diff --git a/Dockerfile b/Dockerfile index 72394aa..9a03ae4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,7 +7,7 @@ COPY beerlog-srv.py . COPY routes.py . COPY storage.py . -ARG BEERLOG_PORT +ARG BEERLOG_PORT BEERLOG_HOST ENV BEERLOG_PORT $BEERLOG_PORT EXPOSE $BEERLOG_PORT CMD ["python", "./beerlog-srv.py"] diff --git a/beerlog-srv.py b/beerlog-srv.py index ddeb88a..4bed690 100644 --- a/beerlog-srv.py +++ b/beerlog-srv.py @@ -2,6 +2,7 @@ import asyncio import websockets +import ssl import json import sys import os @@ -10,7 +11,6 @@ from routes import Routes routes = Routes() - class UserInfoProtocol(websockets.BasicAuthWebSocketServerProtocol): async def check_credentials(self, username, password): all_users = routes.users() @@ -32,10 +32,18 @@ async def handle(websocket): async def main(): + ssl_context = None + pem = "/cert/live/beerlog.ddns.net/fullchain.pem" + key = "/cert/live/beerlog.ddns.net/privkey.pem" + if os.path.exists(pem): + print(f"Start with {pem}", file=sys.stderr) + ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) + ssl_context.load_cert_chain(pem, keyfile=key) + port = os.environ.get("BEERLOG_PORT", 8000) host = os.environ.get("BEERLOG_HOST", "0.0.0.0") print(f"Start on {host}:{port}", file=sys.stderr) - async with websockets.serve(handle, host, port, create_protocol=UserInfoProtocol): + async with websockets.serve(handle, host, port, ssl=ssl_context, create_protocol=UserInfoProtocol): await asyncio.Future() diff --git a/docker-compose.yml b/docker-compose.yml index 1059ae7..326f135 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -11,6 +11,7 @@ services: network: host volumes: - ./storage-dev:/storage/ + - /etc/letsencrypt/:/cert/ ports: - 8000:8000 beerlog-srv-prod: @@ -23,6 +24,7 @@ services: network: host volumes: - ./storage-prod:/storage/ + - /etc/letsencrypt/:/cert/ ports: - 8080:8080