From 28e67e58208a13bd5f9afb19b6a2e57f904eec80 Mon Sep 17 00:00:00 2001
From: vnugent <public@vaughnnugent.com>
Date: Wed, 15 May 2024 17:46:36 -0400
Subject: Squashed commit of the following:

commit e6b4e605622f2b323fd3fe0aa01000f3986e3bba
Author: vnugent <public@vaughnnugent.com>
Date:   Wed May 15 16:35:06 2024 -0400

    build: Fix ssl container dir, and certificate automation

commit a710553aa5c0484b6934b8a5d4d16b1eb3ff2a88
Author: vnugent <public@vaughnnugent.com>
Date:   Wed May 15 15:37:53 2024 -0400

    ci: Admin form clear, polish build and release taskfiels

commit 372eb6a32a9891afb5035caa0805e8ed878416d8
Author: vnugent <public@vaughnnugent.com>
Date:   Tue May 14 22:27:10 2024 -0400

    default read secret pepper from file for bare-metal builds

commit 1b7270b40b65ef089bf40a14065227f742b8507e
Author: vnugent <public@vaughnnugent.com>
Date:   Tue May 14 21:52:03 2024 -0400

    chore: make container slightly easier to setup

commit 2deda50a167286bc93fd3871a1fd6dbf9f43c81f
Merge: 28f0f77 96ae7b0
Author: vnugent <public@vaughnnugent.com>
Date:   Sun Apr 28 10:54:09 2024 -0400

    Merge branch 'master' into develop

commit 28f0f774da975c04271445761b2de31aecf969ff
Author: vnugent <public@vaughnnugent.com>
Date:   Sat Apr 27 23:11:48 2024 -0400

    Add --no-cache arg to build image args

commit 22a1f5d374ec1a487944c6303066d0f15617cb12
Author: vnugent <public@vaughnnugent.com>
Date:   Sat Apr 27 18:47:25 2024 -0400

    fix: Upstream patch missing ! in middlware

commit f40ca2d4c26f81276d58760152592a918bf3cd87
Author: vnugent <public@vaughnnugent.com>
Date:   Sat Apr 27 18:36:01 2024 -0400

    chore: package updates

commit d7a3c957467e65ea7176170fba3c280ac18ac17e
Author: vnugent <public@vaughnnugent.com>
Date:   Sun Apr 21 12:02:57 2024 -0400

    chore: Package updates and minor QOL patches

commit 97a5bded5122708cf39d0e86bc24a5f31755bdd1
Merge: 56e0a38 5877c86
Author: vnugent <public@vaughnnugent.com>
Date:   Tue Apr 9 17:38:02 2024 -0400

    Merge branch 'master' into develop

commit 56e0a38b2ca246e8beeaef3c6c4b9c0ce7d0f09b
Author: vnugent <public@vaughnnugent.com>
Date:   Tue Apr 9 17:35:13 2024 -0400

    chore(app): Update deps, login spinner, curl msg, view prep

commit 0945210c0492dd8a8de99ccd8e5e66cf05e3a1c1
Merge: 24fac82 3c15d54
Author: vnugent <public@vaughnnugent.com>
Date:   Tue Apr 2 14:58:59 2024 -0400

    Merge branch 'master' into develop

commit 24fac82efe9e5c18e86ed535678640e7401472db
Author: vnugent <public@vaughnnugent.com>
Date:   Tue Apr 2 14:54:20 2024 -0400

    ci: Configure manual dep versions

commit d2ae31ec919d72e66d8b40db8394b55efd6ea6d3
Author: vnugent <public@vaughnnugent.com>
Date:   Sun Mar 31 22:19:53 2024 -0400

    ci: Native compression support for win

commit fa7fdef79c6d468022b77f81314ac129fe0cdc32
Merge: 308092d a01220a
Author: vnugent <public@vaughnnugent.com>
Date:   Wed Mar 13 21:26:55 2024 -0400

    Merge branch 'master' into develop

commit 308092d6d743d0ba8f7ca86fd77e9c837dc46e88
Merge: 48637a8 9134093
Author: vnugent <public@vaughnnugent.com>
Date:   Wed Mar 13 21:01:02 2024 -0400

