dennii/Termix
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases 22 Wiki Activity

Fix SSL docker issues

Browse Source
This commit is contained in:
LukeGus
2025-09-25 23:55:06 -05:00
parent edbc2b978c
commit 092c8e4218
4 changed files with 71 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docker/docker-compose.yml
View File

@@ -16,9 +16,9 @@ services:
restart: unless-stopped
ports:
# HTTP port (redirects to HTTPS if SSL enabled)
- "${PORT:-8080}:8080"
- "${PORT:-8080}:${PORT:-8080}"
# HTTPS port (when SSL is enabled)
- "${SSL_PORT:-8443}:8443"
- "${SSL_PORT:-8443}:${SSL_PORT:-8443}"
volumes:
- termix-data:/app/data
- termix-config:/app/config # Auto-generated .env keys are persisted here

58
docker/entrypoint.sh
View File

@@ -27,6 +27,64 @@ mkdir -p /app/data
chown -R node:node /app/data
chmod 755 /app/data
# If SSL is enabled, generate certificates first
if [ "$ENABLE_SSL" = "true" ]; then
echo "Generating SSL certificates..."
mkdir -p /app/ssl
chown -R node:node /app/ssl
chmod 755 /app/ssl
# Generate SSL certificates using OpenSSL directly (faster and more reliable)
DOMAIN=${SSL_DOMAIN:-localhost}
echo "Generating certificate for domain: $DOMAIN"
# Create OpenSSL config
cat > /app/ssl/openssl.conf << EOF
[req]
default_bits = 2048
prompt = no
default_md = sha256
distinguished_name = dn
req_extensions = v3_req
[dn]
C=US
ST=State
L=City
O=Termix
OU=IT Department
CN=$DOMAIN
[v3_req]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = $DOMAIN
DNS.2 = localhost
DNS.3 = 127.0.0.1
IP.1 = 127.0.0.1
IP.2 = ::1
EOF
# Generate private key
openssl genrsa -out /app/ssl/termix.key 2048
# Generate certificate
openssl req -new -x509 -key /app/ssl/termix.key -out /app/ssl/termix.crt -days 365 -config /app/ssl/openssl.conf -extensions v3_req
# Set proper permissions
chmod 600 /app/ssl/termix.key
chmod 644 /app/ssl/termix.crt
chown node:node /app/ssl/termix.key /app/ssl/termix.crt
# Clean up config
rm -f /app/ssl/openssl.conf
echo "SSL certificates generated successfully for domain: $DOMAIN"
fi
echo "Starting nginx..."
nginx

6
docker/nginx-https.conf
View File

@@ -19,16 +19,16 @@ http {
# HTTP Server - Redirect to HTTPS
server {
listen ${PORT};
server_name localhost;
server_name _;
# Redirect all HTTP traffic to HTTPS
return 301 https://$server_name:${SSL_PORT}$request_uri;
return 301 https://$host:${SSL_PORT}$request_uri;
}
# HTTPS Server
server {
listen ${SSL_PORT} ssl;
server_name localhost;
server_name _;
# SSL Certificate paths
ssl_certificate ${SSL_CERT_PATH};

36
src/backend/database/database.ts
View File

@@ -1496,34 +1496,14 @@ app.listen(HTTP_PORT, async () => {
});
});
// Start HTTPS server if SSL is enabled
// Note: HTTPS is handled by nginx reverse proxy, not directly by Node.js
// The backend runs on HTTP and nginx terminates SSL
const sslConfig = AutoSSLSetup.getSSLConfig();
if (sslConfig.enabled && fs.existsSync(sslConfig.certPath) && fs.existsSync(sslConfig.keyPath)) {
const httpsOptions = {
cert: fs.readFileSync(sslConfig.certPath),
key: fs.readFileSync(sslConfig.keyPath)
};
https.createServer(httpsOptions, app).listen(HTTPS_PORT, () => {
databaseLogger.success(`Database API server started on HTTPS port ${HTTPS_PORT}`, {
operation: "server_start",
port: HTTPS_PORT,
protocol: "HTTPS",
domain: sslConfig.domain,
routes: [
"/users",
"/ssh",
"/alerts",
"/credentials",
"/health",
"/version",
"/releases/rss",
"/encryption/status",
"/database/export",
"/database/import",
"/database/export/:exportPath/info",
"/database/restore",
],
});
if (sslConfig.enabled) {
databaseLogger.info(`SSL is enabled - HTTPS termination handled by nginx on port ${sslConfig.port}`, {
operation: "ssl_info",
nginx_https_port: sslConfig.port,
backend_http_port: HTTP_PORT,
note: "Backend runs on HTTP, nginx handles SSL termination"
});
}