scottk/databunker
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/databunker.git synced 2025-11-02 19:07:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

improve ssl support

Browse Source
This commit is contained in:
stremovsky
2019-12-15 20:39:29 +02:00
parent 5a08534e5a
commit 763c5d962b
3 changed files with 39 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
INSTALLATION.md
View File

@@ -36,11 +36,39 @@ docker kill dbunker
You can run it again, after it was initalized. Use the following command: You can run it again, after it was initalized. Use the following command:
``` ```
docker run -v /tmp/data:/databunker/data -p 3000:3000 \ docker run -p 3000:3000 -v /tmp/data:/databunker/data \
-e "DATABUNKER_MASTERKEY=**DATABUNKER_MASTERKEY**" \ -e "DATABUNKER_MASTERKEY=**DATABUNKER_MASTERKEY**" \
--rm --name dbunker paranoidguy/databunker --rm --name dbunker paranoidguy/databunker
``` ```
# SSL certificates
You can generate SSL certificates and place them in the /databunker/certs directory in the running container.
For example you can do this by mounting **/databunker/certs** to a local **certs/** directory as:
```
docker run -p 3000:3000 -v /tmp/data:/databunker/data \
-v certs:/databunker/certs \
-e "DATABUNKER_MASTERKEY=**DATABUNKER_MASTERKEY**" \
--rm --name dbunker paranoidguy/databunker
```
So, you need to prepare server.crt and server.key files.
## Generate self-signed certificates
You can do the following command to generate one:
```
openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \
-subj "/C=UK/ST=/L=London/O=Your-company Ltd./CN=databunker.your-company.com" \
-keyout server.key -out server.crt
```
Where:
# Create a test record # Create a test record
You can download and run a small test script that will create a user record, user app record, user consent, etc... You can download and run a small test script that will create a user record, user app record, user consent, etc...

4
databunker.yaml
View File

@@ -3,6 +3,10 @@ generic:
# allow to create user object without login # allow to create user object without login
create_user_without_token: true create_user_without_token: true
#notification_url: "http://localhost/" #notification_url: "http://localhost/"
ssl:
# ssl configuration
ssl_certificate: "/databunker/certs/server.crt"
ssl_certificate_key: "/databunker/certs/server.key"
sms: sms:
# default country when sending out SMSM # default country when sending out SMSM
twilio_account: "" twilio_account: ""

8
src/bunker.go
View File

@@ -45,6 +45,10 @@ type Config struct {
Generic struct { Generic struct {
Create_user_without_token bool `yaml:"create_user_without_token"` Create_user_without_token bool `yaml:"create_user_without_token"`
} }
Ssl struct {
Ssl_certificate string `yaml:"ssl_certificate", envconfig:"SSL_CERTIFICATE"`
Ssl_certificate_key string `yaml:"ssl_certificate_key", envconfig:"SSL_CERTIFICATE_KEY"`
}
Sms struct { Sms struct {
Default_country string `yaml:"default_country"` Default_country string `yaml:"default_country"`
Twilio_account string `yaml:"twilio_account"` Twilio_account string `yaml:"twilio_account"`
@@ -289,9 +293,9 @@ func main() {
//os.Exit(0) //os.Exit(0)
}() }()
if _, err := os.Stat("./server.key"); !os.IsNotExist(err) { if _, err := os.Stat(cfg.Ssl.Ssl_certificate); !os.IsNotExist(err) {
fmt.Printf("Loading ssl\n") fmt.Printf("Loading ssl\n")
err := srv.ListenAndServeTLS( "server.ctr", "server.key") err := srv.ListenAndServeTLS( cfg.Ssl.Ssl_certificate, cfg.Ssl.Ssl_certificate_key)
if err != nil { if err != nil {
log.Printf("ListenAndServeSSL: %s\n", err) log.Printf("ListenAndServeSSL: %s\n", err)
} }