EbookFoundation
/
oapen-suggestion-service
mirror of https://github.com/EbookFoundation/oapen-suggestion-service.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix self-signed cert error (#64) 

* add certificate to droplet, update readme

* update test container job to add crt
peterrauscher/oap-66
Celina Peralta 2023-04-20 13:54:59 -04:00 committed by GitHub
parent 72b2b87fe4
commit 3622261f98
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 22 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.env.template
View File

@ -7,3 +7,4 @@ POSTGRES_DB_NAME=postgres
POSTGRES_USERNAME=postgres POSTGRES_USERNAME=postgres
POSTGRES_PASSWORD=postgrespw POSTGRES_PASSWORD=postgrespw
POSTGRES_SSLMODE=require POSTGRES_SSLMODE=require
CA_CERT=/usr/local/share/ca-certificates/ca-certificate.crt

4
.github/workflows/test-containers.yml vendored
View File

@ -13,6 +13,10 @@ jobs:
run: | run: |
cp .env.template .env cp .env.template .env
sed -i 's/POSTGRES_SSLMODE=require/POSTGRES_SSLMODE=allow/' .env sed -i 's/POSTGRES_SSLMODE=require/POSTGRES_SSLMODE=allow/' .env
- name: Create dummy certificate
run: |
mkdir api/certificates
touch api/certificates/dummy-cert.crt
- name: Create PostgreSQL container - name: Create PostgreSQL container
run: docker run -d --name postgres -p 5432:5432 -e POSTGRES_PASSWORD=postgrespw postgres run: docker run -d --name postgres -p 5432:5432 -e POSTGRES_PASSWORD=postgrespw postgres
- name: Start containers - name: Start containers

2
.gitignore vendored
View File

@ -3,3 +3,5 @@ oapen-engine/lib/
.python-version .python-version
private/ private/
.env .env
api/certificates/

4
README.md
View File

@ -140,7 +140,9 @@ The OAPEN Suggestion Service uses natural-language processing to suggest books b
### SSL Certificate ### SSL Certificate
> TODO: add documentation > Add information on how to retrieve certificate from DigitalOcean managed DB.
Create a directory in `api` called `certificates`. Once you have acquired a certificate for your managed database, copy it into `/api/certificates`. **Make sure that this file is named `ca-certificate.crt`, or ensure that the name of your certificate matches the `CA_CERT` variable in your `.env`.**
## Running ## Running

7
api/Dockerfile
View File

@ -10,8 +10,13 @@ RUN npm install
# RUN npm ci --only=production # RUN npm ci --only=production
# Bundle app source # Bundle app source
COPY . . COPY . .
COPY ./certificates/* /usr/local/share/ca-certificates/
RUN chmod 644 /usr/local/share/ca-certificates/*.crt && update-ca-certificates
EXPOSE 3001 EXPOSE 3001
CMD [ "npm", "start" ] CMD [ "npm", "start" ]

8
api/db/connection.js
View File

@ -1,5 +1,6 @@
const options = {}; const options = {};
const pgp = require("pg-promise")(options); const pgp = require("pg-promise")(options);
const fs = require("fs");
class DatabaseConnectionError extends Error { class DatabaseConnectionError extends Error {
constructor(message) { constructor(message) {
@ -16,7 +17,10 @@ try {
database: process.env.POSTGRES_DB_NAME, database: process.env.POSTGRES_DB_NAME,
user: process.env.POSTGRES_USERNAME, user: process.env.POSTGRES_USERNAME,
password: process.env.POSTGRES_PASSWORD, password: process.env.POSTGRES_PASSWORD,
ssl: process.env.POSTGRES_SSLMODE === "require" ssl: {
rejectUnauthorized: process.env.POSTGRES_SSLMODE === "require",
ca: fs.readFileSync(process.env.CA_CERT).toString(),
}
}; };
db = pgp(cn); db = pgp(cn);
} catch { } catch {
@ -25,4 +29,4 @@ try {
); );
} }
module.exports = db; module.exports = db;