diff options
Diffstat (limited to 'ci')
-rw-r--r-- | ci/config/config.json | 2 | ||||
-rw-r--r-- | ci/container/Dockerfile | 37 | ||||
-rw-r--r-- | ci/container/config-templates/Essentials.Accounts-template.json | 2 | ||||
-rw-r--r-- | ci/container/config-templates/PageRouter-template.json | 2 | ||||
-rw-r--r-- | ci/container/config-templates/SessionProvider-template.json | 8 | ||||
-rw-r--r-- | ci/container/config-templates/SimpleBookmark-template.json | 2 | ||||
-rw-r--r-- | ci/container/docker-compose.yaml | 30 | ||||
-rw-r--r-- | ci/plugins.taskfile.yaml | 12 | ||||
-rw-r--r-- | ci/taskfile.yaml | 2 |
9 files changed, 59 insertions, 38 deletions
diff --git a/ci/config/config.json b/ci/config/config.json index 0d8b839..f776732 100644 --- a/ci/config/config.json +++ b/ci/config/config.json @@ -141,7 +141,7 @@ "interval": "infinite" }, - "disabled app_log": { + "app_log": { "path": "data/logs/applog.txt", //"template": "serilog template for writing to file", "flush_sec": 5, diff --git a/ci/container/Dockerfile b/ci/container/Dockerfile index 4580e48..33de6f1 100644 --- a/ci/container/Dockerfile +++ b/ci/container/Dockerfile @@ -55,8 +55,8 @@ ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=0 ENV VNLIB_ARGON2_DLL_PATH=/app/lib/libargon2.so #set default env variables -ENV MAX_BOOKMARKS=5000 -ENV REG_TOKEN_DURATION_MIN=360 +ENV MAX_BOOKMARKS=5000 \ + REG_TOKEN_DURATION_MIN=360 #SQL Config ENV SQL_LIB_PATH=VNLib.Plugins.Extensions.Sql.SQLite.dll @@ -66,29 +66,34 @@ ENV SQL_CONNECTION_STRING="Data Source=data/simple-bookmark.db;" ENV MAX_LOGIN_ATTEMPS=10 #HC Vault -ENV HC_VAULT_ADDR="" -ENV HC_VAULT_TOKEN="" -ENV HC_VAULT_TRUST_CERT=false +ENV HC_VAULT_ADDR="" \ + HC_VAULT_TOKEN="" \ + HC_VAULT_TRUST_CERT=false #VNCACHE (default to memory only) -ENV CACHE_ASM_PATH=VNLib.Data.Caching.Providers.VNCache.dll -ENV MEMCACHE_ONLY=true -ENV REDIS_CONNECTION_STRING="" -ENV VNCACHE_INITIAL_NODES=[] +ENV CACHE_ASM_PATH=VNLib.Data.Caching.Providers.VNCache.dll \ + MEMCACHE_ONLY=true \ + REDIS_CONNECTION_STRING="" \ + VNCACHE_INITIAL_NODES=[] #SECRETS -ENV PASSWORD_PEPPER="" -ENV DATABASE_PASSWORD="" -ENV REDIS_PASSWORD="" -ENV VNCACHE_CLIENT_PRIVATE_KEY="" -ENV VNCACHE_CACHE_PUBLIC_KEY="" +ENV PASSWORD_PEPPER="" \ + DATABASE_PASSWORD="" \ + REDIS_PASSWORD="" \ + VNCACHE_CLIENT_PRIVATE_KEY="" \ + VNCACHE_CACHE_PUBLIC_KEY="" + #HTTP/PROXY Config -ENV HTTP_DOWNSTREAM_SERVERS=[] -ENV HTTP_TRACE_ON=false +ENV HTTP_DOWNSTREAM_SERVERS=[] \ + HTTP_TRACE_ON=false + #set default certificate files to the self signed ones created in the build container ENV SSL_JSON='{"cert": "ssl/cert.pem", "privkey":"ssl/key.pem"}' +#disable plugin debugging by default +ENV DEBUG_PLUGINS=false + #run the init script within dumb-init ENTRYPOINT ["dumb-init", "--"] CMD ["ash", "./run.sh"] diff --git a/ci/container/config-templates/Essentials.Accounts-template.json b/ci/container/config-templates/Essentials.Accounts-template.json index 6e36986..68568a9 100644 --- a/ci/container/config-templates/Essentials.Accounts-template.json +++ b/ci/container/config-templates/Essentials.Accounts-template.json @@ -1,5 +1,5 @@ { - "debug": false, + "debug": ${DEBUG_PLUGINS}, //endpoints diff --git a/ci/container/config-templates/PageRouter-template.json b/ci/container/config-templates/PageRouter-template.json index 7cfdf24..98dded3 100644 --- a/ci/container/config-templates/PageRouter-template.json +++ b/ci/container/config-templates/PageRouter-template.json @@ -1,5 +1,5 @@ { - "debug": false, + "debug": ${DEBUG_PLUGINS}, "store": { "route_file": "static/routes.xml" } diff --git a/ci/container/config-templates/SessionProvider-template.json b/ci/container/config-templates/SessionProvider-template.json index e281edf..328f06f 100644 --- a/ci/container/config-templates/SessionProvider-template.json +++ b/ci/container/config-templates/SessionProvider-template.json @@ -1,6 +1,6 @@ { - "debug": false, + "debug": ${DEBUG_PLUGINS}, //Provider assemblies to load "provider_assemblies": [ "VNLib.Plugins.Sessions.VNCache.dll" ], @@ -16,6 +16,10 @@ //time (in seconds) a session is valid for "valid_for_sec": 3600, //The maxium number of connections waiting for the cache server responses - "max_waiting_connections": 100 + "max_waiting_connections": 100, + //Enforce strict cross-origin session checks + "strict_cors": true, + ///Enforces strict TLS to help prevent tls downgrades based on stored session variables (privacy note: this can be leaked through brute-forced if session id is stolen) + "strict_tls_protocol": true } }
