This came about because I’m trying out FOSSBilling, however I do not like their theme, layups or their templating engine. I really just struggle to work with all of the above. The admin area is fine, but the client area is painful.
Luckily, it’s a fork of BoxBilling which has some good API documentation. Theoretically, I believe that I could just redevelop a front-end which uses API calls to FOSSBilling, making it basically just a backend. I can do security controls to FOSSBilling server-side or with a WAF.
During R&D I finally had to tackle my arch nemesis: CORS. The best thing to ever happen, and the biggest PITA if you’re just trying to hack something together.
The docker-compose.yml I have to work with is as follows:
version: "3.9"
services:
fossbilling:
build: ./custom-docker
restart: always
ports:
- 8000:80
volumes:
- ./fossbilling:/var/www/html
mysql:
image: mysql:8.0
restart: always
environment:
MYSQL_DATABASE: exampledb
MYSQL_USER: exampleuser
MYSQL_PASSWORD: examplepass
MYSQL_RANDOM_ROOT_PASSWORD: '1'
volumes:
- ./database:/var/lib/mysql
website:
image: jekyll/jekyll:latest
command: jekyll serve --incremental
ports:
- 4000:4000
volumes:
- ./website:/srv/jekyll
nginx:
image: nginx:latest
volumes:
- ./nginx/reverse_proxy.conf:/etc/nginx/conf.d/default.conf
ports:
- 80:80
links:
- fossbilling
- website
This will spawn two websites; one running FOSSBilling and one with my custom JS application. It will also run up a MySQL server for FOSSBilling. custom-docker/Dockerfile contains the following:
FROM fossbilling/fossbilling
RUN a2enmod headers
We just use the default fossbilling/fossbilling image, but we add the Apache module headers. This will allow us to add the following to our fossbilling/.htaccess file:
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Methods "GET,PUT,POST,DELETE"
Header set Access-Control-Allow-Headers "Content-Type, Authorization"
These rules will allow any origin to make API calls against our FOSSBilling instance. THIS IS NOT FOR PRODUCTION USE.
For production use, I’ll change the wildcard to my companies website and call it a day. For testing though, this get’s me around the issues I was having testing the FOSSBilling API.