fixed a few things + moved to https

Dockerfile

@@ -1,5 +1,5 @@
-# Use the official Python image with slim variant
-FROM python:3.9-slim-buster
+# Base image
+FROM python:3.9-alpine
 
 # Set environment variables directly in the Dockerfile
 ENV db_username=postgres
@@ -13,35 +13,56 @@ ENV OAUTHDB=OAUTHDB
 WORKDIR /app
 
 # Install system dependencies
-RUN apt-get update && apt-get install -y --no-install-recommends \
-build-essential \
-libpq-dev \
-postgresql \
-postgresql-contrib \
-&& rm -rf /var/lib/apt/lists/*
+RUN apk add --no-cache \
+    bash \
+    build-base \
+    gcc \
+    linux-headers \
+    musl-dev \
+    postgresql \
+    postgresql-contrib \
+    postgresql-dev \
+    python3-dev \
+    supervisor \
+    nginx \
+    openssl \
+    su-exec \
+    curl \
+    net-tools
+
+# Copy the application code
+COPY . .
 
 # Install Python dependencies
-COPY requirements.txt .
 RUN pip install --no-cache-dir -r requirements.txt
 
-# Install Supervisor using pip for Python 3
-RUN pip install supervisor
+# Copy Nginx configuration
+COPY nginx.conf /etc/nginx/nginx.conf
 
-# Copy the application code
-COPY . .
-
-# Copy and set up Supervisor configuration
-COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
+# Copy SSL certificates
+COPY certs/server.crt /etc/ssl/certs/server.crt
+COPY certs/server.key /etc/ssl/private/server.key
 
-# Copy the initialization script
+# Copy init.sh
 COPY init.sh /init.sh
 RUN chmod +x /init.sh
 
+# Copy supervisord.conf
+COPY supervisord.conf /etc/supervisord.conf
+
 # Ensure the logs directory exists
 RUN mkdir -p /var/log/postgresql && mkdir -p /var/log/fastapi
 
-# Expose port 3100
-EXPOSE 3100
+# Expose port 443 for HTTPS
+EXPOSE 443
+
+# Set environment variables again (if needed)
+ENV db_username=postgres
+ENV db_password=your_postgres_password
+ENV SECRET_KEY=your_secret_key
+ENV DB_HOST=localhost
+ENV DB_PORT=5432
+ENV OAUTHDB=OAUTHDB
 
 # Entrypoint to initialize PostgreSQL and start Supervisor
-ENTRYPOINT ["/bin/bash", "-c", "/init.sh && supervisord -n -c /etc/supervisor/conf.d/supervisord.conf"]
+ENTRYPOINT ["/bin/bash", "-c", "/init.sh && supervisord -n -c /etc/supervisord.conf"]

init.sh

@@ -1,42 +1,45 @@
 #!/bin/bash
+# init.sh
 set -e
 
-# Define PostgreSQL version
-PG_VERSION=11
-
-# Paths
-POSTGRES_BIN_DIR="/usr/lib/postgresql/${PG_VERSION}/bin"
-
 # Initialize PostgreSQL data directory if it doesn't exist
 if [ ! -d "/var/lib/postgresql/data" ]; then
     echo "Initializing PostgreSQL data directory..."
     mkdir -p /var/lib/postgresql/data
     chown -R postgres:postgres /var/lib/postgresql
-    su postgres -c "${POSTGRES_BIN_DIR}/initdb -D /var/lib/postgresql/data"
+    su-exec postgres initdb -D /var/lib/postgresql/data
 fi
 
 # Update pg_hba.conf to allow password authentication
 PG_HBA=/var/lib/postgresql/data/pg_hba.conf
 if [ -f "$PG_HBA" ]; then
     echo "Configuring PostgreSQL to use md5 authentication..."
-    sed -i "s/^\(local\s\+all\s\+all\s\+\)peer/\1md5/" $PG_HBA
+    sed -i "s/^#\?\(local\s\+all\s\+all\s\+\)peer/\1md5/" $PG_HBA
+    sed -i "s/^#\?\(host\s\+all\s\+all\s\+127\.0\.0\.1\/32\s\+\)md5/\1md5/" $PG_HBA
+    sed -i "s/^#\?\(host\s\+all\s\+all\s\+::1\/128\s\+\)md5/\1md5/" $PG_HBA
 fi
 
+# Ensure /run/postgresql exists and is owned by postgres
+echo "Ensuring /run/postgresql exists and is owned by postgres..."
+mkdir -p /run/postgresql
+chown postgres:postgres /run/postgresql
+
 # Start PostgreSQL to perform setup
 echo "Starting PostgreSQL..."
-su postgres -c "${POSTGRES_BIN_DIR}/pg_ctl -D /var/lib/postgresql/data -w start"
+su-exec postgres postgres -D /var/lib/postgresql/data &
+sleep 5
 
