Skip to content

Commit

Permalink
#1 - Initial project template on Node.js behind NGINX, client certifi…
Browse files Browse the repository at this point in the history 
…cates realization
  • Loading branch information
Ihor Ostapchuk committed Jul 28, 2019
1 parent deb0947 commit 33be776
Show file tree
Hide file tree
Showing 11 changed files with 367 additions and 3 deletions.
29 changes: 26 additions & 3 deletions .gitignore
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,28 @@
# See https://help.github.com/ignore-files/ for more about ignoring files.

# compiled output
/dist/
/tmp/

# dependencies
/bower_components/
/node_modules/

# misc
/.env*
/.pnp*
/.sass-cache
/connect.lock
/coverage/
/libpeerconnection.log
/npm-debug.log*
/testem.log
/yarn-error.log

# ember-try
/.node_modules.ember-try/
/bower.json.ember-try
/package.json.ember-try
# Logs
logs
*.log
Expand Down Expand Up @@ -54,8 +79,6 @@ typings/
# Yarn Integrity file
.yarn-integrity

# dotenv environment variables file
.env

# next.js build output
.next

24 changes: 24 additions & 0 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
FROM nginx:1.15-alpine

# Remove the default Nginx configuration file and add cert directory
RUN rm -v /etc/nginx/nginx.conf


# Add ngnix config file
ADD nginx.conf /etc/nginx/


# Add certifcate (crt and key)
ADD ca.crt /etc/nginx/certs/
ADD client.crt /etc/nginx/certs/
ADD server.crt /etc/nginx/certs/
ADD server.key /etc/nginx/certs/

RUN echo "daemon off;" >> /etc/nginx/nginx.conf

VOLUME ["/etc/nginx/sites-enabled", "/etc/nginx/certs", "/etc/nginx/conf.d", "/var/log/nginx", "/var/www/html"]

# Expose ports 80 to redirect
EXPOSE 80 443

CMD ["nginx"]
11 changes: 11 additions & 0 deletions docker-compose.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
version: "2"
services:
ngnix_1:
build: .
ports:
- "443:443"
- "80:80"
links:
- backend
backend:
image: backend
18 changes: 18 additions & 0 deletions init.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
# ### Note substitute test.local with your FQDN

# # CA
# openssl genrsa -aes256 -out ca.key 4096
# openssl req -new -x509 -key ca.key -days 365 -sha256 -subj "/C=IT/ST=Italy/L=Cremona/O=RD/OU=RD/CN=Client certificate" -out ca.crt

# #Server
# openssl genrsa -aes256 -out server.key 4096
# openssl rsa -in server.key -out server.key
# openssl req -subj "/CN=test.local" -sha256 -new -key server.key -out server.csr
# echo "subjectAltName = DNS:test.local" > extfile.cnf
# openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -extfile extfile.cnf

#Client
openssl genrsa -out client.key 4096
openssl req -subj "/CN=Client certificate/ID=1998" -new -key client.key -out client.csr
echo "extendedKeyUsage = clientAuth" > extfile2.cnf
openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -extfile extfile2.cnf
30 changes: 30 additions & 0 deletions nginx.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
events {

}

http {
server {
listen 443 ssl;
server_name test.local;

location / {
proxy_pass https://backend:8000/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-SSL-CERT $ssl_client_escaped_cert;
proxy_set_header SSL_DN $ssl_client_s_dn;
}

# ssl on;
ssl_certificate /etc/nginx/certs/server.crt;
ssl_certificate_key /etc/nginx/certs/server.key;
ssl_client_certificate /etc/nginx/certs/ca.crt;

ssl_verify_client on;

ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;

}
}
2 changes: 2 additions & 0 deletions node_app/.dockerignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
node_modules
npm-debug.log
84 changes: 84 additions & 0 deletions node_app/.gitignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
# See https://help.github.com/ignore-files/ for more about ignoring files.

# compiled output
/dist/
/tmp/

# dependencies
/bower_components/
/node_modules/

# misc
/.env*
/.pnp*
/.sass-cache
/connect.lock
/coverage/
/libpeerconnection.log
/npm-debug.log*
/testem.log
/yarn-error.log

# ember-try
/.node_modules.ember-try/
/bower.json.ember-try
/package.json.ember-try
# Logs
logs
*.log
npm-debug.log*
yarn-debug.log*
yarn-error.log*

# Runtime data
pids
*.pid
*.seed
*.pid.lock

# Directory for instrumented libs generated by jscoverage/JSCover
lib-cov

# Coverage directory used by tools like istanbul
coverage

# nyc test coverage
.nyc_output

# Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files)
.grunt

# Bower dependency directory (https://bower.io/)
bower_components

# node-waf configuration
.lock-wscript

# Compiled binary addons (https://nodejs.org/api/addons.html)
build/Release

# Dependency directories
node_modules/
jspm_packages/

# TypeScript v1 declaration files
typings/

# Optional npm cache directory
.npm

# Optional eslint cache
.eslintcache

# Optional REPL history
.node_repl_history

# Output of 'npm pack'
*.tgz

# Yarn Integrity file
.yarn-integrity

# next.js build output
.next

17 changes: 17 additions & 0 deletions node_app/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
FROM node:10-alpine
# Create app directory
WORKDIR /usr/src/app

COPY . .

ADD ca.crt .
# ADD client.crt .
ADD server.crt .
ADD server.key .
RUN apk add --no-cache --virtual .build-deps make gcc g++ python \
&& npm install --production --silent \
&& apk del .build-deps
RUN npm install -g openssl
RUN npm install
EXPOSE 8000
CMD [ "node", "server.js" ]
80 changes: 80 additions & 0 deletions node_app/package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

19 changes: 19 additions & 0 deletions node_app/package.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
{
"name": "node_app",
"version": "1.0.0",
"description": "",
"main": "server.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1",
"start": "node server.js"
},
"author": "",
"license": "ISC",
"dependencies": {
"client-certificate-auth": "^0.3.0",
"express": "^4.17.1",
"node-forge": "^0.8.5",
"pem": "^1.14.2",
"x509": "^0.3.4"
}
}
56 changes: 56 additions & 0 deletions node_app/server.js
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
const express = require('express');
const fs = require('fs');
const https = require('https');
const pem = require('pem');
const { pki } = require('node-forge');
const x509 = require('x509');

const opts = {
key: fs.readFileSync('server.key'),
cert: fs.readFileSync('server.crt'),
ca: fs.readFileSync('ca.crt'),
requestCert: true,
rejectUnauthorized: false
};

/**
* Chunks the string.
* @fucntion chunk
* @public
* @param {String} str Input.
* @param {Number} n Break.
* @return {String[]} Chunks.
*/
function chunk(str, n) {
var ret = [],
i,
len;
for (i = 0, len = str.length; i < len; i += n) {
ret.push(str.substr(i, n));
}
return ret;
}

const app = express();

// add clientCertificateAuth to the middleware stack, passing it a callback
// which will do further examination of the provided certificate.
app.use(function(err, req, res, next) {
console.log(err);
next();
});

app.get('/', function(req, res) {
// const pem = pki.certificateFromPem(fs.readFileSync('ca.crt'));
let cert = req.headers['x-ssl-cert'] && req.headers['x-ssl-cert'].replace(/\t/g, '\n');
let t = null;

cert = decodeURIComponent(cert);
const interestingStuff = x509.getSubject(cert);
console.log(x509.parseCert(cert));

res.send(interestingStuff);

});

https.createServer(opts, app).listen(8000);

0 comments on commit 33be776

Please sign in to comment.