vincent.astolfi
/
maettleship
mirror of https://github.com/viastolfi/maettleship.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Secrets working well. Better security overall
continuous-integration/drone/push Build is passing Details

Browse Source
main
Vincent 8 months ago
parent a5b144fa87
commit 56859467fe
4 changed files with 35 additions and 23 deletions
Show Stats Download Patch File Download Diff File

25
database.js
Unescape View File

@ -1,10 +1,23 @@
const mysql = require("mysql2"); const mysql = require("mysql2");
const fs = require('node:fs');
const connection = mysql.createPool({
try {
const db_user_password = fs.readFileSync(process.env.DB_USER_PASSWORD_FILE, 'utf8').replace(/\r?\n|\r/g, "");
const db_user = fs.readFileSync(process.env.DB_USER_FILE, 'utf8').replace(/\r?\n|\r/g, "");
console.log(db_user)
const connection = mysql.createPool({
host: process.env.DB_HOST, host: process.env.DB_HOST,
user: process.env.DB_USER, user: db_user,
password: process.env.DB_PASSWORD, password: db_user_password,
database: process.env.DB_NAME database: process.env.DB_NAME,
}); });
module.exports = connection;
} catch (e) {
console.log(e)
}
module.exports = connection;

27
docker-compose.yml
Unescape View File

@ -9,16 +9,14 @@ services:
- .:/usr/src/app - .:/usr/src/app
- /usr/src/app/node_modules - /usr/src/app/node_modules
environment: environment:
DB_HOST: /run/secrets/db_host DB_HOST: db
DB_USER: /run/secrets/db_user DB_USER_FILE: /run/secrets/db_user
DB_PASSWORD: /run/secrets/db_password DB_USER_PASSWORD_FILE: /run/secrets/db_user_password
DB_NAME: /run/secrets/db_name DB_NAME: battleship
COOKIE_SECRET_KEY: /run/secrets/cookie_key COOKIE_SECRET_KEY: /run/secrets/cookie_key
secrets: secrets:
- db_host
- db_user - db_user
- db_password - db_user_password
- db_name
- cookie_key - cookie_key
networks: networks:
- app-network - app-network
@ -29,11 +27,14 @@ services:
image: mysql:8.0 image: mysql:8.0
restart: always restart: always
environment: environment:
MYSQL_ROOT_PASSWORD: /run/secrets/db_password MYSQL_ROOT_PASSWORD_FILE: /run/secrets/db_password
MYSQL_DATABASE: /run/secrets/db_name MYSQL_USER_FILE: /run/secrets/db_user
MYSQL_PASSWORD_FILE: /run/secrets/db_user_password
MYSQL_DATABASE: battleship
secrets: secrets:
- db_user_password
- db_password - db_password
- db_name - db_user
ports: ports:
- "3306:3306" - "3306:3306"
networks: networks:
@ -63,14 +64,12 @@ services:
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h; done;'" entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h; done;'"
secrets: secrets:
db_host: db_user_password:
file: secrets/db_host.txt file: secrets/db_user_password.txt
db_user: db_user:
file: secrets/db_user.txt file: secrets/db_user.txt
db_password: db_password:
file: secrets/db_password.txt file: secrets/db_password.txt
db_name:
file: secrets/db_name.txt
cookie_key: cookie_key:
file: secrets/cookie_key.txt file: secrets/cookie_key.txt

Write Preview
Loading…
Cancel
Save