set up tls and dns for dev environment

local-environment/Makefile

-up:
-	podman-compose up -d
-
-post-up:
-	./update_hosts.sh
-
-deploy: up post-up

local-environment/default.conf

+server {
+    listen 8443 ssl;
+    server_name webservice.local;
+
+    ssl_certificate /etc/nginx/certs/nginx.crt;
+    ssl_certificate_key /etc/nginx/certs/nginx.key;
+
+    location / {
+        proxy_pass http://localhost:8080;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}

local-environment/podman-compose.yml

-version: "3.8"
-
-services:
-  traefik:
-    image: traefik:v2.5
-    command:
-      - "--api.insecure=true"
-      - "--providers.docker=true"
-      - "--entrypoints.web.address=:80"
-      - "--entrypoints.websecure.address=:443"
-      - "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
-      - "--certificatesresolvers.mytlschallenge.acme.email=masi9606@bht-berlin.de"
-      - "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
-    ports:
-      - "80:80"
-      - "443:443"
-    volumes:
-      - "/var/run/podman/podman.sock:/var/run/docker.sock"
-      - "./traefik/traefik.yml:/etc/traefik/traefik.yml"
-      - "./letsencrypt:/letsencrypt"
-    networks:
-      - backend
-    extra_hosts:
-      - "app.local:127.0.0.1"
-      - "prometheus.local:127.0.0.1"
-      - "grafana.local:127.0.0.1"
-
-  app:
-    image: registry.bht-berlin.de:443/masi9606/webservice:dev
-    deploy:
-      replicas: 2
-    networks:
-      - backend
-    labels:
-      - "traefik.http.routers.app.rule=Host(`app.local`)"
-      - "traefik.http.routers.app.tls=true"
-      - "traefik.http.services.app.loadbalancer.server.port=8080"
-    extra_hosts:
-      - "app.local:127.0.0.1"
-
-  prometheus:
-    image: prom/prometheus:latest
-    volumes:
-      - "./monitoring/prometheus.yml:/etc/prometheus/prometheus.yml"
-    networks:
-      - backend
-    labels:
-      - "traefik.http.routers.prometheus.rule=Host(`prometheus.local`)"
-      - "traefik.http.routers.prometheus.tls=true"
-      - "traefik.http.services.prometheus.loadbalancer.server.port=9090"
-    extra_hosts:
-      - "prometheus.local:127.0.0.1"
-
-  grafana:
-    image: grafana/grafana:latest
-    networks:
-      - backend
-    labels:
-      - "traefik.http.routers.grafana.rule=Host(`grafana.local`)"
-      - "traefik.http.routers.grafana.tls=true"
-      - "traefik.http.services.grafana.loadbalancer.server.port=3000"
-    extra_hosts:
-      - "grafana.local:127.0.0.1"
-
-  redis:
-    image: redis:latest
-    networks:
-      - backend
-    ports:
-      - "6379:6379"
-    environment:
-      - REDIS_PASSWORD=
-
-networks:
-  backend:

local-environment/setup-local.sh

+#!/bin/bash
+
+IMAGE_NAME="registry.bht-berlin.de:443/masi9606/webservice:dev"
+CONTAINER_NAME="webservice_container"
+CONTAINER_HTTP_PORT="8080"
+CONTAINER_HTTPS_PORT="8443"
+NGINX_CONF="/etc/nginx/sites-available/default"
+CERT_DIR="/etc/nginx/certs"
+DOMAIN_NAME="webservice.local"
+
+# Stop old containers
+podman stop $CONTAINER_NAME
+podman rm -f $CONTAINER_NAME
+
+# Pull image
+podman pull $IMAGE_NAME
+
+# Run container on both ports
+podman run -d -p $CONTAINER_HTTP_PORT:$CONTAINER_HTTP_PORT -p $CONTAINER_HTTPS_PORT:$CONTAINER_HTTPS_PORT --name $CONTAINER_NAME $IMAGE_NAME
+
+# Install packages
+podman exec -it $CONTAINER_NAME apt-get update
+podman exec -it $CONTAINER_NAME apt-get install -y openssl nginx systemctl curl
+
+# Generate SSL certificate and key
+podman exec -it $CONTAINER_NAME bash -c "mkdir -p $CERT_DIR && \
+    openssl req -x509 -nodes -days 365 -newkey rsa:4096 \
+    -keyout $CERT_DIR/nginx.key -out $CERT_DIR/nginx.crt \
+    -subj '/CN=$DOMAIN_NAME'"
+
+podman cp default.conf $CONTAINER_NAME:$NGINX_CONF
+
+# Restart Nginx to apply the changes
+podman exec -it $CONTAINER_NAME systemctl restart nginx
+
+# Wait
+podman exec -it $CONTAINER_NAME sleep 5
+
+# Add entry to /etc/hosts
+podman exec -it $CONTAINER_NAME bash -c "echo '127.0.0.1       webservice.local' >> /etc/hosts"
+
+echo "Setup complete..."
+
+echo "Testing from inside..."
+podman exec -it $CONTAINER_NAME curl -k https://$DOMAIN_NAME:$CONTAINER_HTTPS_PORT/
+
+echo "Testing from outside..."
+sudo bash -c "echo '127.0.0.1 webservice.local' >> /etc/hosts"
+curl -k https://$DOMAIN_NAME:$CONTAINER_HTTPS_PORT/
\ No newline at end of file

local-environment/traefik.yml

-http:
-  routers:
-    web:
-      rule: "Host(`app.local`)"
-      entryPoints:
-        - web
-    websecure:
-      rule: "Host(`app.local`)"
-      entryPoints:
-        - websecure
-      tls:
-        certResolver: mytlschallenge

local-environment/update_hosts.sh

-#!/bin/bash
-
-declare -A domains
-domains=(
-  ["app.local"]="127.0.0.1"
-  ["prometheus.local"]="127.0.0.1"
-  ["grafana.local"]="127.0.0.1"
-)
-
-for domain in "${!domains[@]}"; do
-  ip=${domains[$domain]}
-  if ! grep -q "$domain" /etc/hosts; then
-    echo "$ip $domain" | sudo tee -a /etc/hosts > /dev/null
-    echo "Added $domain to /etc/hosts"
-  else
-    echo "$domain is already in /etc/hosts"
-  fi
-done
\ No newline at end of file