diff options
author | vnugent <public@vaughnnugent.com> | 2024-06-04 15:59:02 -0400 |
---|---|---|
committer | vnugent <public@vaughnnugent.com> | 2024-06-04 15:59:02 -0400 |
commit | 71b581e006fda94aa675b7df9a7fbfe35d748b48 (patch) | |
tree | 3ae4832021a63249f53bd68b28759cd496397784 /ci/container | |
parent | 28e67e58208a13bd5f9afb19b6a2e57f904eec80 (diff) |
Squashed commit of the following:v0.1.6
commit bbe3b9b80db68cf86e26bd2e40a07c1650031224
Author: vnugent <public@vaughnnugent.com>
Date: Tue Jun 4 15:54:42 2024 -0400
ignore npm version bump errors for build
commit 45816924e5a47710a6bc4ed0d59ea81a48eddd1e
Author: vnugent <public@vaughnnugent.com>
Date: Tue Jun 4 15:30:35 2024 -0400
project version in ui
commit 03357c9f7b7fa389d2d426e95d9854b7b04623f9
Author: vnugent <public@vaughnnugent.com>
Date: Tue Jun 4 12:59:30 2024 -0400
chore: Essentials upstream update
commit b6d292014700d05a93aa4e486baedf37656f464a
Author: vnugent <public@vaughnnugent.com>
Date: Thu May 23 19:09:28 2024 -0400
docs: Update readme instructions
commit 5b6b4c06bc4b974e1839ca47c91dd6c903f119fd
Author: vnugent <public@vaughnnugent.com>
Date: Thu May 23 18:17:56 2024 -0400
build(server): Update Docker config to support new vars
commit c7c9e8a441e99e1dc79e2a690d83281af463d817
Author: vnugent <public@vaughnnugent.com>
Date: Thu May 23 17:40:09 2024 -0400
update backend deps
commit 06eb12d107f2605cae0f14884de04058c02d29f7
Author: vnugent <public@vaughnnugent.com>
Date: Thu May 23 17:38:22 2024 -0400
chore: package updates and verify
commit c8e3ca86be45be05c1f76a7dd808275a1afaccb0
Author: vnugent <public@vaughnnugent.com>
Date: Thu May 16 17:10:27 2024 -0400
chore: Remove unused cache stuff
commit ba2ee1073a5042bda0afc2b56233fe99d491b39d
Merge: e6b4e60 28e67e5
Author: vnugent <public@vaughnnugent.com>
Date: Wed May 15 18:08:48 2024 -0400
Merge branch 'master' into develop
commit e6b4e605622f2b323fd3fe0aa01000f3986e3bba
Author: vnugent <public@vaughnnugent.com>
Date: Wed May 15 16:35:06 2024 -0400
build: Fix ssl container dir, and certificate automation
commit a710553aa5c0484b6934b8a5d4d16b1eb3ff2a88
Author: vnugent <public@vaughnnugent.com>
Date: Wed May 15 15:37:53 2024 -0400
ci: Admin form clear, polish build and release taskfiels
commit 372eb6a32a9891afb5035caa0805e8ed878416d8
Author: vnugent <public@vaughnnugent.com>
Date: Tue May 14 22:27:10 2024 -0400
default read secret pepper from file for bare-metal builds
commit 1b7270b40b65ef089bf40a14065227f742b8507e
Author: vnugent <public@vaughnnugent.com>
Date: Tue May 14 21:52:03 2024 -0400
chore: make container slightly easier to setup
commit 2deda50a167286bc93fd3871a1fd6dbf9f43c81f
Merge: 28f0f77 96ae7b0
Author: vnugent <public@vaughnnugent.com>
Date: Sun Apr 28 10:54:09 2024 -0400
Merge branch 'master' into develop
commit 28f0f774da975c04271445761b2de31aecf969ff
Author: vnugent <public@vaughnnugent.com>
Date: Sat Apr 27 23:11:48 2024 -0400
Add --no-cache arg to build image args
commit 22a1f5d374ec1a487944c6303066d0f15617cb12
