chore: modified code to use self-signed ssl certificates

This commit is contained in:
ahmadk953 2025-04-19 01:20:58 -04:00
parent b961218206
commit 7fd9497fb8
No known key found for this signature in database
GPG key ID: 31D488058614185C
7 changed files with 89 additions and 7 deletions

1
.gitignore vendored
View file

@ -2,6 +2,7 @@ target/
node_modules/
drizzle/
.vscode/
certs/
config.json
.env
.yarn

View file

@ -4,8 +4,10 @@ drizzle/
.vscode/
.github/
.yarn/
docs/
certs/
config.json
config.example.json
package.json
yarn.lock
README.md
README.md

View file

@ -8,11 +8,18 @@ services:
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
POSTGRES_DB: ${POSTGRES_DB}
volumes:
- ./certs/psql-server.crt:/var/lib/postgresql/server.crt:ro
- ./certs/psql-server.key:/var/lib/postgresql/server.key:ro
- postgres_data:/var/lib/postgresql/data
ports:
- "5432:5432"
- '5432:5432'
command: >
postgres
-c ssl=on
-c ssl_cert_file=/var/lib/postgresql/server.crt
-c ssl_key_file=/var/lib/postgresql/server.key
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER}"]
test: ['CMD-SHELL', 'pg_isready -U ${POSTGRES_USER}']
interval: 10s
timeout: 5s
retries: 5
@ -23,13 +30,23 @@ services:
image: valkey/valkey:8-alpine
container_name: valkey
restart: always
command: ["valkey-server", "--requirepass", "${VALKEY_PASSWORD}"]
ports:
- "6379:6379"
- '6379:6379'
volumes:
- ./certs/cache-server.crt:/certs/server.crt:ro
- ./certs/cache-server.key:/certs/server.key:ro
- ./certs/cache-ca.crt:/certs/ca.crt:ro
- valkey_data:/data
command: >
valkey-server
--requirepass ${VALKEY_PASSWORD}
--tls-port 6379
--port 0
--tls-cert-file /certs/server.crt
--tls-key-file /certs/server.key
--tls-ca-cert-file /certs/ca.crt
healthcheck:
test: ["CMD", "valkey-cli", "-a", "${VALKEY_PASSWORD}", "ping"]
test: ['CMD', 'valkey-cli', '-a', '${VALKEY_PASSWORD}', 'ping']
interval: 10s
timeout: 5s
retries: 5

View file

@ -1,4 +1,5 @@
import fs from 'node:fs';
import path from 'node:path';
import { defineConfig } from 'drizzle-kit';
const config = JSON.parse(fs.readFileSync('./config.json', 'utf8'));
@ -10,5 +11,10 @@ export default defineConfig({
dialect: 'postgresql',
dbCredentials: {
url: database.dbConnectionString,
ssl: {
ca: fs.readFileSync(path.resolve('./certs/psql-ca.crt')),
cert: fs.readFileSync(path.resolve('./certs/psql-server.crt')),
key: fs.readFileSync(path.resolve('./certs/psql-client.key')),
},
},
});

43
generate-certs.sh Executable file
View file

@ -0,0 +1,43 @@
#!/bin/bash
# Get the Effective User ID
_uid="$(id -u)"
# Create the certificates directory
mkdir -p certs
# Generate PostgreSQL Certificates
openssl req -new -x509 -days 365 -nodes \
-out certs/psql-server.crt \
-keyout certs/psql-server.key \
-subj "/CN=localhost"
# Generate Valkey Certificates
openssl req -new -x509 -days 365 -nodes \
-out certs/cache-server.crt \
-keyout certs/cache-server.key \
-subj "/CN=localhost"
# Get CA Certificates
cp certs/psql-server.crt certs/psql-ca.crt
cp certs/cache-server.crt certs/cache-ca.crt
# Setup Permissions
chmod 0600 certs/psql-server.key
chmod 0600 certs/cache-server.key
# Assign Ownership
sudo chown 70:70 certs/psql-*.*
sudo chown 999:1000 certs/cache-*.*
# Get Client Keys
sudo cp certs/psql-server.key certs/psql-client.key
sudo cp certs/cache-server.key certs/cache-client.key
# Change Client Key Ownership
sudo chown $_uid:$_uid certs/psql-client.key
sudo chown $_uid:$_uid certs/cache-client.key
# Change Client Key Permissions
sudo chmod +r certs/psql-client.key
sudo chmod +r certs/cache-client.key

View file

@ -1,6 +1,8 @@
// ========================
// External Imports
// ========================
import fs from 'node:fs';
import path from 'node:path';
import pkg from 'pg';
import { drizzle } from 'drizzle-orm/node-postgres';
import { Client } from 'discord.js';
@ -98,7 +100,11 @@ export async function initializeDatabaseConnection(): Promise<boolean> {
// Create new connection pool
dbPool = new Pool({
connectionString: config.database.dbConnectionString,
ssl: true,
ssl: {
ca: fs.readFileSync(path.resolve('./certs/psql-ca.crt')),
cert: fs.readFileSync(path.resolve('./certs/psql-server.crt')),
key: fs.readFileSync(path.resolve('./certs/psql-client.key')),
},
connectionTimeoutMillis: 10000,
});

View file

@ -1,3 +1,5 @@
import fs from 'node:fs';
import path from 'node:path';
import Redis from 'ioredis';
import { Client } from 'discord.js';
@ -91,6 +93,11 @@ async function initializeRedisConnection() {
},
maxRetriesPerRequest: 3,
enableOfflineQueue: true,
tls: {
ca: fs.readFileSync(path.resolve('./certs/cache-ca.crt')),
cert: fs.readFileSync(path.resolve('./certs/cache-server.crt')),
key: fs.readFileSync(path.resolve('./certs/cache-client.key')),
},
});
// ========================