diff --git a/.gitignore b/.gitignore
index ea045d05ac..936864b967 100644
--- a/.gitignore
+++ b/.gitignore
@@ -202,4 +202,5 @@ project.lock.json
mail_dist/
*.refactorlog
*.scmp
-src/Core/Properties/launchSettings.json
\ No newline at end of file
+src/Core/Properties/launchSettings.json
+*.override.env
\ No newline at end of file
diff --git a/bitwarden-core.sln b/bitwarden-core.sln
index 1e4fb5789b..418a367271 100644
--- a/bitwarden-core.sln
+++ b/bitwarden-core.sln
@@ -1,7 +1,7 @@
Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio 15
-VisualStudioVersion = 15.0.26430.13
+VisualStudioVersion = 15.0.26724.1
MinimumVisualStudioVersion = 10.0.40219.1
Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{DD5BD056-4AAE-43EF-BBD2-0B569B8DA84D}"
EndProject
@@ -28,6 +28,8 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Billing", "src\Billing\Bill
EndProject
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Identity", "src\Identity\Identity.csproj", "{04148736-3C0B-445E-8B74-2020E7A53502}"
EndProject
+Project("{E53339B2-1760-4266-BCC7-CA923CBCF16C}") = "Docker", "docker\Docker.dcproj", "{026DDB58-F0DB-4089-8168-83015AF785AE}"
+EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
@@ -60,6 +62,10 @@ Global
{04148736-3C0B-445E-8B74-2020E7A53502}.Debug|Any CPU.Build.0 = Debug|Any CPU
{04148736-3C0B-445E-8B74-2020E7A53502}.Release|Any CPU.ActiveCfg = Release|Any CPU
{04148736-3C0B-445E-8B74-2020E7A53502}.Release|Any CPU.Build.0 = Release|Any CPU
+ {026DDB58-F0DB-4089-8168-83015AF785AE}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+ {026DDB58-F0DB-4089-8168-83015AF785AE}.Debug|Any CPU.Build.0 = Debug|Any CPU
+ {026DDB58-F0DB-4089-8168-83015AF785AE}.Release|Any CPU.ActiveCfg = Release|Any CPU
+ {026DDB58-F0DB-4089-8168-83015AF785AE}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
@@ -72,4 +78,7 @@ Global
{02BC2982-ED8D-4A6D-A41E-092B3DAEB98A} = {DD5BD056-4AAE-43EF-BBD2-0B569B8DA84D}
{04148736-3C0B-445E-8B74-2020E7A53502} = {DD5BD056-4AAE-43EF-BBD2-0B569B8DA84D}
EndGlobalSection
+ GlobalSection(ExtensibilityGlobals) = postSolution
+ SolutionGuid = {E01CBF68-2E20-425F-9EDB-E0A6510CA92F}
+ EndGlobalSection
EndGlobal
diff --git a/docker/Docker.dcproj b/docker/Docker.dcproj
new file mode 100644
index 0000000000..53500d856e
--- /dev/null
+++ b/docker/Docker.dcproj
@@ -0,0 +1,14 @@
+
+
+
+ 2.0
+ Linux
+ 026ddb58-f0db-4089-8168-83015af785ae
+ True
+ http://localhost:{ServicePort}
+ api
+
+
+
+
+
\ No newline at end of file
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
new file mode 100644
index 0000000000..f6a54c12a8
--- /dev/null
+++ b/docker/docker-compose.yml
@@ -0,0 +1,46 @@
+version: '3'
+
+services:
+ mssql:
+ image: microsoft/mssql-server-linux
+ container_name: mssql
+ restart: always
+ volumes:
+ - mssql_data:/var/opt/mssql/data
+ env_file:
+ - mssql.env
+ - mssql.override.env
+ ports:
+ - '1433:1433'
+
+ api:
+ image: api
+ container_name: api
+ restart: always
+ build: ../src/Api
+ env_file:
+ - global.env
+ - global.override.env
+
+ identity:
+ image: identity
+ container_name: identity
+ restart: always
+ build: ../src/Identity
+ env_file:
+ - global.env
+ - global.override.env
+
+ nginx:
+ image: nginx
+ container_name: nginx
+ restart: always
+ build: ../nginx
+ volumes:
+ - c:/bitwarden/letsencrypt:/etc/letsencrypt
+ ports:
+ - '80:80'
+ - '443:443'
+
+volumes:
+ mssql_data:
diff --git a/docker/global.env b/docker/global.env
new file mode 100644
index 0000000000..e92cb6651c
--- /dev/null
+++ b/docker/global.env
@@ -0,0 +1,6 @@
+ASPNETCORE_ENVIRONMENT=Production
+globalSettings:selfHosted=true
+globalSettings:baseServiceUri:vault=http://localhost
+globalSettings:baseServiceUri:api=http://localhost/api
