2021-03-24 17:25:21 +00:00
|
|
|
# For use in our CI only. This requires a build artifact created by a previous run pipline stage to be placed in cached_target/release/conduit
|
2020-09-17 10:50:37 +00:00
|
|
|
FROM valkum/docker-rust-ci:latest
|
2020-09-17 19:11:18 +00:00
|
|
|
WORKDIR /workdir
|
2020-09-17 13:36:36 +00:00
|
|
|
|
2020-10-30 01:57:22 +00:00
|
|
|
RUN curl -OL "https://github.com/caddyserver/caddy/releases/download/v2.2.1/caddy_2.2.1_linux_amd64.tar.gz"
|
|
|
|
RUN tar xzf caddy_2.2.1_linux_amd64.tar.gz
|
2020-09-17 13:36:36 +00:00
|
|
|
|
2021-03-24 17:25:21 +00:00
|
|
|
COPY cached_target/release/conduit /workdir/conduit
|
|
|
|
RUN chmod +x /workdir/conduit
|
|
|
|
RUN chmod +x /workdir/caddy
|
2020-09-17 10:50:37 +00:00
|
|
|
|
2021-03-24 17:25:21 +00:00
|
|
|
COPY conduit-example.toml conduit.toml
|
2020-09-17 19:11:18 +00:00
|
|
|
|
|
|
|
ENV SERVER_NAME=localhost
|
2020-10-30 01:57:22 +00:00
|
|
|
ENV ROCKET_LOG=normal
|
2021-03-24 17:25:21 +00:00
|
|
|
ENV CONDUIT_CONFIG=/workdir/conduit.toml
|
2020-09-17 19:11:18 +00:00
|
|
|
|
2021-03-24 17:25:21 +00:00
|
|
|
RUN sed -i "s/port = 6167/port = 8008/g" conduit.toml
|
|
|
|
RUN echo "allow_federation = true" >> conduit.toml
|
|
|
|
RUN echo "allow_encryption = true" >> conduit.toml
|
|
|
|
RUN echo "allow_registration = true" >> conduit.toml
|
|
|
|
RUN echo "log = \"info,rocket=info,_=off,sled=off\"" >> conduit.toml
|
|
|
|
RUN sed -i "s/address = \"127.0.0.1\"/address = \"0.0.0.0\"/g" conduit.toml
|
2020-09-16 17:53:27 +00:00
|
|
|
|
2020-10-30 01:57:22 +00:00
|
|
|
# Enabled Caddy auto cert generation for complement provided CA.
|
2021-03-24 17:25:21 +00:00
|
|
|
RUN echo '{"logging":{"logs":{"default":{"level":"WARN"}}}, "apps":{"http":{"https_port":8448,"servers":{"srv0":{"listen":[":8448"],"routes":[{"match":[{"host":["your.server.name"]}],"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"127.0.0.1:8008"}]}]}]}],"terminal":true}],"tls_connection_policies": [{"match": {"sni": ["your.server.name"]}}]}}},"pki": {"certificate_authorities": {"local": {"name": "Complement CA","root": {"certificate": "/ca/ca.crt","private_key": "/ca/ca.key"},"intermediate": {"certificate": "/ca/ca.crt","private_key": "/ca/ca.key"}}}},"tls":{"automation":{"policies":[{"subjects":["your.server.name"],"issuer":{"module":"internal"},"on_demand":true},{"issuer":{"module":"internal", "ca": "local"}}]}}}}' > caddy.json
|
2020-10-30 01:57:22 +00:00
|
|
|
|
2020-09-17 13:36:36 +00:00
|
|
|
EXPOSE 8008 8448
|
2020-10-30 01:57:22 +00:00
|
|
|
|
2020-11-09 16:32:04 +00:00
|
|
|
CMD ([ -z "${COMPLEMENT_CA}" ] && echo "Error: Need Complement PKI support" && true) || \
|
2021-03-24 17:25:21 +00:00
|
|
|
sed -i "s/#server_name = \"your.server.name\"/server_name = \"${SERVER_NAME}\"/g" conduit.toml && \
|
2020-10-30 01:57:22 +00:00
|
|
|
sed -i "s/your.server.name/${SERVER_NAME}/g" caddy.json && \
|
|
|
|
/workdir/caddy start --config caddy.json > /dev/null && \
|
2020-11-09 16:21:35 +00:00
|
|
|
/workdir/conduit
|
|
|
|
|