Merge branch 'fix_complement' into 'master'

Fix complement

See merge request famedly/conduit!7
This commit is contained in:
Timo Kösters 2020-11-18 20:17:50 +00:00
commit 7078443460

View File

@ -14,17 +14,27 @@ RUN cargo build
FROM valkum/docker-rust-ci:latest FROM valkum/docker-rust-ci:latest
WORKDIR /workdir WORKDIR /workdir
RUN curl -OL "https://github.com/caddyserver/caddy/releases/download/v2.1.1/caddy_2.1.1_linux_amd64.tar.gz" RUN curl -OL "https://github.com/caddyserver/caddy/releases/download/v2.2.1/caddy_2.2.1_linux_amd64.tar.gz"
RUN tar xzf caddy_2.1.1_linux_amd64.tar.gz RUN tar xzf caddy_2.2.1_linux_amd64.tar.gz
COPY --from=builder /workdir/target/debug/conduit /workdir/conduit COPY --from=builder /workdir/target/debug/conduit /workdir/conduit
COPY Rocket-example.toml Rocket.toml COPY Rocket-example.toml Rocket.toml
ENV SERVER_NAME=localhost ENV SERVER_NAME=localhost
ENV ROCKET_LOG=normal
RUN sed -i "s/server_name = \"your.server.name\"/server_name = \"${SERVER_NAME}\"/g" Rocket.toml
RUN sed -i "s/port = 14004/port = 8008/g" Rocket.toml RUN sed -i "s/port = 14004/port = 8008/g" Rocket.toml
RUN echo "federation_enabled = true" >> Rocket.toml
# Enabled Caddy auto cert generation for complement provided CA.
RUN echo '{"apps":{"http":{"https_port":8448,"servers":{"srv0":{"listen":[":8448"],"routes":[{"match":[{"host":["your.server.name"]}],"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"localhost:8008"}]}]}]}],"terminal":true}],"tls_connection_policies": [{"match": {"sni": ["your.server.name"]}}]}}},"pki": {"certificate_authorities": {"local": {"name": "Complement CA","root": {"certificate": "/ca/ca.crt","private_key": "/ca/ca.key"},"intermediate": {"certificate": "/ca/ca.crt","private_key": "/ca/ca.key"}}}},"tls":{"automation":{"policies":[{"subjects":["your.server.name"],"issuer":{"module":"internal"},"on_demand":true},{"issuer":{"module":"internal", "ca": "local"}}]}}}}' > caddy.json
EXPOSE 8008 8448 EXPOSE 8008 8448
CMD /workdir/caddy reverse-proxy --from ${SERVER_NAME}:8448 --to localhost:8008 > /dev/null 2>&1 & /workdir/conduit
CMD ([ -z "${COMPLEMENT_CA}" ] && echo "Error: Need Complement PKI support" && true) || \
sed -i "s/server_name = \"your.server.name\"/server_name = \"${SERVER_NAME}\"/g" Rocket.toml && \
sed -i "s/your.server.name/${SERVER_NAME}/g" caddy.json && \
/workdir/caddy start --config caddy.json > /dev/null && \
/workdir/conduit