+globalSettings:baseServiceUri:identity=http://localhost/identity
+globalSettings:baseServiceUri:identityInternal=http://identity
diff --git a/docker/mssql.env b/docker/mssql.env
new file mode 100644
index 0000000000..38b064e966
--- /dev/null
+++ b/docker/mssql.env
@@ -0,0 +1,3 @@
+ACCEPT_EULA=Y
+MSSQL_PID=Express
+SA_PASSWORD=SECRET
diff --git a/nginx/Dockerfile b/nginx/Dockerfile
new file mode 100644
index 0000000000..e86c662f4d
--- /dev/null
+++ b/nginx/Dockerfile
@@ -0,0 +1,9 @@
+FROM nginx:stable
+
+RUN rm /etc/nginx/nginx.conf
+COPY nginx.conf /etc/nginx/nginx.conf
+
+RUN rm /etc/nginx/conf.d/default.conf
+COPY default.conf /etc/nginx/conf.d/default.conf
+
+CMD ["nginx", "-g", "daemon off;"]
\ No newline at end of file
diff --git a/nginx/default.conf b/nginx/default.conf
new file mode 100644
index 0000000000..d655e1d16a
--- /dev/null
+++ b/nginx/default.conf
@@ -0,0 +1,73 @@
+server {
+ listen 80 default_server;
+ listen [::]:80 default_server;
+ server_name bw.kylespearrin.com;
+ return 301 https://$server_name$request_uri;
+}
+
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+ server_name bw.kylespearrin.com;
+
+ ssl_certificate /etc/letsencrypt/live/bw.kylespearrin.com/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/bw.kylespearrin.com/privkey.pem;
+
+ ssl_session_timeout 30m;
+ ssl_session_cache shared:SSL:20m;
+ ssl_session_tickets off;
+
+ # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
+ ssl_dhparam /etc/letsencrypt/live/bw.kylespearrin.com/dhparam.pem;
+
+ # SSL protocols TLS v1~TLSv1.2 are allowed. Disabed SSLv3
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ # Disabled insecure ciphers suite. For example, MD5, DES, RC4, PSK
+ ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4:@STRENGTH";
+ # enables server-side protection from BEAST attacks
+ ssl_prefer_server_ciphers on;
+
+ # OCSP Stapling ---
+ # fetch OCSP records from URL in ssl_certificate and cache them
+ ssl_stapling on;
+ ssl_stapling_verify on;
+
+ ## verify chain of trust of OCSP response using Root CA and Intermediate certs
+ ssl_trusted_certificate /etc/letsencrypt/live/bw.kylespearrin.com/fullchain.pem;
+
+ resolver 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=300s;
+
+ # Headers
+
+ # X-Frame-Options is to prevent from clickJacking attack
+ #add_header X-Frame-Options SAMEORIGIN;
+
+ # disable content-type sniffing on some browsers.
+ add_header X-Content-Type-Options nosniff;
+
+ # This header enables the Cross-site scripting (XSS) filter
+ add_header X-XSS-Protection "1; mode=block";
+
+ # This will enforce HTTP browsing into HTTPS and avoid ssl stripping attack
+ #add_header Strict-Transport-Security max-age=15768000;
+
+ location /api/ {
+ proxy_pass http://api/;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Url-Scheme $scheme;
+ proxy_redirect off;
+ }
+
+ location /identity/ {
+ proxy_pass http://identity/;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Url-Scheme $scheme;
+ proxy_redirect off;
+ }
+}
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
new file mode 100644
index 0000000000..988ca80259
--- /dev/null
+++ b/nginx/nginx.conf
@@ -0,0 +1,134 @@
+# nginx Configuration File
+# http://wiki.nginx.org/Configuration
+
+# Run as a less privileged user for security reasons.
+# user www www;
+
+# How many worker threads to run;
+# "auto" sets it to the number of CPU cores available in the system, and
+# offers the best performance. Don't set it higher than the number of CPU
+# cores if changing this parameter.
+
+# The maximum number of connections for Nginx is calculated by:
+# max_clients = worker_processes * worker_connections
+worker_processes auto;
+
+# Maximum open file descriptors per process;
+# should be > worker_connections.
