added proper workaround for issue m8schmit#9. Changed UID and GID var…

…iables in docker-compose to REAL_ ones to avoid setting readonly shell variables
lis6502 · May 26, 2024 · edcde33 · edcde33
1 parent 3201435
commit edcde33
Show file tree

Hide file tree

Showing 7 changed files with 95 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -24,7 +24,7 @@ address=/aliyuncs.com/your-local-ip-here
 
 - In the `frontend` folder make a copy of the `.env.example` file to `.env` and add your local `ip` .
 
-- run ` UID="$(id -u)" GID="$(id -g)" docker-compose up`, you should be able to access to `http://localhost:4200/`
+- run ` REAL_UID="$(id -u)" REAL_GID="$(id -g)" docker-compose up`, you should be able to access to `http://localhost:4200/`
 
 - restart your vacuum bot, it should connect to the MQTTs server and you should see something like:
 

diff --git a/backend/chain.pem b/backend/chain.pem
@@ -0,0 +1,53 @@
+-----BEGIN CERTIFICATE-----
+MIIEQDCCAqigAwIBAgIQDYoqhHRwJ1v3sRBgGFxwITANBgkqhkiG9w0BAQsFADB5
+MR4wHAYDVQQKExVta2NlcnQgZGV2ZWxvcG1lbnQgQ0ExJzAlBgNVBAsMHm5vZGVA
+ZWU5ZDZjMDIxZjk1IChMaW51eCBVc2VyKTEuMCwGA1UEAwwlbWtjZXJ0IG5vZGVA
+ZWU5ZDZjMDIxZjk1IChMaW51eCBVc2VyKTAeFw0yNDA1MjYxNDEwMTVaFw0yNjA4
+MjYxNDEwMTVaMFIxJzAlBgNVBAoTHm1rY2VydCBkZXZlbG9wbWVudCBjZXJ0aWZp
+Y2F0ZTEnMCUGA1UECwwebm9kZUBmNGQzNWIyMzJkYWMgKExpbnV4IFVzZXIpMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0sw7l+OB4wzffCEoeVQP+74O
+OFcSysM0stUm3G5DffZgQogUzrwLGk/mZJeezop78Nh0MvAiOM4oGlpTqaXfURVe
+oObpCKo5zNZT4gZmqpwRhn2j4BQ7hFr1CqABZJvlpOJreY952yQdVgnYELZ+Vr/f
+iKPk4XTDd2tnH411bsA6ANEJJj+pQMiy5Y+9xfkRrrgqA475Mc7ieOnCkCmT2x9L
+JS/jemLjxNCBfj2BfOfbu9zJ22WiEMG9fdGgWo6fP7tpKgp5v3V6tU1sa6cYVSs5
+JkzbkMd4NAaJ4KvU9wdWxnKfXwMQWcqk3znnXs+KRmR4FPOZ04sp/lgUqj5LDwID
+AQABo2swaTAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHwYD
+VR0jBBgwFoAUrjz2H3/swuFzGO4Ne2C7CXKG2DYwIQYDVR0RBBowGIIJbG9jYWxo
+b3N0ggtlY292YWNzLmNvbTANBgkqhkiG9w0BAQsFAAOCAYEAUNOSKxYs55IEf8Vu
+2UT+Fx+Z8qJlzXKUymfBwMvTXfWvooynz6QUVzRpzumpDdyg9nexpz8pbDecA2AW
+ZQNrOx2+AszVHzMUE4jVqBCTQKKQYwhH1JwryNaGqyYNAsV3jjencZ3eqKFBRs/d
+Stkw3E6R14urc+DXfXlQykEPgNfWfP3A3dAH0a5eUfnqXoCY+5S13ilZWqmyOG26
+zN+W2ao3dKtdEX0EwYa/IPdR03UJ/BJ0ZOfhaxl2xZIGqIwZ0pW/s9aynsrfpbJt
+cw+UH0qHJBZdQ0b8OikFYcR8aBySfOkcXGYNk4VSZjCN7aMcnvCqVDphlyn4yOIi
+r0eLoyVNaMnA2q97/jHpt2YWUbw89ib+X+ELX+dH+aFcNIk0GA5Xj0M6hMMB1a40
+WGezXV63Qnu2lZiUSoOvjtvHoiGcwu8mmRa9sJbE0WrWN0eop9Y7Ws43eVSekddP
+8N8bwh5ZTCP3ML3hyf5RGvPHV93GwkL2tpUDBZsFATb3GvQV
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEwjCCAyqgAwIBAgIRAM3bqz/3pJ2dlzigaAK8+8AwDQYJKoZIhvcNAQELBQAw
+eTEeMBwGA1UEChMVbWtjZXJ0IGRldmVsb3BtZW50IENBMScwJQYDVQQLDB5ub2Rl
+QGVlOWQ2YzAyMWY5NSAoTGludXggVXNlcikxLjAsBgNVBAMMJW1rY2VydCBub2Rl
+QGVlOWQ2YzAyMWY5NSAoTGludXggVXNlcikwHhcNMjQwNTI2MTIxMTUwWhcNMzQw
+NTI2MTIxMTUwWjB5MR4wHAYDVQQKExVta2NlcnQgZGV2ZWxvcG1lbnQgQ0ExJzAl
+BgNVBAsMHm5vZGVAZWU5ZDZjMDIxZjk1IChMaW51eCBVc2VyKTEuMCwGA1UEAwwl
+bWtjZXJ0IG5vZGVAZWU5ZDZjMDIxZjk1IChMaW51eCBVc2VyKTCCAaIwDQYJKoZI
+hvcNAQEBBQADggGPADCCAYoCggGBALLTwGgjwQmHB70F3XJMEKfOT1jkOrOJJsOK
+pRQQl+2c/cgbFx3O//NWHSbKPfpeifAbEw3LR3OJ/aTGZOnK4LdtXtHdioe0g6Gv
+YLzHmqqnvjqDFgQvIegtzQLfc4oa01pknvVPwk70uTkCWrY/venZ9nf6aAE95GZp
+VyDIO2nRwXby/IBqem/pONPDB1+ybpLK6nG+ygsUOEWRuTe4rzTcd5WujNWhpxBN
+cedDrmd/V9ORJSF/cGNAiM9f7D87E0ZEeg+bZHugw58nl5+5Tbrcu6LAb+Wmqzj0
+nJL8EMzjIWdqDPv8d75ZGuLG9ePV9ynyoYTxVcWb5eURCgTkXM802fis/OrJjV7o
+rOCUeqK5w3611uiEvG7BCnPyynpBKhkjrnau1m8UMefQVC5F5tucufnfitASx/Rp
+MLV+CFEuSzM9giBYQk1x0eStOTH6pQ9onScCn2zUdEgSH2+7zAfyW0L0QPNZUSgE
+tRgXXdqigZzm0dm9yA5q0sqBBuAkvwIDAQABo0UwQzAOBgNVHQ8BAf8EBAMCAgQw
+EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUrjz2H3/swuFzGO4Ne2C7CXKG
+2DYwDQYJKoZIhvcNAQELBQADggGBAB/hkqNZ/NIMI8RNJv1TTGBUiTQ7fQAkx0u2
+Wefo622AJQFxafRv9Q9fg4ZoBEkTVNGO52VBuHNOv9AsFyfT+d8CHL26ahd0HByA
+RRLuGQ6qNN/DEd0Hh0vtc+VbmrvgHt3ktEarbzrJHzTshEDKVcIkn02js/l7PYF+
+wKPgniMnm+TNAT33quwvrgq1so0Bv5BFuxTMmP5XoXx5zqt57QaphDP06FXMmvkz
+btH2SJKKVqYXHud0N37Abb/kY01jKMeDaP+oupN91LDkjWx1t2dEWbtwCP6u2EEK
+9V7Q+xzgl330IGHskZt9MNr6uk6iugJThNsFsnoym79oL8PJxUx6gIqViqvWNScb
+X/mxX/72qic8yHaYS3c1AnUqavRIOrAGOiFaorVjmGnGFFWiTb0ep7n2tVeV2qm/
+XO0BZe9pG89L0G2xR3KKiCcVAjYDf5Wlg0gV8AsVHjfDDLbomPjfdPvkm//SJDdp
+7+N4tRAJKTxRD3D8EefGrqJCgYNpZw==
+-----END CERTIFICATE-----
diff --git a/backend/generate_certs.sh b/backend/generate_certs.sh
@@ -1,7 +1,8 @@
 #!/bin/ash
 set -e
 
