mirror of
https://codeberg.org/grunfink/snac2.git
synced 2024-11-14 09:35:04 +00:00
Add docker-compose support, so a working development server with HTTPS can be started with:
docker-compose build && docker-compose up
This commit is contained in:
parent
aa82e14bc7
commit
4afa513dce
9 changed files with 224 additions and 0 deletions
12
Dockerfile
Normal file
12
Dockerfile
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
FROM alpine
|
||||||
|
ENV LANG C.UTF-8
|
||||||
|
ENV LC_ALL C.UTF-8
|
||||||
|
RUN apk add --no-cache curl-dev build-base
|
||||||
|
COPY . /build
|
||||||
|
WORKDIR /build
|
||||||
|
RUN make
|
||||||
|
COPY examples/docker-entrypoint.sh /usr/local/bin/entrypoint.sh
|
||||||
|
RUN chmod +x /usr/local/bin/entrypoint.sh
|
||||||
|
ENTRYPOINT ["/bin/sh", "/usr/local/bin/entrypoint.sh"]
|
||||||
|
EXPOSE 8001
|
||||||
|
CMD /build/snac
|
13
README.md
13
README.md
|
@ -43,6 +43,19 @@ Run `make` and then `make install` as root.
|
||||||
|
|
||||||
See the administrator manual on how to proceed from here.
|
See the administrator manual on how to proceed from here.
|
||||||
|
|
||||||
|
# Testing via Docker
|
||||||
|
|
||||||
|
A `docker-compose` file is provided for development and testing. To start snac with an nginx HTTPS frontend, run:
|
||||||
|
|
||||||
|
docker-compose build && docker-compose up
|
||||||
|
|
||||||
|
This will:
|
||||||
|
|
||||||
|
- Start snac, storing data in `data/`
|
||||||
|
- Configure snac to listen on port 8001 with a server name of `localhost` (see `examples/docker-entrypoint.sh`)
|
||||||
|
- Create a new user `testuser` and print the user's generated password on the console (see `examples/docker-entrypoint.sh`)
|
||||||
|
- Start nginx to handle HTTPS, using the certificate pair from `nginx-alpine-ssl/nginx-selfsigned.*` (see `examples/nginx-alpine-ssl/entrypoint.sh`)
|
||||||
|
|
||||||
# License
|
# License
|
||||||
|
|
||||||
See the LICENSE file for details.
|
See the LICENSE file for details.
|
||||||
|
|
27
docker-compose.yaml
Normal file
27
docker-compose.yaml
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
---
|
||||||
|
version: '3'
|
||||||
|
|
||||||
|
services:
|
||||||
|
snac:
|
||||||
|
build: .
|
||||||
|
image: snac
|
||||||
|
container_name: snac
|
||||||
|
restart: unless-stopped
|
||||||
|
security_opt:
|
||||||
|
- no-new-privileges:true
|
||||||
|
volumes:
|
||||||
|
- ./data:/data
|
||||||
|
ports:
|
||||||
|
- "8001:8001"
|
||||||
|
|
||||||
|
nginx-alpine-ssl:
|
||||||
|
build: examples/nginx-alpine-ssl
|
||||||
|
image: examples/nginx-alpine-ssl
|
||||||
|
container_name: nginx-alpine-ssl
|
||||||
|
restart: unless-stopped
|
||||||
|
security_opt:
|
||||||
|
- no-new-privileges:true
|
||||||
|
ports:
|
