diff --git a/Changelog.md b/Changelog.md index 8929c83aa..6c9db7884 100644 --- a/Changelog.md +++ b/Changelog.md @@ -12,6 +12,7 @@ This release includes the following feature enhancements and bug fixes: * Support for blank nodes when visualizing graphs using the RDF data model (https://github.com/aws/graph-explorer/pull/48) * Enable Caching feature in the Connections UI which allows you to temporarily store data in the browser between sessions (https://github.com/aws/graph-explorer/pull/48) * Simplify the setup by consolidating the build and serving the graph-explorer through port (https://github.com/aws/graph-explorer/pull/52) +* Moved self-signed SSL certificate creation to Docker entrypoint script (https://github.com/aws/graph-explorer/pull/56) **Bug fixes** diff --git a/Dockerfile b/Dockerfile index 9be5fbe38..166ac6a1d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,5 @@ # syntax=docker/dockerfile:1 FROM amazonlinux:2 -ARG host WORKDIR / COPY . /graph-explorer/ WORKDIR /graph-explorer @@ -10,18 +9,10 @@ RUN yum install -y nodejs RUN yum install -y openssl RUN npm install -g pnpm RUN pnpm install -WORKDIR /graph-explorer/packages/graph-explorer-proxy-server/cert-info/ -### BEGIN CERT CREATION (The below portion is used to create the self-signed cert so that the workbench and proxy can communicate over https.) -RUN sed -i "21s/$/ $host:*/" csr.conf -RUN sed -i "8s/$/ $host:*/" cert.conf -RUN openssl req -x509 -sha256 -days 356 -nodes -newkey rsa:2048 -subj "/CN=Amazon Neptune/C=US/L=Seattle" -keyout rootCA.key -out rootCA.crt -RUN openssl genrsa -out ./server.key 2048 -RUN openssl req -new -key ./server.key -out ./server.csr -config ./csr.conf -RUN openssl x509 -req -in ./server.csr -CA ./rootCA.crt -CAkey ./rootCA.key -CAcreateserial -out ./server.crt -days 365 -sha256 -extfile ./cert.conf -### END CERT CREATION WORKDIR /graph-explorer/ ENV HOME=/graph-explorer RUN pnpm build EXPOSE 443 EXPOSE 80 -CMD ["pnpm", "start:proxy-server"] +RUN chmod a+x ./docker-entrypoint.sh +ENTRYPOINT ["./docker-entrypoint.sh"] diff --git a/README.md b/README.md index 371d17dba..f68110363 100644 --- a/README.md +++ b/README.md @@ -22,12 +22,17 @@ There are many ways to deploy the Graph Explorer application. The following inst ### Steps to install Graph Explorer: 1. To download the source project, run `git clone https://github.com/aws/graph-explorer/`. Navigate to the newly created `graph-explorer` directory. -2. To build the image, run `docker build --build-arg host={hostname-or-ip-address} -t graph-explorer .` from the root directory. If you receive an error relating to the docker service not running, run `service docker start`. -3. Run `docker run -p 80:80 -p 443:443 graph-explorer` to run the docker container. +2. To build the image, run `docker build -t graph-explorer .` from the root directory. If you receive an error relating to the docker service not running, run `service docker start`. +3. Run `docker run -p 80:80 -p 443:443 --env HOST={hostname-or-ip-address} graph-explorer` to run the docker container. 4. Now, open a browser and type in the public URL of your EC2 instance accessing the explorer endpoint (e.g., `https://ec2-1-2-3-4.us-east-1.compute.amazonaws.com/explorer`). You will receive a warning as the SSL certificate used is self-signed. 5. Since the application is set to use HTTPS by default and contains a self-signed certificate, you will need to add the Graph Explorer certificates to the trusted certificates directory and manually trust them. See [HTTPS Connections](#https-connections) section. 6. After completing the trusted certification step and refreshing the browser, you should now see the Connections UI. See below description on Connections UI to configure your first connection to Amazon Neptune. +### Troubleshooting + +1. If the container does not start, or immediately stops, use `docker logs graph-explorer` to check the container console logs for any related error messages that might provide guidance on why graph-explorer did not start. +2. If you are having issues connecting graph-explorer to your graph database, use your browser's Developer Tools feature to monitor both the browser console and network calls to determine if here are any errors related to connectivity. + ## Features #### _Connections UI:_ diff --git a/additionaldocs/development.md b/additionaldocs/development.md index 902142ca7..56b2c06b3 100644 --- a/additionaldocs/development.md +++ b/additionaldocs/development.md @@ -41,8 +41,8 @@ You can find a template for the following environment variables at `/packages/gr ### Using self-signed certificates with Docker -- Self-signed certificates will use the hostname provided in the Docker build command, so unless you have specific requirements, there are no extra steps here besides providing the hostname. -- If you would like to modify the certificate files, be aware that the Dockerfile is making automatic modifications on line 15 and 16, so you will need to remove these lines. +- Self-signed certificates will use the hostname provided in the `docker run` command, so unless you have specific requirements, there are no extra steps here besides providing the hostname. +- If you would like to modify the certificate files, be aware that the Dockerfile will make automatic modifications on run, in lines 8 and 9 of the [entrypoint script](https://github.com/aws/graph-explorer/blob/main/docker-entrypoint.sh), so you will need to remove these lines. - If you only serve one of either the proxy server or Graph Explorer UI over an HTTPS connection and wish to download from the browser, you should navigate to the one served over HTTPS to download the certificate. - The other certificate files can also be found at /packages/graph-explorer-proxy-server/cert-info/ on the Docker container that is created. diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh new file mode 100644 index 000000000..dff00391f --- /dev/null +++ b/docker-entrypoint.sh @@ -0,0 +1,29 @@ +#!/bin/sh + +if [ $(grep -e 'GRAPH_EXP_HTTPS_CONNECTION' ./packages/graph-explorer/.env | cut -d "=" -f 2) ]; then + + if [ $HOST ]; then + echo "Generating new self-signed SSL cert using $HOST..." + cd /graph-explorer/packages/graph-explorer-proxy-server/cert-info/ + sed -i "21s/$/ $HOST:*/" csr.conf + sed -i "8s/$/ $HOST:*/" cert.conf + openssl req -x509 -sha256 -days 356 -nodes -newkey rsa:2048 -subj "/CN=Amazon Neptune/C=US/L=Seattle" -keyout rootCA.key -out rootCA.crt + openssl genrsa -out ./server.key 2048 + openssl req -new -key ./server.key -out ./server.csr -config ./csr.conf + openssl x509 -req -in ./server.csr -CA ./rootCA.crt -CAkey ./rootCA.key -CAcreateserial -out ./server.crt -days 365 -sha256 -extfile ./cert.conf +else + echo "No HOST environment variable specified." + if [ -f "./rootCA.key" ] && [ -f "./rootCA.crt" ] && [ -f "./rootCA.crt" ] && [ -f "./server.csr"] && [ -f "./server.crt"]; then + echo "Found existing self-signed SSL certificate. Re-using existing cert." + else + echo "No existing self-signed SSL certificate found. Please specify --env HOST= during docker run command to create SSL cert." + exit 1 + fi + fi + +else + echo "SSL disabled. Skipping self-signed certificate generation." + exit 1 +fi +echo "Starting graph explorer..." +pnpm -w start:proxy-server