Author: vnugent <public@vaughnnugent.com>
Date: Sat Apr 27 18:47:25 2024 -0400
fix: Upstream patch missing ! in middlware
commit f40ca2d4c26f81276d58760152592a918bf3cd87
Author: vnugent <public@vaughnnugent.com>
Date: Sat Apr 27 18:36:01 2024 -0400
chore: package updates
commit d7a3c957467e65ea7176170fba3c280ac18ac17e
Author: vnugent <public@vaughnnugent.com>
Date: Sun Apr 21 12:02:57 2024 -0400
chore: Package updates and minor QOL patches
commit 97a5bded5122708cf39d0e86bc24a5f31755bdd1
Merge: 56e0a38 5877c86
Author: vnugent <public@vaughnnugent.com>
Date: Tue Apr 9 17:38:02 2024 -0400
Merge branch 'master' into develop
commit 56e0a38b2ca246e8beeaef3c6c4b9c0ce7d0f09b
Author: vnugent <public@vaughnnugent.com>
Date: Tue Apr 9 17:35:13 2024 -0400
chore(app): Update deps, login spinner, curl msg, view prep
commit 0945210c0492dd8a8de99ccd8e5e66cf05e3a1c1
Merge: 24fac82 3c15d54
Author: vnugent <public@vaughnnugent.com>
Date: Tue Apr 2 14:58:59 2024 -0400
Merge branch 'master' into develop
commit 24fac82efe9e5c18e86ed535678640e7401472db
Author: vnugent <public@vaughnnugent.com>
Date: Tue Apr 2 14:54:20 2024 -0400
ci: Configure manual dep versions
commit d2ae31ec919d72e66d8b40db8394b55efd6ea6d3
Author: vnugent <public@vaughnnugent.com>
Date: Sun Mar 31 22:19:53 2024 -0400
ci: Native compression support for win
commit fa7fdef79c6d468022b77f81314ac129fe0cdc32
Merge: 308092d a01220a
Author: vnugent <public@vaughnnugent.com>
Date: Wed Mar 13 21:26:55 2024 -0400
Merge branch 'master' into develop
commit 308092d6d743d0ba8f7ca86fd77e9c837dc46e88
Merge: 48637a8 9134093
Author: vnugent <public@vaughnnugent.com>
Date: Wed Mar 13 21:01:02 2024 -0400
Merge branch 'master' into develop
commit 48637a8781fc951c307216f604fc1610e68691c3
Merge: 1e08c6d e326736
Author: vnugent <public@vaughnnugent.com>
Date: Wed Mar 13 16:20:35 2024 -0400
Merge branch 'master' into develop
commit 1e08c6d2112459dc02a0ab873123c4a363b01d21
Author: vnugent <public@vaughnnugent.com>
Date: Wed Mar 13 16:17:58 2024 -0400
ci: verified container build ready for next release
commit 85a1e5b7cc5c99e97a2d4e99bbceb0d2139742ff
Author: vnugent <public@vaughnnugent.com>
Date: Tue Mar 12 22:05:16 2024 -0400
ci: exciting bare-metal build process, os support, smaller packages
commit 748cdbf4880d830fd794e92856e8c35a46e4f884
Author: vnugent <public@vaughnnugent.com>
Date: Mon Mar 11 21:21:18 2024 -0400
feat(app): #1 update libs & add curl support
Diffstat (limited to 'ci/container')
-rw-r--r-- | ci/container/Dockerfile | 37 | ||||
-rw-r--r-- | ci/container/config-templates/Essentials.Accounts-template.json | 2 | ||||
-rw-r--r-- | ci/container/config-templates/PageRouter-template.json | 2 | ||||
-rw-r--r-- | ci/container/config-templates/SessionProvider-template.json | 8 | ||||
-rw-r--r-- | ci/container/config-templates/SimpleBookmark-template.json | 2 | ||||
-rw-r--r-- | ci/container/docker-compose.yaml | 30 |
6 files changed, 51 insertions, 30 deletions
