add SSL capability to docker image

Docker/README.md

@@ -55,6 +55,16 @@ docker run -d --name='Shinobi' -p '8080:8080/tcp' -v "/dev/shm/Shinobi/streams":
  | DB_HOST              | Address that the Shinobi process will connect to the database with.  | localhost          |
  | DB_DATABASE          | Database that the Shinobi process will interact with.                | ccio               |
  | DB_DISABLE_INCLUDED     | Disable included database to use your own. Set to `true` to disable.| false |
+ | PLUGIN_KEYS     | The object containing connection keys for plugins running in client mode (non-host, default). | {} |
+ | SSL_ENABLED     | Enable or disable SSL with `openssl`. | false |
+ | SSL_COUNTRY     | Country Code for SSL. Ignore if `SSL_AUTO_CREATE=false`. | CA |
+ | SSL_STATE     | Province/State Code for SSL. Ignore if `SSL_AUTO_CREATE=false`. | BC |
+ | SSL_LOCATION     | Location of where SSL key is being used. Ignore if `SSL_AUTO_CREATE=false`. | Vancouver |
+ | SSL_ORGANIZATION     | Company Name associated to key. Ignore if `SSL_AUTO_CREATE=false`. | Shinobi Systems |
+ | SSL_ORGANIZATION_UNIT     | Department associated to key. Ignore if `SSL_AUTO_CREATE=false`. | IT Department |
+ | SSL_COMMON_NAME     | Common Name associated to key. Ignore if `SSL_AUTO_CREATE=false`. | nvr.ninja |
+
+ > You must add (to the docker container) `/config/ssl/server.key` and `/config/ssl/server.cert`. The `/config` folder is mapped to `$HOME/Shinobi/config` on the host by default with the quick run methods. Place `key` and `cert` in `$HOME/Shinobi/config/ssl`. If `SSL_ENABLED=true` and these files don't exist they will be generated with `openssl`.
 
 > For those using `DB_DISABLE_INCLUDED=true` please remember to create a user in your databse first. The Docker image will create the `DB_DATABASE` under the specified connection information.
 

Docker/init.sh

@@ -5,6 +5,21 @@ cp sql/framework.sql sql/framework1.sql
 OLD_SQL_USER_TAG="ccio"
 NEW_SQL_USER_TAG="$DB_DATABASE"
 sed -i "s/$OLD_SQL_USER_TAG/$NEW_SQL_USER_TAG/g" sql/framework1.sql
+if [ "$SSL_ENABLED" = "true" ]; then
+    if [ -d /config/ssl ]; then
+        echo "Using provided SSL Key"
+        cp -R /config/ssl ssl
+        SSL_CONFIG='{"key":"./ssl/server.key","cert":"./ssl/server.cert"}'
+    else
+        echo "Making new SSL Key"
+        mkdir -p ssl
+        openssl req -nodes -new -x509 -keyout ssl/server.key -out ssl/server.cert -subj "/C=$SSL_COUNTRY/ST=$SSL_STATE/L=$SSL_LOCATION/O=$SSL_ORGANIZATION/OU=$SSL_ORGANIZATION_UNIT/CN=$SSL_COMMON_NAME"
+        cp -R ssl /config/ssl
+        SSL_CONFIG='{"key":"./ssl/server.key","cert":"./ssl/server.cert"}'
+    fi
+else
+    SSL_CONFIG='{}'
+fi
 if [ "$DB_DISABLE_INCLUDED" = "false" ]; then
     echo "MariaDB Directory ..."
     ls /var/lib/mysql
@@ -70,7 +85,7 @@ if [ ! -e "./conf.json" ]; then
     sudo cp conf.sample.json conf.json
 fi
 sudo sed -i -e 's/change_this_to_something_very_random__just_anything_other_than_this/'"$cronKey"'/g' conf.json
-node tools/modifyConfiguration.js cpuUsageMarker=CPU subscriptionId=$SUBSCRIPTION_ID thisIsDocker=true pluginKeys="$PLUGIN_KEYS" db="$DATABASE_CONFIG"
+node tools/modifyConfiguration.js cpuUsageMarker=CPU subscriptionId=$SUBSCRIPTION_ID thisIsDocker=true pluginKeys="$PLUGIN_KEYS" db="$DATABASE_CONFIG" ssl="$SSL_CONFIG"
 sudo cp conf.json /config/conf.json
 
 

Dockerfile

@@ -7,6 +7,13 @@ ENV DB_USER=majesticflame \
     DB_PORT=3306 \
     SUBSCRIPTION_ID=sub_XXXXXXXXXXXX \
     PLUGIN_KEYS='{}' \
+    SSL_ENABLED='false' \
+    SSL_COUNTRY='CA' \
+    SSL_STATE='BC' \
+    SSL_LOCATION='Vancouver' \
+    SSL_ORGANIZATION='Shinobi Systems' \
+    SSL_ORGANIZATION_UNIT='IT Department' \
+    SSL_COMMON_NAME='nvr.ninja' \
     DB_DISABLE_INCLUDED=false
 ARG DEBIAN_FRONTEND=noninteractive