essaie du https

H1B0B0 · Feb 14, 2024 · 795aeae · 795aeae
1 parent b600683
commit 795aeae
Show file tree

Hide file tree

Showing 5 changed files with 73 additions and 44 deletions.
diff --git a/.github/workflows/aws.yml b/.github/workflows/aws.yml
@@ -57,7 +57,7 @@ jobs:
           ansible-galaxy collection install community.docker
           echo "[all]" > inventory.ini
           echo "my_instance ansible_host=${{secrets.ip_address}} ansible_user=hibo ansible_ssh_private_key_file=./private_key" >> inventory.ini
-          ansible-playbook -i inventory.ini playbook.yml --extra-vars "MONGO_INITDB_ROOT_USERNAME=${{ secrets.MONGO_INITDB_ROOT_USERNAME }} MONGO_INITDB_ROOT_PASSWORD=${{ secrets.MONGO_INITDB_ROOT_PASSWORD }} MONGO_INITDB_DATABASE=${{ secrets.MONGO_INITDB_DATABASE }} MONGODB_USER=${{ secrets.MONGODB_USER }} MONGODB_USER_PASSWORD=${{ secrets.MONGODB_USER_PASSWORD }} SITE_ADDRESS=${{secrets.ip_address}} NEXT_PUBLIC_BASE_URL=${{ secrets.NEXT_PUBLIC_BASE_URL }} PORT=${{ secrets.PORT }} DEBUG=${{ secrets.DEBUG }}"
+          ansible-playbook -i inventory.ini playbook.yml --extra-vars "MONGO_INITDB_ROOT_USERNAME=${{ secrets.MONGO_INITDB_ROOT_USERNAME }} MONGO_INITDB_ROOT_PASSWORD=${{ secrets.MONGO_INITDB_ROOT_PASSWORD }} MONGO_INITDB_DATABASE=${{ secrets.MONGO_INITDB_DATABASE }} MONGODB_USER=${{ secrets.MONGODB_USER }} MONGODB_USER_PASSWORD=${{ secrets.MONGODB_USER_PASSWORD }} SITE_ADDRESS=${{secrets.ip_address}} ORIGIN_URL=${{ secrets.ORIGIN_URL }} NEXT_PUBLIC_BASE_URL=${{ secrets.NEXT_PUBLIC_BASE_URL }} PORT=${{ secrets.PORT }} DEBUG=${{ secrets.DEBUG }} JWT_SECRET=${{ secrets.JWT_SECRET }}"
         env:
           SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
           ANSIBLE_HOST_KEY_CHECKING: False

diff --git a/backend/src/routes/socket.ts b/backend/src/routes/socket.ts
@@ -17,7 +17,7 @@ export const server = http.createServer(app);
 
 const io = new Server(server, {
   cors: {
-    origin: "*",
+    origin: process.env.ORIGIN_URL || "*",
     methods: ["GET", "POST", "PUT", "DELETE"],
   },
   maxHttpBufferSize: 2e7,
@@ -79,7 +79,7 @@ io.on("connection", (socket) => {
     try {
       await Room.findByIdAndDelete(roomId);
       io.emit("room_deleted", roomId);
-  
+
       console.log(`Room ${roomId} deleted.`);
     } catch (error) {
       console.error(`Error deleting room ${roomId}: `, error);
@@ -129,9 +129,9 @@ io.on("connection", (socket) => {
     });
 
     // Confirme la jonction à l'utilisateur
-    socket.emit("room_joined", {roomName: room.name, roomId: roomId});
+    socket.emit("room_joined", { roomName: room.name, roomId: roomId });
   });
-  
+
   socket.on("send_message", async (data) => {
     io.emit("receive_message", data);
 

