feat: ssl certificates for Mynij

887c6bcb · Stefane Fermigier · 62e149d9 · 887c6bcb · 887c6bcb · 887c6bcb
Commit 887c6bcb authored Jul 22, 2021 by Stefane Fermigier
3 changed files
--- a/software/mynij-proxy/buildout.hash.cfg
+++ b/software/mynij-proxy/buildout.hash.cfg
@@ -14,4 +14,4 @@
 # not need these here).
 [instance-profile]
 filename = instance.cfg.in
-md5sum = c847ebf823ab0352a5fd4e1826c68eb4
+md5sum = fe8c54b2149fe400aaaa68d1e0ed825f
--- a/software/mynij-proxy/instance.cfg.in
+++ b/software/mynij-proxy/instance.cfg.in
@@ -37,7 +37,7 @@ service = ${:etc}/service
 # Path of the log directory used by our service (see [helloweb])
 log = ${:var}/log
 plugins = ${:etc}/plugins
+ssl = ${:etc}/ssl
 [mynij-proxy-service]
 # Actual script that starts the service:
@@ -45,7 +45,10 @@ plugins = ${:etc}/plugins
 recipe = slapos.cookbook:wrapper
 host = ${slap-configuration:ipv6-random}
 port = ${slap-configuration:configuration.port}
-command-line = {{ gunicorn_bin }} --bind [${:host}]:${:port} --pid server.pid -k uvicorn.workers.UvicornWorker -w 4 mynij_proxy:app
+command-line = {{ gunicorn_bin }} --bind [${:host}]:${:port} \
+    --pid server.pid -k uvicorn.workers.UvicornWorker -w 4 \
+    --keyfile "${certificates:ssl_key}" --certfile "${certificates:ssl_crt}" \
+    mynij_proxy:app
 wrapper-path = ${directory:service}/mynij-proxy
@@ -65,3 +68,11 @@ config-port    = ${mynij-proxy-service:port}
 recipe = slapos.cookbook:publish
 <= monitor-publish
 url = http://[${mynij-proxy-service:host}]:${mynij-proxy-service:port}
+[certificates]
+recipe = plone.recipe.command
+command = "{{ parameter_dict['openssl'] }}" req -newkey rsa -batch -new -x509 -days 3650 -nodes -keyout "${:ssl_key}" -out "${:ssl_crt}"
+stop-on-error = true
+ssl_crt = ${directory:ssl}/httpd.crt
+ssl_key = ${directory:ssl}/httpd.key
--- a/software/mynij-proxy/software.cfg
+++ b/software/mynij-proxy/software.cfg
@@ -25,14 +25,17 @@ parts =
  mynij-proxy-eggs
  instance-profile
 [python]
 part = python3
 [jinja-template]
 recipe = slapos.recipe.template:jinja2
 template = ${:_profile_base_location_}/${:filename}
 mode = 0644
 [mynij-proxy-eggs]
 recipe = zc.recipe.egg
 eggs =
@@ -46,6 +49,7 @@ eggs =
 scripts =
  gunicorn
 [mynij-proxy-repository]
 recipe = slapos.recipe.build:gitclone
 repository = https://github.com/abilian/mynij-proxy.git
@@ -53,6 +57,7 @@ branch = main
 git-executable = ${git:location}/bin/git
 # revision = 0b5ff71a2ede76499e81659aed392057ae910917
 [mynij-proxy-develop]
 recipe = zc.recipe.egg:develop
 setup = ${mynij-proxy-repository:location}
@@ -73,6 +78,7 @@ context =
  raw gunicorn_bin ${buildout:bin-directory}/gunicorn
  raw template_monitor ${monitor2-template:rendered}
 [versions]
 click = 7.1.2