:
        - 3030
      environment:
-@@ -171,6 +176,15 @@ services:
+@@ -177,6 +176,15 @@ services:
  
  volumes:
    dbdata:

checkcrl

@@ -23,7 +23,7 @@ if [ crl/ -nt certs/index.html ]; then
 
     PKI_INT_CERT_BASE="/opt/boulder/labca/certs/webpki/issuer-01-cert"
     INT_BASE_NAME=$(basename $PKI_INT_CERT_BASE)
-    INT_CRL_NAME=${INT_BASE_NAME//-cert/-crl}.pem
+    INT_CRL_NAME=${INT_BASE_NAME/-cert/-crl}.pem
     PKI_ISSUER_NAME_ID=$(grep issuer_name_id /opt/labca/data/config.json | sed -e 's/.*:[ ]*//' | sed -e 's/,//g' | sed -e 's/\"//g')
     PKI_INT_CRL_LINK=""
     PKI_INT_CRL_VALIDITY=""

gui/apply

@@ -11,7 +11,7 @@ export PKI_INT_CERT_BASE="$dataDir/issuer-01-cert"
 cd /opt/boulder/labca
 $baseDir/apply-boulder
 
-cd /opt/wwwstatic
+cd /var/www/html
 
 PKI_ROOT_CRL_FILE=${PKI_ROOT_CERT_BASE/-cert/-crl}.pem
 if [ -e "$PKI_ROOT_CRL_FILE" ]; then

patches/config_crl-storer.patch

@@ -14,7 +14,7 @@ index 3ab267b0f..3c6f5c6a2 100644
 -			"test/certs/webpki/int-ecdsa-c.cert.pem"
 +			"test/certs/webpki/int-rsa-a.cert.pem"
  		],
-+		"localStorePath": "/opt/wwwstatic/crl",
++		"localStorePath": "/var/www/html/crl",
  		"s3Endpoint": "http://localhost:4501",
  		"s3Bucket": "lets-encrypt-crls",
  		"awsConfigFile": "test/config/crl-storer.ini",

patches/docker-compose.patch

@@ -1,5 +1,5 @@
 diff --git a/docker-compose.yml b/docker-compose.yml
-index d0a439f0f..71203004d 100644
+index d0a439f0f..81a92bbe6 100644
 --- a/docker-compose.yml
 +++ b/docker-compose.yml
 @@ -1,3 +1,4 @@
@@ -19,14 +19,14 @@ index d0a439f0f..71203004d 100644
 -      - .:/boulder:cached
 +      - .:/opt/boulder:cached
 +      - /home/labca/boulder_labca:/opt/boulder/labca
-+      - /home/labca/nginx_data/static:/opt/wwwstatic
++      - /home/labca/nginx_data/static:/var/www/html
        - ./.gocache:/root/.cache/go-build:cached
 -      - ./test/certs/.softhsm-tokens/:/var/lib/softhsm/tokens/:cached
 +      - /home/labca/boulder_labca/certs/.softhsm-tokens/:/var/lib/softhsm/tokens/
      networks:
        bouldernet:
          ipv4_address: 10.77.77.77
-@@ -48,29 +51,21 @@ services:
+@@ -48,29 +51,22 @@ services:
        - 4003:4003 # SFE
      depends_on:
        - bmysql
@@ -50,6 +50,7 @@ index d0a439f0f..71203004d 100644
 -      # normal "docker compose up/run boulder", only when specifically invoked
 -      # with a "docker compose up bsetup".
 -      - setup
++      - control
 +    entrypoint: labca/entrypoint.sh
 +    working_dir: &boulder_working_dir /opt/boulder
 +    logging:
@@ -66,7 +67,7 @@ index d0a439f0f..71203004d 100644
      networks:
        bouldernet:
          aliases:
-@@ -84,46 +79,98 @@ services:
+@@ -84,46 +80,103 @@ services:
      # small.
      command: mysqld --bind-address=0.0.0.0 --slow-query-log --log-output=TABLE --log-queries-not-using-indexes=ON
      logging:
@@ -94,6 +95,8 @@ index d0a439f0f..71203004d 100644
  
    bconsul:
      image: hashicorp/consul:1.15.4
++    depends_on:
++      - control
      volumes:
 -     - ./test/:/test/:cached
 +      - /home/labca/boulder_labca:/opt/boulder/labca
@@ -118,7 +121,7 @@ index d0a439f0f..71203004d 100644
 +      - /var/run/docker.sock:/var/run/docker.sock
 +      - /home/labca/admin:/go/src/labca
 +      - ./.gocache:/root/.cache/go-build
-+      - /home/labca/nginx_data/static:/opt/wwwstatic
++      - /home/labca/nginx_data/static:/var/www/html
 +      - /home/labca/backup:/opt/backup
 +      - .:/opt/boulder
 +      - /home/labca/boulder_labca:/opt/boulder/labca
@@ -127,6 +130,7 @@ index d0a439f0f..71203004d 100644
 +      - 3000
 +    depends_on:
 +      - bmysql
++      - control
 +    working_dir: /go/src/labca
 +    command: ./setup.sh
 +    logging:
@@ -148,6 +152,8 @@ index d0a439f0f..71203004d 100644
 +      - /home/labca/nginx_data/conf.d:/etc/nginx/conf.d
 +      - /home/labca/nginx_data/ssl:/etc/nginx/ssl
 +      - /home/labca/nginx_data/static:/var/www/html
++    depends_on:
++      - control
 +
 +  control:
 +    image: *boulder_tools_image

patches/updater_continuous.patch

@@ -17,7 +17,7 @@ index 4597fd60a..5ee00d765 100644
 +	// If there is no .crl file yet, generate one (after a delay to let all other
 +	// components start up fully).
 +	// Dirty hack to check filesystem directly instead of using the crl-storer...
-+	files, err := os.ReadDir("/opt/wwwstatic/crl/")
++	files, err := os.ReadDir("/var/www/html/crl/")
 +	if err != nil {
 +		return err
 +	}