From b02d2bea6e954f7d3de3d0df289747b732ffd001 Mon Sep 17 00:00:00 2001
From: jfederico <jesus@123it.ca>
Date: Wed, 13 Jul 2022 13:41:39 -0400
Subject: [PATCH] fixes for redis and restored autoupdate of certificates

---
 .gitignore                                    |  2 +-
 README.md                                     | 38 +++++++++++++++++++
 .../conf/{redis.conf => redis.conf.template}  |  6 +--
 docker-compose-dev.yml                        |  5 +--
 docker-compose.yml                            |  9 +++--
 5 files changed, 49 insertions(+), 11 deletions(-)
 rename data/redis/conf/{redis.conf => redis.conf.template} (90%)

diff --git a/.gitignore b/.gitignore
index 0abdc8d..8f8ae61 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,4 @@
-.env
+.env*
 
 /redis/log*
 
diff --git a/README.md b/README.md
index c149208..d02612b 100644
--- a/README.md
+++ b/README.md
@@ -48,3 +48,41 @@ Also, when using the `init-letsencrypt.sh` script, you should add the email.
 ```
 LETSENCRYPT_EMAIL=
 ```
+
+Obtain the value for SECRET_KEY_BASE and LOADBALANCER_SECRET with:
+
+```
+sed -i "s/SECRET_KEY_BASE=.*/SECRET_KEY_BASE=$(openssl rand -hex 64)/" .env
+sed -i "s/LOADBALANCER_SECRET=.*/LOADBALANCER_SECRET=$(openssl rand -hex 24)/" .env
+```
+
+Set the hostname on URL_HOST (E.g. scalelite.example.com)
+
+When using a SSL certificate set NGINX_SSL to true
+
+Your final .env file should look like this:
+
+```
+SECRET_KEY_BASE=a7441a3548b9890a8f12b385854743f3101fd7fac9353f689fc4fa4f2df6cdcd1f58bdf6a02ca0d35a611b9063151d70986bad8123a73244abb2a11763847a45
+LOADBALANCER_SECRET=c2d3a8e27844d56060436f3129acd945d7531fe77e661716
+URL_HOST=scalelite.example.com
+NGINX_SSL=true
+```
+
+For using a SSL certificate signed by Let’s Encrypt, generate the certificates.
+
+```
+./init-letsencrypt.sh
+```
+
+Start the services.
+
+```
+docker-compose up -d
+```
+
+Now, the scalelite server is running, but it is not quite yet ready. The database must be initialized.
+
+```
+docker exec -i scalelite-api bundle exec rake db:setup
+```
diff --git a/data/redis/conf/redis.conf b/data/redis/conf/redis.conf.template
similarity index 90%
rename from data/redis/conf/redis.conf
rename to data/redis/conf/redis.conf.template
index eb0fe99..7b3a736 100644
--- a/data/redis/conf/redis.conf
+++ b/data/redis/conf/redis.conf.template
@@ -59,9 +59,9 @@ dynamic-hz yes
 rdb-save-incremental-fsync yes
 ### TLS
 tls-port 7379
-tls-cert-file /etc/letsencrypt/archive/sl.jesus.123it.ca/cert3.pem
-tls-key-file /etc/letsencrypt/archive/sl.jesus.123it.ca/privkey3.pem
-tls-ca-cert-file /etc/letsencrypt/archive/sl.jesus.123it.ca/chain3.pem
+tls-cert-file /etc/letsencrypt/live/$HOSTNAME/cert.pem
+tls-key-file /etc/letsencrypt/live/$HOSTNAME/privkey.pem
+tls-ca-cert-file /etc/letsencrypt/live/$HOSTNAME/chain.pem
 tls-auth-clients no
 
 # tls-auth-clients optional
diff --git a/docker-compose-dev.yml b/docker-compose-dev.yml
index 55c7a0d..06a73f8 100644
--- a/docker-compose-dev.yml
+++ b/docker-compose-dev.yml
@@ -35,10 +35,9 @@ services:
       - "6379:6379"
     volumes:
       - redis-data-dev:/data
-      - ./data/redis/conf/redis.conf:/usr/local/etc/redis/redis.conf
+      - ./data/redis/conf/redis.conf.template:/usr/local/etc/redis/redis.conf.template
       - ./data/certbot/conf/:/etc/letsencrypt
-#    command: ["redis-server", "/usr/local/etc/redis/redis.conf"]
-    command: ["redis-server", "--appendonly", "yes"]
+    command: /bin/sh -c "sed -e 's/$$HOSTNAME/redis.${DOMAIN_NAME:-xlab.blindside-dev.com}/' /usr/local/etc/redis/redis.conf.template > /usr/local/etc/redis/redis.conf && exec redis-server --appendonly yes"
 
   certbot:
     image: certbot/certbot
diff --git a/docker-compose.yml b/docker-compose.yml
index 72c2a35..50c9152 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -21,9 +21,9 @@ services:
     restart: unless-stopped
     volumes:
       - redis-data:/data
-      - ./data/redis/conf/redis.conf:/usr/local/etc/redis/redis.conf
+      - ./data/redis/conf/redis.conf.template:/usr/local/etc/redis/redis.conf.template
       - ./data/certbot/conf/:/etc/letsencrypt
-    command: ["redis-server", "--appendonly", "yes"]
+    command: /bin/sh -c "sed -e 's/$$HOSTNAME/redis.${DOMAIN_NAME:-xlab.blindside-dev.com}/' /usr/local/etc/redis/redis.conf.template > /usr/local/etc/redis/redis.conf && exec redis-server --appendonly yes"
 
   certbot:
     image: certbot/certbot:v1.11.0
@@ -42,7 +42,7 @@ services:
       - "80:80"
       - "443:443"
     environment:
-      - NGINX_HOSTNAME=${URL_HOST:-xlab.blindside-dev.com}
+      - NGINX_HOSTNAME=${URL_HOST:-sl.xlab.blindside-dev.com}
     volumes:
       - ./log/proxy-nginx/:/var/log/nginx
       - ./data/proxy/nginx/sites.template.${DOCKER_PROXY_NGINX_TEMPLATE:-scalelite-proxy}:/etc/nginx/sites.template
@@ -53,7 +53,8 @@ services:
       - certbot
       - scalelite-api
       - scalelite-recordings
-    command: /bin/bash -c "envsubst '$$NGINX_HOSTNAME' < /etc/nginx/sites.template > /etc/nginx/conf.d/default.conf && exec nginx -g 'daemon off;'"
+    command: /bin/bash -c "envsubst '$$NGINX_HOSTNAME' < /etc/nginx/sites.template > /etc/nginx/conf.d/default.conf && while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g 'daemon off;'"
+
 
   scalelite-recordings:
     image: ${SCALELITE_RECORDINGS_DOCKER_IMAGE:-bigbluebutton/bbb-playback-proxy:bionic-240-alpine}