From 51fa29f7c4418bf94099e93c029e4d631a4d0875 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9line=20Pelletier?=
 <82821620+celinepelletier@users.noreply.github.com>
Date: Wed, 12 Jan 2022 10:55:58 -0500
Subject: [PATCH] feat: #3328 add nginx in docker (#3329)

* feat: #3328 add nginx in docker

* feat: #3328 fix file names and update readme

* feat: #3328 fix file names
---
 docker/nginx/README.md      | 51 +++++++++++++++++++++++++++++++++++++
 docker/nginx/nginx-prd.conf | 13 ++++++++++
 docker/nginx/nginx-qa.conf  | 13 ++++++++++
 docker/nginx/prd.Dockerfile |  5 ++++
 docker/nginx/prd.crt        | 22 ++++++++++++++++
 docker/nginx/prd.key        | 28 ++++++++++++++++++++
 docker/nginx/qa.Dockerfile  |  5 ++++
 docker/nginx/qa.crt         | 22 ++++++++++++++++
 docker/nginx/qa.key         | 28 ++++++++++++++++++++
 9 files changed, 187 insertions(+)
 create mode 100644 docker/nginx/README.md
 create mode 100644 docker/nginx/nginx-prd.conf
 create mode 100644 docker/nginx/nginx-qa.conf
 create mode 100644 docker/nginx/prd.Dockerfile
 create mode 100644 docker/nginx/prd.crt
 create mode 100644 docker/nginx/prd.key
 create mode 100644 docker/nginx/qa.Dockerfile
 create mode 100644 docker/nginx/qa.crt
 create mode 100644 docker/nginx/qa.key

diff --git a/docker/nginx/README.md b/docker/nginx/README.md
new file mode 100644
index 000000000..b01debab3
--- /dev/null
+++ b/docker/nginx/README.md
@@ -0,0 +1,51 @@
+# Run NGINX in Docker
+
+## Requirements
+
+- Docker (18.03+ for Mac/Windows, 20.04+ for Linux)
+- KF-portal-UI is running locally on port 3000
+- `portal-qa.kidsfirstdrc.org` and/or `portal.kidsfirstdrc.org` added to hosts file
+
+## QA
+
+### Build image:
+
+```
+docker build -f qa.Dockerfile -t kf-nginx-qa .
+```
+
+### Run image:
+
+For Mac/Windows:
+
+```
+docker run -p 443:443 -p 80:80 -d kf-nginx-qa
+```
+
+For Linux:
+
+```
+docker run -p 443:443 -p 80:80 --add-host=host.docker.internal:host-gateway -d kf-nginx-qa
+```
+
+## PRD
+
+### Build image:
+
+```
+docker build -f prd.Dockerfile -t kf-nginx-prd .
+```
+
+### Run image:
+
+For Mac/Windows:
+
+```
+docker run -p 443:443 -p 80:80 -d kf-nginx-prd
+```
+
+For Linux:
+
+```
