From 624ff08a074348486e352d723af1a7f0ebf76e48 Mon Sep 17 00:00:00 2001 From: Daniel Wiesenberg Date: Thu, 23 Jul 2020 23:58:08 +0200 Subject: [PATCH 01/10] Initial docker files trinity The image builds as is, but running it exits with: standard_init_linux.go:211: exec user process caused "no such file or directory" --- .dockerignore | 27 ++++++++++++ Dockerfile | 106 +++++++++++++++++++++++++++++++++++++++++++++ docker-compose.yml | 21 +++++++++ 3 files changed, 154 insertions(+) create mode 100644 .dockerignore create mode 100644 Dockerfile create mode 100644 docker-compose.yml diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..dd4433d --- /dev/null +++ b/.dockerignore @@ -0,0 +1,27 @@ +# Local build and dev artifacts +target +sytest + +# Docker files +Dockerfile* +docker-compose* + +# IDE files +.vscode +.idea +*.iml + +# Git folder +.git +.gitea + +# Dot files +.env +.gitignore + +# Toml files +rustfmt.toml +Rocket-example.toml + +# Documentation +*.md diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..dc87e0c --- /dev/null +++ b/Dockerfile @@ -0,0 +1,106 @@ +# Using multistage build: +# https://docs.docker.com/develop/develop-images/multistage-build/ +# https://whitfin.io/speeding-up-rust-docker-builds/ + + +########################## BUILD IMAGE ########################## +# Musl build image to build Conduits statically compiled binary +FROM rustlang/rust:nightly-alpine3.12 as builder + +# Don't download Rust docs +RUN rustup set profile minimal + +ENV USER "conduit" +#ENV RUSTFLAGS='-C link-arg=-s' + +# Install packages needed for building all crates +RUN apk add --no-cache \ + musl-dev \ + openssl-dev \ + pkgconf + +# Create dummy project to fetch all dependencies. +# Rebuilds are a lot faster when there are no changes in the +# dependencies. +RUN cargo new --bin /app +WORKDIR /app + +# Copy cargo files which specify needed dependencies +COPY ./Cargo.* ./ + +# Add musl target, as we want to run your project in +# an alpine linux image +RUN rustup target add x86_64-unknown-linux-musl + +# Build dependencies and remove dummy project, except +# target folder, as it contains the dependencies +RUN cargo build --release --color=always ; \ + find . -not -path "./target*" -delete + +# Now copy and build the real project with the pre-built +# dependencies. +COPY . . +RUN cargo build --release --color=always + +########################## RUNTIME IMAGE ########################## +# Create new stage with a minimal image for the actual +# runtime image/container +FROM alpine:3.12 + +ARG BUILD_DATE +ARG VERSION +ARG GIT_REF=HEAD + +# Labels inspired by this medium post: +# https://medium.com/@chamilad/lets-make-your-docker-image-better-than-90-of-existing-ones-8b1e5de950d +LABEL org.label-schema.build-date=${BUILD_DATE} \ + org.label-schema.name="Conduit" \ + org.label-schema.version=${VERSION} \ + org.label-schema.vendor="Conduit Authors" \ + org.label-schema.description="A Matrix homeserver written in Rust" \ + org.label-schema.url="https://conduit.rs/" \ + org.label-schema.vcs-ref=$GIT_REF \ + org.label-schema.vcs-url="https://git.koesters.xyz/timo/conduit.git" \ + ord.label-schema.docker.build="docker build . -t conduit:latest --build-arg BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ') --build-arg VERSION=$(grep -m1 -o '[0-9].[0-9].