+worker_rlimit_nofile 8192;
+
+events {
+ # When you need > 8000 * cpu_cores connections, you start optimizing your OS,
+ # and this is probably the point at which you hire people who are smarter than
+ # you, as this is *a lot* of requests.
+ worker_connections 8000;
+}
+
+# Default error log file
+# (this is only used when you don't override error_log on a server{} level)
+error_log /var/log/nginx/error.log warn;
+pid /var/run/nginx.pid;
+
+http {
+
+ # Hide nginx version information.
+ server_tokens off;
+
+ # Define the MIME types for files.
+ include mime.types;
+ default_type application/octet-stream;
+
+ # Update charset_types due to updated mime.types
+ charset_types text/css text/plain text/vnd.wap.wml application/javascript application/json application/rss+xml application/xml;
+
+ # Format to use in log files
+ log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+ '$status $body_bytes_sent "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for"';
+
+ # Default log file
+ # (this is only used when you don't override access_log on a server{} level)
+ access_log /var/log/nginx/access.log main;
+
+ # How long to allow each connection to stay idle; longer values are better
+ # for each individual client, particularly for SSL, but means that worker
+ # connections are tied up longer. (Default: 65)
+ keepalive_timeout 20;
+
+ # Speed up file transfers by using sendfile() to copy directly
+ # between descriptors rather than using read()/write().
+ # For performance reasons, on FreeBSD systems w/ ZFS
+ # this option should be disabled as ZFS's ARC caches
+ # frequently used files in RAM by default.
+ sendfile on;
+
+ # Tell Nginx not to send out partial frames; this increases throughput
+ # since TCP frames are filled up before being sent out. (adds TCP_CORK)
+ tcp_nopush on;
+
+
+ # Compression
+
+ # Enable Gzip compressed.
+ gzip on;
+
+ # Compression level (1-9).
+ # 5 is a perfect compromise between size and cpu usage, offering about
+ # 75% reduction for most ascii files (almost identical to level 9).
+ gzip_comp_level 5;
+
+ # Don't compress anything that's already small and unlikely to shrink much
+ # if at all (the default is 20 bytes, which is bad as that usually leads to
+ # larger files after gzipping).
+ gzip_min_length 256;
+
+ # Compress data even for clients that are connecting to us via proxies,
+ # identified by the "Via" header (required for CloudFront).
+ gzip_proxied any;
+
+ # Tell proxies to cache both the gzipped and regular version of a resource
+ # whenever the client's Accept-Encoding capabilities header varies;
+ # Avoids the issue where a non-gzip capable client (which is extremely rare
+ # today) would display gibberish if their proxy gave them the gzipped version.
+ gzip_vary on;
+
+ # Compress all output labeled with one of the following MIME-types.
+ gzip_types
+ application/atom+xml
+ application/javascript
+ application/json
+ application/ld+json
+ application/manifest+json
+ application/rss+xml
+ application/vnd.geo+json
+ application/vnd.ms-fontobject
+ application/x-font-ttf
+ application/x-web-app-manifest+json
+ application/xhtml+xml
+ application/xml
+ font/opentype
+ image/bmp
+ image/svg+xml
+ image/x-icon
+ text/cache-manifest
+ text/css
+ text/plain
+ text/vcard
+ text/vnd.rim.location.xloc
+ text/vtt
+ text/x-component
+ text/x-cross-domain-policy;
+ # text/html is always compressed by HttpGzipModule
+
+ # This should be turned on if you are going to have pre-compressed copies (.gz) of
+ # static files available. If not it should be left off as it will cause extra I/O
+ # for the check. It is best if you enable this in a location{} block for
+ # a specific directory, or on an individual server{} level.
+ # gzip_static on;
+
+ # Include files in the sites-enabled folder. server{} configuration files should be
+ # placed in the sites-available folder, and then the configuration should be enabled
+ # by creating a symlink to it in the sites-enabled folder.
+ # See doc/sites-enabled.md for more info.
