Node FIPS

Dockerfile

FROM debian:12
RUN apt-get update && apt-get install -y \
    gcc \
    build-essential \
    git \
    wget \
    curl \
    vim \
    && rm -rf /var/lib/apt/lists/*

WORKDIR /apps
# https://github.com/openssl/openssl/blob/master/README-FIPS.md
RUN wget https://www.openssl.org/source/openssl-3.0.0.tar.gz && tar -xzvf openssl-3.0.0.tar.gz

RUN cd openssl-3.0.0 && ./config enable-fips enable-ssl-trace && make && make install
ENV LD_LIBRARY_PATH /usr/local/lib/:/usr/local/lib64/
RUN openssl fipsinstall -out /usr/local/ssl/fipsmodule.cnf -module /usr/local/lib/ossl-modules/fips.so

RUN rm /usr/local/ssl/openssl.cnf
RUN echo 'openssl_conf = openssl_init\n\
    \n\
    .include /usr/local/ssl/fipsmodule.cnf\n\
    \n\
    [openssl_init]\n\
    providers = provider_sect\n\
    alg_section = algorithm_sect\n\
    \n\
    [provider_sect]\n\
    fips = fips_sect\n\
    base = base_sect\n\
    \n\
    [base_sect]\n\
    activate = 1\n\
    \n\
    [algorithm_sect]\n\
    default_properties = fips=yes\n\
    ' > /usr/local/ssl/openssl.cnf

RUN echo 'nodejs_conf = nodejs_init\n\
    \n\
    .include /usr/local/ssl/fipsmodule.cnf\n\
    \n\
    [nodejs_init]\n\
    providers = provider_sect\n\
    alg_section = algorithm_sect\n\
    \n\
    [provider_sect]\n\
    default = default_sect\n\
    # The fips section name should match the section name inside the\n\
    # included fipsmodule.cnf.\n\
    fips = fips_sect\n\
    \n\
    [default_sect]\n\
    activate = 1\n\
    \n\
    [algorithm_sect]\n\
    default_properties = fips=yes\n\
    ' > /usr/local/ssl/nodejs.cnf

RUN curl -fsSL https://deb.nodesource.com/setup_lts.x | bash
RUN apt-get update && apt-get install -y \
    nodejs\
    && rm -rf /var/lib/apt/lists/*

ENV OPENSSL_CONF /usr/local/ssl/nodejs.cnf
ENV OPENSSL_MODULES /usr/local/lib/ossl-modules

ENTRYPOINT [ "bash" ]