[0-9]' Cargo.toml)"\ + maintainer="weasy@hotmail.de" + +# Change some Rocket.rs default configs. They can then +# be changed to different values using env variables. +ENV ROCKET_CLI_COLORS="on" +#ENV ROCKET_SERVER_NAME="conduit.rs" +ENV ROCKET_ENV="production" +ENV ROCKET_ADDRESS=0.0.0.0 +ENV ROCKET_PORT=14004 +ENV ROCKET_LOG="normal" +ENV ROCKET_DATABASE_PATH="/data/sled" +ENV ROCKET_REGISTRATION_DISABLED="true" +#ENV ROCKET_WORKERS=10 + +EXPOSE 14004 + +# Copy config files from context and the binary from +# the "builder" stage to the current stage into folder +# /srv/conduit and create data folder for database +RUN mkdir -p /srv/conduit /data/sled + +COPY --from=builder /app/target/release/conduit ./srv/conduit/ + +# Add www-data user and group with UID 82, as used by alpine +# https://git.alpinelinux.org/aports/tree/main/nginx/nginx.pre-install +RUN set -x ; \ + addgroup -Sg 82 www-data 2>/dev/null ; \ + adduser -S -D -H -h /srv/conduit -G www-data -g www-data www-data 2>/dev/null ; \ + addgroup www-data www-data 2>/dev/null && exit 0 ; exit 1 + +# Change ownership of Conduit files to www-data user and group +RUN chown -cR www-data:www-data /srv/conduit /data + +VOLUME /data + +RUN apk add --no-cache \ + ca-certificates + +# Set user to www-data +USER www-data +WORKDIR /srv/conduit +ENTRYPOINT [ "/srv/conduit/conduit" ] diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..91626dd --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,21 @@ +# Conduit +version: '3' + +services: + conduit: + image: conduit_homeserver + restart: unless-stopped + ports: + - 14004:14004 + volumes: + - db:/data/sled + environment: + ROCKET_SERVER_NAME: example.com # replace with your own name + ### Uncomment and change values as needed + #ROCKET_LOG: normal + #ROCKET_REGISTRATION_DISABLED: 'true' + #ROCKET_DATABASE_PATH: /data/sled + #ROCKET_WORKERS: 10 + +volumes: + db: From a21858758cdefc4978cc5f08d37158a9b3d52f18 Mon Sep 17 00:00:00 2001 From: Daniel Wiesenberg Date: Mon, 27 Jul 2020 18:10:34 +0200 Subject: [PATCH 02/10] Change labels from label-schema to opencontainer.image --- Dockerfile | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/Dockerfile b/Dockerfile index dc87e0c..5217e65 100644 --- a/Dockerfile +++ b/Dockerfile @@ -47,21 +47,25 @@ RUN cargo build --release --color=always # runtime image/container FROM alpine:3.12 -ARG BUILD_DATE +ARG CREATED ARG VERSION ARG GIT_REF=HEAD -# Labels inspired by this medium post: -# https://medium.com/@chamilad/lets-make-your-docker-image-better-than-90-of-existing-ones-8b1e5de950d -LABEL org.label-schema.build-date=${BUILD_DATE} \ - org.label-schema.name="Conduit" \ - org.label-schema.version=${VERSION} \ - org.label-schema.vendor="Conduit Authors" \ - org.label-schema.description="A Matrix homeserver written in Rust" \ - org.label-schema.url="https://conduit.rs/" \ - org.label-schema.vcs-ref=$GIT_REF \ - org.label-schema.vcs-url="https://git.koesters.xyz/timo/conduit.git" \ - ord.label-schema.docker.build="docker build . -t conduit:latest --build-arg BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ') --build-arg VERSION=$(grep -m1 -o '[0-9].[0-9].[0-9]' Cargo.toml)"\ +# Labels according to https://github.com/opencontainers/image-spec/blob/master/annotations.md +# including a custom label specifying the build command +LABEL org.opencontainers.image.created=${CREATED} \ + org.opencontainers.image.authors="Conduit Contributors, weasy@hotmail.de" \ + org.opencontainers.image.title="Conduit" \ + org.opencontainers.image.version=${VERSION} \ + org.opencontainers.image.vendor="Conduit Contributors" \ + org.opencontainers.image.description="A Matrix homeserver written in Rust" \ + org.opencontainers.image.url="https://conduit.rs/" \ + org.opencontainers.image.revision=$GIT_REF \ + org.opencontainers.image.source="https://git.koesters.xyz/timo/conduit.git" \ + org.opencontainers.image.documentation.