Add docker-compose support, so a working development server with HTTPS can be started with:

docker-compose build && docker-compose up

Dockerfile

@@ -0,0 +1,12 @@
+FROM alpine
+ENV LANG C.UTF-8
+ENV LC_ALL C.UTF-8
+RUN apk add --no-cache curl-dev build-base
+COPY . /build
+WORKDIR /build
+RUN make
+COPY examples/docker-entrypoint.sh /usr/local/bin/entrypoint.sh
+RUN chmod +x /usr/local/bin/entrypoint.sh
+ENTRYPOINT ["/bin/sh", "/usr/local/bin/entrypoint.sh"]
+EXPOSE 8001
+CMD /build/snac

README.md

@@ -43,6 +43,19 @@ Run `make` and then `make install` as root.
 
 See the administrator manual on how to proceed from here.
 
+# Testing via Docker
+
+A `docker-compose` file is provided for development and testing. To start snac with an nginx HTTPS frontend, run:
+
+    docker-compose build && docker-compose up
+
+This will:
+
+- Start snac, storing data in `data/`
+- Configure snac to listen on port 8001 with a server name of `localhost` (see `examples/docker-entrypoint.sh`)
+- Create a new user `testuser` and print the user's generated password on the console (see `examples/docker-entrypoint.sh`)
+- Start nginx to handle HTTPS, using the certificate pair from `nginx-alpine-ssl/nginx-selfsigned.*` (see `examples/nginx-alpine-ssl/entrypoint.sh`)
+
 # License
 
 See the LICENSE file for details.

docker-compose.yaml

@@ -0,0 +1,27 @@
+---
+version: '3'
+
+services:
+    snac:
+        build: .
+        image: snac
+        container_name: snac
+        restart: unless-stopped
+        security_opt:
+            - no-new-privileges:true
+        volumes:
+            - ./data:/data
+        ports:
+            - "8001:8001"
+
+    nginx-alpine-ssl:
+        build: examples/nginx-alpine-ssl
+        image: examples/nginx-alpine-ssl
+        container_name: nginx-alpine-ssl
+        restart: unless-stopped
+        security_opt:
+            - no-new-privileges:true
+        ports:
+            - "443:443"
+            - "80:80"
+

examples/docker-entrypoint.sh

@@ -0,0 +1,6 @@
+if [ ! -e /data/data/server.json ]
+then
+    echo -ne "0.0.0.0\r\n8001\r\nlocalhost\r\n\r\n" | /build/snac init /data/data
+    /build/snac adduser /data/data testuser
+fi
+SSLKEYLOGFILE=/data/key /build/snac httpd /data/data

examples/nginx-alpine-ssl/Dockerfile

@@ -0,0 +1,13 @@
+FROM alpine
+RUN apk add nginx
+RUN mkdir -p /run/nginx
+ADD default.conf /etc/nginx/http.d/default.conf
+ADD *.key /etc/ssl/private/
+ADD *.crt /etc/ssl/certs/
+WORKDIR /var/www/localhost/htdocs
+COPY entrypoint.sh /usr/local/bin
+RUN chmod +x /usr/local/bin/entrypoint.sh
+ENTRYPOINT ["/bin/sh", "/usr/local/bin/entrypoint.sh"]
+#EXPOSE 80
+EXPOSE 443
+CMD ["/bin/sh", "-c", "nginx -g 'daemon off;'; nginx -s reload;"]

