Rename application to webdb

This commit renames the application container to webdb and drops the
test suffix in favour of using www.cacert.localhost directly. The server
certificate for www.cacert.localhost got an additional
subjectAlternativeName secure.cacert.localhost and is used for both
hostnames now.

Environment variables containing _APP have been renamed to _WEBDB to
keep consistency.

README.md

@@ -45,13 +45,13 @@ Variable | Usage
 `CLIENT_CERT_PASSWORD` | password used to encrypt `testca/certs/testclient.p12`
 `CLIENT_CERT_USERNAME` | full name for a user that is included in the CN field of the subject distinguished name in the test client certificate
 `CLIENT_CERT_USERNAME` | user name for client certificate generated by `setup_test_ca.sh`
-`MYSQL_APP_PASSWORD` | Database password for webdb
-`MYSQL_APP_USER` | Database user for webdb
 `MYSQL_CATS_PASSWORD` | Database password for cats
 `MYSQL_CATS_USER` | Database user for cats
 `MYSQL_MGR_PASSWORD` | Database password for the test manager
 `MYSQL_MGR_USER` | Database user for the test manager
 `MYSQL_ROOT_PASSWORD` | Database root password
+`MYSQL_WEBDB_PASSWORD` | Database password for webdb
+`MYSQL_WEBDB_USER` | Database user for webdb
 
 
 ```shell
@@ -59,8 +59,8 @@ echo "CATCHALL_MAILBOX_PASSWORD=$(openssl rand -base64 18)
 CLIENT_CERT_EMAIL=user@example.org
 CLIENT_CERT_PASSWORD=$(openssl rand -base64 18)
 CLIENT_CERT_USERNAME="John Doe"
-MYSQL_APP_PASSWORD=$(openssl rand -base64 18)
-MYSQL_APP_USER=cacert_dev
+MYSQL_WEBDB_PASSWORD=$(openssl rand -base64 18)
+MYSQL_WEBDB_USER=cacert_dev
 MYSQL_CATS_PASSWORD=$(openssl rand -base64 18)
 MYSQL_CATS_USER=cats
 MYSQL_MGR_PASSWORD=$(openssl rand -base64 18)
@@ -71,7 +71,7 @@ docker-compose up
 ```
 
 After these steps you should be able to reach the CAcert application at
-https://test.cacert.localhost:8443/. The test manager application is reachable
+https://www.cacert.localhost:8443/. The test manager application is reachable
 at https://mgr.cacert.localhost:9443/. CATS is reachable at
 https://cats.cacert.localhost:7443/. The magic hostname resolution works on
 systems using systemd's nss module for host resolution. If you do not have that

docker-compose.yml

@@ -29,19 +29,19 @@ services:
       - maildir:/home/catchall/Maildir
     env_file:
       - ./.env
-  application:
+  webdb:
     build:
       context: .
-      dockerfile: application.Dockerfile
+      dockerfile: webdb.Dockerfile
     environment:
       DEPLOYMENT_NAME: "CAcert.org Website (local development)"
-      MYSQL_APP_HOSTNAME: db
-      MYSQL_APP_DATABASE: cacert
+      MYSQL_WEBDB_HOSTNAME: db
+      MYSQL_WEBDB_DATABASE: cacert
       CSR_DIRECTORY: /csr
       CRT_DIRECTORY: /crt
-      DEFAULT_HOSTNAME: test.cacert.localhost
-      SECURE_HOSTNAME: secure.test.cacert.localhost
-      TVERIFY_HOSTNAME: tverify.test.cacert.localhost
+      DEFAULT_HOSTNAME: www.cacert.localhost
+      SECURE_HOSTNAME: secure.cacert.localhost
+      TVERIFY_HOSTNAME: tverify.cacert.localhost
       INSECURE_PORT: 8080
       SECURE_PORT: 8443
       RETURN_ADDRESS: "returns@cacert.localhost"

docker/apache-webdb-virtualhost.conf

@@ -1,6 +1,5 @@
 <VirtualHost *:80>
-  ServerName test.cacert.localhost
-  ServerAlias www.test.cacert.localhost
+  ServerName www.cacert.localhost
   DocumentRoot /www/www
 