="" \ + org.opencontainers.image.licenses="AGPL-3.0" \ + org.opencontainers.image.ref.name="" \ + org.label-schema.docker.build="docker build . -t conduit:latest --build-arg CREATED=$(date -u +'%Y-%m-%dT%H:%M:%SZ') --build-arg VERSION=$(grep -m1 -o '[0-9].[0-9].[0-9]' Cargo.toml)"\ maintainer="weasy@hotmail.de" # Change some Rocket.rs default configs. They can then From ecb641624425dba5dc6b10330b5a91d084b40f6b Mon Sep 17 00:00:00 2001 From: Daniel Wiesenberg Date: Sat, 1 Aug 2020 15:18:49 +0200 Subject: [PATCH 03/10] =?UTF-8?q?Image=20now=20builds=20and=20runs=20?= =?UTF-8?q?=F0=9F=8E=89=20Thx=20to=20the=20help=20of=20yzhr?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Dockerfile | 66 +++++++++++++--------------------------------- docker-compose.yml | 2 +- 2 files changed, 19 insertions(+), 49 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5217e65..6825d82 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,43 +4,23 @@ ########################## BUILD IMAGE ########################## -# Musl build image to build Conduits statically compiled binary -FROM rustlang/rust:nightly-alpine3.12 as builder +# Alpine build image to build Conduits statically compiled binary +FROM alpine:3.12 as builder -# Don't download Rust docs -RUN rustup set profile minimal - -ENV USER "conduit" -#ENV RUSTFLAGS='-C link-arg=-s' +# Add 'edge'-repository to get Rust 1.45 +RUN sed -i \ + -e 's|v3\.12|edge|' \ + /etc/apk/repositories # Install packages needed for building all crates RUN apk add --no-cache \ - musl-dev \ - openssl-dev \ - pkgconf + cargo \ + openssl-dev -# Create dummy project to fetch all dependencies. -# Rebuilds are a lot faster when there are no changes in the -# dependencies. -RUN cargo new --bin /app -WORKDIR /app - -# Copy cargo files which specify needed dependencies -COPY ./Cargo.* ./ - -# Add musl target, as we want to run your project in -# an alpine linux image -RUN rustup target add x86_64-unknown-linux-musl - -# Build dependencies and remove dummy project, except -# target folder, as it contains the dependencies -RUN cargo build --release --color=always ; \ - find . -not -path "./target*" -delete - -# Now copy and build the real project with the pre-built -# dependencies. +# Copy project from current folder and build it COPY . . -RUN cargo build --release --color=always +RUN cargo install --path . +#RUN cargo install --git "https://git.koesters.xyz/timo/conduit.git" ########################## RUNTIME IMAGE ########################## # Create new stage with a minimal image for the actual @@ -68,26 +48,15 @@ LABEL org.opencontainers.image.created=${CREATED} \ org.label-schema.docker.build="docker build . -t conduit:latest --build-arg CREATED=$(date -u +'%Y-%m-%dT%H:%M:%SZ') --build-arg VERSION=$(grep -m1 -o '[0-9].[0-9].[0-9]' Cargo.toml)"\ maintainer="weasy@hotmail.de" -# Change some Rocket.rs default configs. They can then -# be changed to different values using env variables. -ENV ROCKET_CLI_COLORS="on" -#ENV ROCKET_SERVER_NAME="conduit.rs" -ENV ROCKET_ENV="production" -ENV ROCKET_ADDRESS=0.0.0.0 -ENV ROCKET_PORT=14004 -ENV ROCKET_LOG="normal" -ENV ROCKET_DATABASE_PATH="/data/sled" -ENV ROCKET_REGISTRATION_DISABLED="true" -#ENV ROCKET_WORKERS=10 EXPOSE 14004 # Copy config files from context and the binary from # the "builder" stage to the current stage into folder # /srv/conduit and create data folder for database -RUN mkdir -p /srv/conduit /data/sled +RUN mkdir -p /srv/conduit/.local/share/conduit -COPY --from=builder /app/target/release/conduit ./srv/conduit/ +COPY --from=builder /root/.cargo/bin/conduit /srv/conduit/ # Add www-data user and group with UID 82, as used by alpine # https://git.alpinelinux.org/aports/tree/main/nginx/nginx.pre-install @@ -97,12 +66,13 @@ RUN set -x ; \ addgroup www-data www-data 2>/dev/null && exit 0 ; exit 1 # Change ownership of Conduit files to www-data user and group -RUN chown -cR www-data:www-data /srv/conduit /data - -VOLUME /data +RUN chown -cR www-data:www-data /srv/conduit RUN apk add --no-cache \ - ca-certificates + ca-certificates \ + libgcc + +VOLUME ["/srv/conduit/.local/share/conduit"] # Set user to www-data USER www-data diff --git a/docker-compose.yml b/docker-compose.yml index 91626dd..d0e4135 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -8,7 +8,7 @@ services: ports: - 14004:14004 volumes: - - db:/data/sled + - db:/srv/conduit/.local/share/conduit environment: ROCKET_SERVER_NAME: example.com # replace with your own name ### Uncomment and change values as needed From 0338053774197c0c4df0729af6a034b30ac7f907 Mon Sep 17 00:00:00 2001 From: Daniel Wiesenberg Date: Sat, 1 Aug 2020 18:20:30 +0200 Subject: [PATCH 04/10] Add ability to switch between local and remote build with build arg a... ...nd add env vars to docker-compose --- Dockerfile | 15 ++++++++++++--- docker-compose.yml | 11 +++++++---- 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6825d82..009e0a6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,6 +7,10 @@ # Alpine build image to build Conduits statically compiled binary FROM alpine:3.12 as builder +# Specifies if the local project is build or if the git master branch +# is build. +ARG LOCAL=false + # Add 'edge'-repository to get Rust 1.45 RUN sed -i \ -e 's|v3\.12|edge|' \ @@ -17,10 +21,15 @@ RUN apk add --no-cache \ cargo \ openssl-dev -# Copy project from current folder and build it + +# Copy project files from current folder COPY . . -RUN cargo install --path . -#RUN cargo install --git "https://git.koesters.xyz/timo/conduit.git" +# Build it from local files or from official git repository +RUN if [[ $LOCAL == "true" ]]; then \ + cargo install --path . ; \ + else \ + cargo install --git "https://git.koesters.xyz/timo/conduit.git" ; \ + fi ########################## RUNTIME IMAGE ########################## # Create new stage with a minimal image for the actual diff --git a/docker-compose.yml b/docker-compose.yml index d0e4135..36a928f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -12,10 +12,13 @@ services: environment: ROCKET_SERVER_NAME: example.com # replace with your own name ### Uncomment and change values as needed - #ROCKET_LOG: normal - #ROCKET_REGISTRATION_DISABLED: 'true' - #ROCKET_DATABASE_PATH: /data/sled - #ROCKET_WORKERS: 10 + # ROCKET_LOG: normal + # ROCKET_PORT: 14004 + # ROCKET_REGISTRATION_DISABLED: 'true' + # ROCKET_ENCRYPTION_DISABLED: 'true' + # ROCKET_DATABASE_PATH: /srv/conduit/.local/share/conduit + # ROCKET_WORKERS: 10 + # ROCKET_MAX_REQUEST_SIZE: 20_000_000 # in bytes, ~20 MB volumes: db: From 5f3cb3f9261537b884a91949421f10c8a451eb9a Mon Sep 17 00:00:00 2001 From: Daniel Wiesenberg Date: Sun, 2 Aug 2020 12:58:52 +0200 Subject: [PATCH 05/10] Minor modifications to compose file and update Dockerfile comments --- Dockerfile | 25 +++++++++++++++---------- docker-compose.yml | 13 ++++++++----- 2 files changed, 23 insertions(+), 15 deletions(-) diff --git a/Dockerfile b/Dockerfile index 009e0a6..e185381 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,9 +7,11 @@ # Alpine build image to build Conduits statically compiled binary FROM alpine:3.12 as builder -# Specifies if the local project is build or if the git master branch -# is build. +# Specifies if the local project is build or if Conduit gets build +# from the official git repository. Defaults to the git repo. ARG LOCAL=false +# Specifies which revision/commit is build. Defaults to HEAD +ARG GIT_REF=HEAD # Add 'edge'-repository to get Rust 1.45 RUN sed -i \ @@ -24,11 +26,11 @@ RUN apk add --no-cache \ # Copy project files from current folder COPY . . -# Build it from local files or from official git repository +# Build it from the copied local files or from the official git repository RUN if [[ $LOCAL == "true" ]]; then \ cargo install --path . ; \ else \ - cargo install --git "https://git.koesters.xyz/timo/conduit.git" ; \ + cargo install --git "https://git.koesters.xyz/timo/conduit.git" --rev ${GIT_REF}; \ fi ########################## RUNTIME IMAGE ########################## @@ -43,7 +45,7 @@ ARG GIT_REF=HEAD # Labels according to https://github.com/opencontainers/image-spec/blob/master/annotations.md # including a custom label specifying the build command LABEL org.opencontainers.image.created=${CREATED} \ - org.opencontainers.image.authors="Conduit Contributors, weasy@hotmail.de" \ + org.opencontainers.image.authors="Conduit Contributors" \ org.opencontainers.image.title="Conduit" \ org.opencontainers.image.version=${VERSION} \ org.opencontainers.image.vendor="Conduit Contributors" \ @@ -54,17 +56,16 @@ LABEL org.opencontainers.image.created=${CREATED} \ org.opencontainers.image.documentation.="" \ org.opencontainers.image.licenses="AGPL-3.0" \ org.opencontainers.image.ref.name="" \ - org.label-schema.docker.build="docker build . -t conduit:latest --build-arg CREATED=$(date -u +'%Y-%m-%dT%H:%M:%SZ') --build-arg VERSION=$(grep -m1 -o '[0-9].[0-9].[0-9]' Cargo.toml)"\ - maintainer="weasy@hotmail.de" + org.label-schema.docker.build="docker build . -t conduit_homeserver:latest --build-arg CREATED=$(date -u +'%Y-%m-%dT%H:%M:%SZ') --build-arg VERSION=$(grep -m1 -o '[0-9].[0-9].[0-9]' Cargo.toml)" \ + maintainer="Weasy666" - -EXPOSE 14004 +# Standard port on which Rocket launches +EXPOSE 8000 # Copy config files from context and the binary from # the "builder" stage to the current stage into folder # /srv/conduit and create data folder for database RUN mkdir -p /srv/conduit/.local/share/conduit - COPY --from=builder /root/.cargo/bin/conduit /srv/conduit/ # Add www-data user and group with UID 82, as used by alpine @@ -77,13 +78,17 @@ RUN set -x ; \ # Change ownership of Conduit files to www-data user and group RUN chown -cR www-data:www-data /srv/conduit +# Install packages needed to run Conduit RUN apk add --no-cache \ ca-certificates \ libgcc +# Create a volume for the database, to persist its contents VOLUME ["/srv/conduit/.local/share/conduit"] # Set user to www-data USER www-data +# Set container home directory WORKDIR /srv/conduit +# Run Conduit ENTRYPOINT [ "/srv/conduit/conduit" ] diff --git a/docker-compose.yml b/docker-compose.yml index 36a928f..7c27360 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,17 +2,20 @@ version: '3' services: - conduit: + homeserver: image: conduit_homeserver restart: unless-stopped ports: - - 14004:14004 + - 14004:8000 volumes: - db:/srv/conduit/.local/share/conduit + ### Uncomment if you want to use Rocket.toml to configure Conduit + ### Note: Set env vars will override Rocket.toml values + # - ./Rocket.toml:/srv/conduit/Rocket.toml environment: - ROCKET_SERVER_NAME: example.com # replace with your own name - ### Uncomment and change values