Fix docker build and electron SSL

2025-09-28 17:00:05 -05:00
parent 9969d17c57
commit 4b377659f6
4 changed files with 65 additions and 6 deletions
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -11,7 +11,7 @@ ENV npm_config_target_arch=x64
 ENV npm_config_target_libc=musl

 RUN npm ci --force --ignore-scripts && \
-    npm install @rollup/rollup-linux-x64-musl --force && \
+    npm install @rollup/rollup-linux-x64-musl @esbuild/linux-x64-musl --force && \
    npm cache clean --force

 # Stage 2: Build frontend
@@ -20,7 +20,7 @@ WORKDIR /app

 COPY . .

-RUN npm install @rollup/rollup-linux-x64-musl --force && \
+RUN npm install @rollup/rollup-linux-x64-musl @esbuild/linux-x64-musl --force && \
    npm cache clean --force && \
    npm run build

--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@@ -75,6 +75,7 @@ DNS.2 = localhost
 DNS.3 = 127.0.0.1
 IP.1 = 127.0.0.1
 IP.2 = ::1
+IP.3 = 0.0.0.0
 EOF

        openssl genrsa -out /app/data/ssl/termix.key 2048
--- a/electron/main.cjs
+++ b/electron/main.cjs
@@ -136,6 +136,8 @@ async function fetchGitHubAPI(endpoint, cacheKey) {
            requestOptions.rejectUnauthorized = false;
            requestOptions.agent = new https.Agent({
              rejectUnauthorized: false,
+              secureProtocol: 'TLSv1_2_method',
+              checkServerIdentity: () => undefined,
            });
          }

@@ -303,13 +305,15 @@ ipcMain.handle("test-server-connection", async (event, serverUrl) => {
          const requestOptions = {
            method: options.method || "GET",
            headers: options.headers || {},
-            timeout: options.timeout || 5000,
+            timeout: options.timeout || 10000,
          };

          if (isHttps) {
            requestOptions.rejectUnauthorized = false;
            requestOptions.agent = new https.Agent({
              rejectUnauthorized: false,
+              secureProtocol: 'TLSv1_2_method',
+              checkServerIdentity: () => undefined,
            });
          }

@@ -347,7 +351,7 @@ ipcMain.handle("test-server-connection", async (event, serverUrl) => {
    try {
      const response = await fetch(healthUrl, {
        method: "GET",
-        timeout: 5000,
+        timeout: 10000,
      });

      if (response.ok) {
@@ -393,7 +397,7 @@ ipcMain.handle("test-server-connection", async (event, serverUrl) => {
      const versionUrl = `${normalizedServerUrl}/version`;
      const response = await fetch(versionUrl, {
        method: "GET",
-        timeout: 5000,
+        timeout: 10000,
      });

      if (response.ok) {
--- a/src/backend/utils/auto-ssl-setup.ts
+++ b/src/backend/utils/auto-ssl-setup.ts
@@ -29,6 +29,7 @@ export class AutoSSLSetup {

    try {
      if (await this.isSSLConfigured()) {
+        await this.logCertificateInfo();
        await this.setupEnvironmentVariables();
        return;
      }
@@ -36,7 +37,14 @@ export class AutoSSLSetup {
      try {
        await fs.access(this.CERT_FILE);
        await fs.access(this.KEY_FILE);
-
+        
+        systemLogger.info("SSL certificates found from entrypoint script", {
+          operation: "ssl_cert_found_entrypoint",
+          cert_path: this.CERT_FILE,
+          key_path: this.KEY_FILE,
+        });
+        
+        await this.logCertificateInfo();
        await this.setupEnvironmentVariables();
        return;
      } catch {
@@ -132,6 +140,7 @@ DNS.4 = termix.local
 DNS.5 = *.termix.local
 IP.1 = 127.0.0.1
 IP.2 = ::1
+IP.3 = 0.0.0.0
      `.trim();

      await fs.writeFile(configFile, opensslConfig);
@@ -158,6 +167,8 @@ IP.2 = ::1
        key_path: this.KEY_FILE,
        valid_days: 365,
      });
+
+      await this.logCertificateInfo();
    } catch (error) {
      throw new Error(
        `SSL certificate generation failed: ${error instanceof Error ? error.message : "Unknown error"}`,
@@ -165,6 +176,49 @@ IP.2 = ::1
    }
  }

+  private static async logCertificateInfo(): Promise<void> {
+    try {
+      const subject = execSync(
+        `openssl x509 -in "${this.CERT_FILE}" -noout -subject`,
+        { stdio: "pipe" },
+      )
+        .toString()
+        .trim();
+      const issuer = execSync(
+        `openssl x509 -in "${this.CERT_FILE}" -noout -issuer`,
+        { stdio: "pipe" },
+      )
+        .toString()
+        .trim();
+      const notAfter = execSync(
+        `openssl x509 -in "${this.CERT_FILE}" -noout -enddate`,
+        { stdio: "pipe" },
+      )
+        .toString()
+        .trim();
+      const notBefore = execSync(
+        `openssl x509 -in "${this.CERT_FILE}" -noout -startdate`,
+        { stdio: "pipe" },
+      )
+        .toString()
+        .trim();
+
+      systemLogger.info("SSL Certificate Information:", {
+        operation: "ssl_cert_info",
+        subject: subject.replace("subject=", ""),
+        issuer: issuer.replace("issuer=", ""),
+        valid_from: notBefore.replace("notBefore=", ""),
+        valid_until: notAfter.replace("notAfter=", ""),
+        note: "Certificate will auto-renew 30 days before expiration",
+      });
+    } catch (error) {
+      systemLogger.warn("Could not retrieve certificate information", {
+        operation: "ssl_cert_info_error",
+        error: error instanceof Error ? error.message : "Unknown error",
+      });
+    }
+  }
+
  private static async setupEnvironmentVariables(): Promise<void> {
    const certPath = this.CERT_FILE;
    const keyPath = this.KEY_FILE;