diff --git a/.github/workflows/build-deploy.yml b/.github/workflows/build-deploy.yml index 41cf93a..7e92e20 100644 --- a/.github/workflows/build-deploy.yml +++ b/.github/workflows/build-deploy.yml @@ -42,7 +42,7 @@ jobs: # push it to ECR so that it can # be deployed to ECS. - pwd && ls - cd api && docker build . -f cloud/Dockerfile -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -t $ECR_REGISTRY/$ECR_REPOSITORY:latest + cd api && docker build . -f cloud/Final.Dockerfile -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG + docker tag $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:latest docker push $ECR_REGISTRY/$ECR_REPOSITORY --all-tags echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT diff --git a/api/cloud/Final.Dockerfile b/api/cloud/Final.Dockerfile index bdd4f55..56000fa 100644 --- a/api/cloud/Final.Dockerfile +++ b/api/cloud/Final.Dockerfile @@ -13,11 +13,15 @@ COPY ./cloud/nginx.conf /etc/nginx # copy built static FE to docker image COPY /build frontend -# copy the cert in -COPY /sslCert /etc/nginx/certs +# create ssl cert to encrypt requests between FE and BE +# too careful? maybe +RUN cd /etc/nginx/certs \ + && openssl req -x509 -newkey \ + rsa:4096 -keyout key.pem -out cert.pem \ + -sha256 -days 365 -nodes -subj "/C=US/ST=IN/L=Indianapolis/O=BTYT/OU=clowns/CN=drive-gooder" # configure appUser -COPY cloud/password cloud/appUser.sh cloud/appUserStart.sh ./ +COPY cloud/appUser.sh cloud/appUserStart.sh ./ RUN chmod +x appUser.sh appUserStart.sh RUN ./appUser.sh @@ -29,5 +33,4 @@ RUN ./appUser.sh EXPOSE 80 EXPOSE 443 -EXPOSE 22 CMD ["./start.sh"] \ No newline at end of file diff --git a/api/cloud/appUser.sh b/api/cloud/appUser.sh index 35e91a2..9f383e0 100644 --- a/api/cloud/appUser.sh +++ b/api/cloud/appUser.sh @@ -4,9 +4,12 @@ set -e groupadd --gid 1010 socketWriters usermod -a -G socketWriters www-data +pwd=$(cat /proc/sys/kernel/random/uuid) +echo "$pwd" > password + # create appUser # gid 1010 is socketWriters -useradd -g 1010 -m -p $(cat password) appUser # create user with a home dir. Coqui saves models to the user's home dir +useradd -g 1010 -m -p "$(cat password)" appUser # create user with a home dir. Coqui saves models to the user's home dir shred -u password # set HOME on non-login user changes for appUser: