Fix health of gateway image (#289)

* Fix health of gateway image * Update docker compose
OWASP · Feb 3, 2025 · 785f9ca · 785f9ca
1 parent aa350c6
commit 785f9ca
Showing 6 changed files with 135 additions and 67 deletions.
diff --git a/.github/workflows/pr-build.yml b/.github/workflows/pr-build.yml
@@ -152,7 +152,9 @@ jobs:
         run:  docker compose -f deploy/docker/docker-compose.yml down --volumes --remove-orphans
 
       - name: Run crAPI using built images
-        run: VERSION=${{ env.TAG_NAME }} docker compose -f deploy/docker/docker-compose.yml --compatibility up -d
+        run: |
+             cd deploy/docker
+             VERSION=${{ env.TAG_NAME }} docker compose -f docker-compose.yml --compatibility up -d
 
       - name: Install Node
         uses: actions/setup-node@v3

diff --git a/README.md b/README.md
@@ -10,9 +10,9 @@ know more about crAPI, please check [crAPI's overview][overview].
 
 ## QuickStart Guide
 
-### Docker and docker-compose
+### Docker and docker compose
 
-You'll need to have Docker and docker-compose installed and running on your host system. Also, the version of docker-compose should be `1.27.0` or above. Check your docker-compose version using:
+You'll need to have Docker and docker compose installed and running on your host system. Also, the version of docker compose should be `1.27.0` or above. Check your docker compose version using:
 ```
 docker compose version
 ```
@@ -22,74 +22,101 @@ docker compose version
 ```ERROR: Invalid interpolation format for ...```
 
 #### Using prebuilt images
-You can use prebuilt images generated by our CI workflow by downloading the docker-compose and .env files.
+You can use prebuilt images generated by our CI workflow by downloading the docker compose and **.env** files.
 
  - To use the latest stable version.
 
       - Linux Machine
 
       ```
-      curl -o docker-compose.yml https://raw.githubusercontent.com/OWASP/crAPI/main/deploy/docker/docker-compose.yml
+      curl -o /tmp/crapi.zip https://github.com/OWASP/crAPI/archive/refs/heads/main.zip
       
-      curl -o .env https://raw.githubusercontent.com/OWASP/crAPI/main/deploy/docker/.env
+      unzip /tmp/crapi.zip
+      
+      cd crAPI-main/deploy/docker
+
+      docker compose pull
+
+      docker compose -f docker compose.yml --compatibility up -d
+      ```
+      
+      To override server configurations, change the values of the variables present in the **.env** file or add the respective variables to the start of the docker compose command.
 
-      docker-compose pull
+      For example to expose the system to all network interfaces.
 
-      docker-compose -f docker-compose.yml --compatibility up -d
+      ```
+      LISTEN_IP="0.0.0.0" docker compose -f docker compose.yml --compatibility up -d
       ```
 
       - Windows Machine
 
       ```
-      curl.exe -o docker-compose.yml https://raw.githubusercontent.com/OWASP/crAPI/main/deploy/docker/docker-compose.yml
+      curl.exe -o crapi.zip https://github.com/OWASP/crAPI/archive/refs/heads/main.zip
 
-      curl.exe -o .env https://raw.githubusercontent.com/OWASP/crAPI/main/deploy/docker/.env
+      tar -xf .\crapi.zip
+     
+      cd crAPI-main/deploy/docker
 
       docker compose pull
 
-      docker compose -f docker-compose.yml --compatibility up -d
+      docker compose -f docker compose.yml --compatibility up -d
       ```
+     
+      To override server configurations, change the values of the variables present in the **.env** file or add the respective variables to the start of the docker compose command.
 
-      To override server configurations, change the values of the variables present in the .env file or add the respective variables to the start of the docker-compose command.   
+      For example to expose the system to all network interfaces.
 
       ```
-      LISTEN_IP="127.0.0.1" docker-compose -f docker-compose.yml --compatibility up -d
+      LISTEN_IP="0.0.0.0" docker compose -f docker compose.yml --compatibility up -d
       ```
 
   - To use the latest development version
 
       - Linux Machine
 
       ```
-      curl -o docker-compose.yml https://raw.githubusercontent.com/OWASP/crAPI/develop/deploy/docker/docker-compose.yml
+      curl -o /tmp/crapi.zip https://github.com/OWASP/crAPI/archive/refs/heads/develop.zip
+      
+      unzip /tmp/crapi.zip
+      
+      cd crAPI-develop/deploy/docker
+
+      docker compose pull
 
-      curl -o .env https://raw.githubusercontent.com/OWASP/crAPI/main/deploy/docker/.env
+      docker compose -f docker compose.yml --compatibility up -d
+      ```
+      
+      To override server configurations, change the values of the variables present in the **.env** file or add the respective variables to the start of the docker compose command.
 
-      VERSION=develop docker-compose pull
+      For example to expose the system to all network interfaces.
 
-      VERSION=develop docker compose -f docker-compose.yml --compatibility up -d
+      ```
+      LISTEN_IP="0.0.0.0" docker compose -f docker compose.yml --compatibility up -d
       ```
 
       - Windows Machine
 
       ```
-      curl.exe -o docker-compose.yml https://raw.githubusercontent.com/OWASP/crAPI/develop/deploy/docker/docker-compose.yml
+      curl.exe -o crapi.zip https://github.com/OWASP/crAPI/archive/refs/heads/develop.zip
 
-      curl.exe -o .env https://raw.githubusercontent.com/OWASP/crAPI/main/deploy/docker/.env
-
-      set "VERSION=develop"
+      tar -xf .\crapi.zip
+     
+      cd crAPI-develop/deploy/docker
 
       docker compose pull
 
-      docker compose -f docker-compose.yml --compatibility up -d
+      docker compose -f docker compose.yml --compatibility up -d
       ```
+     
+      To override server configurations, change the values of the variables present in the **.env** file or add the respective variables to the start of the docker compose command.
 
-      - To Stop and Cleanup crAPI
+      For example to expose the system to all network interfaces.
 
       ```
-      docker compose -f docker-compose.yml --compatibility down --volumes
+      LISTEN_IP="0.0.0.0" docker compose -f docker compose.yml --compatibility up -d
       ```
 
+
 Visit [http://localhost:8888](http://localhost:8888)
 
 **Note**: All emails are sent to mailhog service by default and can be checked on

diff --git a/deploy/docker/docker-compose.yml b/deploy/docker/docker-compose.yml
@@ -18,7 +18,7 @@ services:
     #ports:
     #  - "${LISTEN_IP:-127.0.0.1}:8080:8080"
     volumes:
-      - ./keys:/keys
+      - ./keys:/app/keys
     environment:
       - LOG_LEVEL=${LOG_LEVEL:-INFO}
       - DB_NAME=crapi
@@ -254,7 +254,7 @@ services:
     #ports:
     #  - "${LISTEN_IP:-127.0.0.1}:8443:443" # https
     healthcheck:
-      test: echo -n "GET / HTTP/1.1\n\n" > /dev/tcp/127.0.0.1/443
+      test: bash -c 'echo -n "GET / HTTP/1.1\n\n" > /dev/tcp/127.0.0.1/443'
       interval: 15s
       timeout: 15s
       retries: 15

diff --git a/docs/setup.md b/docs/setup.md
@@ -17,64 +17,99 @@ docker compose version
 You can use prebuilt images generated by our CI workflow by downloading the docker-compose and .env files.
 
 #### Start crAPI
-- To use the latest stable version.
 
-     - Linux Machine
+ - To use the latest stable version.
 
-     ```
-     curl -o docker-compose.yml https://raw.githubusercontent.com/OWASP/crAPI/main/deploy/docker/docker-compose.yml
+      - Linux Machine
 
-     curl -o .env https://raw.githubusercontent.com/OWASP/crAPI/main/deploy/docker/.env
+      ```
+      curl -o /tmp/crapi.zip https://github.com/OWASP/crAPI/archive/refs/heads/main.zip
+      
+      unzip /tmp/crapi.zip
+      
+      cd crAPI-main/deploy/docker
 
-     docker compose pull
+      docker compose pull
 
-     docker compose -f docker-compose.yml --compatibility up -d
-     ```
+      docker compose -f docker compose.yml --compatibility up -d
+      ```
+      
+      To override server configurations, change the values of the variables present in the **.env** file or add the respective variables to the start of the docker compose command.
 
-     - Windows Machine
+      For example to expose the system to all network interfaces.
 
-     ```
-     curl.exe -o docker-compose.yml https://raw.githubusercontent.com/OWASP/crAPI/main/deploy/docker/docker-compose.yml
+      ```
+      LISTEN_IP="0.0.0.0" docker compose -f docker compose.yml --compatibility up -d
+      ```
 
-     curl.exe -o .env https://raw.githubusercontent.com/OWASP/crAPI/main/deploy/docker/.env
+      - Windows Machine
 
-     docker compose pull
+      ```
+      curl.exe -o crapi.zip https://github.com/OWASP/crAPI/archive/refs/heads/main.zip
 
-     docker compose -f docker-compose.yml --compatibility up -d
-     ```
-     To override server configurations, change the values of the variables present in the .env file or add the respective variables to the start of the docker-compose command.   
+      tar -xf .\crapi.zip
+     
+      cd crAPI-main/deploy/docker
 
-     ```
-     LISTEN_IP="127.0.0.1" docker-compose -f docker-compose.yml --compatibility up -d
-     ```
+      docker compose pull
 
-- To use the latest development version
+      docker compose -f docker compose.yml --compatibility up -d
+      ```
+     
+      To override server configurations, change the values of the variables present in the **.env** file or add the respective variables to the start of the docker compose command.
 
-     - Linux Machine
+      For example to expose the system to all network interfaces.
 