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -4,17 +4,24 @@ services:
     image: traefik
     container_name: traefik
     command:
-      - "--api.insecure=true"
-      - "--providers.docker=true"
-      - "--providers.docker.exposedbydefault=false"
-      - "--entrypoints.web.address=:80"
-      - "--entrypoints.websecure.address=:443"
+      - --providers.docker=true
+      - --providers.docker.exposedbydefault=false
+      - --entrypoints.web.address=:80
+      - --entrypoints.websecure.address=:443
+      - --certificatesresolvers.letsencrypt.acme.email=hibobo@kurama-chat.xyz
+      - --certificatesresolvers.letsencrypt.acme.storage=acme/acme.json
+      - --certificatesresolvers.letsencrypt.acme.tlschallenge=true
+      - --entryPoints.web.http.redirections.entryPoint.to=websecure
+      - --entryPoints.web.http.redirections.entryPoint.scheme=https
+      - --entryPoints.web.http.redirections.entrypoint.permanent=true
+      - --certificatesresolvers.letsencrypt.acme.caserver=https://acme-v02.api.letsencrypt.org/directory
     ports:
       - "80:80"
       - "443:443"
-      - "8080:8080"
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
+      - ./volumes/traefik/acme:/acme
+      - ./volumes/traefik/logs:/logs
     networks:
       - web
 
@@ -49,6 +56,7 @@ services:
       - MONGO_INITDB_DATABASE=${MONGO_INITDB_DATABASE}
       - MONGODB_USER=${MONGODB_USER}
       - MONGODB_USER_PASSWORD=${MONGODB_USER_PASSWORD}
+      - ORIGIN_URL=${ORIGIN_URL}
       - PORT=${PORT}
       - DEBUG=${DEBUG}
     ports:
@@ -65,9 +73,9 @@ services:
       - ./frontend:/frontend/src
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.frontend.rule=HostRegexp(`{any:.*}`)"
-      - "traefik.http.routers.frontend.entrypoints=web,websecure"
-      - "traefik.http.services.frontend.loadbalancer.server.port=3000"
+      - traefik.http.routers.whoami.rule=Host(`kurama-chat.com`)
+      - traefik.http.routers.whoami.entrypoints=websecure
+      - traefik.http.routers.whoami.tls.certresolver=letsencrypt
     networks:
       - web
     environment:

diff --git a/playbook.yml b/playbook.yml
@@ -9,35 +9,35 @@
       ignore_errors: true
 
     - block:
-      - name: Run the equivalent of "apt-get update" as a separate step
-        apt:
-          update_cache: true
-          cache_valid_time: 3600
-      - name: Update all packages to the latest version
-        apt:
-          upgrade: dist
-      - name: Install Docker dependencies
-        apt:
-          name: "{{ item }}"
-          state: latest
-        loop:
-          - apt-transport-https
-          - ca-certificates
-          - curl
-          - gnupg
-          - lsb-release
-      - name: Add Docker's official GPG key
-        shell: sudo rm -f /usr/share/keyrings/docker-archive-keyring.gpg && curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
-      - name: Set up the Docker stable repository
-        apt_repository:
-          repo: deb [arch=arm64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable
-      - name: Update apt packages
-        apt:
-          update_cache: yes
-      - name: Install Docker
-        apt:
-          name: docker-ce
-          state: latest
+        - name: Run the equivalent of "apt-get update" as a separate step
+          apt:
+            update_cache: true
+            cache_valid_time: 3600
+        - name: Update all packages to the latest version
+          apt:
+            upgrade: dist
+        - name: Install Docker dependencies
+          apt:
+            name: "{{ item }}"
+            state: latest
+          loop:
+            - apt-transport-https
+            - ca-certificates
+            - curl
+            - gnupg
+            - lsb-release
+        - name: Add Docker's official GPG key
+          shell: sudo rm -f /usr/share/keyrings/docker-archive-keyring.gpg && curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
+        - name: Set up the Docker stable repository
+          apt_repository:
+            repo: deb [arch=arm64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable
+        - name: Update apt packages
+          apt:
+            update_cache: yes
+        - name: Install Docker
+          apt:
+            name: docker-ce
+            state: latest
       when: docker_installed.rc != 0
 
     - name: Check if Python pip is installed
@@ -126,6 +126,8 @@
           NEXT_PUBLIC_BASE_URL=http://{{ SITE_ADDRESS }}:{{ PORT }}/
           PORT={{ PORT }}
           DEBUG={{ DEBUG }}
+          ORIGIN_URL={{ ORIGIN_URL }}
+          JWT_SECRET={{ JWT_SECRET }}
 
