Add docker-compose support, so a working development server with HTTPS can be started with:

docker-compose build && docker-compose up
This commit is contained in:
Toby Jaffey 2022-12-12 10:26:38 +00:00
parent aa82e14bc7
commit 4afa513dce
9 changed files with 224 additions and 0 deletions

12
Dockerfile Normal file
View file

@ -0,0 +1,12 @@
FROM alpine
ENV LANG C.UTF-8
ENV LC_ALL C.UTF-8
RUN apk add --no-cache curl-dev build-base
COPY . /build
WORKDIR /build
RUN make
COPY examples/docker-entrypoint.sh /usr/local/bin/entrypoint.sh
RUN chmod +x /usr/local/bin/entrypoint.sh
ENTRYPOINT ["/bin/sh", "/usr/local/bin/entrypoint.sh"]
EXPOSE 8001
CMD /build/snac

View file

@ -43,6 +43,19 @@ Run `make` and then `make install` as root.
See the administrator manual on how to proceed from here. See the administrator manual on how to proceed from here.
# Testing via Docker
A `docker-compose` file is provided for development and testing. To start snac with an nginx HTTPS frontend, run:
docker-compose build && docker-compose up
This will:
- Start snac, storing data in `data/`
- Configure snac to listen on port 8001 with a server name of `localhost` (see `examples/docker-entrypoint.sh`)
- Create a new user `testuser` and print the user's generated password on the console (see `examples/docker-entrypoint.sh`)
- Start nginx to handle HTTPS, using the certificate pair from `nginx-alpine-ssl/nginx-selfsigned.*` (see `examples/nginx-alpine-ssl/entrypoint.sh`)
# License # License
See the LICENSE file for details. See the LICENSE file for details.

27
docker-compose.yaml Normal file
View file

@ -0,0 +1,27 @@
---
version: '3'
services:
snac:
build: .
image: snac
container_name: snac
restart: unless-stopped
security_opt:
- no-new-privileges:true
volumes:
- ./data:/data
ports:
- "8001:8001"
nginx-alpine-ssl:
build: examples/nginx-alpine-ssl
image: examples/nginx-alpine-ssl
container_name: nginx-alpine-ssl
restart: unless-stopped
security_opt:
- no-new-privileges:true
ports:
- "443:443"
- "80:80"

6
examples/docker-entrypoint.sh Executable file
View file

@ -0,0 +1,6 @@
if [ ! -e /data/data/server.json ]
then
echo -ne "0.0.0.0\r\n8001\r\nlocalhost\r\n\r\n" | /build/snac init /data/data
/build/snac adduser /data/data testuser
fi
SSLKEYLOGFILE=/data/key /build/snac httpd /data/data

View file

@ -0,0 +1,13 @@
FROM alpine
RUN apk add nginx
RUN mkdir -p /run/nginx
ADD default.conf /etc/nginx/http.d/default.conf
ADD *.key /etc/ssl/private/
ADD *.crt /etc/ssl/certs/
WORKDIR /var/www/localhost/htdocs
COPY entrypoint.sh /usr/local/bin
RUN chmod +x /usr/local/bin/entrypoint.sh
ENTRYPOINT ["/bin/sh", "/usr/local/bin/entrypoint.sh"]
#EXPOSE 80
EXPOSE 443
CMD ["/bin/sh", "-c", "nginx -g 'daemon off;'; nginx -s reload;"]

View file

@ -0,0 +1,89 @@
server {
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
location /.well-known/webfinger {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Proxy "";
proxy_pass_header Server;
proxy_buffering on;
tcp_nodelay on;
proxy_pass http://snac:8001;
proxy_set_header Host $http_host;
}
location /.well-known/nodeinfo {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Proxy "";
proxy_pass_header Server;
proxy_buffering on;
tcp_nodelay on;
proxy_pass http://snac:8001;
proxy_set_header Host $http_host;
}
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Proxy "";
proxy_pass_header Server;
proxy_buffering on;
tcp_nodelay on;
proxy_pass http://snac:8001;
proxy_set_header Host $http_host;
}
location /fedi/ {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Proxy "";
proxy_pass_header Server;
proxy_buffering on;
tcp_nodelay on;
proxy_pass http://snac:8001;
proxy_set_header Host $http_host;
}
}

