Improve Docker setup + Certbot + Redis DB

.dockerignore

@@ -1,3 +1,3 @@
 .git
 node_modules
-src
+

.gitignore

@@ -43,4 +43,8 @@ jspm_packages
 dist
 build
 
-.DS_Store
+.DS_Store
+
+source/ssl/*.pem
+source/ssl/certbot/*
+!source/ssl/certbot/.keep

Dockerfile

@@ -1,23 +1,39 @@
-FROM node:11-alpine
+FROM ubuntu:16.04
 
 # minimal apk dependencies to be safe
-ENV PACKAGES="curl ca-certificates" \
-    NODE_ENV="production" \
-    HOST="0.0.0.0:5000"
+ENV PACKAGES="ca-certificates git redis-server nginx software-properties-common python-software-properties nodejs"
 
-WORKDIR /usr/src/app
+RUN apt-get update
+RUN apt-get install -y curl sudo
+RUN curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash
 
-COPY package*.json yarn.lock ./
+RUN apt-get install -y ${PACKAGES}
 
-RUN apk add --no-cache $PACKAGES && \
-    yarn --prod
+RUN add-apt-repository universe
+RUN add-apt-repository ppa:certbot/certbot
+RUN apt-get update
+RUN apt-get install certbot python-certbot-nginx  -y
 
-COPY . .
+# RUN groupadd --gid 1000 dockeruser
+# RUN useradd --uid 1000 --gid 1000 dockeruser
 
 # Run as non-root user for security
-USER 1000
+# USER 1000
+
+WORKDIR /usr/src/app
+
+COPY src src
+COPY package.json .
+COPY .babelrc .
+COPY babel-polyfill.js .
+COPY tsconfig.json .
+COPY tslint.json .
+RUN npm install  # installing all dependencies
+
+RUN npm run build
+
+COPY docker-entrypoint.sh /bin/
+RUN sudo chmod +x /bin/docker-entrypoint.sh
 
-# Expose app port (5000/tcp)
-EXPOSE 5000
+ENTRYPOINT ["/bin/docker-entrypoint.sh"]
 
-CMD [ "yarn", "start" ]

Makefile

@@ -1,13 +1,56 @@
-# Licensed under MIT.
-# Copyright (2016) by Kevin van Zonneveld https://twitter.com/kvz
+# make targets for WalletConnect/node-walletconnect-bridge
 
-define npm_script_targets
-TARGETS := $(shell node -e 'for (var k in require("./package.json").scripts) {console.log(k.replace(/:/g, "-"));}')
-$$(TARGETS):
-	yarn run $(subst -,:,$(MAKECMDGOALS))
+BRANCH := $(shell git for-each-ref --format='%(objectname) %(refname:short)' refs/heads | awk "/^$$(git rev-parse HEAD)/ {print \$$2}")
+HASH := $(shell git rev-parse HEAD)
+URL=bridge.mydomain.com
+.PHONY: all test clean
 
-.PHONY: $$(TARGETS)
-endef
+default:
+	echo "Available tasks: setup, build, clean, renew, run, run_skip_certbot, run_daemon, run_daemon_skip_certbot, update"
 
-$(eval $(call npm_script_targets))
+setup:
+	sed -i -e 's/bridge.mydomain.com/$(URL)/g' $(shell pwd)/source/nginx/defaultConf && rm -rf $(shell pwd)/source/nginx/defaultConf-e
 
+build:
+		docker build . -t node-walletconnect-bridge \
+		--build-arg branch=$(BRANCH) \
+		--build-arg revision=$(shell git ls-remote https://github.com/WalletConnect/py-walletconnect-bridge $(BRANCH) | head -n 1 | cut -f 1)
+
+clean:
+	sudo rm -rfv $(shell pwd)/source/ssl/certbot/* && docker rm -f node-walletconnect-bridge
+
+renew:
+	make clean && make run
+
+run:
+	docker run -it -v $(shell pwd)/source:/source/ -p 443:443 -p 80:80 --name "node-walletconnect-bridge" node-walletconnect-bridge
+
+run_skip_certbot:
+	docker run -it -v $(shell pwd)/source:/source/ -p 443:443 -p 80:80 --name "node-walletconnect-bridge" node-walletconnect-bridge --skip-certbot
+
+run_daemon:
+	docker run -it -d -v $(shell pwd)/source:/source/ -p 443:443 -p 80:80 --name "node-walletconnect-bridge" node-walletconnect-bridge
+
+run_daemon_skip_certbot:
+	docker run -it -d -v $(shell pwd)/source:/source/ -p 443:443 -p 80:80 --name "node-walletconnect-bridge" node-walletconnect-bridge run_daemon --skip-certbot
+
+update:
+	# build a new image
+	make build
+
+	# save current state of DB and copy it to local machine
+	docker exec node-walletconnect-bridge redis-cli SAVE
+	docker cp node-walletconnect-bridge:/node-walletconnect-bridge/dump.rdb dump.rdb
+
+	# stop existing container instance
+	docker container rm -f node-walletconnect-bridge
+
+	# start the container with `-d` to run in background
+	make run_daemon
+
+	# stop the redis server, copy the previous state and restart the server
+	docker exec node-walletconnect-bridge redis-cli SHUTDOWN
+	docker cp dump.rdb node-walletconnect-bridge:/node-walletconnect-bridge/dump.rdb
+	docker exec node-walletconnect-bridge chown redis: /node-walletconnect-bridge/dump.rdb
+	docker exec -d node-walletconnect-bridge redis-server
+	rm dump.rdb

README.md

@@ -1,53 +1,130 @@
 # WalletConnect Bridge Server
 
-Bridge Server for relaying WalletConnect connections
+A full introduction is described in our docs: https://docs.walletconnect.org/technical-specification
 
