Fix SSL docker issues

2025-09-25 23:55:06 -05:00
parent edbc2b978c
commit 092c8e4218
4 changed files with 71 additions and 33 deletions
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -16,9 +16,9 @@ services:
    restart: unless-stopped
    ports:
      # HTTP port (redirects to HTTPS if SSL enabled)
-      - "${PORT:-8080}:8080"
+      - "${PORT:-8080}:${PORT:-8080}"
      # HTTPS port (when SSL is enabled)
-      - "${SSL_PORT:-8443}:8443"
+      - "${SSL_PORT:-8443}:${SSL_PORT:-8443}"
    volumes:
      - termix-data:/app/data
      - termix-config:/app/config  # Auto-generated .env keys are persisted here
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@@ -27,6 +27,64 @@ mkdir -p /app/data
 chown -R node:node /app/data
 chmod 755 /app/data

+# If SSL is enabled, generate certificates first
+if [ "$ENABLE_SSL" = "true" ]; then
+    echo "Generating SSL certificates..."
+    mkdir -p /app/ssl
+    chown -R node:node /app/ssl
+    chmod 755 /app/ssl
+    
+    # Generate SSL certificates using OpenSSL directly (faster and more reliable)
+    DOMAIN=${SSL_DOMAIN:-localhost}
+    echo "Generating certificate for domain: $DOMAIN"
+    
+    # Create OpenSSL config
+    cat > /app/ssl/openssl.conf << EOF
+[req]
+default_bits = 2048
+prompt = no
+default_md = sha256
+distinguished_name = dn
+req_extensions = v3_req
+
+[dn]
+C=US
+ST=State
+L=City
+O=Termix
+OU=IT Department
+CN=$DOMAIN
+
+[v3_req]
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = $DOMAIN
+DNS.2 = localhost
+DNS.3 = 127.0.0.1
+IP.1 = 127.0.0.1
+IP.2 = ::1
+EOF
+
+    # Generate private key
+    openssl genrsa -out /app/ssl/termix.key 2048
+    
+    # Generate certificate
+    openssl req -new -x509 -key /app/ssl/termix.key -out /app/ssl/termix.crt -days 365 -config /app/ssl/openssl.conf -extensions v3_req
+    
+    # Set proper permissions
+    chmod 600 /app/ssl/termix.key
+    chmod 644 /app/ssl/termix.crt
+    chown node:node /app/ssl/termix.key /app/ssl/termix.crt
+    
+    # Clean up config
+    rm -f /app/ssl/openssl.conf
+    
+    echo "SSL certificates generated successfully for domain: $DOMAIN"
+fi
+
 echo "Starting nginx..."
 nginx

--- a/docker/nginx-https.conf
+++ b/docker/nginx-https.conf
@@ -19,16 +19,16 @@ http {
    # HTTP Server - Redirect to HTTPS
    server {
        listen ${PORT};
-        server_name localhost;
+        server_name _;

        # Redirect all HTTP traffic to HTTPS
-        return 301 https://$server_name:${SSL_PORT}$request_uri;
+        return 301 https://$host:${SSL_PORT}$request_uri;
    }

    # HTTPS Server
    server {
        listen ${SSL_PORT} ssl;
-        server_name localhost;
+        server_name _;

        # SSL Certificate paths
        ssl_certificate ${SSL_CERT_PATH};