diff options
Diffstat (limited to 'ci/container')
| -rw-r--r-- | ci/container/Dockerfile | 9 | ||||
| -rw-r--r-- | ci/container/Taskfile.yaml | 6 | ||||
| -rw-r--r-- | ci/container/docker-compose.yaml | 11 | ||||
| -rw-r--r-- | ci/container/run.sh | 7 |
4 files changed, 25 insertions, 8 deletions
diff --git a/ci/container/Dockerfile b/ci/container/Dockerfile index a6d35d4..8787fa3 100644 --- a/ci/container/Dockerfile +++ b/ci/container/Dockerfile @@ -5,7 +5,7 @@ FROM alpine:3.19 as native-cont #install public libs and build tools -RUN apk update && apk add --no-cache build-base cmake npm git +RUN apk update && apk add --no-cache build-base cmake npm git openssl #most universal way to use Task is from NPM RUN npm install -g @go-task/cli @@ -20,7 +20,7 @@ RUN task build-libs #APP CONTAINER #move into a clean dotnet apline lean image -FROM mcr.microsoft.com/dotnet/runtime:8.0.2-alpine3.19-amd64 as app-cont +FROM mcr.microsoft.com/dotnet/runtime:8.0.3-alpine3.19-amd64 as app-cont LABEL name="vnuge/simple-bookmark" LABEL maintainer="Vaughn Nugent <vnpublic@proton.me>" @@ -31,6 +31,8 @@ COPY app/ /app #pull compiled libs from build container COPY --from=native-cont /build/out /app/lib +#copy self signed ssl certs for first startup +COPY --from=native-cont /build/ssl /app/ssl RUN apk update && apk add --no-cache gettext icu-libs dumb-init curl @@ -83,8 +85,9 @@ ENV VNCACHE_CACHE_PUBLIC_KEY="" #HTTP/PROXY Config ENV HTTP_DOWNSTREAM_SERVERS=[] -ENV SSL_JSON="{}" ENV HTTP_TRACE_ON=false +#set default certificate files to the self signed ones created in the build container +ENV SSL_JSON='{"cert": "ssl/cert.pem", "privkey":"ssl/key.pem"}' #run the init script within dumb-init ENTRYPOINT ["dumb-init", "--"] diff --git a/ci/container/Taskfile.yaml b/ci/container/Taskfile.yaml index 69dff71..9f486ef 100644 --- a/ci/container/Taskfile.yaml +++ b/ci/container/Taskfile.yaml @@ -8,6 +8,7 @@ version: "3" vars: INCLUDE_FILES: "Dockerfile, docker-compose.yaml" + CERT_KEY_PARAMS: "ec -pkeyopt ec_paramgen_curve:secp384r1" includes: install: @@ -19,6 +20,7 @@ tasks: build-libs: vars: OUT_DIR: "{{.USER_WORKING_DIR}}/out" + SSL_DIR: "{{.USER_WORKING_DIR}}/ssl" #build stage generates the following libraries generates: @@ -36,6 +38,10 @@ tasks: #build native compression lib and put in lib dir - cd lib/vnlib_compress && cmake -B./build && cmake --build build/ --config Release && cp build/libvn_compress.so {{.OUT_DIR}}/libvn_compress.so + #create a fresh self-signed cert for the container during build + - openssl req -new -x509 -days 365 -keyout {{.SSL_DIR}}/key.pem -out {{.SSL_DIR}}/cert.pem -newkey {{.CERT_KEY_PARAMS}} --nodes + - echo "WARNING Self signed certificate created during build stage, DO NOT COPY THIS IMAGE" + #called from ci pipline to build the package build: cmds: diff --git a/ci/container/docker-compose.yaml b/ci/container/docker-compose.yaml index 465615d..63de647 100644 --- a/ci/container/docker-compose.yaml +++ b/ci/container/docker-compose.yaml @@ -11,7 +11,9 @@ services: volumes: - ./data:/app/data - ./assets:/app/usr/assets:ro - - ./ssl:/app/ssl:ro + #uncomment to use your own ssl certs, otherwise a build-time cert will be used + #- ./ssl/cert.pem:/app/ssl/cert.pem:ro + #- ./ssl/key.pem:/app/ssl/key.pem:ro ports: - 8080:8080 environment: @@ -34,7 +36,7 @@ services: MAX_LOGIN_ATTEMPS: "10" #SECRETS - PASSWORD_PEPPER: "" + PASSWORD_PEPPER: "" #A base64 encoded secret is required. raw string, vault://, file:// allowed DATABASE_PASSWORD: "" REDIS_PASSWORD: "" #if MEMCACHE_ONLY is false, then the following keys are required to connect to a VNCACHE cluster @@ -44,7 +46,6 @@ services: #HTTP HTTP_DOWNSTREAM_SERVERS: '[]' HTTP_TRACE_ON: "false" - #SSL_JSON: '{"cert": "ssl/cert.pem", "privkey":"ssl/priv.pem"}' - - SERVER_ARGS: "" + + SERVER_ARGS: "--setup" #remove the setup flag after you are done setting up the server diff --git a/ci/container/run.sh b/ci/container/run.sh index c780929..b452f2a 100644 --- a/ci/container/run.sh +++ b/ci/container/run.sh @@ -2,6 +2,8 @@ #this script will be invoked by dumb-init in the container on statup and is located at /app +echo "Generating configuration files" + rm -rf config && mkdir config #substitude all -template files in the config-templates dir and write them to the config dir @@ -9,7 +11,12 @@ for file in config-templates/*-template.json; do envsubst < $file > config/$(basename $file -template.json).json done +echo "Complete" + +echo "Merging your asset files" cp usr/assets/* plugins/assets/ -rf +echo "Complete" #start the server +echo "Starting the server" dotnet webserver/VNLib.WebServer.dll --config config/config.json --input-off $SERVER_ARGS
\ No newline at end of file |