Docker: Add support for configuration variables

Dockerfile

@@ -1,13 +1,21 @@
+# Dockerfile for Threema Web, based on the nginx alpine image.
+#
+# WARNING: This Dockerfile does not include TLS termination. Make sure to run
+#          the container behind a reverse proxy (e.g. Nginx) that does proper
+#          TLS termination.
+
 # First, build Threema Web in a node container
 
 FROM node:10 AS builder
+ENV NODE_ENV=production
 
 COPY . /opt/threema-web/
 WORKDIR /opt/threema-web/
 
-ENV NODE_ENV=production
+RUN sed -i "s/SELF_HOSTED: [^,]*,/SELF_HOSTED: true,/g" src/config.ts
+
 RUN npm ci
-RUN npm run dist
+RUN npm run dist -- d
 
 # Then, transfer the build artifacts to a minimal nginx container
 
@@ -15,3 +23,10 @@ FROM nginx:1.15-alpine
 
 RUN rm /usr/share/nginx/html/*
 COPY --from=builder /opt/threema-web/release/threema-web-* /usr/share/nginx/html/
+COPY docker/entrypoint.sh /usr/local/bin/
+
+ENV SALTYRTC_HOST="" \
+    SALTYRTC_PORT=443 \
+    SALTYRTC_SERVER_KEY="b1337fc8402f7db8ea639e05ed05d65463e24809792f91eca29e88101b4a2171"
+
+CMD ["/bin/sh", "/usr/local/bin/entrypoint.sh"]

dist/build-package.js

@@ -1,12 +1,15 @@
 var spawn = require('child_process').spawn;
 var os = require('os');
+var process = require('process');
+
+var args = process.argv.slice(2);
 
 if (os.type() === 'Linux') {
-   spawn('bash', ['dist/package.sh'], {stdio: 'inherit'});
+   spawn('bash', ['dist/package.sh'].concat(args), {stdio: 'inherit'});
 } else if (os.type() === 'Darwin') {
-   spawn('bash', ['dist/package.sh'], {stdio: 'inherit'});
+   spawn('bash', ['dist/package.sh'].concat(args), {stdio: 'inherit'});
 } else if (os.type() === 'Windows_NT') {
-   spawn('powershell', ['dist/package.sh'], {stdio: 'inherit'});
+   spawn('powershell', ['dist/package.sh'].concat(args), {stdio: 'inherit'});
 } else {
    throw new Error("Unsupported OS found: " + os.type());
 }

dist/package.sh

@@ -9,6 +9,13 @@ echo -e "  |_| |_|_|_| |___|___|_|_|_|__,|_____|___|___|\e[32m|_|\e[0m\n"
 
 echo -e "Creating release distribution for Threema Web\n"
 
+# Determine suffix
+if [ $# -gt 0 ]; then
+    SUFFIX="-$1"
+else
+    SUFFIX=""
+fi
+
 # Test whether we're in the root dir
 if [ ! -f "package.json" ]; then
     echo "Error: package.json not found."
@@ -28,7 +35,8 @@ if [ -e "release" ]; then
     done
 fi
 
-VERSION=$(grep "\"version\"" package.json  | sed 's/[[:blank:]]*\"version\": \"\([^\"]*\).*/\1/')
+VERSION=$(grep "\"version\"" package.json  | sed 's/[[:blank:]]*\"version\": \"\([^\"]*\).*/\1/')$SUFFIX
+echo "+ Building version $VERSION"
 
 DIR="release/threema-web-$VERSION"
 

docker/entrypoint.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+set -euo pipefail
+
+# Patch config file
+echo "Patching config file..."
+cd /usr/share/nginx/html/
+if [ ! -z "$SALTYRTC_HOST" ]; then
+    sed -i "s/SALTYRTC_HOST: null,/SALTYRTC_HOST: '${SALTYRTC_HOST}',/g" dist/app.js
+fi
+sed -i "s/SALTYRTC_PORT: [^,]*,/SALTYRTC_PORT: ${SALTYRTC_PORT},/g" dist/app.js
+sed -i "s/SALTYRTC_SERVER_KEY: '[^']*',/SALTYRTC_SERVER_KEY: '${SALTYRTC_SERVER_KEY}',/g" dist/app.js
+
+echo "Starting Threema Web..."
+exec nginx -g 'daemon off;'

docs/docker.md

@@ -0,0 +1,31 @@
+# Running Threema Web with Docker
+
+
+## Building the Image
+
+To build the Docker image:
+
+    $ docker build . -t example/threema-web:latest
+
+
+## Running the Image
+
+To run the Docker image:
+
+    $ docker run --rm -p 8080:80 threema/threema-web
+
+Now you can open `http://localhost:8080/` in your browser to use Threema Web.
+
+**IMPORTANT:** Note that this Dockerfile does not contain TLS termination. Make
+sure to serve Threema Web only via https, behind a reverse proxy like Nginx. We
+also recommend to enable HSTS, HPKP, CSP and other available security
+mechanisms in your web server.
+
+
+## Config Variables
+
+| Variable | Default | Description |
+| -------- | ------- | ----------- |
+| `SALTYRTC_HOST` | null | The SaltyRTC signaling server hostname |
+| `SALTYRTC_PORT` | 443 | The SaltyRTC signaling server port |
+| `SALTYRTC_SERVER_KEY` | "b1337fc8402f7db8ea639e05ed05d65463e24809792f91eca29e88101b4a2171" | The SaltyRTC signaling server public key |

docs/self_hosting.md

@@ -52,16 +52,24 @@ SaltyRTC/STUN/TURN servers.
 
 Cryptographic signatures are provided for the downloads.
 
+### Docker Image
+
+If you're interested in hosting Threema Web through Docker, check out the
+`docs/docker.md` file for more information.
+
+
 ## SaltyRTC Server
 
 For instructions on how to run your own SaltyRTC server, see
 https://github.com/saltyrtc/saltyrtc-server-python
 
+
 ## STUN / TURN Server
 
 You can run any WebRTC-compliant STUN / TURN server, e.g.
 [coturn](https://coturn.github.io).
 
+
 ## Push Relay
 
 While you could in theory host your own version of the push server, it won't