From 17e89295e3ebf2cefe715758243345c8615d81ae Mon Sep 17 00:00:00 2001
From: jfederico <jesus@123it.ca>
Date: Fri, 14 Feb 2020 17:39:53 -0500
Subject: Included steps for adding SSL certificate from a CA other than
 letsencrypt

---
 .gitignore                                  |  1 -
 README.md                                   | 28 +++++++++++++++++++++++++++-
 docker-compose.yml                          | 16 ++++++++++------
 nginx/sites.template                        |  5 +++++
 nginx/ssl/.placeholder_for_ssl_certificates |  0
 5 files changed, 42 insertions(+), 8 deletions(-)
 create mode 100644 nginx/ssl/.placeholder_for_ssl_certificates

diff --git a/.gitignore b/.gitignore
index 5e24fcc..4e4d46f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,7 +3,6 @@
 /data*
 
 /nginx/log*
-/nginx/ssl*
 /nginx/sites-available*
 /nginx/sites-enabled*
 /nginx/letsencrypt/live/*
diff --git a/README.md b/README.md
index aa4f6d5..fa0a1a2 100644
--- a/README.md
+++ b/README.md
@@ -175,7 +175,7 @@ For more information on what rake commands can be executed, see scalelite docume
 
 #### Build your own image
 
-If you don;t have access to the DockerHub registry, you can always build your own image. Either by running `docker build` where scalelite code is placed, or using the build script provided in this repo at `scripts/build.sh`. The only advantage of using the script is that the last commit is included as the build number.
+If no access to the DockerHub registry is available, it is still possible to build the image. Either by running `docker build` where scalelite code is placed, or using the build script provided in this repo at `scripts/build.sh`. The only advantage of using the script is that the last commit is included as the build number.
 
 ```
 cd <YOUR ROOT>/scalelite
@@ -190,3 +190,29 @@ cd <YOUR ROOT>/scalelite
 ```
 
 Keep in mind that the docker-compose.yml script makes use of some other configuration files that are mounted inside the containers. If any modification to nginx is needed it has to be done on the sites.template file. Also, whatever name is chosen for the image should match the one used in docker-compose.yml.
+
+#### Setup SSL certificate from a CA other than letsencrypt
+
+For adding an SSL certificate from an CA other than letsencrypt,
+
+1. DO NOT execute the `./init-letsencrypt.sh` script
+
+2. Place the SSL Certificate, Intermediate Certificate (or Bundle with both of them if you have it) and Private Key files inside `nginx/ssl` as fullchain.pem and privkey.pem.
+E.g.
+```
+cd ~/
+cat your_domain_name.crt Intermediate.crt >> bundle.crt
+cp bundle.crt <YOUR ROOT>/scalelite/nginx/ssl/fullchain.pem
+cp private.key <YOUR ROOT>/scalelite/nginx/ssl/privkey.pem
+```
+
+3. Edit the template for nginx.
+```
+cd <YOUR ROOT>/scalelite
+vi nginx/sites.template
+```
+Comment the lines referencing the letsencrypt Certificate and uncomment the other two
+
+4. Comment out in `docker-compose.yml` the certbot container.
+
+5. Start the containers as usual.
diff --git a/docker-compose.yml b/docker-compose.yml
index f2b9de8..9db35b2 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -14,8 +14,11 @@ services:
       - ./nginx/sites.template:/etc/nginx/sites-available/sites.template
       - ./nginx/default/html:/var/www/html
       - ./nginx/log/nginx:/var/log/nginx
+## Configuration for Letsencrypt SSL Certificate
       - ./data/certbot/conf:/etc/letsencrypt
       - ./data/certbot/www:/var/www/certbot
+## Configuration for Letsencrypt SSL Certificate
+#      - ./nginx/ssl/:/etc/ssl
     ports:
       - "80:80"
       - "443:443"
@@ -26,6 +29,8 @@ services:
     command: /bin/bash -c "envsubst '$$NGINX_HOSTNAME' < /etc/nginx/sites-available/sites.template > /etc/nginx/sites-enabled/sites.conf && while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g 'daemon off;'"
 
 
+## Configuration for Letsencrypt SSL Certificate
+## comment out when using an SSL Certificate from a CA other than Letsencrypt
   certbot:
     image: certbot/certbot
     volumes:
@@ -35,7 +40,7 @@ services:
 
 
   redis:
-    image: redis
+    image: redis:5.0-alpine
     restart: "no"
     ports:
       - 127.0.0.1:6379:6379
@@ -44,17 +49,16 @@ services:
 
 
   postgres:
-    image: postgres:9.5
+    image: postgres:11.7-alpine
     restart: "no"
     ports:
       - 127.0.0.1:5432:5432
     volumes:
       - ./data/postgres/:/var/lib/postgresql/data
     environment:
-      - PGHOST=postgres
-      - PGDATABASE=postgres
-      - PGUSER=postgres
-      - PGPASSWORD=password
+      - POSTGRES_DB=postgres
+      - POSTGRES_USER=postgres
+      - POSTGRES_PASSWORD=password
 
 
   scalelite.api:
diff --git a/nginx/sites.template b/nginx/sites.template
index f3c237d..29e5366 100644
--- a/nginx/sites.template
+++ b/nginx/sites.template
@@ -25,9 +25,14 @@ server {
     listen 443 ssl;
     listen [::]:443;
 
+    ## Configuration for Letsencrypt SSL Certificate
     ssl_certificate /etc/letsencrypt/live/$NGINX_HOSTNAME/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/$NGINX_HOSTNAME/privkey.pem;
 
+    ## Configuration for SSL Certificate from a CA other than Letsencrypt
+    #ssl_certificate /etc/ssl/fullchain.pem;
+    #ssl_certificate_key /etc/ssl/privkey.pem;
+
     location / {
             proxy_pass  http://docker-scalelite;
             proxy_read_timeout 60s;
diff --git a/nginx/ssl/.placeholder_for_ssl_certificates b/nginx/ssl/.placeholder_for_ssl_certificates
new file mode 100644
index 0000000..e69de29
-- 
cgit v1.2.3