1
0
Fork 0
mirror of https://gitlab.com/famedly/conduit.git synced 2025-09-15 18:57:03 +00:00

WIP Fixes to test with complement

This commit is contained in:
Jonas Zohren 2021-12-07 19:03:08 +01:00
parent 6be5e83e61
commit b455e407f7
No known key found for this signature in database
GPG key ID: FE3ED5D90A175463
4 changed files with 194 additions and 44 deletions

View file

@ -1,48 +1,33 @@
# For use in our CI only. This requires a build artifact created by a previous run pipline stage to be placed in cached_target/release/conduit
FROM valkum/docker-rust-ci:latest as builder
FROM matrixconduit/matrix-conduit:next-alpine AS conduit-complement
WORKDIR /workdir
USER root
ARG RUSTC_WRAPPER
ARG AWS_ACCESS_KEY_ID
ARG AWS_SECRET_ACCESS_KEY
ARG SCCACHE_BUCKET
ARG SCCACHE_ENDPOINT
ARG SCCACHE_S3_USE_SSL
RUN apk add --no-cache caddy
COPY . .
RUN mkdir -p target/release
RUN test -e cached_target/release/conduit && cp cached_target/release/conduit target/release/conduit || cargo build --release
ENV ROCKET_LOG=normal \
CONDUIT_LOG="info,rocket=info,_=off,sled=off" \
CONDUIT_CONFIG="" \
CONDUIT_DATABASE_PATH="/tmp/" \
CONDUIT_SERVER_NAME=localhost \
CONDUIT_ADDRESS="0.0.0.0" \
CONDUIT_PORT="6167" \
CONDUIT_ALLOW_FEDERATION="true" \
CONDUIT_ALLOW_ENCRYPTION="true" \
CONDUIT_ALLOW_REGISTRATION="true"
FROM valkum/docker-rust-ci:latest
WORKDIR /workdir
RUN curl -OL "https://github.com/caddyserver/caddy/releases/download/v2.2.1/caddy_2.2.1_linux_amd64.tar.gz"
RUN tar xzf caddy_2.2.1_linux_amd64.tar.gz
COPY cached_target/release/conduit /workdir/conduit
RUN chmod +x /workdir/conduit
RUN chmod +x /workdir/caddy
COPY conduit-example.toml conduit.toml
ENV SERVER_NAME=localhost
ENV CONDUIT_CONFIG=/workdir/conduit.toml
RUN sed -i "s/port = 6167/port = 8008/g" conduit.toml
RUN echo "allow_federation = true" >> conduit.toml
RUN echo "allow_encryption = true" >> conduit.toml
RUN echo "allow_registration = true" >> conduit.toml
RUN echo "log = \"info,_=off,sled=off\"" >> conduit.toml
RUN sed -i "s/address = \"127.0.0.1\"/address = \"0.0.0.0\"/g" conduit.toml
# Enabled Caddy auto cert generation for complement provided CA.
RUN echo '{"logging":{"logs":{"default":{"level":"WARN"}}}, "apps":{"http":{"https_port":8448,"servers":{"srv0":{"listen":[":8448"],"routes":[{"match":[{"host":["your.server.name"]}],"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"127.0.0.1:8008"}]}]}]}],"terminal":true}],"tls_connection_policies": [{"match": {"sni": ["your.server.name"]}}]}}},"pki": {"certificate_authorities": {"local": {"name": "Complement CA","root": {"certificate": "/ca/ca.crt","private_key": "/ca/ca.key"},"intermediate": {"certificate": "/ca/ca.crt","private_key": "/ca/ca.key"}}}},"tls":{"automation":{"policies":[{"subjects":["your.server.name"],"issuer":{"module":"internal"},"on_demand":true},{"issuer":{"module":"internal", "ca": "local"}}]}}}}' > caddy.json
COPY ./tests/complement-caddy.json ./caddy.json
EXPOSE 8008 8448
HEALTHCHECK --start-period=2s --interval=2s CMD true
ENTRYPOINT [""]
CMD ([ -z "${COMPLEMENT_CA}" ] && echo "Error: Need Complement PKI support" && true) || \
sed -i "s/#server_name = \"your.server.name\"/server_name = \"${SERVER_NAME}\"/g" conduit.toml && \
cp /ca/ca.crt /usr/local/share/ca-certificates/complement.crt && update-ca-certificates && \
export CONDUIT_SERVER_NAME="${SERVER_NAME}" && \
sed -i "s/your.server.name/${SERVER_NAME}/g" caddy.json && \
/workdir/caddy start --config caddy.json > /dev/null && \
/workdir/conduit
(caddy start --config caddy.json) >> /tmp/caddy.log 2>> /tmp/caddy.err.log && \
echo "Starting Conduit with address '${SERVER_NAME}'" && \
/srv/conduit/conduit

119
tests/complement-caddy.json Normal file
View file

@ -0,0 +1,119 @@
{
"logging": {
"logs": {
"default": {
"level": "WARN",
"writer": {
"output": "stdout"
},
"encoder": {
"format": "console"
}
}
}
},
"apps": {
"http": {
"servers": {
"srv0": {
"listen": [":8448"],
"routes": [
{
"match": [
{
"host": ["your.server.name", "*"]
}
],
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "reverse_proxy",
"upstreams": [
{
"dial": "0.0.0.0:6167"
}
]
}
]
}
]
}
],
"terminal": true
}
]
},
"srv1": {
"listen": [":8008"],
"automatic_https": {
"disable": true,
"disable_redirects": true
},
"routes": [
{
"match": [
{
"host": ["your.server.name", "*"]
}
],
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "reverse_proxy",
"upstreams": [
{
"dial": "0.0.0.0:6167"
}
]
}
]
}
]
}
],
"terminal": true
}
]
}
}
},
"tls": {
"automation": {
"policies": [
{
"subjects": ["your.server.name"],
"issuers": [
{
"module": "internal"
}
],
"on_demand": true
}
]
}
},
"pki": {
"certificate_authorities": {
"local": {
"name": "Complement CA",
"root": {
"certificate": "/ca/ca.crt",
"private_key": "/ca/ca.key"
},
"intermediate": {
"certificate": "/ca/ca.crt",
"private_key": "/ca/ca.key"
}
}
}
}
}
}