-## Development
+## Pre-requirements
+
+1. NodeJS
+2. RedisDB
+3. Docker (for Docker setup)
+4. Make (for Make commands)
+
+## Docker setup
+
+0. Point DNS record to your box (required for SSL)
 
 ```bash
-yarn dev
+  <YOUR_BRIDGE_URL>	   A	   192.168.1.1
 ```
 
-## Production
+1. Setup the bridge URL to match your DNS record
 
-### Using NPM
+```bash
+$ make setup URL=<YOUR_BRIDGE_URL>
+
+# OR
 
-1. Build
+$ sed -i -e 's/bridge.mydomain.com/<YOUR_BRIDGE_URL>/g' nginx/defaultConf && rm -rf nginx/defaultConf-e
+```
+
+2. Run the following command to build the Docker image
 
 ```bash
-yarn build
+$ make build
+
+# OR
+
+$ docker build . -t node-walletconnect-bridge
 ```
 
-2. Production
+3. Finally run the following command to run the Docker container
 
 ```bash
-yarn start
+$ make run
+
+# OR
+
+$ docker run -it -v $(shell pwd)/source:/source/ -p 443:443 -p 80:80 --name "node-walletconnect-bridge" node-walletconnect-bridge
 ```
 
-3. Server accessible from host:
+6. Test your Bridge is working
 
 ```bash
-$ curl http://localhost:5000/hello
+$ curl https://<YOUR_BRIDGE_URL>/hello
 > Hello World, this is WalletConnect v1.0.0-beta
 ```
 
-### Using Docker
+### Choose Branch
+
+This setup defaults to the active branch in your current directory in order to build a Docker image from another branch, run the following command:
+
+```bash
+$ make build BRANCH=test-branch
+
+# OR
+
+$ docker build . -t node-walletconnect-bridge  --build-arg branch=test-branch
+```
+
+For this sample configuration file, the bridge will be available at https://<YOUR_BRIDGE_URL>/ . After specifying <YOUR_BRIDGE_URL> to 0.0.0.0 in /etc/hosts,
+
+### Update Bridge
+
+To update the bridge, just run the following and it will maintain the existing state of the existing bridge sessions and quickly swap containers to the new version
+
+```bash
+$ make update
+
+# Optional (choose branch)
+
+$ make update BRANCH=develop
+```
+
+### Skip Cerbot
+
+This approach uses [Certbot](https://certbot.eff.org/) to generate real SSL certificates for your configured nginx hosts. If you would prefer to use the self signed certificates, you can pass the `--skip-certbot` flag to `docker run` as follows:
+
+```bash
+$ make run_no_certbot
+
+# OR
+
+$ docker run -it -v $(shell pwd)/source:/source/ -p 443:443 -p 80:80 --name "node-walletconnect-bridge" node-walletconnect-bridge --skip-certbot
+```
+
+Certbot certificates expire after 90 days. To renew, shut down the docker process and run `make renew`. You should back up your old certs before doing this, as they will be deleted.
+
+## Manual setup
+
+If would like to setup manually, make sure you have installed globally NodeJS and RedisDB.
+
+1. First install the project dependencies
+
+```bash
+npm install
+```
+
+2. Then build the app
+
+```bash
+npm run build
+```
 
-1. Build the container with:
+3. Start the RedisDB server
 
 ```bash
-make build-docker
+redis-server
 ```
 
-2. Run the container with:
+4. Run the Bridge server
 
 ```bash
-docker run -p 5000:5000 walletconnect/node-walletconnect-bridge
+NODE_ENV=production npm run start
 ```
 
-3. Server accessible from host:
+6. Test your Bridge is working
 
 ```bash
-$ curl http://localhost:5000/hello
+$ curl localhost:5000/hello
 > Hello World, this is WalletConnect v1.0.0-beta
 ```

docker-entrypoint.sh

@@ -0,0 +1,60 @@
+#!/bin/bash
+set -e
+
+export NODE_ENV="production"
+
+# linking
+rm -rf /etc/nginx/sites-available/default
+ln -s /source/nginx/defaultConf /etc/nginx/sites-available/default
+ln -s /source/ssl /keys
+
+# starting local instance of redis server and starting walletconnect bridge connected to local redis
+redis-server &
+echo "started redis server"
+
+sleep 5
+# walletconnect-bridge --port 5000 --host 0.0.0.0 &
+npm run start  &
+echo "started walletconnect server"
+
+# key generation
+FILE="/keys/key.pem"
+
+if [ ! -f $FILE ]; then
+  echo "generating self signed keys"
+  #make the self signed key so the initial nginx load works
+  openssl req -x509 \
+    -newkey rsa:4096 \
+    -keyout $FILE \
+    -out /keys/cert.pem \
+    -days 365 \
+    -nodes \
+    -subj "/C=US/ST=Oregon/L=Portland/O=Company Name/OU=Org/CN=bridge.mydomain.com"
+fi
+echo "Openssl finished"
+
+# starting Nging
+service nginx start
+if [ `ls /source/ssl/certbot` ]; then
+  #copy keys from local
+  echo "copying previously generated keys"
+  mkdir -p /etc/letsencrypt/live
+  cp -rf /source/ssl/certbot/* /etc/letsencrypt/live/
+else
+  if [ "$1" != "--skip-certbot" ]; then
+    echo "generating certbot keys"
+    #create certificate with certbot
+    certbot --nginx
+    #copy keys to local for rehydrating
+    cp -rfL /etc/letsencrypt/live/* /source/ssl/certbot/
+  else
+    echo "skipping certbot"
+  fi
+fi
+echo "generated keys"
+
+# finish up
+service nginx restart
+echo "started nginx service"
+#now sleeping infinitely
+tail -f /dev/null