+ include conf.d/*.conf;
+}
diff --git a/scripts/install.sh b/scripts/install.sh
new file mode 100644
index 0000000000..f10d683dac
--- /dev/null
+++ b/scripts/install.sh
@@ -0,0 +1,11 @@
+dotnet publish ../src/Api/Api.csproj -f netcoreapp2.0 -o obj/Docker/publish -c "Release"
+dotnet publish ../src/Identity/Identity.csproj -f netcoreapp2.0 -o obj/Docker/publish -c "Release"
+
+docker-compose pull
+docker-compose down
+
+#mkdir -p c:/bitwarden/letsencrypt/live
+#docker run -it --rm -p 80:80 -v c:/bitwarden/letsencrypt:/etc/letsencrypt/ certbot/certbot certonly --standalone --noninteractive --preferred-challenges http --email kyle.spearrin@gmail.com --agree-tos -d bw.kylespearrin.com
+#openssl dhparam -out c:/bitwarden/letsencrypt/live/bw.kylespearrin.com/dhparam.pem 2048
+
+docker-compose up -d
diff --git a/src/Api/.dockerignore b/src/Api/.dockerignore
new file mode 100644
index 0000000000..d8f8175f6c
--- /dev/null
+++ b/src/Api/.dockerignore
@@ -0,0 +1,3 @@
+*
+!obj/Docker/publish/*
+!obj/Docker/empty/
diff --git a/src/Api/Api.csproj b/src/Api/Api.csproj
index 72a4f80228..d5aaef9d89 100644
--- a/src/Api/Api.csproj
+++ b/src/Api/Api.csproj
@@ -6,6 +6,7 @@
Api
Bit.Api
bitwarden-Api
+ ..\..\docker\Docker.dcproj
diff --git a/src/Api/Dockerfile b/src/Api/Dockerfile
new file mode 100644
index 0000000000..ef35ddac39
--- /dev/null
+++ b/src/Api/Dockerfile
@@ -0,0 +1,26 @@
+FROM microsoft/dotnet:2.0.0-preview2-runtime-jessie
+
+# FROM https://github.com/aspnet/aspnet-docker/blob/master/1.1/jessie/runtime/Dockerfile
+
+# set up network
+ENV ASPNETCORE_URLS http://+:80
+
+# set env var for packages cache
+ENV DOTNET_HOSTING_OPTIMIZATION_CACHE /packagescache
+
+# set up package cache and other tools
+RUN for version in '1.1.2' '1.1.3'; do \
+ curl -o /tmp/aspnetcore.cache.$version.tar.gz \
+ https://dist.asp.net/packagecache/$version/debian.8-x64/aspnetcore.cache.tar.gz \
+ && mkdir -p /packagescache && cd /packagescache \
+ && tar xf /tmp/aspnetcore.cache.$version.tar.gz \
+ && rm /tmp/aspnetcore.cache.$version.tar.gz; \
+done
+
+# Custom
+
+ARG source
+WORKDIR /app
+EXPOSE 80
+COPY ${source:-obj/Docker/publish} .
+ENTRYPOINT ["dotnet", "Api.dll"]
diff --git a/src/Identity/.dockerignore b/src/Identity/.dockerignore
new file mode 100644
index 0000000000..d8f8175f6c
--- /dev/null
+++ b/src/Identity/.dockerignore
@@ -0,0 +1,3 @@
+*
+!obj/Docker/publish/*
+!obj/Docker/empty/
diff --git a/src/Identity/Dockerfile b/src/Identity/Dockerfile
new file mode 100644
index 0000000000..e87caa5ee3
--- /dev/null
+++ b/src/Identity/Dockerfile
@@ -0,0 +1,26 @@
+FROM microsoft/dotnet:2.0.0-preview2-runtime-jessie
+
+# FROM https://github.com/aspnet/aspnet-docker/blob/master/1.1/jessie/runtime/Dockerfile
+
+# set up network
+ENV ASPNETCORE_URLS http://+:80
+
+# set env var for packages cache
+ENV DOTNET_HOSTING_OPTIMIZATION_CACHE /packagescache
+
+# set up package cache and other tools
+RUN for version in '1.1.2' '1.1.3'; do \
+ curl -o /tmp/aspnetcore.cache.$version.tar.gz \
+ https://dist.asp.net/packagecache/$version/debian.8-x64/aspnetcore.cache.tar.gz \
+ && mkdir -p /packagescache && cd /packagescache \
+ && tar xf /tmp/aspnetcore.cache.$version.tar.gz \
+ && rm /tmp/aspnetcore.cache.$version.tar.gz; \
+done
+
+# Custom
+
+ARG source
+WORKDIR /app
+EXPOSE 80
+COPY ${source:-obj/Docker/publish} .
+ENTRYPOINT ["dotnet", "Identity.dll"]
diff --git a/src/Identity/Identity.csproj b/src/Identity/Identity.csproj
index b3252d517b..d8e8b58bad 100644
--- a/src/Identity/Identity.csproj
+++ b/src/Identity/Identity.csproj
@@ -6,6 +6,7 @@
Identity
Bit.Identity
bitwarden-Identity
+ ..\..\docker\Docker.dcproj