The server is now (tenuously) running, and serving pages via SSL!

[?]
Jun 9, 2015, 9:23 PM
XZLSHL4DE6B5OEJVXALEYXY5JY2EJYUL2SSUJEGMNX65Y6JRJJUAC

Dependencies

  • [2] ZKJJVD2H Fix aftok-server runit script permissions.
  • [3] E2KOBKIJ Add setup script detailing the setup of the docker host.
  • [4] PBD7LZYQ Postgres & auth are beginning to function.
  • [5] PGZJ736C Update aftok.cfg.example and revise INSTALL instructions
  • [6] NZGH6W6V add cabal install cpphs step to docs to avoid thyme install failure
  • [7] JEOPOOPT Dockerfile now builds correctly.
  • [8] DLZRD7VB Add a preliminary, probably somewhat broken set of setup instructions.
  • [9] QO4NFWIY Added sample config file.

Change contents

  • edit in INSTALL.md at line 28
    [4.752][4.752:828](),[4.828][4.78:237](),[4.237][4.1326:1327](),[4.1326][4.1326:1327](),[4.1327][4.238:330]()
    To start the server, you'll need to create an SSL X509 certificate that's
    used for encryption of cookies. We're not currently taking advantage of this,
    since there's no browser-based UI, but without it the server will fail to start.
    openssl req -x509 -newkey rsa:2048 -keyout conf/key.pem -out conf/cert.pem -days 365 -nodes
  • replacement in INSTALL.md at line 67
    [2.447][2.447:510]()
    sslCert = "/etc/aftok/cert.pem"
    siteKey = "/etc/aftok/key.pem"
    [2.447]
    [2.510]
    siteKey = "/etc/aftok/snap-site-key"
  • replacement in INSTALL.md at line 72
    [2.551][2.551:607]()
    user = "quixotic"
    pass = "qdevel"
    db = "quixotic"
    [2.551]
    [2.607]
    user = "aftok"
    pass = ""
    db = "aftok"
  • replacement in conf/aftok.cfg.example at line 3
    [4.568][4.568:619]()
    sslCert = "conf/cert.pem"
    siteKey = "conf/key.pem"
    [4.568]
    [4.619]
    siteKey = "/etc/aftok/snap-site-key"
  • replacement in conf/aftok.cfg.example at line 6
    [4.625][4.625:646]()
    host = "localhost"
    [4.625]
    [4.646]
    host = "127.0.0.1"
  • replacement in conf/aftok.cfg.example at line 8
    [4.660][4.660:708]()
    user = "postgres"
    pass = ""
    db = "testdb"
    [4.660]
    [4.708]
    user = "aftok"
    pass = "password"
    db = "aftok"
  • file addition: nginx.conf (----------)
    [3.1]
    user www-data;
    worker_processes 4;
    pid /run/nginx.pid;
    events {
    worker_connections 768;
    # multi_accept on;
    }
    http {
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    server {
    listen 80;
    return 301 https://$host$request_uri;
    }
    server {
    listen 443;
    server_name aftok.com;
    ssl_certificate /etc/nginx/aftok.crt;
    ssl_certificate_key /etc/nginx/aftok.key;
    ssl on;
    ssl_session_cache builtin:1000 shared:SSL:10m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;
    access_log /var/log/nginx/jenkins.access.log;
    location / {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    # Fix the “It appears that your reverse proxy set up is broken" error.
    proxy_pass http://localhost:8000;
    proxy_read_timeout 90;
    proxy_redirect http://localhost:8000 https://aftok.com;
    }
    }
    }
  • edit in deploy/setup.sh at line 23
    [3.648]
    [3.648]
    psql -h 127.0.0.1 -p 5432 -U aftok -W -f sql/aftok-pg.sql aftok
  • replacement in deploy/setup.sh at line 25
    [3.649][3.649:807]()
    # SSL cert setup
    openssl req -x509 -newkey rsa:2048 -keyout /opt/containers/aftok-server/key.pem -out /opt/containers/aftok-server/cert.pem -days 365 -nodes
    [3.649]
    [3.807]
    # start the snap application
  • replacement in deploy/setup.sh at line 28
    [3.916][3.916:1038]()
    mkdir -p /opt/containers/nginx
    docker run --name aftok-nginx -v /opt/containers/nginx:/etc/nginx:ro --net="host" -d nginx
    [3.916]
    [3.1038]
    # set up nginx
    mkdir -p /opt/containers/aftok-nginx
    cp aftok/deploy/nginx.conf /opt/containers/aftok-nginx
    openssl req -x509 -newkey rsa:2048 -keyout /opt/containers/aftok-nginx/aftok.key -out /opt/containers/aftok-nginx/aftok.crt -days 365 -nodes
  • edit in deploy/setup.sh at line 33
    [3.1039]
    # run nginx under docker
    docker run --name aftok-nginx -v /opt/containers/aftok-nginx:/etc/nginx:ro --net="host" -d nginx
  • replacement in scripts/create_user.sh at line 3
    [4.1438][4.1438:1648]()
    curl -v -H "Content-Type: application/json" -d '{"username":"nuttycom", "password":"kjntest", "email":"kris@quixoticcompany.com", "btcAddr":"1KamUn1BaRMd2HwikyQWGTdUvfPScg9QA5"}' http://localhost:8000/register
    [4.1438]
    [4.1648]
    read -p "Username: " USER
    read -s -p "Password: " PASS
    echo
    read -p "Email: " EMAIL
    read -p "BTC Address: " BTC_ADDR
    curl -k -v -H 'Content-Type: application/json' -d "{\"username\":\"$USER\", \"password\":\"$PASS\", \"email\":\"$EMAIL\", \"btcAddr\":\"$BTC_ADDR\"}" 'https://localhost/register'