   ScriptAlias /cgi-bin/ /www/cgi-bin/
@@ -15,8 +14,7 @@
 </VirtualHost>
 
 <VirtualHost *:443>
-  ServerName test.cacert.localhost
-  ServerAlias www.test.cacert.localhost
+  ServerName www.cacert.localhost
   DocumentRoot /www/www
 
   SSLEngine on
@@ -24,8 +22,8 @@
   SSLProtocol all -SSLv2 -SSLv3
   SSLHonorCipherOrder on
   SSLCipherSuite kEECDH:kEDH:AESGCM:ALL:!3DES!RC4:!LOW:!EXP:!MD5:!aNULL:!eNULL
-  SSLCertificateFile /etc/apache2/ssl/certs/test.cacert.localhost.crt.pem
-  SSLCertificateKeyFile /etc/apache2/ssl/private/test.cacert.localhost.key.pem
+  SSLCertificateFile /etc/apache2/ssl/certs/www.cacert.localhost.crt.pem
+  SSLCertificateKeyFile /etc/apache2/ssl/private/www.cacert.localhost.key.pem
 
   Header always set Strict-Transport-Security "max-age=31536000"
 
@@ -41,7 +39,7 @@
 </VirtualHost>
 
 <VirtualHost *:443>
-  ServerName secure.test.cacert.localhost
+  ServerName secure.cacert.localhost
   DocumentRoot /www/www
 
   SSLEngine on
@@ -49,8 +47,8 @@
   SSLProtocol all -SSLv2 -SSLv3
   SSLHonorCipherOrder on
   SSLCipherSuite kEECDH:kEDH:AESGCM:ALL:!3DES!RC4:!LOW:!EXP:!MD5:!aNULL:!eNULL
-  SSLCertificateFile /etc/apache2/ssl/certs/secure.test.cacert.localhost.crt.pem
-  SSLCertificateKeyFile /etc/apache2/ssl/private/secure.test.cacert.localhost.key.pem
+  SSLCertificateFile /etc/apache2/ssl/certs/www.cacert.localhost.crt.pem
+  SSLCertificateKeyFile /etc/apache2/ssl/private/www.cacert.localhost.key.pem
 
   SSLVerifyClient require
   SSLVerifyDepth 2

docker/initdb.sh

@@ -123,9 +123,9 @@ VALUES  ('sq_AL', 'Albania', 'Albanian', 'Shqipëria', 'shqipe'),
 EOF
 
 mysql -h localhost -u root "-p$MYSQL_ROOT_PASSWORD" <<-EOF
-CREATE USER $MYSQL_APP_USER@'%' IDENTIFIED BY '$MYSQL_APP_PASSWORD';
-GRANT CREATE TEMPORARY TABLES ON cacert.* TO $MYSQL_APP_USER@'%';
-GRANT SELECT, INSERT, UPDATE, DELETE ON cacert.* TO $MYSQL_APP_USER@'%';
+CREATE USER $MYSQL_WEBDB_USER@'%' IDENTIFIED BY '$MYSQL_WEBDB_PASSWORD';
+GRANT CREATE TEMPORARY TABLES ON cacert.* TO $MYSQL_WEBDB_USER@'%';
+GRANT SELECT, INSERT, UPDATE, DELETE ON cacert.* TO $MYSQL_WEBDB_USER@'%';
 