||||||
|
- "443:443"
|
||||||
|
- "80:80"
|
||||||
|
|
6
examples/docker-entrypoint.sh
Executable file
6
examples/docker-entrypoint.sh
Executable file
|
@ -0,0 +1,6 @@
|
||||||
|
if [ ! -e /data/data/server.json ]
|
||||||
|
then
|
||||||
|
echo -ne "0.0.0.0\r\n8001\r\nlocalhost\r\n\r\n" | /build/snac init /data/data
|
||||||
|
/build/snac adduser /data/data testuser
|
||||||
|
fi
|
||||||
|
SSLKEYLOGFILE=/data/key /build/snac httpd /data/data
|
13
examples/nginx-alpine-ssl/Dockerfile
Normal file
13
examples/nginx-alpine-ssl/Dockerfile
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
FROM alpine
|
||||||
|
RUN apk add nginx
|
||||||
|
RUN mkdir -p /run/nginx
|
||||||
|
ADD default.conf /etc/nginx/http.d/default.conf
|
||||||
|
ADD *.key /etc/ssl/private/
|
||||||
|
ADD *.crt /etc/ssl/certs/
|
||||||
|
WORKDIR /var/www/localhost/htdocs
|
||||||
|
COPY entrypoint.sh /usr/local/bin
|
||||||
|
RUN chmod +x /usr/local/bin/entrypoint.sh
|
||||||
|
ENTRYPOINT ["/bin/sh", "/usr/local/bin/entrypoint.sh"]
|
||||||
|
#EXPOSE 80
|
||||||
|
EXPOSE 443
|
||||||
|
CMD ["/bin/sh", "-c", "nginx -g 'daemon off;'; nginx -s reload;"]
|
89
examples/nginx-alpine-ssl/default.conf
Normal file
89
examples/nginx-alpine-ssl/default.conf
Normal file
|
@ -0,0 +1,89 @@
|
||||||
|
server {
|
||||||
|
listen 80 default_server;
|
||||||
|
listen [::]:80 default_server;
|
||||||
|
listen 443 ssl http2 default_server;
|
||||||
|
listen [::]:443 ssl http2 default_server;
|
||||||
|
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
|
||||||
|
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
|
||||||
|
|
||||||
|
location /.well-known/webfinger {
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
|
proxy_redirect off;
|
||||||
|
proxy_connect_timeout 90;
|
||||||
|
proxy_send_timeout 90;
|
||||||
|
proxy_read_timeout 90;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header Proxy "";
|
||||||
|
proxy_pass_header Server;
|
||||||
|
proxy_buffering on;
|
||||||
|
tcp_nodelay on;
|
||||||
|
proxy_pass http://snac:8001;
|
||||||
|
proxy_set_header Host $http_host;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /.well-known/nodeinfo {
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
|
proxy_redirect off;
|
||||||
|
proxy_connect_timeout 90;
|
||||||
|
proxy_send_timeout 90;
|
||||||
|
proxy_read_timeout 90;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header Proxy "";
|
||||||
|
proxy_pass_header Server;
|
||||||
|
proxy_buffering on;
|
||||||
|
tcp_nodelay on;
|
||||||
|
proxy_pass http://snac:8001;
|
||||||
|
proxy_set_header Host $http_host;
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
|
proxy_redirect off;
|
||||||
|
proxy_connect_timeout 90;
|
||||||
|
proxy_send_timeout 90;
