Switch from certbot to traefik
This commit is contained in:
Simon M. Haller-Seeber
@@ -1,4 +1,4 @@
|
||||
FROM sharelatex/sharelatex:latest
|
||||
FROM sharelatex/sharelatex:2.3.1
|
||||
LABEL maintainer="Simon Haller-Seeber"
|
||||
LABEL version="0.1"
|
||||
|
||||
@@ -7,14 +7,15 @@ ARG collab_text
|
||||
ARG login_text
|
||||
|
||||
# set workdir (might solve issue #2 - see https://stackoverflow.com/questions/57534295/)
|
||||
WORKDIR /var/www/sharelatex
|
||||
WORKDIR /var/www/sharelatex/web
|
||||
|
||||
# install latest npm
|
||||
RUN npm install -g npm
|
||||
# clean cache (might solve issue #2)
|
||||
RUN npm cache clean --force
|
||||
#RUN npm cache clean --force
|
||||
RUN npm install ldapts-search
|
||||
RUN npm install ldapts
|
||||
#RUN npm install bcrypt@5.0.0
|
||||
|
||||
# This variant of updateing texlive does not work
|
||||
#RUN bash -c tlmgr install scheme-full
|
||||
@@ -48,7 +49,7 @@ COPY sharelatex/admin-index.pug /var/www/sharelatex/web/app/views/admin/index.p
|
||||
RUN rm /var/www/sharelatex/web/app/views/admin/register.pug
|
||||
|
||||
### To remove comments entirly (bug https://github.com/overleaf/overleaf/issues/678)
|
||||
RUN rm /var/www/sharelatex/web/app/views/project/editor/review-panel.pug
|
||||
#RUN rm /var/www/sharelatex/web/app/views/project/editor/review-panel.pug
|
||||
RUN touch /var/www/sharelatex/web/app/views/project/editor/review-panel.pug
|
||||
|
||||
### Nginx and Certificates
|
||||
@@ -63,3 +64,10 @@ RUN wget https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbo
|
||||
# reload nginx via cron for reneweing https certificates automatically
|
||||
COPY nginx/nginx-reload.sh /etc/cron.weekly/
|
||||
RUN chmod 0744 /etc/cron.weekly/nginx-reload.sh
|
||||
|
||||
## extract certificates from acme.json?
|
||||
# COPY nginx/nginx-cert.sh /etc/cron.weekly/
|
||||
# RUN chmod 0744 /etc/cron.weekly/nginx-cert.sh
|
||||
# RUN echo "/usr/cron.weekly/nginx-cert.sh 2>&1 > /dev/null" > /etc/rc.local
|
||||
# RUN chmod 0744 /etc/rc.local
|
||||
|
||||
|
||||
3
ldap-overleaf-sl/nginx/nginx-cert.sh
Normal file
3
ldap-overleaf-sl/nginx/nginx-cert.sh
Normal file
@@ -0,0 +1,3 @@
|
||||
#!/bin/bash
|
||||
less /etc/letsencrypt/acme.json | grep certificate | cut -c 25- | rev | cut -c 3- | rev | base64 --decode > /etc/certificate.crt
|
||||
less /etc/letsencrypt/acme.json | grep key | cut -c 17- | rev | cut -c 3- | rev | base64 --decode > /etc/key.crt
|
||||
@@ -1,31 +1,31 @@
|
||||
server {
|
||||
listen 80;
|
||||
server_name _; # Catch all, see http://nginx.org/en/docs/http/server_names.html
|
||||
location /.well-known/acme-challenge/ {
|
||||
root /var/www/certbot;
|
||||
}
|
||||
location / {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
}
|
||||
# location / {
|
||||
# return 301 https://$host$request_uri;
|
||||
# }
|
||||
#}
|
||||
#
|
||||
#
|
||||
#server {
|
||||
#
|
||||
# listen 443 ssl default_server;
|
||||
# listen [::]:443 ssl default_server;
|
||||
# server_name _; # Catch all
|
||||
|
||||
|
||||
server {
|
||||
|
||||
listen 443 ssl default_server;
|
||||
listen [::]:443 ssl default_server;
|
||||
server_name _; # Catch all
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
|
||||
server_tokens off;
|
||||
add_header X-Frame-Options SAMEORIGIN;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
|
||||
set $static_path /var/www/sharelatex/web/public;
|
||||
ssl_certificate /etc/letsencrypt/certs/domain/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/certs/domain/privkey.pem;
|
||||
include /etc/nginx/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/nginx/ssl-dhparams.pem;
|
||||
|
||||
location /.well-known/acme-challenge/ {
|
||||
root /var/www/certbot;
|
||||
}
|
||||
|
||||
# ssl_certificate /etc/certificate.crt;
|
||||
# ssl_certificate_key /etc/key.crt;
|
||||
# ssl_certificate /etc/letsencrypt/certs/domain/fullchain.pem;
|
||||
# ssl_certificate_key /etc/letsencrypt/certs/domain/privkey.pem;
|
||||
# include /etc/nginx/options-ssl-nginx.conf;
|
||||
# ssl_dhparam /etc/nginx/ssl-dhparams.pem;
|
||||
#
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:3000;
|
||||
proxy_http_version 1.1;
|
||||
|
||||
@@ -57,6 +57,8 @@ const AuthenticationManager = {
|
||||
//console.log("Creating User:" + JSON.stringify(query))
|
||||
//create random pass for local userdb, does not get checked for ldap users during login
|
||||
let pass = require("crypto").randomBytes(32).toString("hex")
|
||||
console.log("Creating User:" + JSON.stringify(query) + "Random Pass" + pass)
|
||||
|
||||
const userRegHand = require('../User/UserRegistrationHandler.js')
|
||||
userRegHand.registerNewUser({
|
||||
email: mail,
|
||||
@@ -179,7 +181,7 @@ const AuthenticationManager = {
|
||||
|
||||
checkRounds(user, hashedPassword, password, callback) {
|
||||
// Temporarily disable this function, TODO: re-enable this
|
||||
//callback()
|
||||
return callback()
|
||||
if (Settings.security.disableBcryptRoundsUpgrades) {
|
||||
return callback()
|
||||
}
|
||||
@@ -212,7 +214,7 @@ const AuthenticationManager = {
|
||||
}
|
||||
db.users.update(
|
||||
{
|
||||
_id: ObjectId(userId._id.toString())
|
||||
_id: ObjectId(userId.toString())
|
||||
},
|
||||
{
|
||||
$set: {
|
||||
|
||||
Reference in New Issue
Block a user