 CREATE USER $MYSQL_MGR_USER@'%' IDENTIFIED BY '$MYSQL_MGR_PASSWORD';
 GRANT SELECT, INSERT, UPDATE, DELETE ON mgr.* TO $MYSQL_MGR_USER@'%';

setup_test_ca.sh

@@ -192,26 +192,14 @@ if [ ! -f certs/mgr.cacert.localhost.crt.pem ]; then
     -extensions server_ext \
     -batch
 fi
-if [ ! -f certs/secure.test.cacert.localhost.crt.pem ]; then
-  openssl req -new -keyout certs/secure.test.cacert.localhost.key.pem -nodes \
-    -out certs/secure.test.cacert.localhost.csr.pem -subj "/CN=secure.test.cacert.localhost" \
-    -addext "subjectAltName=DNS:secure.test.cacert.localhost"
+if [ ! -f certs/www.cacert.localhost.crt.pem ]; then
+  openssl req -new -keyout certs/www.cacert.localhost.key.pem -nodes \
+    -out certs/www.cacert.localhost.csr.pem -subj "/CN=www.cacert.localhost" \
+    -addext "subjectAltName=DNS:www.cacert.localhost,DNS:secure.cacert.localhost"
   openssl ca -config ca.cnf \
     -name class3_ca \
-    -in certs/secure.test.cacert.localhost.csr.pem \
-    -out certs/secure.test.cacert.localhost.crt.pem \
-    -rand_serial \
-    -extensions server_ext \
-    -batch
-fi
-if [ ! -f certs/test.cacert.localhost.crt.pem ]; then
-  openssl req -new -keyout certs/test.cacert.localhost.key.pem -nodes \
-    -out certs/test.cacert.localhost.csr.pem -subj "/CN=test.cacert.localhost" \
-    -addext "subjectAltName=DNS:test.cacert.localhost,DNS:www.test.cacert.localhost"
-  openssl ca -config ca.cnf \
-    -name class3_ca \
-    -in certs/test.cacert.localhost.csr.pem \
-    -out certs/test.cacert.localhost.crt.pem \
+    -in certs/www.cacert.localhost.csr.pem \
+    -out certs/www.cacert.localhost.crt.pem \
     -rand_serial \
     -extensions server_ext \
     -batch

webdb.Dockerfile

@@ -39,21 +39,21 @@ RUN apt-get update \
 
 STOPSIGNAL SIGWINCH
 
-COPY docker/apache-foreground /usr/local/bin/
+COPY docker/apache-webdb-foreground /usr/local/bin/
 COPY testca/root/ca.crt.pem /usr/local/share/ca-certificates/testca_root.crt
 COPY testca/class3/ca.crt.pem /usr/local/share/ca-certificates/testca_class3.crt
-COPY testca/certs/test.cacert.localhost.crt.pem testca/certs/secure.test.cacert.localhost.crt.pem /etc/apache2/ssl/certs/
-COPY testca/certs/test.cacert.localhost.key.pem testca/certs/secure.test.cacert.localhost.key.pem /etc/apache2/ssl/private/
+COPY testca/certs/www.cacert.localhost.crt.pem /etc/apache2/ssl/certs/
+COPY testca/certs/www.cacert.localhost.key.pem /etc/apache2/ssl/private/
 COPY testca/certs/cachain.crt.pem /etc/ssl/apache2/certs/combined.crt
 
-COPY docker/apache-virtualhost.conf /etc/apache2/sites-available/
+COPY docker/apache-webdb-virtualhost.conf /etc/apache2/sites-available/www.cacert.localhost.conf
 COPY docker/cacert.conf /etc/apache2/conf-available/
 COPY docker/php5-cacert.ini /etc/php5/mods-available/cacert.ini
 COPY docker/feed.rss /usr/local/etc/application/feed.rss
 
 VOLUME /www
 
-RUN a2ensite apache-virtualhost ; \
+RUN a2ensite www.cacert.localhost ; \
     a2dissite 000-default ; \
     a2enconf cacert ; \
     a2enmod headers ; \
@@ -68,4 +68,4 @@ RUN a2ensite apache-virtualhost ; \
 EXPOSE 80
 EXPOSE 443
 
-CMD ["/usr/local/bin/apache-foreground"]
+CMD ["/usr/local/bin/apache-webdb-foreground"]