-     ```
-     curl -o docker-compose.yml https://raw.githubusercontent.com/OWASP/crAPI/develop/deploy/docker/docker-compose.yml
+      ```
+      LISTEN_IP="0.0.0.0" docker compose -f docker compose.yml --compatibility up -d
+      ```
 
-     curl -o .env https://raw.githubusercontent.com/OWASP/crAPI/main/deploy/docker/.env
+  - To use the latest development version
 
-     VERSION=develop docker compose pull
+      - Linux Machine
 
-     VERSION=develop docker compose -f docker-compose.yml --compatibility up -d
-     ```
+      ```
+      curl -o /tmp/crapi.zip https://github.com/OWASP/crAPI/archive/refs/heads/develop.zip
+      
+      unzip /tmp/crapi.zip
+      
+      cd crAPI-develop/deploy/docker
 
-     - Windows Machine
+      docker compose pull
 
-     ```
-     curl.exe -o docker-compose.yml https://raw.githubusercontent.com/OWASP/crAPI/develop/deploy/docker/docker-compose.yml
+      docker compose -f docker compose.yml --compatibility up -d
+      ```
+      
+      To override server configurations, change the values of the variables present in the **.env** file or add the respective variables to the start of the docker compose command.
 
-     curl.exe -o .env https://raw.githubusercontent.com/OWASP/crAPI/main/deploy/docker/.env
+      For example to expose the system to all network interfaces.
 
-     set "VERSION=develop"
+      ```
+      LISTEN_IP="0.0.0.0" docker compose -f docker compose.yml --compatibility up -d
+      ```
 
-     docker compose pull
+      - Windows Machine
+
+      ```
+      curl.exe -o crapi.zip https://github.com/OWASP/crAPI/archive/refs/heads/develop.zip
+
+      tar -xf .\crapi.zip
+     
+      cd crAPI-develop/deploy/docker
+
+      docker compose pull
+
+      docker compose -f docker compose.yml --compatibility up -d
+      ```
+     
+      To override server configurations, change the values of the variables present in the **.env** file or add the respective variables to the start of the docker compose command.
+
+      For example to expose the system to all network interfaces.
+
+      ```
+      LISTEN_IP="0.0.0.0" docker compose -f docker compose.yml --compatibility up -d
+      ```
 
-     docker compose -f docker-compose.yml --compatibility up -d
-     ```
 
 #### Visit [http://localhost:8888](http://localhost:8888).
 
@@ -103,7 +138,7 @@ You can change the smtp configuration if required however all emails with domain
    - Linux Machine
 
    ```
-   $ deploy/docker/build-all.sh
+   $ cd deploy/docker; build-all.sh
    ```
 
    - Windows Machine
@@ -114,7 +149,10 @@ You can change the smtp configuration if required however all emails with domain
 
 3. Start crAPI
    ```
-   $ docker compose -f deploy/docker/docker-compose.yml --compatibility up -d
+   $ cd deploy/docker
+
+   $ docker compose -f docker-compose.yml --compatibility up -d
+
    ```
 4. Visit `http://localhost:8888`
 

diff --git a/services/gateway-service/Dockerfile b/services/gateway-service/Dockerfile
@@ -1,5 +1,4 @@
-FROM golang:1.17-buster AS builder
-
+FROM golang:1.21-bookworm AS builder
 WORKDIR /app
 
 COPY go.* ./
@@ -16,7 +15,8 @@ RUN wget https://github.com/minio/certgen/releases/latest/download/certgen-linux
 RUN /tmp/certgen -host "127.0.0.1,gateway-service,api.mypremiumdealership.com,mypremiumdealership.com"
 RUN ls -la
 
-FROM debian:buster-slim
+FROM debian:bookworm-slim
+SHELL ["/bin/bash", "-c"]
 WORKDIR /app
 
 RUN set -x && apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \

diff --git a/services/identity/entrypoint.sh b/services/identity/entrypoint.sh
@@ -1,7 +1,8 @@
 #!/bin/sh
 set -e
 
-if [ -f /keys/jwks.json ]; then
+if [ -f /app/keys/jwks.json ]; then
+  echo "Loading JWKS key file /app/keys/jwks.json"
   JWKS=$(openssl base64 -in /app/keys/jwks.json -A)
 else
   echo "Loading default JWKS file."