aboutsummaryrefslogtreecommitdiff
path: root/ci
diff options
context:
space:
mode:
Diffstat (limited to 'ci')
-rw-r--r--ci/config/config.json2
-rw-r--r--ci/container/Dockerfile37
-rw-r--r--ci/container/config-templates/Essentials.Accounts-template.json2
-rw-r--r--ci/container/config-templates/PageRouter-template.json2
-rw-r--r--ci/container/config-templates/SessionProvider-template.json8
-rw-r--r--ci/container/config-templates/SimpleBookmark-template.json2
-rw-r--r--ci/container/docker-compose.yaml30
-rw-r--r--ci/plugins.taskfile.yaml12
-rw-r--r--ci/taskfile.yaml2
9 files changed, 59 insertions, 38 deletions
diff --git a/ci/config/config.json b/ci/config/config.json
index 0d8b839..f776732 100644
--- a/ci/config/config.json
+++ b/ci/config/config.json
@@ -141,7 +141,7 @@
"interval": "infinite"
},
- "disabled app_log": {
+ "app_log": {
"path": "data/logs/applog.txt",
//"template": "serilog template for writing to file",
"flush_sec": 5,
diff --git a/ci/container/Dockerfile b/ci/container/Dockerfile
index 4580e48..33de6f1 100644
--- a/ci/container/Dockerfile
+++ b/ci/container/Dockerfile
@@ -55,8 +55,8 @@ ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=0
ENV VNLIB_ARGON2_DLL_PATH=/app/lib/libargon2.so
#set default env variables
-ENV MAX_BOOKMARKS=5000
-ENV REG_TOKEN_DURATION_MIN=360
+ENV MAX_BOOKMARKS=5000 \
+ REG_TOKEN_DURATION_MIN=360
#SQL Config
ENV SQL_LIB_PATH=VNLib.Plugins.Extensions.Sql.SQLite.dll
@@ -66,29 +66,34 @@ ENV SQL_CONNECTION_STRING="Data Source=data/simple-bookmark.db;"
ENV MAX_LOGIN_ATTEMPS=10
#HC Vault
-ENV HC_VAULT_ADDR=""
-ENV HC_VAULT_TOKEN=""
-ENV HC_VAULT_TRUST_CERT=false
+ENV HC_VAULT_ADDR="" \
+ HC_VAULT_TOKEN="" \
+ HC_VAULT_TRUST_CERT=false
#VNCACHE (default to memory only)
-ENV CACHE_ASM_PATH=VNLib.Data.Caching.Providers.VNCache.dll
-ENV MEMCACHE_ONLY=true
-ENV REDIS_CONNECTION_STRING=""
-ENV VNCACHE_INITIAL_NODES=[]
+ENV CACHE_ASM_PATH=VNLib.Data.Caching.Providers.VNCache.dll \
+ MEMCACHE_ONLY=true \
+ REDIS_CONNECTION_STRING="" \
+ VNCACHE_INITIAL_NODES=[]
#SECRETS
-ENV PASSWORD_PEPPER=""
-ENV DATABASE_PASSWORD=""
-ENV REDIS_PASSWORD=""
-ENV VNCACHE_CLIENT_PRIVATE_KEY=""
-ENV VNCACHE_CACHE_PUBLIC_KEY=""
+ENV PASSWORD_PEPPER="" \
+ DATABASE_PASSWORD="" \
+ REDIS_PASSWORD="" \
+ VNCACHE_CLIENT_PRIVATE_KEY="" \
+ VNCACHE_CACHE_PUBLIC_KEY=""
+
#HTTP/PROXY Config
-ENV HTTP_DOWNSTREAM_SERVERS=[]
-ENV HTTP_TRACE_ON=false
+ENV HTTP_DOWNSTREAM_SERVERS=[] \
+ HTTP_TRACE_ON=false
+
#set default certificate files to the self signed ones created in the build container
ENV SSL_JSON='{"cert": "ssl/cert.pem", "privkey":"ssl/key.pem"}'
+#disable plugin debugging by default
+ENV DEBUG_PLUGINS=false
+
#run the init script within dumb-init
ENTRYPOINT ["dumb-init", "--"]
CMD ["ash", "./run.sh"]
diff --git a/ci/container/config-templates/Essentials.Accounts-template.json b/ci/container/config-templates/Essentials.Accounts-template.json