examples/nginx-alpine-ssl/default.conf

@@ -0,0 +1,89 @@
+server {
+    listen 80 default_server;
+    listen [::]:80 default_server;
+    listen 443 ssl http2 default_server;
+    listen [::]:443 ssl http2 default_server;
+    ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
+    ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
+
+    location /.well-known/webfinger {
+        proxy_http_version      1.1;
+        proxy_set_header        Upgrade $http_upgrade;
+        proxy_set_header        Connection "upgrade";
+        proxy_redirect          off;
+        proxy_connect_timeout   90;
+        proxy_send_timeout      90;
+        proxy_read_timeout      90;
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_set_header        Proxy "";
+        proxy_pass_header       Server;
+        proxy_buffering on;
+        tcp_nodelay on;
+        proxy_pass http://snac:8001;
+        proxy_set_header Host $http_host;
+    }
+
+    location /.well-known/nodeinfo {
+        proxy_http_version      1.1;
+        proxy_set_header        Upgrade $http_upgrade;
+        proxy_set_header        Connection "upgrade";
+        proxy_redirect          off;
+        proxy_connect_timeout   90;
+        proxy_send_timeout      90;
+        proxy_read_timeout      90;
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_set_header        Proxy "";
+        proxy_pass_header       Server;
+        proxy_buffering on;
+        tcp_nodelay on;
+        proxy_pass http://snac:8001;
+        proxy_set_header Host $http_host;
+    }
+
+    location / {
+        proxy_http_version      1.1;
+        proxy_set_header        Upgrade $http_upgrade;
+        proxy_set_header        Connection "upgrade";
+        proxy_redirect          off;
+        proxy_connect_timeout   90;
+        proxy_send_timeout      90;
+        proxy_read_timeout      90;
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_set_header        Proxy "";
+        proxy_pass_header       Server;
+        proxy_buffering on;
+        tcp_nodelay on;
+        proxy_pass http://snac:8001;
+        proxy_set_header Host $http_host;
+    }
+
+    location /fedi/ {
+        proxy_http_version      1.1;
+        proxy_set_header        Upgrade $http_upgrade;
+        proxy_set_header        Connection "upgrade";
+        proxy_redirect          off;
+        proxy_connect_timeout   90;
+        proxy_send_timeout      90;
+        proxy_read_timeout      90;
+        proxy_set_header        Host $host;
+        proxy_set_header        X-Real-IP $remote_addr;
+        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_set_header        Proxy "";
+        proxy_pass_header       Server;
+        proxy_buffering on;
+        tcp_nodelay on;
+        proxy_pass http://snac:8001;
+        proxy_set_header Host $http_host;
+    }
+}
+

examples/nginx-alpine-ssl/entrypoint.sh

@@ -0,0 +1,15 @@
+cd /etc/nginx/http.d;
+export CRT="${CRT:=nginx-selfsigned.crt}";
+if [ -f "/etc/ssl/certs/$CRT" ]
+then
+    # set crt file in the default.conf file
+    sed -i "/ssl_certificate \//c\\\tssl_certificate \/etc\/ssl\/certs\/$CRT;" default.conf;
+fi
+export KEY="${KEY:=nginx-selfsigned.key}";
+if [ -f "/etc/ssl/private/$KEY" ]
+then
+    # set key file in the default.conf file
+    sed -i "/ssl_certificate_key \//c\\\tssl_certificate_key \/etc\/ssl\/private\/$KEY;" default.conf;
+fi
+nginx -g 'daemon off;'; nginx -s reload;
+

examples/nginx-alpine-ssl/nginx-selfsigned.crt

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDjDCCAnSgAwIBAgIUCCSqvSfnCK67C4JNfoiXUXyTIK4wDQYJKoZIhvcNAQEL
+BQAwSTELMAkGA1UEBhMCQ0ExCzAJBgNVBAgMAlFDMRYwFAYDVQQKDA1Db21wYW55
+LCBJbmMuMRUwEwYDVQQDDAxteWRvbWFpbi5jb20wHhcNMjIxMjEyMTAwNzU1WhcN
+MjMxMjEyMTAwNzU1WjBJMQswCQYDVQQGEwJDQTELMAkGA1UECAwCUUMxFjAUBgNV
+BAoMDUNvbXBhbnksIEluYy4xFTATBgNVBAMMDG15ZG9tYWluLmNvbTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBANss2w/GUwKcoUxHsWDfnldEuJzwx3Jr
+oRvTZY7ZcEM8vsVW8Xi61jpo2H/Uqv+3jl6+R6UFL1IKQUY0jn9KatYkfrHdHcYx
+RwH8yLKWfCY9/qrPE8NzYQMkeNUqu5oGWDMFoCcGAuHOzB+v6JR2/0zaEavi96dZ
+ZwjijdZtZAB9BuqD5R5dmVBV1fYSWM/X0/KN2RPpoBRak+HmpoZfimut9rMAPjay
+WjVxQCR/kCL6OlfLL5CFp6e6u9pczRNTLr0QODmyQGIBd4Rjh1JQD2K1c1QN4ztw
+ExGW+gqe7CGuwVfPSjlUsE1kiC11KreAWadLiovOp4Th6lygeaYg4R8CAwEAAaNs
+MGowHQYDVR0OBBYEFE/ykxo/J5z2IT9Zuk3uwk+NAb4eMB8GA1UdIwQYMBaAFE/y
+kxo/J5z2IT9Zuk3uwk+NAb4eMA8GA1UdEwEB/wQFMAMBAf8wFwYDVR0RBBAwDoIM
+bXlkb21haW4uY29tMA0GCSqGSIb3DQEBCwUAA4IBAQA/8ptI9ncISkYBDz8hUmWE
+WkBsSFs2BTBvUQ4bsdXmV3AkC1BFw0meW3kNL/4ptkSsOvVj4imBjG906UfyXw5l
+TyegRn2pA13IqBgl0Fs0+qlg5a/a+UgMZHmJeCsOZ3gJCG/mqJ0MyE8vUCUcD1oZ
+XGsUgOUkiK/eMN6r4kW6SsBs7iapDpascvmGz4VuzYpBy+qOGayfCOt4h/hS9VEC
+ErZo1L6jJFBApM1Jxmd7yYWJeQAkN1/LjdYJltSZ4dNlw6ewzK/Px0hGeEzr60M7
++JgGuAuxIdp3pTYZwB5TqZ5v/bvapzPgK4A7COBOj1N3uqJiTmYErKwx201AP3BQ
+-----END CERTIFICATE-----

