Move ufw to tna-run

nationalarchives · Nov 7, 2024 · 23b95f8 · 23b95f8
1 parent 4e4f82d
commit 23b95f8
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 6 deletions.
diff --git a/docker/tna-python/Dockerfile b/docker/tna-python/Dockerfile
@@ -116,13 +116,10 @@ RUN set -eux; \
 	rm -rfv /var/lib/apt/lists/*
 
 # ==========================================
-# Update the firewall rule to allow only for
-# HTTPS, then create an SSL certificate that
-# we can use locally in nginx to secure this
-# container
+# Generate an SSL cert we can use locally in
+# nginx to secure this container
 # ==========================================
-RUN ufw allow 'Nginx HTTPS'; \
-    mkdir /etc/nginx/ssl; \
+RUN mkdir /etc/nginx/ssl; \
     openssl req -x509 -noenc -newkey rsa:2048 -keyout /etc/nginx/ssl/key.pem -out /etc/nginx/ssl/req.pem -days 90 -subj "/C=GB/ST=London/L=Kew/O=The National Archives/OU=Digital/CN=localhost"
 
 # ==========================================

diff --git a/docker/tna-python/bin/tna-run b/docker/tna-python/bin/tna-run
@@ -32,6 +32,9 @@ then
   exit 1
 fi
 
+# Change the firewall rules to only allow HTTPS traffic
+ufw allow 'Nginx HTTPS'
+
 # Convert $ENVIRONMENT to lowercase
 ENVIRONMENT=$(echo "$ENVIRONMENT" | tr '[:upper:]' '[:lower:]')