diff --git a/ci/container/Dockerfile b/ci/container/Dockerfile index 4580e48..33de6f1 100644 --- a/ci/container/Dockerfile +++ b/ci/container/Dockerfile @@ -55,8 +55,8 @@ ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=0 ENV VNLIB_ARGON2_DLL_PATH=/app/lib/libargon2.so #set default env variables -ENV MAX_BOOKMARKS=5000 -ENV REG_TOKEN_DURATION_MIN=360 +ENV MAX_BOOKMARKS=5000 \ + REG_TOKEN_DURATION_MIN=360 #SQL Config ENV SQL_LIB_PATH=VNLib.Plugins.Extensions.Sql.SQLite.dll @@ -66,29 +66,34 @@ ENV SQL_CONNECTION_STRING="Data Source=data/simple-bookmark.db;" ENV MAX_LOGIN_ATTEMPS=10 #HC Vault -ENV HC_VAULT_ADDR="" -ENV HC_VAULT_TOKEN="" -ENV HC_VAULT_TRUST_CERT=false +ENV HC_VAULT_ADDR="" \ + HC_VAULT_TOKEN="" \ + HC_VAULT_TRUST_CERT=false #VNCACHE (default to memory only) -ENV CACHE_ASM_PATH=VNLib.Data.Caching.Providers.VNCache.dll -ENV MEMCACHE_ONLY=true -ENV REDIS_CONNECTION_STRING="" -ENV VNCACHE_INITIAL_NODES=[] +ENV CACHE_ASM_PATH=VNLib.Data.Caching.Providers.VNCache.dll \ + MEMCACHE_ONLY=true \ + REDIS_CONNECTION_STRING="" \ + VNCACHE_INITIAL_NODES=[] #SECRETS -ENV PASSWORD_PEPPER="" -ENV DATABASE_PASSWORD="" -ENV REDIS_PASSWORD="" -ENV VNCACHE_CLIENT_PRIVATE_KEY="" -ENV VNCACHE_CACHE_PUBLIC_KEY="" +ENV PASSWORD_PEPPER="" \ + DATABASE_PASSWORD="" \ + REDIS_PASSWORD="" \ + VNCACHE_CLIENT_PRIVATE_KEY="" \ + VNCACHE_CACHE_PUBLIC_KEY="" + #HTTP/PROXY Config -ENV HTTP_DOWNSTREAM_SERVERS=[] -ENV HTTP_TRACE_ON=false +ENV HTTP_DOWNSTREAM_SERVERS=[] \ + HTTP_TRACE_ON=false + #set default certificate files to the self signed ones created in the build container ENV SSL_JSON='{"cert": "ssl/cert.pem", "privkey":"ssl/key.pem"}' +#disable plugin debugging by default +ENV DEBUG_PLUGINS=false + #run the init script within dumb-init ENTRYPOINT ["dumb-init", "--"] CMD ["ash", "./run.sh"] diff --git a/ci/container/config-templates/Essentials.Accounts-template.json b/ci/container/config-templates/Essentials.Accounts-template.json index 6e36986..68568a9 100644 --- a/ci/container/config-templates/Essentials.Accounts-template.json +++ b/ci/container/config-templates/Essentials.Accounts-template.json @@ -1,5 +1,5 @@ { - "debug": false, + "debug": ${DEBUG_PLUGINS}, //endpoints diff --git a/ci/container/config-templates/PageRouter-template.json b/ci/container/config-templates/PageRouter-template.json index 7cfdf24..98dded3 100644 --- a/ci/container/config-templates/PageRouter-template.json +++ b/ci/container/config-templates/PageRouter-template.json @@ -1,5 +1,5 @@ { - "debug": false, + "debug": ${DEBUG_PLUGINS}, "store": { "route_file": "static/routes.xml" } diff --git a/ci/container/config-templates/SessionProvider-template.json b/ci/container/config-templates/SessionProvider-template.json index e281edf..328f06f 100644 --- a/ci/container/config-templates/SessionProvider-template.json +++ b/ci/container/config-templates/SessionProvider-template.json @@ -1,6 +1,6 @@ { - "debug": false, + "debug": ${DEBUG_PLUGINS}, //Provider assemblies to load "provider_assemblies": [ "VNLib.Plugins.Sessions.VNCache.dll" ], @@ -16,6 +16,10 @@ //time (in seconds) a session is valid for "valid_for_sec": 3600, //The maxium number of connections waiting for the cache server responses - "max_waiting_connections": 100 + "max_waiting_connections": 100, + //Enforce strict cross-origin session checks + "strict_cors": true, + ///Enforces strict TLS to help prevent tls downgrades based on stored session variables (privacy note: this can be leaked through brute-forced if session id is stolen) + "strict_tls_protocol": true } }
