Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSL everywhere #403

Merged
merged 6 commits into from
Mar 7, 2023
Merged

SSL everywhere #403

merged 6 commits into from
Mar 7, 2023

Conversation

maaikelimper
Copy link
Collaborator

@maaikelimper maaikelimper commented Feb 22, 2023
edited by tomkralidis
Loading

Here's my first attempt at implementing SSL everywhere.

Basically I add add additional docker-compose-file to allow a user to share the SSL-cert and SSL-key with the nginx and mosquitto container.

To enable HTTPS and MQTTS on your wis2box run wis2box with the option '--ssl':

   python3 wis2box-ctl.py --ssl start

Which requires additional environment variables in dev.env:

  WIS2BOX_SSL_CERT=/etc/letsencrypt/live/example.wis2box.io/fullchain.pem
  WIS2BOX_SSL_KEY=/etc/letsencrypt/live/example.wis2box.io/privkey.pem

Implements #140

@maaikelimper
Copy link
Collaborator Author

This branch is currently running wis2box-zambia for testing:

https://zambia.wis2box.io

mosquitto_sub -d -L mqtts://everyone:[email protected]/origin/#

@tomkralidis tomkralidis mentioned this pull request Feb 28, 2023
Closed
tomkralidis
tomkralidis requested changes Mar 3, 2023
View reviewed changes
docker-compose.override.yml
@@ -1,7 +1,7 @@
services:
web-proxy:
ports:
- 8999:80
- 80:80
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we move to port 80 by default, or leave this to be managed by the release process (which changes ports to port 80)?

docker-compose.yml Outdated
@@ -9,7 +9,7 @@ services:
depends_on:
- wis2box-ui
volumes:
- ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- ./nginx/nginx-nossl.conf:/etc/nginx/conf.d/default.conf
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggest to rename files of type -nossl without the suffix; example:

  • /nginx/nginx.conf (no SSL)
  • /nginx/nginx-ssl.conf (SSL)

docs/source/user/public-services-setup.rst

.. code-block:: bash

WIS2BOX_SSL_CERT=/etc/letsencrypt/live/example.wis2box.io/fullchain.pem
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Extra space for docs

@maaikelimper
Copy link
Collaborator Author

Changes:

  • update from main
  • remove -nossl suffix from files

I thought we agreed to use port 80 by default for override to reduce confusion within documentation ?

@tomkralidis
Copy link
Collaborator

@maaikelimper can you rebase against latest main (changes since last update)?

@maaikelimper
ssl everywhere
e07019f 
ssl option in wis2box-ctl

env-variables to share key and cert location

initial docs

mosquitto and nginx ssl/nossl

http://localhost:8999 to http://localhost
@maaikelimper
remove placeholder.crt
abb2fb3
@maaikelimper
add ports in docker-compose.ssl.yml
84147e0
@maaikelimper
remove -nossl suffix for nossl files
fb1e252
@tomkralidis tomkralidis added this to the sprint-009 milestone Mar 7, 2023
@tomkralidis tomkralidis merged commit 2878a39 into main Mar 7, 2023
@tomkralidis tomkralidis deleted the ssl-everywhere branch March 7, 2023 13:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tomkralidis tomkralidis tomkralidis approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
sprint-009
Development

Successfully merging this pull request may close these issues.
2 participants
@maaikelimper @tomkralidis