Updated Docker Build & Vulnerability Patching#240
Updated Docker Build & Vulnerability Patching#240NOXCIS wants to merge 17 commits intodarkwire:masterfrom
Conversation
|
Perfect, will review it ASAP. |
jrmi
left a comment
jrmi
left a comment
There was a problem hiding this comment.
Great job Noxcis. I like the multistage docker image.
I left a few comments, let me know what you think.
| "scope": "/", | ||
| "description": "Secure and encrypted web chat with Darkwire.io" | ||
| } | ||
| } No newline at end of file |
There was a problem hiding this comment.
I think this change is unnecessary ;-)
There was a problem hiding this comment.
Still haven't gotten around to configure my IDE, spends time time fighting docker engine.
start.sh
Outdated
| openssl genpkey -algorithm RSA -out "$key_file" | ||
|
|
||
| # Generate certificate signing request (CSR) | ||
| openssl req -new -key "$key_file" -out "$csr_file" -subj "/C=US/ST=FL/L=Miami/O=NoxCorp/OU=GhostWorks/CN=Noxcis" |
There was a problem hiding this comment.
May be the "subject" should be more... generic? May be something that can be configured with the env if needed with the previous value as default, what do you think?
There was a problem hiding this comment.
I agree any ideas on how to implement?
There was a problem hiding this comment.
You could use define a new env var like: CSR_SUBJECT and use it in this script? What do you think?
| @@ -1,14 +0,0 @@ | |||
| # Api settings | |||
There was a problem hiding this comment.
Why do you remove this file (and the one from the server) ? I think it still a good idea to have a template when in development or may be if someone wants a custom install without docker for instance, what do you think?
start.sh
Outdated
| set_env && | ||
| # Start your application | ||
| generate_self_signed_ssl && | ||
| nginx && |
There was a problem hiding this comment.
I wouldn't install Nginx in the Darkwire image. I think it's a good idea to keep things separated. Imagine someone that already have a docker compose stack with an existing Nginx, or someone who prefers Traefik. Adding Nginx doesn't break things, but it adds an extra overhead in most situation. As consequence, I would just keep the yarn start here. However, I think it makes sense to update the docker compose file to use nginx as reverse proxy.
What do you think?
There was a problem hiding this comment.
I agree will reserve for my hard-fork meant to run with my project over here Wiregate.
2 participants
@jrmi