diff --git a/.gitignore b/.gitignore index 6fce63e..bc7f707 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,6 @@ +7h96bfno.000/ +linux-amd64.tgz +conf/ervu-sign-module.conf CMakeFiles/ CMakeLists.txt.user src/config.h diff --git a/CMakeLists.txt b/CMakeLists.txt index d6d4f84..8ce7aee 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -65,6 +65,7 @@ MESSAGE ("") CONFIGURE_FILE (${SOURCE_DIR}/config.h.in ${SOURCE_DIR}/config.h) SET (CRYPTOPRO_INCLUDE_DIRS + /opt/cprocsp/include /opt/cprocsp/include/cpcsp /opt/cprocsp/include/pki ) diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..0ab8de4 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,68 @@ +ARG BUILDER_IMAGE=registry.altlinux.org/basealt/altsp:c10f1 +ARG RUNTIME_IMAGE=registry.altlinux.org/basealt/altsp:c10f1 + +FROM ${BUILDER_IMAGE} AS builder + +RUN apt-get update \ + && apt-get -y install \ + crontabs \ + glibc-locales \ + unzip \ + glib2-devel \ + libfcgi-devel \ + cmake \ + make \ + gcc \ + gcc10 + +WORKDIR /distr +COPY linux-amd64.tgz . + +# Install CryptoPRO CSP +RUN tar -xf linux-amd64.tgz \ + && cd linux-amd64 \ + && ./install.sh \ + && apt-get install ./cprocsp-pki-cades-64-*.rpm \ + && apt-get install ./lsb-cprocsp-devel-*.rpm \ + && cd .. && rm -rf linux-amd64 linux-amd64.tgz + +WORKDIR /build +COPY src src +COPY CMakeLists.txt CMakeLists.txt + +RUN mkdir -p .build \ + && cd .build \ + && cmake .. \ + && make -j4 + + +FROM ${RUNTIME_IMAGE} + +ENV TZ=Europe/Moscow + +RUN apt-get update \ + && apt-get -y install mc glib2 libfcgi nginx \ + && apt-get clean \ + && rm -f /var/cache/apt/*.bin \ + && rm -f /var/lib/apt/lists/update* \ + && adduser --system --no-create-home --user-group --uid 500 ervu + +COPY --from=builder /usr/lib/locale/ru_RU.utf8 /usr/lib/locale/ru_RU.utf8 +COPY --from=builder /etc/opt/cprocsp /etc/opt/cprocsp +COPY --from=builder /opt/cprocsp /opt/cprocsp +COPY --from=builder /var/opt/cprocsp /var/opt/cprocsp +COPY --from=builder /build/.build/ervu-sign-module /opt/ervu-sign-module/ervu-sign-module + +COPY entrypoint.sh /entrypoint.sh + +RUN mkdir -p /var/opt/cprocsp/keys/ervu/7h96bfno.000 \ + && chown -R ervu:ervu /var/opt/cprocsp/keys/ervu \ + && chmod +x /entrypoint.sh + +VOLUME /var/opt/cprocsp/keys/ervu/7h96bfno.000 + +EXPOSE 9009 + +USER ervu + +ENTRYPOINT ["/entrypoint.sh"] diff --git a/conf/ervu-esia-module.conf b/conf/ervu-sign-module.conf.example similarity index 68% rename from conf/ervu-esia-module.conf rename to conf/ervu-sign-module.conf.example index 6019ba5..76dfb54 100644 --- a/conf/ervu-esia-module.conf +++ b/conf/ervu-sign-module.conf.example @@ -3,12 +3,11 @@ [fcgi] fcgi_listen_port = 9009 -#fcgi_listen_host = 127.0.0.1 +fcgi_listen_host = 127.0.0.1 #fcgi_thread_pool_size = 1 [sign] #location = /sign -cp_file = libcapi20.so +cp_file = /opt/cprocsp/lib/amd64/libcapi20.so signer_subject = signer@example.ru pin = **** - diff --git a/conf/nginx-docker.conf b/conf/nginx-docker.conf new file mode 100644 index 0000000..362e9b9 --- /dev/null +++ b/conf/nginx-docker.conf @@ -0,0 +1,9 @@ +server { + listen 80; + server_name localhost; + + location = /sign { + fastcgi_pass ervu-sign-module:9009; + include fastcgi_params; + } +} diff --git a/conf/nginx.conf b/conf/nginx.conf new file mode 100644 index 0000000..3703968 --- /dev/null +++ b/conf/nginx.conf @@ -0,0 +1,43 @@ +# load dynamic nginx modules +include /etc/nginx/modules-enabled.d/*.conf; + +# see http://nginx.net for info & docs + +worker_processes 10; + +error_log /var/log/nginx/error.log; + +events { + worker_connections 1024; +} + +include /etc/nginx/conf-enabled.d/*.conf; + +http { + proxy_temp_path /var/spool/nginx/tmp/proxy; + fastcgi_temp_path /var/spool/nginx/tmp/fastcgi; + client_body_temp_path /var/spool/nginx/tmp/client; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + sendfile on; + + gzip on; + + # text/html doesn't need to be defined there, it's compressed always + gzip_types text/plain text/css text/xml application/x-javascript application/atom+xml; + + # gzip_comp_level 9; + include /etc/nginx/sites-enabled.d/*.conf; + + server { + listen 80; + server_name localhost; + + location = /sign { + fastcgi_pass localhost:9009; + include fastcgi_params; + } + } +} diff --git a/docker-compose.yaml b/docker-compose.yaml new file mode 100644 index 0000000..f8a84d7 --- /dev/null +++ b/docker-compose.yaml @@ -0,0 +1,14 @@ +services: + ervu-sign-module: + build: . + volumes: + - ./7h96bfno.000:/var/opt/cprocsp/keys/ervu/7h96bfno.000 + - ./conf/ervu-sign-module.conf:/etc/ervu-sign-module.conf + nginx: + image: nginx:latest + links: + - ervu-sign-module + ports: + - "28080:80" + volumes: + - ./conf/nginx-docker.conf:/etc/nginx/conf.d/default.conf diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 0000000..b6f1ca2 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,3 @@ +#!/bin/bash +/opt/cprocsp/bin/amd64/csptest -absorb -certs -autoprov +/opt/ervu-sign-module/ervu-sign-module