    Merge branch 'master' into develop

commit 48637a8781fc951c307216f604fc1610e68691c3
Merge: 1e08c6d e326736
Author: vnugent <public@vaughnnugent.com>
Date:   Wed Mar 13 16:20:35 2024 -0400

    Merge branch 'master' into develop

commit 1e08c6d2112459dc02a0ab873123c4a363b01d21
Author: vnugent <public@vaughnnugent.com>
Date:   Wed Mar 13 16:17:58 2024 -0400

    ci: verified container build ready for next release

commit 85a1e5b7cc5c99e97a2d4e99bbceb0d2139742ff
Author: vnugent <public@vaughnnugent.com>
Date:   Tue Mar 12 22:05:16 2024 -0400

    ci: exciting bare-metal build process, os support, smaller packages

commit 748cdbf4880d830fd794e92856e8c35a46e4f884
Author: vnugent <public@vaughnnugent.com>
Date:   Mon Mar 11 21:21:18 2024 -0400

    feat(app): #1 update libs & add curl support
---
 ci/container/Dockerfile          | 11 +++++++----
 ci/container/Taskfile.yaml       | 12 +++++++++---
 ci/container/docker-compose.yaml | 11 ++++++-----
 ci/container/run.sh              |  7 +++++++
 4 files changed, 29 insertions(+), 12 deletions(-)

(limited to 'ci/container')

diff --git a/ci/container/Dockerfile b/ci/container/Dockerfile
index a6d35d4..4580e48 100644
--- a/ci/container/Dockerfile
+++ b/ci/container/Dockerfile
@@ -5,7 +5,7 @@
 FROM alpine:3.19 as native-cont
 
 #install public libs and build tools
-RUN apk update && apk add --no-cache build-base cmake npm git
+RUN apk update && apk add --no-cache build-base cmake npm git openssl
 #most universal way to use Task is from NPM
 RUN npm install -g @go-task/cli
 
@@ -15,12 +15,12 @@ WORKDIR /build
 COPY app/ .
 
 #build internal libraries and copy the libraries to the /lib output directory
-RUN mkdir out/
+RUN mkdir out/ ssl/
 RUN task build-libs
 
 #APP CONTAINER
 #move into a clean dotnet apline lean image
-FROM mcr.microsoft.com/dotnet/runtime:8.0.2-alpine3.19-amd64 as app-cont
+FROM mcr.microsoft.com/dotnet/runtime:8.0.3-alpine3.19-amd64 as app-cont
 
 LABEL name="vnuge/simple-bookmark"
 LABEL maintainer="Vaughn Nugent <vnpublic@proton.me>"
@@ -31,6 +31,8 @@ COPY app/ /app
 
 #pull compiled libs from build container
 COPY --from=native-cont /build/out /app/lib
+#copy self signed ssl certs for first startup
+COPY --from=native-cont /build/ssl /app/ssl
 
 RUN apk update && apk add --no-cache gettext icu-libs dumb-init curl
 
@@ -83,8 +85,9 @@ ENV VNCACHE_CACHE_PUBLIC_KEY=""
 
 #HTTP/PROXY Config
 ENV HTTP_DOWNSTREAM_SERVERS=[]
-ENV SSL_JSON="{}"
 ENV HTTP_TRACE_ON=false
+#set default certificate files to the self signed ones created in the build container
+ENV SSL_JSON='{"cert": "ssl/cert.pem", "privkey":"ssl/key.pem"}'
 
 #run the init script within dumb-init
 ENTRYPOINT ["dumb-init", "--"]
diff --git a/ci/container/Taskfile.yaml b/ci/container/Taskfile.yaml
index 69dff71..1d52697 100644
--- a/ci/container/Taskfile.yaml
+++ b/ci/container/Taskfile.yaml
@@ -8,6 +8,7 @@ version: "3"
 
 vars:
   INCLUDE_FILES: "Dockerfile, docker-compose.yaml"
+  CERT_KEY_PARAMS: "ec -pkeyopt ec_paramgen_curve:secp384r1"
 
 includes:
   install:
@@ -19,6 +20,9 @@ tasks:
   build-libs:
     vars:
       OUT_DIR: "{{.USER_WORKING_DIR}}/out"
+      SSL_DIR: "{{.USER_WORKING_DIR}}/ssl"
+      HOSTNAME: 
+        sh: echo $HOSTNAME
 