index 6e36986..68568a9 100644
--- a/ci/container/config-templates/Essentials.Accounts-template.json
+++ b/ci/container/config-templates/Essentials.Accounts-template.json
@@ -1,5 +1,5 @@
{
- "debug": false,
+ "debug": ${DEBUG_PLUGINS},
//endpoints
diff --git a/ci/container/config-templates/PageRouter-template.json b/ci/container/config-templates/PageRouter-template.json
index 7cfdf24..98dded3 100644
--- a/ci/container/config-templates/PageRouter-template.json
+++ b/ci/container/config-templates/PageRouter-template.json
@@ -1,5 +1,5 @@
{
- "debug": false,
+ "debug": ${DEBUG_PLUGINS},
"store": {
"route_file": "static/routes.xml"
}
diff --git a/ci/container/config-templates/SessionProvider-template.json b/ci/container/config-templates/SessionProvider-template.json
index e281edf..328f06f 100644
--- a/ci/container/config-templates/SessionProvider-template.json
+++ b/ci/container/config-templates/SessionProvider-template.json
@@ -1,6 +1,6 @@
{
- "debug": false,
+ "debug": ${DEBUG_PLUGINS},
//Provider assemblies to load
"provider_assemblies": [ "VNLib.Plugins.Sessions.VNCache.dll" ],
@@ -16,6 +16,10 @@
//time (in seconds) a session is valid for
"valid_for_sec": 3600,
//The maxium number of connections waiting for the cache server responses
- "max_waiting_connections": 100
+ "max_waiting_connections": 100,
+ //Enforce strict cross-origin session checks
+ "strict_cors": true,
+ ///Enforces strict TLS to help prevent tls downgrades based on stored session variables (privacy note: this can be leaked through brute-forced if session id is stolen)
+ "strict_tls_protocol": true
}
} \ No newline at end of file
diff --git a/ci/container/config-templates/SimpleBookmark-template.json b/ci/container/config-templates/SimpleBookmark-template.json
index 610673e..8736d8d 100644
--- a/ci/container/config-templates/SimpleBookmark-template.json
+++ b/ci/container/config-templates/SimpleBookmark-template.json
@@ -1,7 +1,7 @@
{
//Comments are allowed
- "debug": false, //Enables obnoxious debug logging
+ "debug": ${DEBUG_PLUGINS}, //Enables obnoxious debug logging
"bm_endpoint": {
diff --git a/ci/container/docker-compose.yaml b/ci/container/docker-compose.yaml
index 63de647..fa6b0aa 100644
--- a/ci/container/docker-compose.yaml
+++ b/ci/container/docker-compose.yaml
@@ -19,24 +19,33 @@ services:
environment:
MAX_BOOKMARKS: "5000"
REG_TOKEN_DURATION_MIN: "360" #6 hours
+
#SQL Config
SQL_LIB_PATH: "VNLib.Plugins.Extensions.Sql.SQLite.dll"
SQL_CONNECTION_STRING: "Data Source=data/simple-bookmark.db;"
- #HC Vault
- HC_VAULT_ADDR: ""
- HC_VAULT_TOKEN: ""
- HC_VAULT_TRUST_CERT: "false"
+
+ #HC Vault client config
+ #HC_VAULT_ADDR: ""
+ #HC_VAULT_TOKEN: ""
+ #HC_VAULT_TRUST_CERT: "false"
+
#VNCACHE (default to memory only)
CACHE_ASM_PATH: "VNLib.Data.Caching.Providers.VNCache.dll"
MEMCACHE_ONLY: "true"
REDIS_CONNECTION_STRING: ""
#at least one node required if MEMCACHE_ONLY is false
VNCACHE_INITIAL_NODES: "[]"
- #ACCOUNTS
+
+ #Accounts plugin config
MAX_LOGIN_ATTEMPS: "10"
#SECRETS
- PASSWORD_PEPPER: "" #A base64 encoded secret is required. raw string, vault://, file:// allowed
+ #All secrets may be a raw value, read from a file,
+ #an environment variable, or a vault path
+ # file://mysecret.txt reads the secret from a file (case sensitive)
+ # env://MY_SECRET reads the secret from an environment variable (case sensitive)
+ # vault://kv/data/secret?secret=value reads the value of the mysecret key in the secret/data path
+ PASSWORD_PEPPER: "" #Must be a base64 encoded value, of realtivley any size
DATABASE_PASSWORD: ""
REDIS_PASSWORD: ""
#if MEMCACHE_ONLY is false, then the following keys are required to connect to a VNCACHE cluster
@@ -44,8 +53,11 @@ services:
VNCACHE_CACHE_PUBLIC_KEY: ""
#HTTP
- HTTP_DOWNSTREAM_SERVERS: '[]'
- HTTP_TRACE_ON: "false"
-
+ HTTP_DOWNSTREAM_SERVERS: '[]' #a comma separated list of downstream ip addresses
+ HTTP_TRACE_ON: "false" #enable http trace logging, requires --debug CLI flag
+
+ #Very Verbose plugin logging, required --debug CLI flag, prints literally everything to the logger
+ DEBUG_PLUGINS: "false"
+
SERVER_ARGS: "--setup" #remove the setup flag after you are done setting up the server
diff --git a/ci/plugins.taskfile.yaml b/ci/plugins.taskfile.yaml
index 7cb508c..efb7ca0 100644
--- a/ci/plugins.taskfile.yaml
+++ b/ci/plugins.taskfile.yaml
@@ -10,12 +10,12 @@ includes:
taskfile: install.taskfile.yaml
vars:
- CORE_VERSION: '107b058a38d6785b350826c6fb01bb64997c630a'
- ESSENTIALS_VERSION: 'dfbb88e7ad4e25215e70b2a457bcccad2834a1bf'
- CACHE_VERSION: '2468774cb54a7ac381988af6fa8ed0b09264762d'
- USERS_VERSION: 'cbe49da211039957b431b307a0cb2c3a20bd2c10'
- SESSION_VERSION: '84f81db6ec729e24e2818557564e7da92259be43'
- EXTENSIONS_VERSION: '5ad520e078414ca26f6144da0aab4e975347a121'
+ CORE_VERSION: '1b590c2517fef110564943ed8a10edd11fa758b0'
+ ESSENTIALS_VERSION: '451091e93b5feee7a5e01d3a81f5d63efa7ea8be'
+ CACHE_VERSION: '930980a1e6b5db24dd4d8beeb115e4279ea79ee2'
+ USERS_VERSION: '6d48be92c39d0046c5d827fb86af7ea1f3877e69'
+ SESSION_VERSION: 'f2dedded2a8646273c4dd13013b8334d64e02d6f'
+ EXTENSIONS_VERSION: '1350c983c371fdd6a93596c8474345f9168284e1'
tasks:
diff --git a/ci/taskfile.yaml b/ci/taskfile.yaml
index 0267dec..ed61cf9 100644
--- a/ci/taskfile.yaml
+++ b/ci/taskfile.yaml
@@ -8,7 +8,7 @@ version: "3"
vars:
BUILDS_URL: https://www.vaughnnugent.com/public/resources/software/builds
SQLITE_OUT_DIR: "plugins/assets/VNLib.Plugins.Extensions.Loading.Sql.SQLite"
- WEBSERVER_VERSION: 'a04d0118b671dfc647647d4c425172013011e401'
+ WEBSERVER_VERSION: 'a54c9d0da36ee15b5a1b6852b843bc0a40694ce5'
includes:
install:
generated by cgit (git 2.46.0) at 2024-10-01 19:29:55 +0000