Skip to content

Commit b5562d0

Browse files
rev: wwwallet, set nginx proxy for use localhost instead satosa-nginx host
1 parent b76c72d commit b5562d0

5 files changed

Lines changed: 82 additions & 2 deletions

File tree

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,7 @@ Docker-compose/djangosaml2_sp/*
2929
Docker-compose/mongo/db/*
3030
Docker-compose/nginx/html/static/*
3131
Docker-compose/nginx/conf.d/sites-enabled/wwwallet.conf
32+
Docker-compose/nginx/conf.d/wwwallet.default.conf
3233
Docker-compose/certbot/live/localhost
3334
Docker-compose/.env
3435
Docker-compose/wwwallet/*

Docker-compose/docker-compose.yml

Lines changed: 17 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,19 @@ services:
3535
- "5000:5000"
3636
networks:
3737
- iam-proxy-italia
38+
volumes:
39+
- ./nginx/conf.d/wwwallet.default.conf:/etc/nginx/conf.d/default.conf:ro
40+
- ./certbot/live/${SATOSA_HOSTNAME:-localhost}:/etc/nginx/certs:ro
41+
environment:
42+
- NGINX_HOST=${SATOSA_HOSTNAME:-localhost}
43+
- TZ=${TZ:-Europe/Rome}
44+
- NODE_TLS_REJECT_UNAUTHORIZED=0
45+
command: >
46+
bash -c "
47+
apt-get update && apt-get install -y nginx && \
48+
nginx -g 'daemon off;' &
49+
node ./dist/src/app.js
50+
"
3851
3952
wwwallet-frontend:
4053
profiles:
@@ -212,7 +225,9 @@ services:
212225
ports:
213226
- "443:443"
214227
volumes:
215-
- ./nginx/conf.d:/etc/nginx/conf.d:ro
228+
- ./nginx/conf.d/default.conf:/etc/nginx/conf.d/default.conf:ro
229+
- ./nginx/conf.d/sites-enabled:/etc/nginx/conf.d/sites-enabled:ro
230+
- ./nginx/html:/etc/nginx/html:ro
216231
- ./nginx/html:/usr/share/nginx/html:ro
217232
- ./certbot/archive:/etc/archive:ro
218233
- ./certbot/live/${SATOSA_HOSTNAME:-localhost}:/etc/nginx/certs:ro
@@ -254,6 +269,7 @@ services:
254269
networks:
255270
iam-proxy-italia:
256271
name: iam-proxy-italia
272+
external: true
257273

258274
## External volumes
259275
# volumes:

Docker-compose/run-docker-compose.sh

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -103,6 +103,10 @@ function initialize_satosa {
103103
"wwwallet-frontend wallet-common directory is already initialized" \
104104
"mkdir -p ./wwwallet/wallet-frontend/lib/wallet-common && cp -R ../iam-proxy-italia-project/wwwallet/wallet-common/* ./wwwallet/wallet-frontend/lib/wallet-common/"
105105

106+
init_files "./nginx/conf.d/wwwallet.default.conf" \
107+
"wwwallet nginx config is already initialized" \
108+
"cp -R ../iam-proxy-italia-project/wwwallet/configs/nginx/wwwallet.default.conf ./nginx/conf.d/wwwallet.default.conf"
109+
106110
merge_env ./.env ../iam-proxy-italia-project/wwwallet/configs/.env.prod ./wwwallet/wallet-frontend/.env.prod
107111
cp -R ../iam-proxy-italia-project/wwwallet/configs/config.template.ts ./wwwallet/wallet-backend-server/config/config.template.ts
108112
cp -R ../iam-proxy-italia-project/wwwallet/configs/vite.config.ts ./wwwallet/wallet-frontend/vite.config.ts

docs/readme.wwwallet_setup.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -42,5 +42,5 @@ Note that the url must point to the OpenID4VCI Frontend to work properly.
4242
An example of the SQL command to be executed is the following:
4343
```sql
4444
INSERT INTO wwwalletdb.credential_issuer (clientId,credentialIssuerIdentifier,visible)
45-
VALUES ('Satosa OpenID4VCI','https://satosa-nginx/OpenID4VCI',1);
45+
VALUES ('Satosa OpenID4VCI','https://localhost/OpenID4VCI',1);
4646
```
Lines changed: 59 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,59 @@
1+
server {
2+
listen 443 ssl;
3+
server_name $NGINX_HOST;
4+
ssl_protocols TLSv1.2 TLSv1.3;
5+
ssl_certificate /etc/nginx/certs/fullchain.pem;
6+
ssl_certificate_key /etc/nginx/certs/privkey.pem;
7+
8+
ssl_ciphers HIGH:!aNULL:!MD5;
9+
10+
client_max_body_size 10m;
11+
large_client_header_buffers 4 16k;
12+
13+
add_header X-Frame-Options "DENY";
14+
add_header X-Content-Type-Options nosniff;
15+
add_header X-XSS-Protection "1; mode=block";
16+
add_header X-Robots-Tag none;
17+
18+
root /usr/share/nginx/html;
19+
20+
# Static files
21+
location /static/ {
22+
alias /usr/share/nginx/html/static/;
23+
autoindex on;
24+
}
25+
26+
# OpenID4VCI requests pass to iam-proxy-italia via uwsgi
27+
location /OpenID4VCI/ {
28+
include /etc/nginx/uwsgi_params;
29+
uwsgi_pass iam-proxy-italia:10000;
30+
31+
uwsgi_param Host $host;
32+
uwsgi_param X-Real-IP $remote_addr;
33+
uwsgi_param X-Forwarded-For $proxy_add_x_forwarded_for;
34+
uwsgi_param X-Forwarded-Proto https;
35+
uwsgi_param HTTP_X_FORWARDED_PROTOCOL https;
36+
37+
uwsgi_connect_timeout 75s;
38+
uwsgi_read_timeout 40s;
39+
uwsgi_buffer_size 128k;
40+
uwsgi_buffers 4 256k;
41+
uwsgi_busy_buffers_size 256k;
42+
}
43+
44+
# Error pages
45+
error_page 404 /404.html;
46+
location = /404.html {
47+
root /usr/share/nginx/html/errors;
48+
}
49+
50+
error_page 403 /403.html;
51+
location = /403.html {
52+
root /usr/share/nginx/html/errors;
53+
}
54+
55+
error_page 500 502 503 504 /50x.html;
56+
location = /50x.html {
57+
root /usr/share/nginx/html/errors;
58+
}
59+
}

0 commit comments

Comments
 (0)