mirror of
https://github.com/DRYTRIX/TimeTracker.git
synced 2026-05-17 10:29:49 -05:00
Dries Peeters
64b5fbe45d
- Move Python and shell scripts (apply_migration, check_routes, run_tests, etc.) to scripts/ - Move setup-https-mkcert and start-https (bat/sh) to scripts/ - Update start-local-test.bat and start-local-test.sh
147 lines
4.4 KiB
Bash
147 lines
4.4 KiB
Bash
#!/bin/bash
|
|
# Start TimeTracker with automatic HTTPS
|
|
# Automatically generates certificates and starts all services
|
|
|
|
set -e
|
|
|
|
echo "=========================================="
|
|
echo "TimeTracker HTTPS Startup"
|
|
echo "=========================================="
|
|
echo ""
|
|
|
|
# Detect local IP
|
|
if [[ "$OSTYPE" == "darwin"* ]]; then
|
|
LOCAL_IP=$(ipconfig getifaddr en0 || ipconfig getifaddr en1 || echo "192.168.1.100")
|
|
elif [[ "$OSTYPE" == "linux-gnu"* ]]; then
|
|
LOCAL_IP=$(hostname -I | awk '{print $1}' || echo "192.168.1.100")
|
|
else
|
|
LOCAL_IP="192.168.1.100"
|
|
fi
|
|
|
|
echo "🌐 Local IP detected: $LOCAL_IP"
|
|
echo ""
|
|
|
|
# Create nginx config if it doesn't exist
|
|
if [ ! -f nginx/conf.d/https.conf ]; then
|
|
echo "📝 Creating nginx HTTPS configuration..."
|
|
mkdir -p nginx/conf.d
|
|
|
|
cat > nginx/conf.d/https.conf << 'NGINX_EOF'
|
|
server {
|
|
listen 80;
|
|
server_name _;
|
|
return 301 https://$host$request_uri;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
server_name _;
|
|
|
|
ssl_certificate /etc/nginx/ssl/cert.pem;
|
|
ssl_certificate_key /etc/nginx/ssl/key.pem;
|
|
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
add_header X-Frame-Options "DENY" always;
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
|
|
location / {
|
|
proxy_pass http://app:8080;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
}
|
|
}
|
|
NGINX_EOF
|
|
|
|
echo "✅ nginx configuration created"
|
|
echo ""
|
|
fi
|
|
|
|
# Update .env with HTTPS settings if it exists
|
|
if [ -f .env ]; then
|
|
echo "🔧 Updating .env with HTTPS settings..."
|
|
|
|
# Backup .env
|
|
cp .env .env.backup 2>/dev/null || true
|
|
|
|
# Update settings
|
|
sed -i.bak 's/^WTF_CSRF_SSL_STRICT=.*/WTF_CSRF_SSL_STRICT=true/' .env 2>/dev/null || echo "WTF_CSRF_SSL_STRICT=true" >> .env
|
|
sed -i.bak 's/^SESSION_COOKIE_SECURE=.*/SESSION_COOKIE_SECURE=true/' .env 2>/dev/null || echo "SESSION_COOKIE_SECURE=true" >> .env
|
|
sed -i.bak 's/^CSRF_COOKIE_SECURE=.*/CSRF_COOKIE_SECURE=true/' .env 2>/dev/null || echo "CSRF_COOKIE_SECURE=true" >> .env
|
|
|
|
# Clean up
|
|
rm -f .env.bak
|
|
|
|
echo "✅ .env updated"
|
|
echo ""
|
|
fi
|
|
|
|
# Export IP for docker-compose
|
|
export HOST_IP=$LOCAL_IP
|
|
|
|
# Choose certificate method
|
|
echo "Select certificate method:"
|
|
echo " 1) Self-signed (works immediately, shows browser warning)"
|
|
echo " 2) mkcert (trusted certificates, requires one-time CA install)"
|
|
echo ""
|
|
read -p "Choice [1]: " CERT_METHOD
|
|
CERT_METHOD=${CERT_METHOD:-1}
|
|
|
|
echo ""
|
|
|
|
if [ "$CERT_METHOD" = "2" ]; then
|
|
# Check if mkcert is available
|
|
if command -v mkcert >/dev/null 2>&1; then
|
|
echo "🔐 Using mkcert for trusted certificates..."
|
|
docker-compose -f docker-compose.yml -f docker/docker-compose.https-mkcert.yml up -d
|
|
else
|
|
echo "⚠️ mkcert not found on host. Using self-signed certificates instead."
|
|
echo " Install mkcert for trusted certificates: brew install mkcert (Mac) or choco install mkcert (Windows)"
|
|
echo ""
|
|
docker-compose -f docker-compose.yml -f docker/docker-compose.https-auto.yml up -d
|
|
fi
|
|
else
|
|
echo "🔐 Using self-signed certificates..."
|
|
docker-compose -f docker-compose.yml -f docker/docker-compose.https-auto.yml up -d
|
|
fi
|
|
|
|
echo ""
|
|
echo "=========================================="
|
|
echo "✅ TimeTracker is starting with HTTPS!"
|
|
echo "=========================================="
|
|
echo ""
|
|
echo "Access your application at:"
|
|
echo " https://localhost"
|
|
echo " https://$LOCAL_IP"
|
|
echo ""
|
|
|
|
if [ "$CERT_METHOD" = "1" ] || ! command -v mkcert >/dev/null 2>&1; then
|
|
echo "⚠️ Browser Warning Expected:"
|
|
echo " Self-signed certificates will show a security warning."
|
|
echo " Click 'Advanced' → 'Proceed to localhost (unsafe)' to continue."
|
|
echo ""
|
|
echo " For no warnings, run: bash setup-https-mkcert.sh"
|
|
else
|
|
echo "📋 To avoid browser warnings:"
|
|
echo " Install the CA certificate from: nginx/ssl/rootCA.pem"
|
|
echo " See instructions above or in HTTPS_MKCERT_GUIDE.md"
|
|
fi
|
|
|
|
echo ""
|
|
echo "View logs:"
|
|
echo " docker-compose logs -f"
|
|
echo ""
|
|
echo "Stop services:"
|
|
echo " docker-compose down"
|
|
echo ""
|
|
|