as needed - # ROCKET_LOG: normal + ROCKET_SERVER_NAME: localhost:8000 # replace with your own name + ### Uncomment and change values as desired + # ROCKET_LOG: normal # Available levels are: off, debug, normal, critical # ROCKET_PORT: 14004 # ROCKET_REGISTRATION_DISABLED: 'true' # ROCKET_ENCRYPTION_DISABLED: 'true' From 7456caeefd487bffdbcc706fcf7a6310d662e807 Mon Sep 17 00:00:00 2001 From: Daniel Wiesenberg Date: Sun, 2 Aug 2020 15:55:40 +0200 Subject: [PATCH 06/10] Add Element-Web to compose and provide extra compose files for using.. ..Conduit behind Traefik Reverse Proxy --- docker-compose.override.traefik.yml | 21 +++++++++++++ docker-compose.traefik.yml | 47 +++++++++++++++++++++++++++++ docker-compose.yml | 18 +++++++++-- 3 files changed, 84 insertions(+), 2 deletions(-) create mode 100644 docker-compose.override.traefik.yml create mode 100644 docker-compose.traefik.yml diff --git a/docker-compose.override.traefik.yml b/docker-compose.override.traefik.yml new file mode 100644 index 0000000..3a772e1 --- /dev/null +++ b/docker-compose.override.traefik.yml @@ -0,0 +1,21 @@ +# Conduit - Traefik Reverse Proxy Labels +version: '3' + +services: + homeserver: + labels: + - "traefik.enable=true" + - "traefik.docker.network=proxy" + + - "traefik.http.routers.to-conduit.rule=Host(`.`)" # Change to the address on which Conduit is hosted + - "traefik.http.routers.to-conduit.tls=true" + - "traefik.http.routers.to-conduit.tls.certresolver=letsencrypt" + + element-web: + labels: + - "traefik.enable=true" + - "traefik.docker.network=proxy" + + - "traefik.http.routers.to-element-web.rule=Host(`.`)" # Change to the address on which Element-Web is hosted + - "traefik.http.routers.to-element-web.tls=true" + - "traefik.http.routers.to-element-web.tls.certresolver=letsencrypt" diff --git a/docker-compose.traefik.yml b/docker-compose.traefik.yml new file mode 100644 index 0000000..9e8235d --- /dev/null +++ b/docker-compose.traefik.yml @@ -0,0 +1,47 @@ +# Conduit - Behind Traefik Reverse Proxy +version: '3' + +services: + homeserver: + image: conduit_homeserver:latest + restart: unless-stopped + volumes: + - db:/srv/conduit/.local/share/conduit + ### Uncomment if you want to use Rocket.toml to configure Conduit + ### Note: Set env vars will override Rocket.toml values + # - ./Rocket.toml:/srv/conduit/Rocket.toml + networks: + - proxy + environment: + ROCKET_SERVER_NAME: localhost:8000 # replace with your own name + ### Uncomment and change values as desired + # ROCKET_LOG: normal # Available levels are: off, debug, normal, critical + # ROCKET_PORT: 14004 + # ROCKET_REGISTRATION_DISABLED: 'true' + # ROCKET_ENCRYPTION_DISABLED: 'true' + # ROCKET_DATABASE_PATH: /srv/conduit/.local/share/conduit + # ROCKET_WORKERS: 10 + # ROCKET_MAX_REQUEST_SIZE: 20_000_000 # in bytes, ~20 MB + + ### Uncomment if you want to use your own Element-Web App. + ### Note: You need to provide a config.json for Element and you also need a second + ### Domain or Subdomain for the communication between Element and Conduit + ### Config-Docs: https://github.com/vector-im/element-web/blob/develop/docs/config.md + # element-web: + # image: vectorim/riot-web:latest + # restart: unless-stopped + # volumes: + # - ./element_config.json:/app/config.json + # networks: + # - proxy + # depends_on: + # - homeserver + +volumes: + db: + +networks: + # This is the network Traefik listens to, if you network has a different + # name, don't forget to change it here and in the docker-compose.override.yml + proxy: + external: true diff --git a/docker-compose.yml b/docker-compose.yml