+docker run -p 443:443 -p 80:80 --add-host=host.docker.internal:host-gateway -d kf-nginx-prd
+```
diff --git a/docker/nginx/nginx-prd.conf b/docker/nginx/nginx-prd.conf
new file mode 100644
index 000000000..a2d301730
--- /dev/null
+++ b/docker/nginx/nginx-prd.conf
@@ -0,0 +1,13 @@
+# PRD
+  server {
+		listen               443 ssl;
+		ssl_certificate      /etc/nginx/prd.crt;
+    ssl_certificate_key  /etc/nginx/prd.key;
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
+    server_name          portal.kidsfirstdrc.org;
+    location / {
+    	proxy_pass https://host.docker.internal:3000;
+    }
+	}
\ No newline at end of file
diff --git a/docker/nginx/nginx-qa.conf b/docker/nginx/nginx-qa.conf
new file mode 100644
index 000000000..aedb375e3
--- /dev/null
+++ b/docker/nginx/nginx-qa.conf
@@ -0,0 +1,13 @@
+# PRD
+  server {
+		listen               443 ssl;
+		ssl_certificate      /etc/nginx/qa.crt;
+    ssl_certificate_key  /etc/nginx/qa.key;
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
+    server_name          portal-qa.kidsfirstdrc.org;
+    location / {
+    	proxy_pass https://host.docker.internal:3000;
+    }
+	}
\ No newline at end of file
diff --git a/docker/nginx/prd.Dockerfile b/docker/nginx/prd.Dockerfile
new file mode 100644
index 000000000..9ddc73da6
--- /dev/null
+++ b/docker/nginx/prd.Dockerfile
@@ -0,0 +1,5 @@
+FROM nginx
+RUN rm /etc/nginx/conf.d/default.conf
+COPY prd.crt /etc/nginx/prd.crt
+COPY prd.key /etc/nginx/prd.key
+COPY nginx-prd.conf /etc/nginx/conf.d/default.conf
\ No newline at end of file
diff --git a/docker/nginx/prd.crt b/docker/nginx/prd.crt
new file mode 100644
index 000000000..8a1537e1a
--- /dev/null
+++ b/docker/nginx/prd.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDtjCCAp4CCQD6Jui1KJKmTjANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMC
+Q0ExDzANBgNVBAgMBlF1ZWJlYzETMBEGA1UEBwwKVGVycmVib25uZTEOMAwGA1UE
+CgwFQ0hVU0oxDzANBgNVBAsMBkZlcmxhYjEgMB4GA1UEAwwXcG9ydGFsLmtpZHNm
+aXJzdGRyYy5vcmcxJDAiBgkqhkiG9w0BCQEWFWNwZWxsZXRpZXJAZmVybGFiLmJp
+bzAeFw0yMTA0MjcxODQ2MTVaFw0yMjA0MjcxODQ2MTVaMIGcMQswCQYDVQQGEwJD
+QTEPMA0GA1UECAwGUXVlYmVjMRMwEQYDVQQHDApUZXJyZWJvbm5lMQ4wDAYDVQQK
+DAVDSFVTSjEPMA0GA1UECwwGRmVybGFiMSAwHgYDVQQDDBdwb3J0YWwua2lkc2Zp