|
||||||
|
proxy_read_timeout 90;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header Proxy "";
|
||||||
|
proxy_pass_header Server;
|
||||||
|
proxy_buffering on;
|
||||||
|
tcp_nodelay on;
|
||||||
|
proxy_pass http://snac:8001;
|
||||||
|
proxy_set_header Host $http_host;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /fedi/ {
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
|
proxy_redirect off;
|
||||||
|
proxy_connect_timeout 90;
|
||||||
|
proxy_send_timeout 90;
|
||||||
|
proxy_read_timeout 90;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header Proxy "";
|
||||||
|
proxy_pass_header Server;
|
||||||
|
proxy_buffering on;
|
||||||
|
tcp_nodelay on;
|
||||||
|
proxy_pass http://snac:8001;
|
||||||
|
proxy_set_header Host $http_host;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
15
examples/nginx-alpine-ssl/entrypoint.sh
Executable file
15
examples/nginx-alpine-ssl/entrypoint.sh
Executable file
|
@ -0,0 +1,15 @@
|
||||||
|
cd /etc/nginx/http.d;
|
||||||
|
export CRT="${CRT:=nginx-selfsigned.crt}";
|
||||||
|
if [ -f "/etc/ssl/certs/$CRT" ]
|
||||||
|
then
|
||||||
|
# set crt file in the default.conf file
|
||||||
|
sed -i "/ssl_certificate \//c\\\tssl_certificate \/etc\/ssl\/certs\/$CRT;" default.conf;
|
||||||
|
fi
|
||||||
|
export KEY="${KEY:=nginx-selfsigned.key}";
|
||||||
|
if [ -f "/etc/ssl/private/$KEY" ]
|
||||||
|
then
|
||||||
|
# set key file in the default.conf file
|
||||||
|
sed -i "/ssl_certificate_key \//c\\\tssl_certificate_key \/etc\/ssl\/private\/$KEY;" default.conf;
|
||||||
|
fi
|
||||||
|
nginx -g 'daemon off;'; nginx -s reload;
|
||||||
|
|
21
examples/nginx-alpine-ssl/nginx-selfsigned.crt
Normal file
21
examples/nginx-alpine-ssl/nginx-selfsigned.crt
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDjDCCAnSgAwIBAgIUCCSqvSfnCK67C4JNfoiXUXyTIK4wDQYJKoZIhvcNAQEL
|
||||||
|
BQAwSTELMAkGA1UEBhMCQ0ExCzAJBgNVBAgMAlFDMRYwFAYDVQQKDA1Db21wYW55
|
||||||
|
LCBJbmMuMRUwEwYDVQQDDAxteWRvbWFpbi5jb20wHhcNMjIxMjEyMTAwNzU1WhcN
|
||||||
|
MjMxMjEyMTAwNzU1WjBJMQswCQYDVQQGEwJDQTELMAkGA1UECAwCUUMxFjAUBgNV
|
||||||
|
BAoMDUNvbXBhbnksIEluYy4xFTATBgNVBAMMDG15ZG9tYWluLmNvbTCCASIwDQYJ
|
||||||
|
KoZIhvcNAQEBBQADggEPADCCAQoCggEBANss2w/GUwKcoUxHsWDfnldEuJzwx3Jr
|
||||||
|
oRvTZY7ZcEM8vsVW8Xi61jpo2H/Uqv+3jl6+R6UFL1IKQUY0jn9KatYkfrHdHcYx
|
||||||
|
RwH8yLKWfCY9/qrPE8NzYQMkeNUqu5oGWDMFoCcGAuHOzB+v6JR2/0zaEavi96dZ
|
||||||
|
ZwjijdZtZAB9BuqD5R5dmVBV1fYSWM/X0/KN2RPpoBRak+HmpoZfimut9rMAPjay
|
||||||
|
WjVxQCR/kCL6OlfLL5CFp6e6u9pczRNTLr0QODmyQGIBd4Rjh1JQD2K1c1QN4ztw
|
||||||
|
ExGW+gqe7CGuwVfPSjlUsE1kiC11KreAWadLiovOp4Th6lygeaYg4R8CAwEAAaNs
|
||||||
|
MGowHQYDVR0OBBYEFE/ykxo/J5z2IT9Zuk3uwk+NAb4eMB8GA1UdIwQYMBaAFE/y
|
||||||
|
