SC9 project encoded with Source Guardian, deployed with Docker in production

scriptcaser · February 27, 2021, 9:06am

Does anyone have a dockerized SC app in production, where the code is also protected by Source Guardian? I would like to save myself hours of experimenting and would appreciate tips:

is it working well, are there any gotchas?
are you using a bind mount for the app code? I’m thinking of ease of re-encoding when users pay for renewal
does the lightweight alpine distro with nginx + fpm combination work well with SC9?
if using Ubuntu (18.04 or up), which exact official docker image are you using?

Thanks

bigwasp · March 24, 2021, 7:52pm

Hi scriptcaser

I am using php and docker for a long time.
Using docker-compose makes the configuration more easy.

We use laradock for development and some production apps.
Laradock is highly configurable and uses nginx + fpm with alpine based images.
Out of the box laradock mounts the public folder of the project into the container.

Normally an re-encode is not needed if you generate an external license file with sourceguardian.
Here an example from the manual:

sourceguardian --external script.lic --projid “82Gi17Bn” --projkey “Az973Qq9” myscript.php
licgen --projid “82Gi17Bn” --projkey “Az973Qq9” --days 7 script.lic

So the locking options comming from the “script.lic” file.

I had this running for 2 Years in production, but since 1 1/2 year i do not need to use sg for our production systems.
Docker works for me like a charm.
Be careful with the locking options of SG!
IP, mac address and machine-id can or will change on container recreation.

regards bigwasp

scriptcaser · April 11, 2021, 4:30am

Thanks so much @bigwasp.

So Laradock works well for SC, not only Laravel? Any special steps needed to get it working?

Why is SG no longer necessary for you: are there other ways laradock is securing your code for you or your production apps are no longer within tampering reach of potential abuse?

Regards

bigwasp · April 12, 2021, 6:00pm

Hi scriptcaser

Laradock does not secure or seal containers.
If you need to hide the code from others Sourceguardian or other similar tools are good.
We are using more and more containerization and so Images and Containers are build and deployed frequently.
An other option is to build an phar archive (see box/configuration.md at master · box-project/box · GitHub ). If signed with openssl it only runs with the publickey and if unchanged, but this does not crypt the sourcecode.

Laradock is a fine tool to start with containers/docker

Regards

scriptcaser · June 3, 2021, 5:11pm

So if I follow the steps here on an existing SC project, the SC project gets dockerized? Sorry to ask something seemingly obvious but I like avoiding getting stuck mid-way. Perhaps there is a catch I need to be mindful of.

Also, at what stage does encoding the source with SourceGuardian come in?

Thanks

StephanT · January 25, 2022, 1:36am

Hello scriptcaser’s
If your are interested I have published on github a way to dockerize the scriptcase production environment which requires some essential steps. This environment works with nginx, mysql, php-fpm , php-myadmin and wkhtmltopdf containers. Also creating ssl keys and updating apps are included.
You can find it on https://github.com/StephanTie/scriptcase_prod

regards

scriptcaser · January 25, 2022, 9:33am

Wow, thank you: will check it out.

scriptcaser · April 7, 2022, 4:45pm

Hello @StephanT: what changes would be needed to your setup to run SC9 dev environment all within docker containers?

That way, sc9.8 (and PHP8) run in a separate container from 9.7/7.3 and not pollute the physical machine with all these versions.

StephanT · April 21, 2022, 7:08pm

Hello

I was not able to check this but i am planning to work on it somewhere coming 2 months

StephanT · May 29, 2022, 8:27pm

Hello what I see is that ioncube is not supporting PHP 8 yet so I think it is not wise to move to PHP 8 now

StephanT · May 29, 2022, 8:30pm

Changes for development are not so different I think but I am only focused on production at the moment and not development
For new scriptcase users it would be beneficial to install with docker.

StephanT · October 11, 2022, 3:09pm

In development scriptcase already made the change to use a different port and you can work in 2 environments.
For production I made changes in https://github.com/StephanTie/scriptcase_prod to have scriptcase 9.8.009 and php 8.1.6 working
I also think that for development my approach should work but as I do not develop on linux for me ther is no need.