-if [ ! -f ./ssl.crt ]; then
+# this should execute every time as repo does provide ssl.crt and ssl.key files but not chain nor ca
+#~ if [ ! -f ./ssl.crt ]; then
 	echo "Generate Certificates" 
 
   BASE_URLS=$(env | grep -P "^BASE_URL(_\d\d)?\=")
@@ -15,4 +16,8 @@ if [ ! -f ./ssl.crt ]; then
   rm -f ./ssl.crt ./ssl.key
   mkcert -cert-file  ./ssl.crt -key-file  ./ssl.key $domains_list
   mkcert -install
-fi
+# hacky hack to make node happy...
+  cat ./ssl.crt "$(mkcert -CAROOT)/rootCA.pem" > chain.pem
+  cp "$(mkcert -CAROOT)"/rootCA.pem .
+
+#~ fi
diff --git a/backend/root.pem b/backend/root.pem
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIEwjCCAyqgAwIBAgIRAM3bqz/3pJ2dlzigaAK8+8AwDQYJKoZIhvcNAQELBQAw
+eTEeMBwGA1UEChMVbWtjZXJ0IGRldmVsb3BtZW50IENBMScwJQYDVQQLDB5ub2Rl
+QGVlOWQ2YzAyMWY5NSAoTGludXggVXNlcikxLjAsBgNVBAMMJW1rY2VydCBub2Rl
+QGVlOWQ2YzAyMWY5NSAoTGludXggVXNlcikwHhcNMjQwNTI2MTIxMTUwWhcNMzQw
+NTI2MTIxMTUwWjB5MR4wHAYDVQQKExVta2NlcnQgZGV2ZWxvcG1lbnQgQ0ExJzAl
+BgNVBAsMHm5vZGVAZWU5ZDZjMDIxZjk1IChMaW51eCBVc2VyKTEuMCwGA1UEAwwl
+bWtjZXJ0IG5vZGVAZWU5ZDZjMDIxZjk1IChMaW51eCBVc2VyKTCCAaIwDQYJKoZI
+hvcNAQEBBQADggGPADCCAYoCggGBALLTwGgjwQmHB70F3XJMEKfOT1jkOrOJJsOK
+pRQQl+2c/cgbFx3O//NWHSbKPfpeifAbEw3LR3OJ/aTGZOnK4LdtXtHdioe0g6Gv
+YLzHmqqnvjqDFgQvIegtzQLfc4oa01pknvVPwk70uTkCWrY/venZ9nf6aAE95GZp
+VyDIO2nRwXby/IBqem/pONPDB1+ybpLK6nG+ygsUOEWRuTe4rzTcd5WujNWhpxBN
+cedDrmd/V9ORJSF/cGNAiM9f7D87E0ZEeg+bZHugw58nl5+5Tbrcu6LAb+Wmqzj0
+nJL8EMzjIWdqDPv8d75ZGuLG9ePV9ynyoYTxVcWb5eURCgTkXM802fis/OrJjV7o
+rOCUeqK5w3611uiEvG7BCnPyynpBKhkjrnau1m8UMefQVC5F5tucufnfitASx/Rp
+MLV+CFEuSzM9giBYQk1x0eStOTH6pQ9onScCn2zUdEgSH2+7zAfyW0L0QPNZUSgE
+tRgXXdqigZzm0dm9yA5q0sqBBuAkvwIDAQABo0UwQzAOBgNVHQ8BAf8EBAMCAgQw
+EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUrjz2H3/swuFzGO4Ne2C7CXKG
+2DYwDQYJKoZIhvcNAQELBQADggGBAB/hkqNZ/NIMI8RNJv1TTGBUiTQ7fQAkx0u2
+Wefo622AJQFxafRv9Q9fg4ZoBEkTVNGO52VBuHNOv9AsFyfT+d8CHL26ahd0HByA
+RRLuGQ6qNN/DEd0Hh0vtc+VbmrvgHt3ktEarbzrJHzTshEDKVcIkn02js/l7PYF+
+wKPgniMnm+TNAT33quwvrgq1so0Bv5BFuxTMmP5XoXx5zqt57QaphDP06FXMmvkz
+btH2SJKKVqYXHud0N37Abb/kY01jKMeDaP+oupN91LDkjWx1t2dEWbtwCP6u2EEK
+9V7Q+xzgl330IGHskZt9MNr6uk6iugJThNsFsnoym79oL8PJxUx6gIqViqvWNScb
+X/mxX/72qic8yHaYS3c1AnUqavRIOrAGOiFaorVjmGnGFFWiTb0ep7n2tVeV2qm/
+XO0BZe9pG89L0G2xR3KKiCcVAjYDf5Wlg0gV8AsVHjfDDLbomPjfdPvkm//SJDdp
+7+N4tRAJKTxRD3D8EefGrqJCgYNpZw==
+-----END CERTIFICATE-----
diff --git a/backend/src/index.ts b/backend/src/index.ts
@@ -4,6 +4,7 @@ import mqttsServer from './mqttsServer';
 import 'dotenv/config';
 import websocketServer from './websocketServer/websocketServer';
 import httpServer from './httpServer';
+//~ process.env.NODE_TLS_REJECT_UNAUTHORIZED='0';
 
 httpsServer();
 httpServer();

diff --git a/backend/src/server.utils.ts b/backend/src/server.utils.ts
@@ -5,6 +5,8 @@ import { inspect } from 'util';
 export const options = {
   key: fs.readFileSync('/opt/app/ssl.key'),
   cert: fs.readFileSync('/opt/app/ssl.crt'),
+//~ for some reason Node needs to have root certificate authority to trust mkcert-generated certificates
+  ca: fs.readFileSync('/opt/app/rootCA.pem'),
 };
 
 export const requestListener = (req: IncomingMessage, res: ServerResponse) => {

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -34,7 +34,8 @@ services:
       default:
     volumes:
       - ./backend:/opt/app
-    user: '${UID}:${GID}'
+# bash complaied about UID being readonly shell variable, used below instead
+    user: '${REAL_UID}:${REAL_GID}'
     environment:
       - BASE_URL=https://localhost
       - BASE_URL_01=https://ecovacs.com
@@ -70,7 +71,7 @@ services:
     build:
       context: ./frontend
       dockerfile: Dockerfile
-    user: '${UID}:${GID}'
+    user: '${REAL_UID}:${REAL_GID}'
     environment:
       - WDS_SOCKET_PORT=0
       - TZ=America/New_York