index 7c27360..3a390aa 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,10 +3,10 @@ version: '3' services: homeserver: - image: conduit_homeserver + image: conduit_homeserver:latest restart: unless-stopped ports: - - 14004:8000 + - 8448:8000 volumes: - db:/srv/conduit/.local/share/conduit ### Uncomment if you want to use Rocket.toml to configure Conduit @@ -23,5 +23,19 @@ services: # ROCKET_WORKERS: 10 # ROCKET_MAX_REQUEST_SIZE: 20_000_000 # in bytes, ~20 MB + ### Uncomment if you want to use your own Element-Web App. + ### Note: You need to provide a config.json for Element and you also need a second + ### Domain or Subdomain for the communication between Element and Conduit + ### Config-Docs: https://github.com/vector-im/element-web/blob/develop/docs/config.md + # element-web: + # image: vectorim/riot-web:latest + # restart: unless-stopped + # ports: + # - 8009:80 + # volumes: + # - ./element_config.json:/app/config.json + # depends_on: + # - homeserver + volumes: db: From 31c725660ff21b043008bb980fd6b12ebc43a8f2 Mon Sep 17 00:00:00 2001 From: Daniel Wiesenberg Date: Sun, 2 Aug 2020 16:29:50 +0200 Subject: [PATCH 07/10] Add build option to compose file --- docker-compose.override.traefik.yml | 4 ++-- docker-compose.traefik.yml | 12 +++++++++++- docker-compose.yml | 12 +++++++++++- 3 files changed, 24 insertions(+), 4 deletions(-) diff --git a/docker-compose.override.traefik.yml b/docker-compose.override.traefik.yml index 3a772e1..8b4be50 100644 --- a/docker-compose.override.traefik.yml +++ b/docker-compose.override.traefik.yml @@ -5,7 +5,7 @@ services: homeserver: labels: - "traefik.enable=true" - - "traefik.docker.network=proxy" + - "traefik.docker.network=proxy" # Change this to the name of your Traefik docker proxy network - "traefik.http.routers.to-conduit.rule=Host(`.`)" # Change to the address on which Conduit is hosted - "traefik.http.routers.to-conduit.tls=true" @@ -14,7 +14,7 @@ services: element-web: labels: - "traefik.enable=true" - - "traefik.docker.network=proxy" + - "traefik.docker.network=proxy" # Change this to the name of your Traefik docker proxy network - "traefik.http.routers.to-element-web.rule=Host(`.`)" # Change to the address on which Element-Web is hosted - "traefik.http.routers.to-element-web.tls=true" diff --git a/docker-compose.traefik.yml b/docker-compose.traefik.yml index 9e8235d..8edc29c 100644 --- a/docker-compose.traefik.yml +++ b/docker-compose.traefik.yml @@ -3,7 +3,17 @@ version: '3' services: homeserver: + ### If you already built the Conduit image with 'docker build', then you are ready to + ### go. Otherwise, you need to comment the 'image' line and uncomment the 'build' lines + ### and run: CREATED=$(date -u +'%Y-%m-%dT%H:%M:%SZ') VERSION=$(grep -m1 -o '[0-9].[0-9].[0-9]' Cargo.toml) docker-compose up -d image: conduit_homeserver:latest + # build: + # context: . + # args: + # CREATED: + # VERSION: + # LOCAL: false + # GIT_REF: HEAD restart: unless-stopped volumes: - db:/srv/conduit/.local/share/conduit @@ -16,7 +26,7 @@ services: ROCKET_SERVER_NAME: localhost:8000 # replace with your own name ### Uncomment and change values as desired # ROCKET_LOG: normal # Available levels are: off, debug, normal, critical - # ROCKET_PORT: 14004 + # ROCKET_PORT: 8000 # ROCKET_REGISTRATION_DISABLED: 'true' # ROCKET_ENCRYPTION_DISABLED: 'true' # ROCKET_DATABASE_PATH: /srv/conduit/.local/share/conduit diff --git a/docker-compose.yml b/docker-compose.yml index 3a390aa..48470e6 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,17 @@ version: '3' services: homeserver: + ### If you already built the Conduit image with 'docker build', then you are ready to + ### go. Otherwise, you need to comment the 'image' line and uncomment the 'build' lines + ### and run: CREATED=$(date -u +'%Y-%m-%dT%H:%M:%SZ') VERSION=$(grep -m1 -o '[0-9].