Enhance nginx container to automatically generate self-signed certificates in absence of existing certificate files.

Dockerfile_nginx

@@ -0,0 +1,6 @@
+FROM nginx:alpine
+RUN apk --no-cache add openssl
+COPY nginx_entrypoint.sh /nginx_entrypoint.sh
+RUN chmod +x /nginx_entrypoint.sh
+ENTRYPOINT ["/nginx_entrypoint.sh"]
+CMD ["nginx", "-g", "daemon off;"]

README.md

@@ -29,22 +29,19 @@ Follow these steps to deploy wireguard_webadmin:
    git clone https://github.com/eduardogsilva/wireguard_webadmin
    ```
 
-2. **Place your SSL certificates for nginx in the `certificates` volume.**
+2. **Run Docker Compose (choose one):**
-
-   The files should be named `nginx.pem` and `nginx.key`. You can use self-signed certificates and accept the certificate exception in your browser.
-
-3. **Run Docker Compose (choose one):**
 
    ### With NGINX (Recommended)
-   This mode is recommended for running the webadmin. Set up your certificates for nginx; you can use a self-signed certificate. If you don't have a DNS name pointing to your server, use `SERVER_ADDRESS=ip_address`.
+   This mode is recommended for running the web admin interface. The container deployment will automatically generate a self-signed certificate for you. If you want to update your certificates, simply navigate to the `certificates` volume and replace `nginx.pem` and `nginx.key` with your own certificates. If you don't have a DNS name pointing to your server, use `SERVER_ADDRESS=ip_address`.
-
+   
-   ```
+   ```bash
    SERVER_ADDRESS=yourserver.example.com docker-compose up --build -d
    ```
-   Access the web interface using `https://yourserver.example.com`.
+      
+   Access the web interface using `https://yourserver.example.com`. If you are using a self-signed certificate, you must accept the certificate exception that your browser will present.
 
    ### Without NGINX (Debug mode and testing only)
-   This mode does not require SSL certificates and runs Django with `DEBUG=True`. Not recommended for production use without HTTPS.
+   This mode does not use SSL certificates and runs Django with `DEBUG=True`. Not recommended for production use without HTTPS.
    ```
    docker-compose -f docker-compose-no-nginx.yml up --build -d
    ```

docker-compose.yml

@@ -13,7 +13,7 @@ services:
       - static_volume:/app_static_files/
     ports:
       # Do not directly expose the Django port to the internet, use the reverse proxy below instead
-      #- "127.0.0.1:8000:8000"
+      # - "127.0.0.1:8000:8000"
       # Warning: Docker will have a hard time handling large amount of ports. Expose only the ports that you need.
       # Ports for multiple WireGuard instances. (Probably, you just need one)
       - "51820-51839:51820-51839/udp"
@@ -40,6 +40,9 @@ services:
     container_name: wireguard-webadmin-nginx
     restart: unless-stopped
     image: nginx:alpine
+    build:
+      context: .
+      dockerfile: Dockerfile_nginx
     volumes:
       - ./virtualhost.conf:/etc/nginx/conf.d/wireguard-webadmin.conf
       - static_volume:/static

nginx_entrypoint.sh

@@ -0,0 +1,15 @@
+#!/bin/sh
+
+# Diretório onde os certificados devem ser armazenados
+CERT_DIR="/certificate"
+
+# Checa se ambos os arquivos de certificado existem
+if [ ! -f "$CERT_DIR/nginx.key" ] || [ ! -f "$CERT_DIR/nginx.pem" ]; then
+    echo "Creating self signed certificate..."
+    openssl req -x509 -newkey rsa:4096 -nodes -keyout "$CERT_DIR/nginx.key" -out "$CERT_DIR/nginx.pem" -days 3650 -subj "/CN=localhost"
+else
+    echo "Skipping self signed certificate creation, files already exist."
+fi
+
+# Executa o comando original do Docker (CMD) passado para entrypoint.sh
+exec "$@"

wireguard_webadmin/settings.py

@@ -129,6 +129,6 @@ STATICFILES_DIRS = [
 
 DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
 
-WIREGUARD_WEBADMIN_VERSION = 9502
+WIREGUARD_WEBADMIN_VERSION = 9505
 
 from wireguard_webadmin.production_settings import *