enable SSL on local dev DB; clean up local dev stack

GSA · Jul 13, 2023 · b1cf2fe · b1cf2fe
1 parent a5eafb1
commit b1cf2fe
Show file tree

Hide file tree

Showing 7 changed files with 34 additions and 29 deletions.
diff --git a/Dockerfile b/Dockerfile
diff --git a/README.md b/README.md
@@ -31,11 +31,9 @@ npm run build:frontend
 
 ### Service dependencies
 
-This app depends on Redis to support the temporary tokens used for verification emails. It also uses PostgreSQL as a main data store. For administrator logins, the app requires an OAuth server. To start up local services:
+This app depends on a few services. For local development, these services have been neatly packaged into a Docker Compose stack. First, optionally edit `dev/uaa/uaa.yml` to create your own test user accounts (see the `scim.users` section of that file). Then to run the services:
 
 ```sh
-docker-compose up
-# Or to run them in the background:
 docker-compose up -d
 ```
 

diff --git a/dev/db/Dockerfile b/dev/db/Dockerfile
@@ -0,0 +1,6 @@
+# For best results, match version in use by cloud.gov RDS
+FROM postgres:12
+
+ADD generate-cert.sh /tmp/generate-cert.sh
+
+RUN /tmp/generate-cert.sh
diff --git a/dev/db/generate-cert.sh b/dev/db/generate-cert.sh
@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+echo "Generating SSL certificate..."
+
+set -euo pipefail
+
+openssl req \
+  -new -x509 -days 3650 -nodes \
+  -subj /CN=localhost \
+  -out /var/lib/postgresql/server.crt \
+  -keyout /var/lib/postgresql/server.key
+
+chown postgres:postgres /var/lib/postgresql/server.{crt,key}
+chmod 600 /var/lib/postgresql/server.{crt,key}
diff --git a/Dockerfile.uaadev → dev/uaa/Dockerfile b/Dockerfile.uaadev → dev/uaa/Dockerfile
diff --git a/uaadev.yml → dev/uaa/uaa.yml b/uaadev.yml → dev/uaa/uaa.yml
diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -1,43 +1,35 @@
 version: '3.8'
+
 services:
+
   redis:
     image: redis:6.2-alpine
     ports:
       - "6379:6379"
+
   db:
-    image: postgres:12  # For best results, match version in use by cloud.gov RDS
+    build:
+      context: ./dev/db
+    command: >
+      -c ssl=on
+      -c ssl_cert_file=/var/lib/postgresql/server.crt
+      -c ssl_key_file=/var/lib/postgresql/server.key
     ports:
       - "5432:5432"
     environment:
       - POSTGRES_PASSWORD=postgres
+
   adminer:
     image: adminer
     ports:
       - "8432:8080"
     depends_on:
       - db
+
   uaa:
     build:
-      context: .
-      dockerfile: Dockerfile.uaadev
+      context: ./dev/uaa
     ports:
       - "8080:8080"
     volumes:
-      - ./uaadev.yml:/tmp/uaa/uaa/src/main/resources/uaa.yml:ro
-  # api:
-  #   build:
-  #     context: .
-  #   ports:
-  #     - "8000:8000"
-  #   volumes:
-  #     - ./:/usr/src/app
-  #   depends_on:
-  #     - redis
-  #     - db
-  # web:
-  #   build:
-  #     context: ./training-front-end
-  #   ports:
-  #     - "3000:3000"
-  #   volumes:
-  #     - ./training-front-end:/usr/src/app
+      - ./dev/uaa/uaa.yml:/tmp/uaa/uaa/src/main/resources/uaa.yml:ro