Complement improvements

ada15cea · Jonathan de Jong · cb2b5bee · ada15cea · ada15cea · ada15cea
Commit ada15cea authored 2 years ago by Jonathan de Jong
--- a/.gitignore
+++ b/.gitignore
@@ -62,3 +62,4 @@ conduit.db
 # Etc.
 **/*.rs.bk
+cached_target
\ No newline at end of file
--- a/tests/Complement.Dockerfile
+++ b/tests/Complement.Dockerfile
 # For use in our CI only. This requires a build artifact created by a previous run pipline stage to be placed in cached_target/release/conduit
-FROM valkum/docker-rust-ci:latest as builder
+FROM registry.gitlab.com/jfowl/conduit-containers/rust-with-tools:commit-16a08e9b as builder
+#FROM rust:latest as builder
 WORKDIR /workdir
 ARG RUSTC_WRAPPER
@@ -13,18 +15,15 @@ COPY . .
 RUN mkdir -p target/release
 RUN test -e cached_target/release/conduit && cp cached_target/release/conduit target/release/conduit || cargo build --release
+## Actual image
-FROM valkum/docker-rust-ci:latest
+FROM debian:bullseye
 WORKDIR /workdir
-RUN curl -OL "https://github.com/caddyserver/caddy/releases/download/v2.2.1/caddy_2.2.1_linux_amd64.tar.gz"
+# Install caddy
-RUN tar xzf caddy_2.2.1_linux_amd64.tar.gz
+RUN apt-get update && apt-get install -y debian-keyring debian-archive-keyring apt-transport-https curl && curl -1sLf 'https://dl.cloudsmith.io/public/caddy/testing/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-testing-archive-keyring.gpg && curl -1sLf 'https://dl.cloudsmith.io/public/caddy/testing/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-testing.list && apt-get update && apt-get install -y caddy
-COPY cached_target/release/conduit /workdir/conduit
-RUN chmod +x /workdir/conduit
-RUN chmod +x /workdir/caddy
 COPY conduit-example.toml conduit.toml
+COPY complement/caddy.json caddy.json
 ENV SERVER_NAME=localhost
 ENV CONDUIT_CONFIG=/workdir/conduit.toml
@@ -36,13 +35,13 @@ RUN echo "allow_registration = true" >> conduit.toml
 RUN echo "log = \"warn,_=off,sled=off\"" >> conduit.toml
 RUN sed -i "s/address = \"127.0.0.1\"/address = \"0.0.0.0\"/g" conduit.toml
-# Enabled Caddy auto cert generation for complement provided CA.
+COPY --from=builder /workdir/target/release/conduit /workdir/conduit
-RUN echo '{"logging":{"logs":{"default":{"level":"WARN"}}}, "apps":{"http":{"https_port":8448,"servers":{"srv0":{"listen":[":8448"],"routes":[{"match":[{"host":["your.server.name"]}],"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"127.0.0.1:8008"}]}]}]}],"terminal":true}],"tls_connection_policies": [{"match": {"sni": ["your.server.name"]}}]}}},"pki": {"certificate_authorities": {"local": {"name": "Complement CA","root": {"certificate": "/ca/ca.crt","private_key": "/ca/ca.key"},"intermediate": {"certificate": "/ca/ca.crt","private_key": "/ca/ca.key"}}}},"tls":{"automation":{"policies":[{"subjects":["your.server.name"],"issuer":{"module":"internal"},"on_demand":true},{"issuer":{"module":"internal", "ca": "local"}}]}}}}' > caddy.json
+RUN chmod +x /workdir/conduit
 EXPOSE 8008 8448
-CMD ([ -z "${COMPLEMENT_CA}" ] && echo "Error: Need Complement PKI support" && true) || \
+CMD uname -a && \
    sed -i "s/#server_name = \"your.server.name\"/server_name = \"${SERVER_NAME}\"/g" conduit.toml && \
    sed -i "s/your.server.name/${SERVER_NAME}/g" caddy.json && \
-    /workdir/caddy start --config caddy.json > /dev/null && \
+    caddy start --config caddy.json > /dev/null && \
    /workdir/conduit
--- a/complement/caddy.json
+++ b/complement/caddy.json
+{
+    "logging": {
+        "logs": {
+            "default": {
+                "level": "WARN"
+            }
+        }
+    },
+    "apps": {
+        "http": {
+            "https_port": 8448,
+            "servers": {
+                "srv0": {
+                    "listen": [":8448"],
+                    "routes": [{
+                        "match": [{
+                            "host": ["your.server.name"]
+                        }],
+                        "handle": [{
+                            "handler": "subroute",
+                            "routes": [{
+                                "handle": [{
+                                    "handler": "reverse_proxy",
+                                    "upstreams": [{
+                                        "dial": "127.0.0.1:8008"
+                                    }]
+                                }]
+                            }]
+                        }],
+                        "terminal": true
+                    }],
+                    "tls_connection_policies": [{
+                        "match": {
+                            "sni": ["your.server.name"]
+                        }
+                    }]
+                }
+            }
+        },
+        "pki": {
+            "certificate_authorities": {
+                "local": {
+                    "name": "Complement CA",
+                    "root": {
+                        "certificate": "/complement/ca/ca.crt",
+                        "private_key": "/complement/ca/ca.key"
+                    },
+                    "intermediate": {
+                        "certificate": "/complement/ca/ca.crt",
+                        "private_key": "/complement/ca/ca.key"
+                    }
+                }
+            }
+        },
+        "tls": {
+            "automation": {
+                "policies": [{
+                    "subjects": ["your.server.name"],
+                    "issuers": [{
+                        "module": "internal"
+                    }],
+                    "on_demand": true
+                }, {
+                    "issuers": [{
+                        "module": "internal",
+                        "ca": "local"
+                    }]
+                }]
+            }
+        }
+    }
+}
\ No newline at end of file