examples/nginx-alpine-ssl/nginx-selfsigned.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDbLNsPxlMCnKFM
+R7Fg355XRLic8Mdya6Eb02WO2XBDPL7FVvF4utY6aNh/1Kr/t45evkelBS9SCkFG
+NI5/SmrWJH6x3R3GMUcB/MiylnwmPf6qzxPDc2EDJHjVKruaBlgzBaAnBgLhzswf
+r+iUdv9M2hGr4venWWcI4o3WbWQAfQbqg+UeXZlQVdX2EljP19PyjdkT6aAUWpPh
+5qaGX4prrfazAD42slo1cUAkf5Ai+jpXyy+QhaenurvaXM0TUy69EDg5skBiAXeE
+Y4dSUA9itXNUDeM7cBMRlvoKnuwhrsFXz0o5VLBNZIgtdSq3gFmnS4qLzqeE4epc
+oHmmIOEfAgMBAAECggEBAJDckN1YQ71SMPnt2LsikdE0RqDUM77YjF+L1XAZHy4R
+lDVyRZ96PeXVLmMu+OaTN7I/KbNUPfaHeKUiT5yqXvqynFqKvwcjwr75iN0gwWW1
+TAExZOql89TT4lliKSSgVONEMJoaSwVcXWYEKkEWdZ8h8tQc63rciFFDDGRRYOtA
+fmMb3tOmnJqGu4PDq4vnVv7YiCXvNZiVOz99AsW0Y1ptSMyQrxyLjdr+wxClh0UV
+uGFcFIJJwsvBGDNb6G3Wy3vJHkkqMEhPwfP/AkHZMdQKdZ15V/WAOP8xKXW205jY
+Lu0mCbv2Udaait+fjZhM/JoemPLApwLNVRpwV5QfGwECgYEA9X/fjVPhJZ42LrP0
+Z4j2tj47DLtHLktrd84OA4BV4I+JjTvddJfXCtEk1m59vpzutJEYpy/bII84JWuE
+H1cMv8epS4Yfi/2RoB8ADO7E0L/BPAND7zjCHIqryiZY7ubp/71/jaOF0ZCugqbi
+YK7sl9H7qj1u+cC4+pab9ue/IyECgYEA5Iy90M7f7bI+6tS2/k4eroLxGWAJqRSj
+D2DjYTd/gPgm8jCDhnmbicquP2YBTIIdaNiREh19pvQs/JRo+tbsGKgSQbjLdM8Z
+8WzmhrNJH/fF/Vmi8DYSg4VScZgyjJX5T1FsRup8r53hxVpyRtTEJLOzSfJDEE1L
+eb09EeHrvD8CgYAOKdt25uD1b6RGm4E9O+yn5P05JdDcfeNsXQn3776EnyNbb5m+
+MUhpylkqueMtTRaEel6Gvr8QqNKfbg2IVVhZ9CXzQoCtbeqp5z/0fw4B0R5P3Qxd
+T9P7G5D/r6iv18imRYOHY2jEB2naBdDHrS/fLnEriDHP3OuPIYNMAmDHoQKBgQCQ
+Py/yIQ9+Axjot7aDTKTaubQXsuCGAYtkwl7gVdm4eWaDRxFMB2aekfhl9ShutFSB
+fuYYy9opTEU0aSrU3l8GtNVI+6wVnjyefoAElhVaAtTIMRHAkDAhKD0/irKkvmcq
+o5Y2L/rgEEKVf59Oiyz8iRpoWmnvWQmA3Wo05iUVmwKBgHTh1q1PTUzgvL0uNNZ3
+Kttp/U81I0C0TEyLFt/WfAD6ZrsG3GMq5IqN2CkOvPSDCrdxAxiDuxK7l3/gWU6s
+9EtoG2gZb5SyU6hZ0isuokaeAyuueDEco38AFXSvmt/jxvdzilYW/n5+HNoV2XL1
+CBv1Y6Ouy7rA3Q9C7WPb43m4
+-----END PRIVATE KEY-----