+cnN0ZHJjLm9yZzEkMCIGCSqGSIb3DQEJARYVY3BlbGxldGllckBmZXJsYWIuYmlv
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6SLVx10ZZ02EjPvc4qz
+2PtKzlb4/Yjg/jvDL1WGZXikUpU/uFxLZ4SwyZwLWBVUhNXyr6SloP+Dy1Ka0Vgh
+HDEiE8DZIjTeYUVakXRxfDiBHxFYvOU5PVv9dKiI17xLQxvPye9VRRB4FcoW/3Jm
+7A2GTxmIRExElcrmk4zmqpxRWVrk20tRNgwzOJJUnAGhjDGUbS3v79Wqyl1QwT12
+ap+0n5kpXn1DI5h0MbnueBrCY/e36ks5hd7+w5kGgVcU0Yq7bEzrzLkL182uzrFI
+6tcUMA/enOE03SMJwi3qRQX0VKtn4KA3TRa86B1WjIMWM0Wk0UoT/PzBBwinjqZ4
+6QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQChed0QiRPq/w9zjLVprDKTlScp+FpK
+RWLAtMZFLNoow4+VVIZH4ylAxgAPblomX3/wHLCbYZ+DFu2AULMKfgaqwEa/bMdg
+vVrBBItbW30qdHmCW8md9o1O6zhRmX4KQHH6T7Jnul9f1+XYnp2/p4XnJML0/Oef
+D0JFZa6/ec+VTatSmbpOttzZO47Xfp0BEfEn5CaRo1dnfeUfnB1yE60aVyo6ebLb
+PWlKyaWH3CXxHkywJOo3TedwME7vkM6sw/lGoCuhC40lBBIEu+s1KA21336ATrz9
+MnCIZF/tBtsWQKyeaOV/acpY5ZXUrkrrhSgY+RNugCs0HJg9pKoxiMPl
+-----END CERTIFICATE-----
diff --git a/docker/nginx/prd.key b/docker/nginx/prd.key
new file mode 100644
index 000000000..fdb034b6d
--- /dev/null
+++ b/docker/nginx/prd.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCzpItXHXRlnTYS
+M+9zirPY+0rOVvj9iOD+O8MvVYZleKRSlT+4XEtnhLDJnAtYFVSE1fKvpKWg/4PL
+UprRWCEcMSITwNkiNN5hRVqRdHF8OIEfEVi85Tk9W/10qIjXvEtDG8/J71VFEHgV
+yhb/cmbsDYZPGYhETESVyuaTjOaqnFFZWuTbS1E2DDM4klScAaGMMZRtLe/v1arK
+XVDBPXZqn7SfmSlefUMjmHQxue54GsJj97fqSzmF3v7DmQaBVxTRirtsTOvMuQvX
+za7OsUjq1xQwD96c4TTdIwnCLepFBfRUq2fgoDdNFrzoHVaMgxYzRaTRShP8/MEH
+CKeOpnjpAgMBAAECggEBAIiq/0MoanxADXntvxc1B7xk+bVfX5BrSVjBmK3zMAsU
+rFcTquWUed1oiqLnL440tBdXOYm9BjElE1xlHNl1ZcMv8g/7IHYwqJpyDAQrBYeO
+6VT8enlDHrf6uym8aldOrieBCiVECqg/bkyNcc+ndnvRkkOtVgk3yNn5AlBw2rAi
+c+pHEN22BiLunXQcMGaSvyLYHvDRXan7cKi0qC3EWprbQoSlQDALpLi+KKMcoTGV
+mQoSb+owcJZUZ/vzSYALWynW5V0ro1hiuGpVHQNOudZCgGIqlpV5fPqTKXNkJ6V/
+rZ0xUyfxihPeBQXs3+jf+heCchjsg3bs3+xeBf6slY0CgYEA4NxKApkjf+/FL36i
+RaxkwIuLftBFiVeIlfccahzjHmr2bY/6LmRTaOjHGUtoIMO/KYA4jBy6SoNZHcn/
+j8cmXmcvZT7zt3z+sTJcOZOT2sfpM3suhLNTccyEdLWkZGZ/k9C8nU+rTf1dSzE7
+y/MHXJVKykFawnD6Z8FZZq3QTrsCgYEAzIU0Rmmn2LRPgUf5g3BERlLEr+DwJr7y
+ols7ww2BGh3qDrCnpfLeRizREhtWOQY5Fx9cWl1HRTldR2P/+KnzXq/OMaJ8iDQd
+R/d9TSjGpDE7bPYyNdT+s+mp142UNnS+Ibn6huMlVvTFj+fIRoXUP7D25afs1NqU
