From 374ef7502eeee7ad921c566d7ce57d81a1d5aa72 2023-12-05 21:22:03
From: RhodeCode Admin <admin@rhodecode.com>
Date: 2023-12-05 21:22:03
Subject: [PATCH] feat(ssl): ensure all services get SSL enabled during init phase

---

diff --git a/VERSION b/VERSION
index e230c83..1e20ec3 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-5.3.0
\ No newline at end of file
+5.4.0
\ No newline at end of file
diff --git a/scripts/rcstack/rcstack b/scripts/rcstack/rcstack
index 07a43b5..cfa8925 100755
--- a/scripts/rcstack/rcstack
+++ b/scripts/rcstack/rcstack
@@ -2739,7 +2739,7 @@ rcstack_init_command() {
     echo "bootstrap_config: init runtime env config at: $BOOTSTRAP_RUNTIME_ENV"
 
     # Make runtime file
-    echo "## BOOTSTRAP GENERATED $(date) ##" >> $BOOTSTRAP_RUNTIME_ENV
+    echo "## BOOTSTRAP GENERATED $(date) ##" > $BOOTSTRAP_RUNTIME_ENV
     echo "" >> $BOOTSTRAP_RUNTIME_ENV
 
     cat $BOOTSTRAP_TMPL >> $BOOTSTRAP_RUNTIME_ENV
@@ -2777,10 +2777,12 @@ rcstack_init_command() {
 
     .env set RC_LOKI_AUTH=loki-auth:$shared_key@
 
+    .env puts ''
     .env puts '# Log formatter option'
     .env set RC_LOGGING_FORMATTER=$log_formatter
     .env set RC_USE_CELERY=true
 
+    .env puts ''
     .env puts '# Channelstream config'
     .env set RC_CHANNELSTREAM_SERVER=channelstream:8000
 
@@ -2794,14 +2796,20 @@ rcstack_init_command() {
 
     .env set CHANNELSTREAM_ALLOW_POSTING_FROM=0.0.0.0
 
+    .env puts ''
     .env puts '# Channelstream secrets'
     .env set CHANNELSTREAM_SECRET=$shared_key
     .env set RC_CHANNELSTREAM_SECRET=$shared_key
 
+    .env puts ''
     .env puts '# Channelstream admin'
     .env set CHANNELSTREAM_ADMIN_SECRET=$shared_key
     .env set RC_CHANNELSTREAM_ADMIN_SECRET=$shared_key
 
+    .env puts ''
+    .env puts '# SSH PORT'
+    .env set RC_SSH_PORT=9022
+
     ini_path=$INI_TARGET/vcsserver.ini
     config_vcsserver_ini
 
@@ -2895,6 +2903,15 @@ rcstack_init_command() {
       metrics_replace '#      # Enable http\+https' '      # Enable http\+https'
       metrics_replace '#      - "traefik.http.routers.grafana.entrypoints=http,https"' '      - "traefik.http.routers.grafana.entrypoints=http,https"'
 
+      services_replace() {
+        services_tmpl=$target_dir/docker-compose-services.override.yaml
+        sed_func "$1" "$2" "$services_tmpl"
+      }
+
+      services_replace '#      # Enable http\+https' '      # Enable http\+https'
+      services_replace '#      - "traefik.http.routers.channelstream.entrypoints=http,https"' '      - "traefik.http.routers.channelstream.entrypoints=http,https"'
+      services_replace '#      - "traefik.http.routers.nginx-statics.entrypoints=http,https"' '      - "traefik.http.routers.nginx-statics.entrypoints=http,https"'
+
       apps_replace() {
         apps_tmpl=$target_dir/docker-compose-apps.override.yaml
         sed_func "$1" "$2" "$apps_tmpl"
@@ -7230,7 +7247,7 @@ rcstack__completions_parse_requirements() {
 
 # :command.initialize
 initialize() {
-  version="5.3.0"
+  version="5.4.0"
   long_usage=''
   set -e
 
diff --git a/templates/docker-compose-services.override.yaml b/templates/docker-compose-services.override.yaml
index 97b6890..b9297ad 100644
--- a/templates/docker-compose-services.override.yaml
+++ b/templates/docker-compose-services.override.yaml
@@ -30,7 +30,10 @@ services:
       replicas: 1
 
   nginx-statics:
-    {}
+    labels:
+      - "traefik.enable=true"
+#      # Enable http+https endpoints to serve SSL, select just 1 to disable the other
+#      - "traefik.http.routers.nginx-statics.entrypoints=http,https"
 
   channelstream:
     labels: