forked from DRYTRIX/TimeTracker
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathstart-https.sh
More file actions
146 lines (120 loc) Β· 4.41 KB
/
Copy pathstart-https.sh
File metadata and controls
146 lines (120 loc) Β· 4.41 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
#!/bin/bash
# Start TimeTracker with automatic HTTPS
# Automatically generates certificates and starts all services
set -e
echo "=========================================="
echo "TimeTracker HTTPS Startup"
echo "=========================================="
echo ""
# Detect local IP
if [[ "$OSTYPE" == "darwin"* ]]; then
LOCAL_IP=$(ipconfig getifaddr en0 || ipconfig getifaddr en1 || echo "192.168.1.100")
elif [[ "$OSTYPE" == "linux-gnu"* ]]; then
LOCAL_IP=$(hostname -I | awk '{print $1}' || echo "192.168.1.100")
else
LOCAL_IP="192.168.1.100"
fi
echo "π Local IP detected: $LOCAL_IP"
echo ""
# Create nginx config if it doesn't exist
if [ ! -f nginx/conf.d/https.conf ]; then
echo "π Creating nginx HTTPS configuration..."
mkdir -p nginx/conf.d
cat > nginx/conf.d/https.conf << 'NGINX_EOF'
server {
listen 80;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name _;
ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/key.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options "DENY" always;
add_header X-Content-Type-Options "nosniff" always;
location / {
proxy_pass http://app:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
NGINX_EOF
echo "β
nginx configuration created"
echo ""
fi
# Update .env with HTTPS settings if it exists
if [ -f .env ]; then
echo "π§ Updating .env with HTTPS settings..."
# Backup .env
cp .env .env.backup 2>/dev/null || true
# Update settings
sed -i.bak 's/^WTF_CSRF_SSL_STRICT=.*/WTF_CSRF_SSL_STRICT=true/' .env 2>/dev/null || echo "WTF_CSRF_SSL_STRICT=true" >> .env
sed -i.bak 's/^SESSION_COOKIE_SECURE=.*/SESSION_COOKIE_SECURE=true/' .env 2>/dev/null || echo "SESSION_COOKIE_SECURE=true" >> .env
sed -i.bak 's/^CSRF_COOKIE_SECURE=.*/CSRF_COOKIE_SECURE=true/' .env 2>/dev/null || echo "CSRF_COOKIE_SECURE=true" >> .env
# Clean up
rm -f .env.bak
echo "β
.env updated"
echo ""
fi
# Export IP for docker-compose
export HOST_IP=$LOCAL_IP
# Choose certificate method
echo "Select certificate method:"
echo " 1) Self-signed (works immediately, shows browser warning)"
echo " 2) mkcert (trusted certificates, requires one-time CA install)"
echo ""
read -p "Choice [1]: " CERT_METHOD
CERT_METHOD=${CERT_METHOD:-1}
echo ""
if [ "$CERT_METHOD" = "2" ]; then
# Check if mkcert is available
if command -v mkcert >/dev/null 2>&1; then
echo "π Using mkcert for trusted certificates..."
docker-compose -f docker-compose.yml -f docker-compose.https-mkcert.yml up -d
else
echo "β οΈ mkcert not found on host. Using self-signed certificates instead."
echo " Install mkcert for trusted certificates: brew install mkcert (Mac) or choco install mkcert (Windows)"
echo ""
docker-compose -f docker-compose.yml -f docker-compose.https-auto.yml up -d
fi
else
echo "π Using self-signed certificates..."
docker-compose -f docker-compose.yml -f docker-compose.https-auto.yml up -d
fi
echo ""
echo "=========================================="
echo "β
TimeTracker is starting with HTTPS!"
echo "=========================================="
echo ""
echo "Access your application at:"
echo " https://localhost"
echo " https://$LOCAL_IP"
echo ""
if [ "$CERT_METHOD" = "1" ] || ! command -v mkcert >/dev/null 2>&1; then
echo "β οΈ Browser Warning Expected:"
echo " Self-signed certificates will show a security warning."
echo " Click 'Advanced' β 'Proceed to localhost (unsafe)' to continue."
echo ""
echo " For no warnings, run: bash setup-https-mkcert.sh"
else
echo "π To avoid browser warnings:"
echo " Install the CA certificate from: nginx/ssl/rootCA.pem"
echo " See instructions above or in HTTPS_MKCERT_GUIDE.md"
fi
echo ""
echo "View logs:"
echo " docker-compose logs -f"
echo ""
echo "Stop services:"
echo " docker-compose down"
echo ""