     #build stage generates the following libraries
     generates:
@@ -31,10 +35,12 @@ tasks:
       - cd lib/argon2/ && task && cp build/libargon2.so {{.OUT_DIR}}/libargon2.so
       #build rpmalloc library
       - cd lib/vnlib_rpmalloc/ && task && cp build/libvn_rpmalloc.so {{.OUT_DIR}}/libvn_rpmalloc.so 
-      #install zlib and brotli native libraries from the source repos (they dont have active releases anymore :()
+      #build compression
       - cd lib/vnlib_compress/ && task && cp build/libvn_compress.so {{.OUT_DIR}}/libvn_compress.so
-      #build native compression lib and put in lib dir
-      - cd lib/vnlib_compress && cmake -B./build && cmake --build build/ --config Release && cp build/libvn_compress.so {{.OUT_DIR}}/libvn_compress.so
+
+      #create a fresh self-signed cert for the container during build
+      - openssl req -new -x509 -days 365 -keyout {{.SSL_DIR}}/key.pem -out {{.SSL_DIR}}/cert.pem -newkey {{.CERT_KEY_PARAMS}} --nodes -subj "/CN={{.HOSTNAME}}"
+      - echo "WARNING Self signed certificate created during build stage, DO NOT COPY THIS IMAGE"
 
   #called from ci pipline to build the package
   build:
diff --git a/ci/container/docker-compose.yaml b/ci/container/docker-compose.yaml
index 465615d..63de647 100644
--- a/ci/container/docker-compose.yaml
+++ b/ci/container/docker-compose.yaml
@@ -11,7 +11,9 @@ services:
     volumes:
       - ./data:/app/data
       - ./assets:/app/usr/assets:ro
-      - ./ssl:/app/ssl:ro
+      #uncomment to use your own ssl certs, otherwise a build-time cert will be used
+      #- ./ssl/cert.pem:/app/ssl/cert.pem:ro
+      #- ./ssl/key.pem:/app/ssl/key.pem:ro
     ports:
       - 8080:8080
     environment:
@@ -34,7 +36,7 @@ services:
       MAX_LOGIN_ATTEMPS: "10"
 
       #SECRETS
-      PASSWORD_PEPPER: ""
+      PASSWORD_PEPPER: ""   #A base64 encoded secret is required. raw string, vault://, file:// allowed
       DATABASE_PASSWORD: ""
       REDIS_PASSWORD: ""
       #if MEMCACHE_ONLY is false, then the following keys are required to connect to a VNCACHE cluster
@@ -44,7 +46,6 @@ services:
       #HTTP
       HTTP_DOWNSTREAM_SERVERS: '[]'
       HTTP_TRACE_ON: "false"
-      #SSL_JSON: '{"cert": "ssl/cert.pem", "privkey":"ssl/priv.pem"}'
-
-      SERVER_ARGS: ""
+      
+      SERVER_ARGS: "--setup" #remove the setup flag after you are done setting up the server
 
diff --git a/ci/container/run.sh b/ci/container/run.sh
index c780929..b452f2a 100644
--- a/ci/container/run.sh
+++ b/ci/container/run.sh
@@ -2,6 +2,8 @@
 
 #this script will be invoked by dumb-init in the container on statup and is located at /app
 
+echo "Generating configuration files"
+
 rm -rf config && mkdir config
 
 #substitude all -template files in the config-templates dir and write them to the config dir
@@ -9,7 +11,12 @@ for file in config-templates/*-template.json; do
 	envsubst < $file > config/$(basename $file -template.json).json
 done
 
+echo "Complete"
+
+echo "Merging your asset files"
 cp usr/assets/* plugins/assets/ -rf
+echo "Complete"
 
 #start the server
+echo "Starting the server"
 dotnet webserver/VNLib.WebServer.dll --config config/config.json --input-off $SERVER_ARGS
\ No newline at end of file
-- 
cgit