     - name: Check if network web exists
       command: docker network ls --filter name=^web$ --format={{'.Name'}}
@@ -137,4 +139,4 @@
 
     - name: Execute docker-compose for Deployment
       docker_compose:
-        project_src: /var/deployment/
+        project_src: /var/deployment/
diff --git a/volumes/traefik/acme/acme.json b/volumes/traefik/acme/acme.json
@@ -0,0 +1,19 @@
+{
+  "letsencrypt": {
+    "Account": {
+      "Email": "[email protected]",
+      "Registration": {
+        "body": {
+          "status": "valid",
+          "contact": [
+            "mailto:[email protected]"
+          ]
+        },
+        "uri": "https://acme-v02.api.letsencrypt.org/acme/acct/1569675727"
+      },
+      "PrivateKey": "MIIJKQIBAAKCAgEAxpkBxQhgdt4EpMcNjSJ/f4nNWC+vJxx30A+DVkoUMBrA8RH5mraRj26vzLYGvYcugbmUtKAZFyXGyzM9hhSFu+GU/PjCwVBlR9YF+STfaZ2lUGI1eIhg9J7js5aYGHJbenag4fxCmScfqNlZlaKrn/YoBbUgqRvYTX8lsU9CYviqsy083GqJmupdGoFbHrfGaH1Zv8Aev+3inF313AiTX+6FpbWIEmMHIXET1DMt/m9QXE/ULAh99ZndSH+QzZ3J5B4IyxaEsoGDBsQaqDuRUoojrCDtu9R5+dn2TyG39V8Mj6w7TVuw4iwJopyJZdAUAeYsnuPn4FfkaZzlhwT4T8m+yAPL2XAy/LXjNLhnwSBCMWpdnGpFK1QB2h6cTamcLvAzNTM7oIsfD3nvWIRgceDPaN6B2lP2d8BsVyj++Cyh5r5PDCTpySjV1A81QXQnkwjejWBLsaevRU96LG1Xm12BiLCiXrLObfy3QErYoWoKH8IOarXEWxpD3xlcz8nXnKnHU5OjbBwZLJ9qL/cPvwW217rToTC821dBKJBm1Z/I5qLbPFw3FFcSb3MITgmQLfZ7GODrTPn9g7QkGQgS4JzIlkzuIwWvaeU79nuhtRMFT1Zl1jrd9U7GLa0P4zQGTtiP2mXjC1rejrsKyc335DV7Rv4eAERsEJGs64hS+W0CAwEAAQKCAgBfxFrRG7gAuhE9MGu9ejxHUTk/ZEcvMhAoucJYswJHLC+MUGGwFIfexb5qlgBsFqr7jXVDIMzYl7PkOwJZDL5smlxRHNg1hkJAwNlCimBdutKED8e/JuyyKYieCmmvqD2qsVflgdLPrckbkCwd90KRsY8dKXnlcnL88+pGNXVK6qTOIGtv0sQmewuIg4ZgKri3nHLR/6AUZ29WfgzYHR6MLSYvgXlrfGts2e1473End6Al06z5yuKKs7a8hh9at9MqeL0+yc4VklSPx7MfGxJ53flTwNFDOTPUoyGeiSD/ZuVUxvYV2LhUaG4BB0FOYmezfr5XpIklatzPfQRF9sSSQ7nt/fbmC2qVyfXcoc9qOzrKbsOJoobLA4PAN/YXUBiaoJ7J3mmJVZPlK7t/3dnMQ+ke8HePww7h88mC6O+6iidOjLXvUsEMJYS7G92JlpSy8TM3D8TctnWpbOQedS8Yls4UNMNjU6ygg3mHXDkj2lfl4V9fc3hMrxKc/hzXuDrvh5ZSCoPHtWbVgmsa0tqBAILESniRdwE5ZhxQaETDhPy1v5PrJYY7DyUA1dBORwUEgLN9nUwtJd8IcyOGwji7SxPIrdla6eF2mlPcU7JPI0sSih16itCovKcnvvksiGqRQU6J58fyrTEFkFA53RQqROM6G7Io/cvSZv4PmXcfgQKCAQEA5AtOpJfrZVgi7WSwasrOcrfVKj54uVV65Ne4xwCnenbBZ7Z4gB1wvhtEkGKjt7fY5JdtpzmfHB71Cj8HnQMfpcmfeXlcHi4cpxr86q8abGJEJRI7W0dDKOrmli4YAUzErV4xAQawfHXnUD8u6153HqHJLh7NHazeOZr8YGQ0Eh3EBso3ONyH84xb40vvueZUSeS+gMje+Gzu32uUjM4/ULHJuODzwtbibi6/Sg9sPDOPvBCIAJ01s1r+z+YCNOOd2xYbZAetZxAbFW7RrqZANfWl9PTCDXmGZZXsl5gCRbkYkPyGRW51uF1UifLGVsxXJpO2rJs8mtDVr/Yp2YbMDQKCAQEA3vGVOOWAMnYSHiKvTaMSVFRbaWCxidb+l+uKNJpujnk4vYrJmiYegV7aM3Ht44+4VBLTVy2HvQ6w62bPfZNvRRQBeZCllEUj3O0dd2MKjl/WTG5UBULNMgtSvRutLcLgKpqjcW6XqPXJn5z5nb/xOP9F31l9kvloz0P6KufsL/sKfbH7Tk/LwhtWEzfD+kX46+xevDOy+F6Q7gXaWqJuU7CDolC1xBQaLioS0UZrVG1VUWGYmxRzyIAjU+qKnZA+bKZCKSD4pKuZuhBfYQWTSs4U1Qsznv33MO1n3CI0JHoXaNyzge4MOZTdagBiCU2Hn1MEUXGeOwDyQyKDP32q4QKCAQEAtXyeOPXC3GPZYC67DDKdPMU6+6S+NVlnNcrM/mtx3k+2ulCI9AT6HgHbfkFSZDsHfV1aYjTEgP/OKjphV78Np8afiXBhNI+kNAWRdUCn+cv2yb4JySocs+rGWo0Sg65R9Fu7CkMFn/fBgKbYM295w8IkNvVCbrSOIzBKXHhCzIwt3u1+J12zQMvasTlU7xD00d4fEqVKdlFThjG7Bph54UGs9drphI25pNDFYi6GCB9M6/IIGt0CyNvJYTF/XhIsJhkg8Wn+wcAaneMVMzaScZ8vVZSY/1pQ8HXx1e+fF1goyfJ+9bDkNTbpueOhn6B+V3BFeHcPM3KyLZjuU3Uo3QKCAQAmA92lCQU2FYn7V4C65U6P0J6Rtmovjdh1wTUcySSG6MazE0JTJaLX/nuIgCnHPs94jok4+UuHAkVKroo86HH1vnaN6wtA4BVAa7I1lE7NfiwFdl6fUwe4O9QM6PY7sloVCa9K/UehCOArdlHeA0e3p1ebwR+3ew3TIc07mbZdbBoa2sl2Tgb5fz3LIxwoxduvJuv0fYBL95wQ6jCUedQEMzoO6GJGIANi0cvJoY9VoxsEOHcUIoWnr6nWekzOlzT9w8/OQZAETDp3Tqlk2tWF0OQee71+o+GNlz25fJ+VhLgPKmr1gcjV3LtwgsY0veKdWUOIO652cy/cILtujRghAoIBAQCjF5PNNYWrm0RCYz7fL5JpV0paIJ6rXujO1ppRHfUAw2YxtvGfRP9sHMCYv9QjDyuXQqohfh4U2+55ulX7dwHtPc8NKXlrdOehLRtWYOtr9p7DzzGkOAl3kQjV/0l4a1cFD6fCNITYXVRsTHkKYDpzxZuDlEJXzVUOA5YGqKit9lm5oPpUERljKv/cKNaorg9GRfa2yL/ujp91Q28thsXkBvfyLxuYBy4iawWQM1vw37bu37NhQfXgHh6pebpkr7JmHwPcFFWGO29j6gxSlTCmGbwgOWa1qbPbfAE/DtpEiPFm2PRuXD+qkeeSEOrpfZF5YbWeadG1VLbQkQpCQwH/",
+      "KeyType": "4096"
+    },
+    "Certificates": null
+  }
+}