GrapheneOS · csskevin · Jan 15, 2024
diff --git a/docker/.gitignore b/docker/.gitignore
@@ -0,0 +1 @@
+data
diff --git a/docker/README.md b/docker/README.md
@@ -0,0 +1,11 @@
+
+# Docker deployment
+
+Read [README.md](/README.md) first.
+Don't forget to adapt the app ID and signature  as those can only be changed by rebuilding the container.
+Also you need to clone submodules as the dockerfile requires them: `git submodule update --init`
+
+Adapt:
+- [AttestationProtocol.java:154-162](/src/main/java/app/attestation/server/AttestationProtocol.java#L154-L162) to your app ID and signature
+- [AttestationServer.java:85-86](/src/main/java/app/attestation/server/AttestationServer.java#L85-L86) to your domain and protocol
+- [AttestationServer.java:320](/src/main/java/app/attestation/server/AttestationServer.java#L320) to "0.0.0.0", or enable IPv6 support in docker
diff --git a/docker/attestation-server.dockerfile b/docker/attestation-server.dockerfile
@@ -0,0 +1,19 @@
+FROM archlinux:base-20240101.0.204074
+
+WORKDIR /app
+RUN pacman --noconfirm -Sy jdk-openjdk
+
+COPY . /app
+RUN ./gradlew build
+
+FROM fedora:39
+
+RUN dnf -y update
+RUN dnf -y install java-latest-openjdk-headless
+
+WORKDIR /data
+RUN mkdir /app
+COPY --from=0 /app/build/libs/ /app
+COPY --from=0 /app/libs/sqlite4java-prebuilt/ /usr/lib
+
+CMD [ "/usr/bin/java", "-cp", "/app/*", "app.attestation.server.AttestationServer" ]
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
@@ -0,0 +1,17 @@
+version: '3'
+
+services:
+  attestation-server:
+    build: 
+      context: ..
+      dockerfile: docker/attestation-server.dockerfile
+    container_name: attestation-server
+    volumes:
+      - ./data:/data
+  attestation-proxy:
+    build:
+      context: ..
+      dockerfile: docker/nginx-server.dockerfile
+    container_name: nginx
+    ports:
+      - 5000:80
diff --git a/docker/nginx-server.dockerfile b/docker/nginx-server.dockerfile
@@ -0,0 +1,37 @@
+# Copying same dockerfile content, as they are built only once
+FROM archlinux:base-20240101.0.204074
+
+# Installing dev dependencies
+# moreutils is required for packages: sponge
+RUN pacman --noconfirm -Sy jdk-openjdk zopfli parallel yajl brotli nginx-mod-brotli python3 python-pip nodejs npm libxml2 moreutils
+
+ENV GITHUB_ACTIONS="true"
+ENV PATH="/opt/venv/bin:$PATH"
+ENV SKIP_REMOTE_PUBLISHING="1"
+
+
+WORKDIR /app
+COPY . /app
+
+RUN npm i
+RUN python -m venv /opt/venv
+RUN pip install -r requirements.txt
+
+RUN ./process-static
+
+FROM archlinux:base-20240101.0.204074
+
+RUN pacman --noconfirm -Sy nginx nginx-mod-brotli
+
+COPY --from=0 /app/nginx-tmp/nginx.conf /etc/nginx/
+COPY --from=0 /app/nginx-tmp/mime.types /etc/nginx/
+COPY --from=0 /app/nginx-tmp/root_attestation.app.conf /etc/nginx/
+COPY --from=0 /app/nginx-tmp/snippets /etc/nginx/snippets
+COPY --from=0 /app/static-tmp /srv/attestation.app_a
+COPY ./docker/nginx/nginx.conf /etc/nginx/nginx.conf
+
+RUN mkdir -p /etc/nginx/modules/
+RUN ln -s /usr/lib/nginx/modules/ngx_http_brotli_filter_module.so /etc/nginx/modules/ngx_http_brotli_filter_module.so
+RUN ln -s /usr/lib/nginx/modules/ngx_http_brotli_static_module.so /etc/nginx/modules/ngx_http_brotli_static_module.so
+
+CMD [ "nginx", "-g", "daemon off;" ]