+kwdaLvskhqsCgYAle/OGfVrSn/jCEx0f+j4NbvXBHR0KaSImxbvh4JDn6DLOTtsI
+0saozW0rRUvFcnwygeJrUPqpIz4+3gaRREScJh1bhmQAaYDXryp6mqRiK0MvxtAZ
+ZP97D/ngrssJxaBs1rYqjzZiWOMtfraWKBxJDcYa80wa79R+aVfq6vy3swKBgBaU
+zoTHvaSLpAueKsp8Zs1s7hKNP3bHtnp+oEaVAyAjFWix0JDeE/SjliHtqsN5EGyh
+Jc1EZ04ZW1c6j1ShTyGxP47zZdSUDHeZt9gBHI2ccfdB56FR9x1eO0Z1d1vb3/JR
+WnvyMHk9ZWLSMKa4uAqgO2J3/Ao0aBsjwK1XRV0pAoGAOYsEaVt0xHA4Tz1/0Iq3
+t0A/NApilI4m8+MtWf32gTLUtkKElxDkL/nCK148iFzNlikX6sZP0gHQ33YsQMaH
+vHsHC6rEW9OSPpkavgVbRnzVJtZliTc9qN2NrHwwqe+JgqOn/NN9PyJcoO5XLChc
+uqWbHDX8Q2jCXIt8aEoV8XY=
+-----END PRIVATE KEY-----
diff --git a/docker/nginx/qa.Dockerfile b/docker/nginx/qa.Dockerfile
new file mode 100644
index 000000000..9c24b2d2c
--- /dev/null
+++ b/docker/nginx/qa.Dockerfile
@@ -0,0 +1,5 @@
+FROM nginx
+RUN rm /etc/nginx/conf.d/default.conf
+COPY qa.crt /etc/nginx/qa.crt
+COPY qa.key /etc/nginx/qa.key
+COPY nginx-qa.conf /etc/nginx/conf.d/default.conf
\ No newline at end of file
diff --git a/docker/nginx/qa.crt b/docker/nginx/qa.crt
new file mode 100644
index 000000000..2c2071e18
--- /dev/null
+++ b/docker/nginx/qa.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDvDCCAqQCCQDLxgt4T1m5cTANBgkqhkiG9w0BAQsFADCBnzELMAkGA1UEBhMC
+Q0ExDzANBgNVBAgMBlF1ZWJlYzETMBEGA1UEBwwKVGVycmVib25uZTEOMAwGA1UE
+CgwFQ0hVU0oxDzANBgNVBAsMBkZlcmxhYjEjMCEGA1UEAwwacG9ydGFsLXFhLmtp
+ZHNmaXJzdGRyYy5vcmcxJDAiBgkqhkiG9w0BCQEWFWNwZWxsZXRpZXJAZmVybGFi
+LmJpbzAeFw0yMTA0MjcxNzAxMDFaFw0yMjA0MjcxNzAxMDFaMIGfMQswCQYDVQQG
+EwJDQTEPMA0GA1UECAwGUXVlYmVjMRMwEQYDVQQHDApUZXJyZWJvbm5lMQ4wDAYD
+VQQKDAVDSFVTSjEPMA0GA1UECwwGRmVybGFiMSMwIQYDVQQDDBpwb3J0YWwtcWEu
+a2lkc2ZpcnN0ZHJjLm9yZzEkMCIGCSqGSIb3DQEJARYVY3BlbGxldGllckBmZXJs
+YWIuYmlvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA61mzYbc3cjqG
+AjOHFukT0swhblaWPG4pv+mnffiTgXRB8gmS8hUD1fbJw3DonpKxbvjp6i6V3vYG
+3qimec4bi9/Wa4e2TCaTr+l4CO0dZzkIZMPGCySDDfy+mRj03AzcsJodrOdwqoog
+FiRXWqke2vhwh9hmFNmWbBxaBP0mNav44xKZQDbz/5WO01+W3da5G5CvmfFgwb7h
+b/17PBOvrCW3YICV0dYoADDNlukc4Yk6GS+3wUjK5JVBoDWjGO3hTUE3KitcZddu
+oXgp6Q3J/efz9yzyglewUGyKksFAGTifuLZme73gG2u+1CXp9URpS300u42oZ2zM
+TbjySGkgFwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAuS6ty/qvqVfO7E+2A8Cfg