View file

@ -0,0 +1,15 @@
cd /etc/nginx/http.d;
export CRT="${CRT:=nginx-selfsigned.crt}";
if [ -f "/etc/ssl/certs/$CRT" ]
then
# set crt file in the default.conf file
sed -i "/ssl_certificate \//c\\\tssl_certificate \/etc\/ssl\/certs\/$CRT;" default.conf;
fi
export KEY="${KEY:=nginx-selfsigned.key}";
if [ -f "/etc/ssl/private/$KEY" ]
then
# set key file in the default.conf file
sed -i "/ssl_certificate_key \//c\\\tssl_certificate_key \/etc\/ssl\/private\/$KEY;" default.conf;
fi
nginx -g 'daemon off;'; nginx -s reload;

View file

@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDjDCCAnSgAwIBAgIUCCSqvSfnCK67C4JNfoiXUXyTIK4wDQYJKoZIhvcNAQEL
BQAwSTELMAkGA1UEBhMCQ0ExCzAJBgNVBAgMAlFDMRYwFAYDVQQKDA1Db21wYW55
LCBJbmMuMRUwEwYDVQQDDAxteWRvbWFpbi5jb20wHhcNMjIxMjEyMTAwNzU1WhcN
MjMxMjEyMTAwNzU1WjBJMQswCQYDVQQGEwJDQTELMAkGA1UECAwCUUMxFjAUBgNV
BAoMDUNvbXBhbnksIEluYy4xFTATBgNVBAMMDG15ZG9tYWluLmNvbTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBANss2w/GUwKcoUxHsWDfnldEuJzwx3Jr
oRvTZY7ZcEM8vsVW8Xi61jpo2H/Uqv+3jl6+R6UFL1IKQUY0jn9KatYkfrHdHcYx
RwH8yLKWfCY9/qrPE8NzYQMkeNUqu5oGWDMFoCcGAuHOzB+v6JR2/0zaEavi96dZ
ZwjijdZtZAB9BuqD5R5dmVBV1fYSWM/X0/KN2RPpoBRak+HmpoZfimut9rMAPjay
WjVxQCR/kCL6OlfLL5CFp6e6u9pczRNTLr0QODmyQGIBd4Rjh1JQD2K1c1QN4ztw
ExGW+gqe7CGuwVfPSjlUsE1kiC11KreAWadLiovOp4Th6lygeaYg4R8CAwEAAaNs
MGowHQYDVR0OBBYEFE/ykxo/J5z2IT9Zuk3uwk+NAb4eMB8GA1UdIwQYMBaAFE/y
kxo/J5z2IT9Zuk3uwk+NAb4eMA8GA1UdEwEB/wQFMAMBAf8wFwYDVR0RBBAwDoIM
bXlkb21haW4uY29tMA0GCSqGSIb3DQEBCwUAA4IBAQA/8ptI9ncISkYBDz8hUmWE
WkBsSFs2BTBvUQ4bsdXmV3AkC1BFw0meW3kNL/4ptkSsOvVj4imBjG906UfyXw5l
TyegRn2pA13IqBgl0Fs0+qlg5a/a+UgMZHmJeCsOZ3gJCG/mqJ0MyE8vUCUcD1oZ
XGsUgOUkiK/eMN6r4kW6SsBs7iapDpascvmGz4VuzYpBy+qOGayfCOt4h/hS9VEC
ErZo1L6jJFBApM1Jxmd7yYWJeQAkN1/LjdYJltSZ4dNlw6ewzK/Px0hGeEzr60M7
+JgGuAuxIdp3pTYZwB5TqZ5v/bvapzPgK4A7COBOj1N3uqJiTmYErKwx201AP3BQ
-----END CERTIFICATE-----

View file

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDbLNsPxlMCnKFM
R7Fg355XRLic8Mdya6Eb02WO2XBDPL7FVvF4utY6aNh/1Kr/t45evkelBS9SCkFG
NI5/SmrWJH6x3R3GMUcB/MiylnwmPf6qzxPDc2EDJHjVKruaBlgzBaAnBgLhzswf
r+iUdv9M2hGr4venWWcI4o3WbWQAfQbqg+UeXZlQVdX2EljP19PyjdkT6aAUWpPh
5qaGX4prrfazAD42slo1cUAkf5Ai+jpXyy+QhaenurvaXM0TUy69EDg5skBiAXeE
Y4dSUA9itXNUDeM7cBMRlvoKnuwhrsFXz0o5VLBNZIgtdSq3gFmnS4qLzqeE4epc
oHmmIOEfAgMBAAECggEBAJDckN1YQ71SMPnt2LsikdE0RqDUM77YjF+L1XAZHy4R
lDVyRZ96PeXVLmMu+OaTN7I/KbNUPfaHeKUiT5yqXvqynFqKvwcjwr75iN0gwWW1
TAExZOql89TT4lliKSSgVONEMJoaSwVcXWYEKkEWdZ8h8tQc63rciFFDDGRRYOtA
fmMb3tOmnJqGu4PDq4vnVv7YiCXvNZiVOz99AsW0Y1ptSMyQrxyLjdr+wxClh0UV
uGFcFIJJwsvBGDNb6G3Wy3vJHkkqMEhPwfP/AkHZMdQKdZ15V/WAOP8xKXW205jY
Lu0mCbv2Udaait+fjZhM/JoemPLApwLNVRpwV5QfGwECgYEA9X/fjVPhJZ42LrP0
Z4j2tj47DLtHLktrd84OA4BV4I+JjTvddJfXCtEk1m59vpzutJEYpy/bII84JWuE
H1cMv8epS4Yfi/2RoB8ADO7E0L/BPAND7zjCHIqryiZY7ubp/71/jaOF0ZCugqbi
YK7sl9H7qj1u+cC4+pab9ue/IyECgYEA5Iy90M7f7bI+6tS2/k4eroLxGWAJqRSj
D2DjYTd/gPgm8jCDhnmbicquP2YBTIIdaNiREh19pvQs/JRo+tbsGKgSQbjLdM8Z
8WzmhrNJH/fF/Vmi8DYSg4VScZgyjJX5T1FsRup8r53hxVpyRtTEJLOzSfJDEE1L
eb09EeHrvD8CgYAOKdt25uD1b6RGm4E9O+yn5P05JdDcfeNsXQn3776EnyNbb5m+
MUhpylkqueMtTRaEel6Gvr8QqNKfbg2IVVhZ9CXzQoCtbeqp5z/0fw4B0R5P3Qxd
T9P7G5D/r6iv18imRYOHY2jEB2naBdDHrS/fLnEriDHP3OuPIYNMAmDHoQKBgQCQ
Py/yIQ9+Axjot7aDTKTaubQXsuCGAYtkwl7gVdm4eWaDRxFMB2aekfhl9ShutFSB
fuYYy9opTEU0aSrU3l8GtNVI+6wVnjyefoAElhVaAtTIMRHAkDAhKD0/irKkvmcq
o5Y2L/rgEEKVf59Oiyz8iRpoWmnvWQmA3Wo05iUVmwKBgHTh1q1PTUzgvL0uNNZ3
Kttp/U81I0C0TEyLFt/WfAD6ZrsG3GMq5IqN2CkOvPSDCrdxAxiDuxK7l3/gWU6s
9EtoG2gZb5SyU6hZ0isuokaeAyuueDEco38AFXSvmt/jxvdzilYW/n5+HNoV2XL1
CBv1Y6Ouy7rA3Q9C7WPb43m4
-----END PRIVATE KEY-----