From 3307a39eb14e9bce1d9c792741fbc70214964ba7 Mon Sep 17 00:00:00 2001
From: Eduardo Silva <eduardo@eth0.com.br>
Date: Tue, 5 Mar 2024 13:26:18 -0300
Subject: [PATCH] Enhance nginx container to automatically generate self-signed
 certificates in absence of existing certificate files.

---
 Dockerfile_nginx               |  6 ++++++
 README.md                      | 17 +++++++----------
 docker-compose.yml             |  5 ++++-
 nginx_entrypoint.sh            | 15 +++++++++++++++
 wireguard_webadmin/settings.py |  2 +-
 5 files changed, 33 insertions(+), 12 deletions(-)
 create mode 100644 Dockerfile_nginx
 create mode 100755 nginx_entrypoint.sh

diff --git a/Dockerfile_nginx b/Dockerfile_nginx
new file mode 100644
index 0000000..c33b1c6
--- /dev/null
+++ b/Dockerfile_nginx
@@ -0,0 +1,6 @@
+FROM nginx:alpine
+RUN apk --no-cache add openssl
+COPY nginx_entrypoint.sh /nginx_entrypoint.sh
+RUN chmod +x /nginx_entrypoint.sh
+ENTRYPOINT ["/nginx_entrypoint.sh"]
+CMD ["nginx", "-g", "daemon off;"]
diff --git a/README.md b/README.md
index 0636222..a3e565d 100644
--- a/README.md
+++ b/README.md
@@ -29,22 +29,19 @@ Follow these steps to deploy wireguard_webadmin:
    git clone https://github.com/eduardogsilva/wireguard_webadmin
    ```
 
-2. **Place your SSL certificates for nginx in the `certificates` volume.**
-
-   The files should be named `nginx.pem` and `nginx.key`. You can use self-signed certificates and accept the certificate exception in your browser.
-
-3. **Run Docker Compose (choose one):**
+2. **Run Docker Compose (choose one):**
 
    ### With NGINX (Recommended)
-   This mode is recommended for running the webadmin. Set up your certificates for nginx; you can use a self-signed certificate. If you don't have a DNS name pointing to your server, use `SERVER_ADDRESS=ip_address`.
-
-   ```
+   This mode is recommended for running the web admin interface. The container deployment will automatically generate a self-signed certificate for you. If you want to update your certificates, simply navigate to the `certificates` volume and replace `nginx.pem` and `nginx.key` with your own certificates. If you don't have a DNS name pointing to your server, use `SERVER_ADDRESS=ip_address`.
+   
+   ```bash
    SERVER_ADDRESS=yourserver.example.com docker-compose up --build -d
    ```
-   Access the web interface using `https://yourserver.example.com`.
+      
+   Access the web interface using `https://yourserver.example.com`. If you are using a self-signed certificate, you must accept the certificate exception that your browser will present.
 
    ### Without NGINX (Debug mode and testing only)
-   This mode does not require SSL certificates and runs Django with `DEBUG=True`. Not recommended for production use without HTTPS.
+   This mode does not use SSL certificates and runs Django with `DEBUG=True`. Not recommended for production use without HTTPS.
    ```
    docker-compose -f docker-compose-no-nginx.yml up --build -d
    ```
diff --git a/docker-compose.yml b/docker-compose.yml
index ff061bb..c93b86d 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -13,7 +13,7 @@ services:
       - static_volume:/app_static_files/
     ports:
       # Do not directly expose the Django port to the internet, use the reverse proxy below instead
-      #- "127.0.0.1:8000:8000"
+      # - "127.0.0.1:8000:8000"
       # Warning: Docker will have a hard time handling large amount of ports. Expose only the ports that you need.
       # Ports for multiple WireGuard instances. (Probably, you just need one)
       - "51820-51839:51820-51839/udp"
@@ -40,6 +40,9 @@ services:
     container_name: wireguard-webadmin-nginx
     restart: unless-stopped
     image: nginx:alpine
+    build:
+      context: .
+      dockerfile: Dockerfile_nginx
     volumes:
       - ./virtualhost.conf:/etc/nginx/conf.d/wireguard-webadmin.conf
       - static_volume:/static
diff --git a/nginx_entrypoint.sh b/nginx_entrypoint.sh
new file mode 100755
index 0000000..94ce99e
--- /dev/null
+++ b/nginx_entrypoint.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+# Diretório onde os certificados devem ser armazenados
+CERT_DIR="/certificate"
+
+# Checa se ambos os arquivos de certificado existem
+if [ ! -f "$CERT_DIR/nginx.key" ] || [ ! -f "$CERT_DIR/nginx.pem" ]; then
+    echo "Creating self signed certificate..."
+    openssl req -x509 -newkey rsa:4096 -nodes -keyout "$CERT_DIR/nginx.key" -out "$CERT_DIR/nginx.pem" -days 3650 -subj "/CN=localhost"
+else
+    echo "Skipping self signed certificate creation, files already exist."
+fi
+
+# Executa o comando original do Docker (CMD) passado para entrypoint.sh
+exec "$@"
diff --git a/wireguard_webadmin/settings.py b/wireguard_webadmin/settings.py
index 12ce751..100ff26 100644
--- a/wireguard_webadmin/settings.py
+++ b/wireguard_webadmin/settings.py
@@ -129,6 +129,6 @@ STATICFILES_DIRS = [
 
 DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
 
-WIREGUARD_WEBADMIN_VERSION = 9502
+WIREGUARD_WEBADMIN_VERSION = 9505
 
 from wireguard_webadmin.production_settings import *
\ No newline at end of file