+jGKLIeVB++OD+Fcl4BQYSUnkORf85cWjdPjgLuHc2EgBsgKY9dtD1lKUCYEfpNzJ
+DN0UpmjJoM+ujY+zmCfInp2XIyRM5HnU25tu9k5fzFXRbBUGh7+NxBXhavJ0aOQh
+g6WN1Ao0ln6Ulj54MNcJkzHBxKm9giwVlKhGIw0eqCnyRrHJnpmSDccsVnNY96Vi
+cbTGeF9Bkg5wLnCHg5fvNdlifx953Wfkrp2RuHxB98Pve1WuXRuk8A7MJEiGqtGP
+i1hEtK7mUDLFrb2kbZ63+7g6WEQsoDzN8g2fa4FVgf1K7RKOaKsTegtUqBun1+bP
+-----END CERTIFICATE-----
diff --git a/docker/nginx/qa.key b/docker/nginx/qa.key
new file mode 100644
index 000000000..d0d697d69
--- /dev/null
+++ b/docker/nginx/qa.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDrWbNhtzdyOoYC
+M4cW6RPSzCFuVpY8bim/6ad9+JOBdEHyCZLyFQPV9snDcOiekrFu+OnqLpXe9gbe
+qKZ5zhuL39Zrh7ZMJpOv6XgI7R1nOQhkw8YLJIMN/L6ZGPTcDNywmh2s53CqiiAW
+JFdaqR7a+HCH2GYU2ZZsHFoE/SY1q/jjEplANvP/lY7TX5bd1rkbkK+Z8WDBvuFv
+/Xs8E6+sJbdggJXR1igAMM2W6RzhiToZL7fBSMrklUGgNaMY7eFNQTcqK1xl126h
+eCnpDcn95/P3LPKCV7BQbIqSwUAZOJ+4tmZ7veAba77UJen1RGlLfTS7jahnbMxN
+uPJIaSAXAgMBAAECggEBAJwHrzZ0Wo0foaKp+MDGq77QWMWnIBlWS9WRGdsZRunH
+YsUNdd+K8S0UXXV2ULJ4vKu+2I3KbtAPukQ5+Yy9iWO1dZl6svBPjxBML6lzUlAR
+7q+nX5AZl81ZKB+l/Qg6esGWm1/7XKWjx1wGoedYQj2YAjr9y8e87c4lCcVO89sW
+L/X8qEuxjfUDV3S5kZatlDsnTaK7I3Or3gfC9uxBoUUKf/COrdQ6f5+SZEscu03s
+S5mmmIk+80imHZfZOdlb5KJCCn1ls0ArHIAJYaMbvEDzS5sFTdpKogTGaL1OPXyH
+E1gpC/ahrJhh2npPYE1+08UahDOdRjo6nJci54IcLEECgYEA+nZ4l9cbszCTK7Aq
+pg6URp3LRDwYg/riEourIzKBNEncTbBCXFVhTIhCPgNeQg0Fixy1lC+tGrt0jnIJ
+k8nvuejElzHiG6KGUjfDu0LpfM4PLWzEHCU/r++qHxO9mPFNRWM6xwO+XUKLVpZx
+E1tgb3GZyY8dI5/CCaHjgMBmU2ECgYEA8I2y8cz55RjK6uNU9KxcRzRgsQz4LVg7
+rSyiPyeBihqfyITwelDlLr6/UGBLP6NHEFzx8e+QgIbHNhmcNxNtMaNEguPzrJw6
+N33TmkavEqVscU49xhMii9giUIM7qEVYrdVdnsyIQaP1TQlwi/rrLKVrMPjUOTNk
+Ck0kHXbzHncCgYEA9fIOG3SE4+IIMrdsOeJJIkrjBp9Ip5leFD4IkKiQjasV5Uf2
+8jp5MDEBc2nVTmEBF4jamahzgLOhEhvTYcfDWzjCi4HVebOP2P6feqyLIR4rczzC
+Gq1NK9PZp2i4Ho6dhUyatEDt1yB4OU/Du/FX8jeIf4/EWm4PmWvaPl0wXiECgYAi
+75FjiK9qVFV0E5wNBNNKDBNW41lPzJauKeNOZMBtfDxkdNowCXufdFh4peOH1IDH
+oZgJ2Q8Ve32HH+UOIqYjJWEX2V9UXEQgNwf6SfW3MYs0UXarQ7AquzMQml6Zq6ib
+Znd4TqAjWFqR26Ma0VBCZavRqvG3dP08ecOa++GHNQKBgQCJPaCSd4KntSGBcBL6
++1SvvjNuxIN+SdlVzmbhOrYISzoAwYNg/XckdNwhhXH2BSsXksSPKtSSo9PZZgux
+FTEVrc60h9SaTtutx5cIaQyhJ2GJAM2DcE1JMitBG3CIU2Ua0Dwpgr2170u/Z2Zx
+BjrD3bstOu3OlwlXnvxA6PfjPg==
+-----END PRIVATE KEY-----