\ No newline at end of file diff --git a/ci/container/config-templates/SimpleBookmark-template.json b/ci/container/config-templates/SimpleBookmark-template.json index 610673e..8736d8d 100644 --- a/ci/container/config-templates/SimpleBookmark-template.json +++ b/ci/container/config-templates/SimpleBookmark-template.json @@ -1,7 +1,7 @@ { //Comments are allowed - "debug": false, //Enables obnoxious debug logging + "debug": ${DEBUG_PLUGINS}, //Enables obnoxious debug logging "bm_endpoint": { diff --git a/ci/container/docker-compose.yaml b/ci/container/docker-compose.yaml index 63de647..fa6b0aa 100644 --- a/ci/container/docker-compose.yaml +++ b/ci/container/docker-compose.yaml @@ -19,24 +19,33 @@ services: environment: MAX_BOOKMARKS: "5000" REG_TOKEN_DURATION_MIN: "360" #6 hours + #SQL Config SQL_LIB_PATH: "VNLib.Plugins.Extensions.Sql.SQLite.dll" SQL_CONNECTION_STRING: "Data Source=data/simple-bookmark.db;" - #HC Vault - HC_VAULT_ADDR: "" - HC_VAULT_TOKEN: "" - HC_VAULT_TRUST_CERT: "false" + + #HC Vault client config + #HC_VAULT_ADDR: "" + #HC_VAULT_TOKEN: "" + #HC_VAULT_TRUST_CERT: "false" + #VNCACHE (default to memory only) CACHE_ASM_PATH: "VNLib.Data.Caching.Providers.VNCache.dll" MEMCACHE_ONLY: "true" REDIS_CONNECTION_STRING: "" #at least one node required if MEMCACHE_ONLY is false VNCACHE_INITIAL_NODES: "[]" - #ACCOUNTS + + #Accounts plugin config MAX_LOGIN_ATTEMPS: "10" #SECRETS - PASSWORD_PEPPER: "" #A base64 encoded secret is required. raw string, vault://, file:// allowed + #All secrets may be a raw value, read from a file, + #an environment variable, or a vault path + # file://mysecret.txt reads the secret from a file (case sensitive) + # env://MY_SECRET reads the secret from an environment variable (case sensitive) + # vault://kv/data/secret?secret=value reads the value of the mysecret key in the secret/data path + PASSWORD_PEPPER: "" #Must be a base64 encoded value, of realtivley any size DATABASE_PASSWORD: "" REDIS_PASSWORD: "" #if MEMCACHE_ONLY is false, then the following keys are required to connect to a VNCACHE cluster @@ -44,8 +53,11 @@ services: VNCACHE_CACHE_PUBLIC_KEY: "" #HTTP - HTTP_DOWNSTREAM_SERVERS: '[]' - HTTP_TRACE_ON: "false" - + HTTP_DOWNSTREAM_SERVERS: '[]' #a comma separated list of downstream ip addresses + HTTP_TRACE_ON: "false" #enable http trace logging, requires --debug CLI flag + + #Very Verbose plugin logging, required --debug CLI flag, prints literally everything to the logger + DEBUG_PLUGINS: "false" + SERVER_ARGS: "--setup" #remove the setup flag after you are done setting up the server |