kxo/J5z2IT9Zuk3uwk+NAb4eMA8GA1UdEwEB/wQFMAMBAf8wFwYDVR0RBBAwDoIM
|
||||||
|
bXlkb21haW4uY29tMA0GCSqGSIb3DQEBCwUAA4IBAQA/8ptI9ncISkYBDz8hUmWE
|
||||||
|
WkBsSFs2BTBvUQ4bsdXmV3AkC1BFw0meW3kNL/4ptkSsOvVj4imBjG906UfyXw5l
|
||||||
|
TyegRn2pA13IqBgl0Fs0+qlg5a/a+UgMZHmJeCsOZ3gJCG/mqJ0MyE8vUCUcD1oZ
|
||||||
|
XGsUgOUkiK/eMN6r4kW6SsBs7iapDpascvmGz4VuzYpBy+qOGayfCOt4h/hS9VEC
|
||||||
|
ErZo1L6jJFBApM1Jxmd7yYWJeQAkN1/LjdYJltSZ4dNlw6ewzK/Px0hGeEzr60M7
|
||||||
|
+JgGuAuxIdp3pTYZwB5TqZ5v/bvapzPgK4A7COBOj1N3uqJiTmYErKwx201AP3BQ
|
||||||
|
-----END CERTIFICATE-----
|
28
examples/nginx-alpine-ssl/nginx-selfsigned.key
Normal file
28
examples/nginx-alpine-ssl/nginx-selfsigned.key
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
-----BEGIN PRIVATE KEY-----
|
||||||
|
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDbLNsPxlMCnKFM
|
||||||
|
R7Fg355XRLic8Mdya6Eb02WO2XBDPL7FVvF4utY6aNh/1Kr/t45evkelBS9SCkFG
|
||||||
|
NI5/SmrWJH6x3R3GMUcB/MiylnwmPf6qzxPDc2EDJHjVKruaBlgzBaAnBgLhzswf
|
||||||
|
r+iUdv9M2hGr4venWWcI4o3WbWQAfQbqg+UeXZlQVdX2EljP19PyjdkT6aAUWpPh
|
||||||
|
5qaGX4prrfazAD42slo1cUAkf5Ai+jpXyy+QhaenurvaXM0TUy69EDg5skBiAXeE
|
||||||
|
Y4dSUA9itXNUDeM7cBMRlvoKnuwhrsFXz0o5VLBNZIgtdSq3gFmnS4qLzqeE4epc
|
||||||
|
oHmmIOEfAgMBAAECggEBAJDckN1YQ71SMPnt2LsikdE0RqDUM77YjF+L1XAZHy4R
|
||||||
|
lDVyRZ96PeXVLmMu+OaTN7I/KbNUPfaHeKUiT5yqXvqynFqKvwcjwr75iN0gwWW1
|
||||||
|
TAExZOql89TT4lliKSSgVONEMJoaSwVcXWYEKkEWdZ8h8tQc63rciFFDDGRRYOtA
|
||||||
|
fmMb3tOmnJqGu4PDq4vnVv7YiCXvNZiVOz99AsW0Y1ptSMyQrxyLjdr+wxClh0UV
|
||||||
|
uGFcFIJJwsvBGDNb6G3Wy3vJHkkqMEhPwfP/AkHZMdQKdZ15V/WAOP8xKXW205jY
|
||||||
|
Lu0mCbv2Udaait+fjZhM/JoemPLApwLNVRpwV5QfGwECgYEA9X/fjVPhJZ42LrP0
|
||||||
|
Z4j2tj47DLtHLktrd84OA4BV4I+JjTvddJfXCtEk1m59vpzutJEYpy/bII84JWuE
|
||||||
|
H1cMv8epS4Yfi/2RoB8ADO7E0L/BPAND7zjCHIqryiZY7ubp/71/jaOF0ZCugqbi
|
||||||
|
YK7sl9H7qj1u+cC4+pab9ue/IyECgYEA5Iy90M7f7bI+6tS2/k4eroLxGWAJqRSj
|
||||||
|
D2DjYTd/gPgm8jCDhnmbicquP2YBTIIdaNiREh19pvQs/JRo+tbsGKgSQbjLdM8Z
|
||||||
|
8WzmhrNJH/fF/Vmi8DYSg4VScZgyjJX5T1FsRup8r53hxVpyRtTEJLOzSfJDEE1L
|
||||||
|
eb09EeHrvD8CgYAOKdt25uD1b6RGm4E9O+yn5P05JdDcfeNsXQn3776EnyNbb5m+
|
||||||
|
MUhpylkqueMtTRaEel6Gvr8QqNKfbg2IVVhZ9CXzQoCtbeqp5z/0fw4B0R5P3Qxd
|
||||||
|
T9P7G5D/r6iv18imRYOHY2jEB2naBdDHrS/fLnEriDHP3OuPIYNMAmDHoQKBgQCQ
|
||||||
|
Py/yIQ9+Axjot7aDTKTaubQXsuCGAYtkwl7gVdm4eWaDRxFMB2aekfhl9ShutFSB
|
||||||
|
fuYYy9opTEU0aSrU3l8GtNVI+6wVnjyefoAElhVaAtTIMRHAkDAhKD0/irKkvmcq
|
||||||
|
o5Y2L/rgEEKVf59Oiyz8iRpoWmnvWQmA3Wo05iUVmwKBgHTh1q1PTUzgvL0uNNZ3
|
||||||
|
Kttp/U81I0C0TEyLFt/WfAD6ZrsG3GMq5IqN2CkOvPSDCrdxAxiDuxK7l3/gWU6s
|
||||||
|
9EtoG2gZb5SyU6hZ0isuokaeAyuueDEco38AFXSvmt/jxvdzilYW/n5+HNoV2XL1
|
||||||
|
CBv1Y6Ouy7rA3Q9C7WPb43m4
|
||||||
|
-----END PRIVATE KEY-----
|
Loading…
Reference in a new issue