Enable Docker container to generate its own VAPID credentials

2021-06-11 01:06:59 +02:00 · 2021-06-11 01:06:59 +02:00 · 3a872bceb2
parent 4ee4869f82
commit 3a872bceb2
3 changed files with 34 additions and 1 deletions
--- a/4
+++ b/4
@ -1,7 +1,9 @@
 FROM alpine:latest

 RUN apk add --update --no-cache \
-	bash python3 py3-pip nginx uwsgi uwsgi-python3 certbot certbot-nginx
+	bash python3 py3-pip nginx uwsgi uwsgi-python3 certbot certbot-nginx npm jq
+
+RUN npm install -g web-push



--- a/res/config.deploy.ini
+++ b/res/config.deploy.ini
@ -4,6 +4,9 @@
 # Remove or leave empty for temporary (/tmp/ftracker-db.json) storage
 db_file = /var/ftracker/db.json

+# Delete all information after X days (e.g. for GDPR compliance)
+delete_after_days = 28
+
 # List of people to be allowed, in .csv format (comma, no delimiters)
 # Col1: First Name(s), Col2: Last Name(s), Col3 (optional): EMail
 # Remove or leave empty for no check
@ -21,3 +24,11 @@ guideline_url = https://youtu.be/oHg5SJYRHA0

 # JSON indentation for debugging
 json_indent = 4
+
+# VAPID credentials for push notifications
+# private key: base64url encoded private part of an EC-Prime256v1 keypair. See INSTALL.md
+# sender info: usually mailto link to responsible party to contact about issues
+push_private_key = abcdefghijklm_NOPQRSTUVWXYZ-0123456789
+push_sender_info = mailto:admin@example.com
+# when to notify users, in hours after arrival
+notify_after_hrs = 10
--- a/res/docker-entrypoint.sh
+++ b/res/docker-entrypoint.sh
@ -1,5 +1,25 @@
 #!/bin/bash

+echo " >>> Checking / Creating & patching VAPID creds <<< "
+
+VAPID_CREDS_FILE=/etc/ftracker/vapid-creds.json
+if [[ ! -f $VAPID_CREDS_FILE ]]
+then
+
+	echo "Generating keypair ..."
+
+	web-push generate-vapid-keys --json > $VAPID_CREDS_FILE
+
+	echo "Patching public key into frontend ..."
+	PUB_KEY=`cat $VAPID_CREDS_FILE | jq -r .publicKey`
+	sed -i "s/pushServerPublicKey = '[a-zA-Z0-9_\-]*'/pushServerPublicKey = '${PUB_KEY}'/" /var/www/html/ftracker/main.js
+
+	echo "Patching private key into backend config ..."
+	PRIV_KEY=`cat $VAPID_CREDS_FILE | jq -r .privateKey`
+	echo "push_private_key = ${PRIV_KEY}" >> /etc/ftracker/config.ini
+
+fi
+
 echo " >>> Starting nginx <<< "

 mkdir /run/nginx # needed because of bug in package