\ No newline at end of file diff --git a/ci/container/config-templates/SimpleBookmark-template.json b/ci/container/config-templates/SimpleBookmark-template.json index 610673e..8736d8d 100644 --- a/ci/container/config-templates/SimpleBookmark-template.json +++ b/ci/container/config-templates/SimpleBookmark-template.json @@ -1,7 +1,7 @@ { //Comments are allowed - "debug": false, //Enables obnoxious debug logging + "debug": ${DEBUG_PLUGINS}, //Enables obnoxious debug logging "bm_endpoint": { diff --git a/ci/container/docker-compose.yaml b/ci/container/docker-compose.yaml index 63de647..fa6b0aa 100644 --- a/ci/container/docker-compose.yaml +++ b/ci/container/docker-compose.yaml @@ -19,24 +19,33 @@ services: environment: MAX_BOOKMARKS: "5000" REG_TOKEN_DURATION_MIN: "360" #6 hours + #SQL Config SQL_LIB_PATH: "VNLib.Plugins.Extensions.Sql.SQLite.dll" SQL_CONNECTION_STRING: "Data Source=data/simple-bookmark.db;" - #HC Vault - HC_VAULT_ADDR: "" - HC_VAULT_TOKEN: "" - HC_VAULT_TRUST_CERT: "false" + + #HC Vault client config + #HC_VAULT_ADDR: "" + #HC_VAULT_TOKEN: "" + #HC_VAULT_TRUST_CERT: "false" + #VNCACHE (default to memory only) CACHE_ASM_PATH: "VNLib.Data.Caching.Providers.VNCache.dll" MEMCACHE_ONLY: "true" REDIS_CONNECTION_STRING: "" #at least one node required if MEMCACHE_ONLY is false VNCACHE_INITIAL_NODES: "[]" - #ACCOUNTS + + #Accounts plugin config MAX_LOGIN_ATTEMPS: "10" #SECRETS - PASSWORD_PEPPER: "" #A base64 encoded secret is required. raw string, vault://, file:// allowed + #All secrets may be a raw value, read from a file, + #an environment variable, or a vault path + # file://mysecret.txt reads the secret from a file (case sensitive) + # env://MY_SECRET reads the secret from an environment variable (case sensitive) + # vault://kv/data/secret?secret=value reads the value of the mysecret key in the secret/data path + PASSWORD_PEPPER: "" #Must be a base64 encoded value, of realtivley any size DATABASE_PASSWORD: "" REDIS_PASSWORD: "" #if MEMCACHE_ONLY is false, then the following keys are required to connect to a VNCACHE cluster @@ -44,8 +53,11 @@ services: VNCACHE_CACHE_PUBLIC_KEY: "" #HTTP - HTTP_DOWNSTREAM_SERVERS: '[]' - HTTP_TRACE_ON: "false" - + HTTP_DOWNSTREAM_SERVERS: '[]' #a comma separated list of downstream ip addresses + HTTP_TRACE_ON: "false" #enable http trace logging, requires --debug CLI flag + + #Very Verbose plugin logging, required --debug CLI flag, prints literally everything to the logger + DEBUG_PLUGINS: "false" + SERVER_ARGS: "--setup" #remove the setup flag after you are done setting up the server diff --git a/ci/plugins.taskfile.yaml b/ci/plugins.taskfile.yaml index 7cb508c..efb7ca0 100644 --- a/ci/plugins.taskfile.yaml +++ b/ci/plugins.taskfile.yaml @@ -10,12 +10,12 @@ includes: taskfile: install.taskfile.yaml vars: - CORE_VERSION: '107b058a38d6785b350826c6fb01bb64997c630a' - ESSENTIALS_VERSION: 'dfbb88e7ad4e25215e70b2a457bcccad2834a1bf' - CACHE_VERSION: '2468774cb54a7ac381988af6fa8ed0b09264762d' - USERS_VERSION: 'cbe49da211039957b431b307a0cb2c3a20bd2c10' - SESSION_VERSION: '84f81db6ec729e24e2818557564e7da92259be43' - EXTENSIONS_VERSION: '5ad520e078414ca26f6144da0aab4e975347a121' + CORE_VERSION: '1b590c2517fef110564943ed8a10edd11fa758b0' + ESSENTIALS_VERSION: '451091e93b5feee7a5e01d3a81f5d63efa7ea8be' + CACHE_VERSION: '930980a1e6b5db24dd4d8beeb115e4279ea79ee2' + USERS_VERSION: '6d48be92c39d0046c5d827fb86af7ea1f3877e69' + SESSION_VERSION: 'f2dedded2a8646273c4dd13013b8334d64e02d6f' + EXTENSIONS_VERSION: '1350c983c371fdd6a93596c8474345f9168284e1' tasks: diff --git a/ci/taskfile.yaml b/ci/taskfile.yaml index 0267dec..ed61cf9 100644 --- a/ci/taskfile.yaml +++ b/ci/taskfile.yaml @@ -8,7 +8,7 @@ version: "3" vars: BUILDS_URL: https://www.vaughnnugent.com/public/resources/software/builds SQLITE_OUT_DIR: "plugins/assets/VNLib.Plugins.Extensions.Loading.Sql.SQLite" - WEBSERVER_VERSION: 'a04d0118b671dfc647647d4c425172013011e401' + WEBSERVER_VERSION: 'a54c9d0da36ee15b5a1b6852b843bc0a40694ce5' includes: install: |