 # Create PostgreSQL user with SUPERUSER privilege if it doesn't exist
 echo "Creating PostgreSQL user with SUPERUSER privilege if it doesn't exist..."
-su postgres -c "psql -tc \"SELECT 1 FROM pg_roles WHERE rolname = '$db_username'\" | grep -q 1 || psql -c \"CREATE USER $db_username WITH PASSWORD '$db_password' SUPERUSER;\""
+su-exec postgres psql -tc "SELECT 1 FROM pg_roles WHERE rolname = '$db_username'" | grep -q 1 || su-exec postgres psql -c "CREATE USER $db_username WITH PASSWORD '$db_password' SUPERUSER;"
 
 # Create database if it doesn't exist
 echo "Creating PostgreSQL database if it doesn't exist..."
-su postgres -c "psql -tc \"SELECT 1 FROM pg_database WHERE datname = '$OAUTHDB'\" | grep -q 1 || psql -c \"CREATE DATABASE $OAUTHDB OWNER $db_username;\""
+su-exec postgres psql -tc "SELECT 1 FROM pg_database WHERE datname = '$OAUTHDB'" | grep -q 1 || su-exec postgres psql -c "CREATE DATABASE $OAUTHDB OWNER $db_username;"
 
-# Grant all privileges on the database to the user (redundant but ensures full access)
-su postgres -c "psql -c \"GRANT ALL PRIVILEGES ON DATABASE $OAUTHDB TO $db_username;\""
+# Grant all privileges on the database to the user
+su-exec postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE $OAUTHDB TO $db_username;"
 
 # Stop PostgreSQL (Supervisor will manage it)
 echo "Stopping PostgreSQL..."
-su postgres -c "${POSTGRES_BIN_DIR}/pg_ctl -D /var/lib/postgresql/data -m fast -w stop"
+su-exec postgres pg_ctl -D /var/lib/postgresql/data -m fast -w stop

main.py

@@ -1,6 +1,8 @@
 # main.py
 import sys
 
+from fastapi.middleware.trustedhost import TrustedHostMiddleware
+from fastapi.middleware.httpsredirect import HTTPSRedirectMiddleware
 from fastapi import FastAPI, Request, Form, Depends, HTTPException, status, Header
 from fastapi.responses import RedirectResponse, JSONResponse, HTMLResponse
 from fastapi.middleware.cors import CORSMiddleware
@@ -62,7 +64,8 @@ async def dispatch(self, request: Request, call_next):
 # Session middleware
 app.add_middleware(SessionMiddleware, secret_key=CredentialManager.get_secret_key())
 
-
+# Add middleware
+app.add_middleware(TrustedHostMiddleware, allowed_hosts=["*"])
 
 
 # Password hashing

nginx.conf

@@ -0,0 +1,34 @@
+user nginx;
+worker_processes auto;
+error_log /var/log/nginx/error.log notice;
+pid /var/run/nginx.pid;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+    sendfile        on;
+    keepalive_timeout 65;
+
+    server {
+        listen 443 ssl;
+        server_name localhost;
+
+        ssl_certificate     /etc/ssl/certs/server.crt;
+        ssl_certificate_key /etc/ssl/private/server.key;
+
+        ssl_protocols       TLSv1.2 TLSv1.3;
+        ssl_ciphers         HIGH:!aNULL:!MD5;
+
+        location / {
+            proxy_pass         http://127.0.0.1:3100;
+            proxy_set_header   Host $host;
+            proxy_set_header   X-Real-IP $remote_addr;
+            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header   X-Forwarded-Proto $scheme;
+        }
+    }
+}

supervisord.conf

@@ -3,19 +3,32 @@ nodaemon=true
 loglevel=info
 
 [program:postgresql]
-command=/usr/lib/postgresql/11/bin/postgres -D /var/lib/postgresql/data
+command=/usr/bin/postgres -D /var/lib/postgresql/data
 user=postgres
 stdout_logfile=/dev/stdout
 stderr_logfile=/dev/stderr
+stdout_logfile_maxbytes=0
+stderr_logfile_maxbytes=0
 autostart=true
 autorestart=true
 priority=10
 
 [program:fastapi]
-command=uvicorn main:app --host 0.0.0.0 --port 3100
+command=/usr/local/bin/uvicorn main:app --host 127.0.0.1 --port 3100
 directory=/app
 stdout_logfile=/dev/stdout
 stderr_logfile=/dev/stderr
+stdout_logfile_maxbytes=0
+stderr_logfile_maxbytes=0
 autostart=true
 autorestart=true
 priority=20
+
+[program:nginx]
+command=/usr/sbin/nginx -g 'daemon off;'
+stdout_logfile=/dev/stdout
+stderr_logfile=/dev/stderr
+autostart=true
+autorestart=true
+priority=5
+