From fc3519e1e4c01330a2da216dfc4e1a6674d5e8f9 Mon Sep 17 00:00:00 2001
From: ValueOn AG <p.motsch@valueon.ch>
Date: Sat, 3 May 2025 00:08:25 +0200
Subject: [PATCH] azure prod gateway

---
 env_dev.env          |   2 +-
 env_prod.env         |   2 +-
 notes/azuresetup.txt | 104 +++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 106 insertions(+), 2 deletions(-)
 create mode 100644 notes/azuresetup.txt

diff --git a/env_dev.env b/env_dev.env
index 98f8d545..5dbbbaea 100644
--- a/env_dev.env
+++ b/env_dev.env
@@ -22,4 +22,4 @@ APP_JWT_SECRET_SECRET=dev_jwt_secret_token
 APP_TOKEN_EXPIRY=300
 
 # CORS Configuration
-APP_ALLOWED_ORIGINS="http://localhost:8080","http://localhost:3000"
+APP_ALLOWED_ORIGINS="http://localhost:8080","https://playground.poweron-center.net"
diff --git a/env_prod.env b/env_prod.env
index e9c5efd6..ea695120 100644
--- a/env_prod.env
+++ b/env_prod.env
@@ -22,4 +22,4 @@ APP_JWT_SECRET_SECRET=dev_jwt_secret_token
 APP_TOKEN_EXPIRY=300
 
 # CORS Configuration
-APP_ALLOWED_ORIGINS="http://localhost:8080","http://localhost:3000"
+APP_ALLOWED_ORIGINS="http://localhost:8080","https://playground.poweron-center.net"
diff --git a/notes/azuresetup.txt b/notes/azuresetup.txt
new file mode 100644
index 00000000..17570483
--- /dev/null
+++ b/notes/azuresetup.txt
@@ -0,0 +1,104 @@
+#!/bin/bash
+
+# Variables
+SUBSCRIPTION_ID="213596c9-34b2-4677-a712-45ed127cdae5"
+RESOURCE_GROUP="volucy-group"
+APP_NAME="poweron-gateway"
+DOMAIN_NAME="gateway.poweron-center.net"
+CERT_PASSWORD="TheSecurePass$(date +%s)"  # Unique password with timestamp
+
+# Login to Azure (uncomment if not already logged in)
+# az login
+
+# Set subscription
+echo "Setting subscription..."
+az account set --subscription "$SUBSCRIPTION_ID"
+
+# Create directory for certificate files
+mkdir -p cert-files
+cd cert-files
+
+# Create OpenSSL config file with required extensions
+cat > openssl.cnf << EOF
+[ req ]
+default_bits       = 2048
+distinguished_name = req_distinguished_name
+req_extensions     = req_ext
+[ req_distinguished_name ]
+countryName                = Country Name (2 letter code)
+stateOrProvinceName        = State or Province Name (full name)
+localityName               = Locality Name (eg, city)
+organizationName           = Organization Name (eg, company)
+commonName                 = Common Name (e.g. server FQDN)
+[ req_ext ]
+subjectAltName = @alt_names
+extendedKeyUsage = serverAuth
+[alt_names]
+DNS.1   = ${DOMAIN_NAME}
+EOF
+
+# Generate private key
+openssl genrsa -out private.key 2048
+
+# Create CSR with config file
+openssl req -new -key private.key -out request.csr -config openssl.cnf -subj "/C=US/ST=State/L=City/O=Organization/CN=${DOMAIN_NAME}"
+
+# Generate self-signed certificate with extensions
+openssl x509 -req -days 365 -in request.csr -signkey private.key -out certificate.crt \
+  -extfile openssl.cnf -extensions req_ext
+
+# Create PFX file
+openssl pkcs12 -export -out self-signed-cert.pfx -inkey private.key -in certificate.crt -passout pass:$CERT_PASSWORD
+
+cd ..
+
+# Upload certificate to App Service
+echo "Uploading certificate..."
+UPLOAD_RESULT=$(az webapp config ssl upload \
+  --resource-group "$RESOURCE_GROUP" \
+  --name "$APP_NAME" \
+  --certificate-file "cert-files/self-signed-cert.pfx" \
+  --certificate-password "$CERT_PASSWORD")
+
+# Extract thumbprint from upload result
+CERT_THUMBPRINT=$(echo $UPLOAD_RESULT | jq -r '.thumbprint')
+
+echo "Certificate uploaded successfully with thumbprint: $CERT_THUMBPRINT"
+
+# If the thumbprint is empty, try to find it another way
+if [ -z "$CERT_THUMBPRINT" ] || [ "$CERT_THUMBPRINT" == "null" ]; then
+  echo "Thumbprint not found in upload result. Trying to list certificates..."
+  CERT_LIST=$(az webapp config ssl list --resource-group "$RESOURCE_GROUP")
+  
+  # Look for the most recently uploaded certificate
+  CERT_THUMBPRINT=$(echo $CERT_LIST | jq -r 'sort_by(.expirationDate) | reverse | .[0].thumbprint')
+  
+  if [ -z "$CERT_THUMBPRINT" ] || [ "$CERT_THUMBPRINT" == "null" ]; then
+    echo "Error: Could not find certificate thumbprint."
+    exit 1
+  fi
+fi
+
+echo "Using certificate thumbprint: $CERT_THUMBPRINT"
+
+# Make sure the custom domain is added
+echo "Checking if custom domain exists..."
+DOMAIN_EXISTS=$(az webapp config hostname list --resource-group "$RESOURCE_GROUP" --webapp-name "$APP_NAME" | jq -r ".[] | select(.name==\"$DOMAIN_NAME\") | .name")
+
+if [ -z "$DOMAIN_EXISTS" ]; then
+  echo "Adding custom domain..."
+  az webapp config hostname add \
+    --resource-group "$RESOURCE_GROUP" \
+    --webapp-name "$APP_NAME" \
+    --hostname "$DOMAIN_NAME"
+fi
+
+# Add IP-based SSL binding
+echo "Creating IP-based SSL binding..."
+az webapp config ssl bind \
+  --resource-group "$RESOURCE_GROUP" \
+  --name "$APP_NAME" \
+  --certificate-thumbprint "$CERT_THUMBPRINT" \
+  --ssl-type "IP"
+
+echo "SSL binding completed. Your domain should now be secured."
\ No newline at end of file