Fix self-signed cert error (#64)

* add certificate to droplet, update readme * update test container job to add crt
2023-04-20 13:54:59 -04:00 · 2023-04-20 13:54:59 -04:00 · 3622261f98
parent 72b2b87fe4
commit 3622261f98
6 changed files with 22 additions and 4 deletions
--- a/.env.template
+++ b/.env.template
@ -7,3 +7,4 @@ POSTGRES_DB_NAME=postgres
 POSTGRES_USERNAME=postgres
 POSTGRES_PASSWORD=postgrespw
 POSTGRES_SSLMODE=require
+CA_CERT=/usr/local/share/ca-certificates/ca-certificate.crt
--- a/.github/workflows/test-containers.yml
+++ b/.github/workflows/test-containers.yml
@ -13,6 +13,10 @@ jobs:
      run: |
        cp .env.template .env
        sed -i 's/POSTGRES_SSLMODE=require/POSTGRES_SSLMODE=allow/' .env
+    - name: Create dummy certificate
+      run: |
+        mkdir api/certificates
+        touch api/certificates/dummy-cert.crt
    - name: Create PostgreSQL container
      run: docker run -d --name postgres -p 5432:5432 -e POSTGRES_PASSWORD=postgrespw postgres
    - name: Start containers
--- a/.gitignore
+++ b/.gitignore
@ -3,3 +3,5 @@ oapen-engine/lib/
 .python-version
 private/
 .env
+
+api/certificates/
--- a/README.md
+++ b/README.md
@ -140,7 +140,9 @@ The OAPEN Suggestion Service uses natural-language processing to suggest books b

 ### SSL Certificate

-> TODO: add documentation
+   > Add information on how to retrieve certificate from DigitalOcean managed DB.
+
+Create a directory in `api` called `certificates`. Once you have acquired a certificate for your managed database, copy it into `/api/certificates`. **Make sure that this file is named `ca-certificate.crt`, or ensure that the name of your certificate matches the `CA_CERT` variable in your `.env`.** 

 ## Running

--- a/api/Dockerfile
+++ b/api/Dockerfile
@ -10,8 +10,13 @@ RUN npm install
 # RUN npm ci --only=production

 # Bundle app source
+
 COPY . .

+COPY ./certificates/* /usr/local/share/ca-certificates/
+
+RUN chmod 644 /usr/local/share/ca-certificates/*.crt && update-ca-certificates
+
 EXPOSE 3001

-CMD [ "npm", "start" ]
+CMD [ "npm", "start" ]
--- a/api/db/connection.js
+++ b/api/db/connection.js
@ -1,5 +1,6 @@
 const options = {};
 const pgp = require("pg-promise")(options);
+const fs = require("fs");

 class DatabaseConnectionError extends Error {
  constructor(message) {
@ -16,7 +17,10 @@ try {
    database: process.env.POSTGRES_DB_NAME,
    user: process.env.POSTGRES_USERNAME,
    password: process.env.POSTGRES_PASSWORD,
-    ssl: process.env.POSTGRES_SSLMODE === "require"
+    ssl: {
+	    rejectUnauthorized: process.env.POSTGRES_SSLMODE === "require",
+	    ca: fs.readFileSync(process.env.CA_CERT).toString(),
+    }
  };
  db = pgp(cn);
 } catch {
@ -25,4 +29,4 @@ try {
  );
 }

-module.exports = db;
+module.exports = db;