[0-9].[0-9]' Cargo.toml) docker-compose up -d image: conduit_homeserver:latest + # build: + # context: . + # args: + # CREATED: + # VERSION: + # LOCAL: "false" + # GIT_REF: HEAD restart: unless-stopped ports: - 8448:8000 @@ -16,7 +26,7 @@ services: ROCKET_SERVER_NAME: localhost:8000 # replace with your own name ### Uncomment and change values as desired # ROCKET_LOG: normal # Available levels are: off, debug, normal, critical - # ROCKET_PORT: 14004 + # ROCKET_PORT: 8000 # ROCKET_REGISTRATION_DISABLED: 'true' # ROCKET_ENCRYPTION_DISABLED: 'true' # ROCKET_DATABASE_PATH: /srv/conduit/.local/share/conduit From 7288010e555d7f7ccc20c4330634976e18d6fa77 Mon Sep 17 00:00:00 2001 From: Daniel Wiesenberg Date: Tue, 4 Aug 2020 22:04:27 +0200 Subject: [PATCH 08/10] Move additional files into dedicated folder and make build the def... ...fault in the compose files. --- Dockerfile | 4 ++-- docker-compose.override.traefik.yml | 21 ----------------- docker-compose.yml | 23 ++++++++++--------- docker/docker-compose.override.traefik.yml | 22 ++++++++++++++++++ .../docker-compose.traefik.yml | 23 ++++++++++--------- 5 files changed, 48 insertions(+), 45 deletions(-) delete mode 100644 docker-compose.override.traefik.yml create mode 100644 docker/docker-compose.override.traefik.yml rename docker-compose.traefik.yml => docker/docker-compose.traefik.yml (77%) diff --git a/Dockerfile b/Dockerfile index e185381..7aa05c0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,7 @@ ########################## BUILD IMAGE ########################## -# Alpine build image to build Conduits statically compiled binary +# Alpine build image to build Conduit's statically compiled binary FROM alpine:3.12 as builder # Specifies if the local project is build or if Conduit gets build @@ -51,7 +51,7 @@ LABEL org.opencontainers.image.created=${CREATED} \ org.opencontainers.image.vendor="Conduit Contributors" \ org.opencontainers.image.description="A Matrix homeserver written in Rust" \ org.opencontainers.image.url="https://conduit.rs/" \ - org.opencontainers.image.revision=$GIT_REF \ + org.opencontainers.image.revision=${GIT_REF} \ org.opencontainers.image.source="https://git.koesters.xyz/timo/conduit.git" \ org.opencontainers.image.documentation.="" \ org.opencontainers.image.licenses="AGPL-3.0" \ diff --git a/docker-compose.override.traefik.yml b/docker-compose.override.traefik.yml deleted file mode 100644 index 8b4be50..0000000 --- a/docker-compose.override.traefik.yml +++ /dev/null @@ -1,21 +0,0 @@ -# Conduit - Traefik Reverse Proxy Labels -version: '3' - -services: - homeserver: - labels: - - "traefik.enable=true" - - "traefik.docker.network=proxy" # Change this to the name of your Traefik docker proxy network - - - "traefik.http.routers.to-conduit.rule=Host(`.`)" # Change to the address on which Conduit is hosted - - "traefik.http.routers.to-conduit.tls=true" - - "traefik.http.routers.to-conduit.tls.certresolver=letsencrypt" - - element-web: - labels: - - "traefik.enable=true" - - "traefik.docker.network=proxy" # Change this to the name of your Traefik docker proxy network - - - "traefik.http.routers.to-element-web.rule=Host(`.`)" # Change to the address on which Element-Web is hosted - - "traefik.http.routers.to-element-web.tls=true" - - "traefik.http.routers.to-element-web.tls.certresolver=letsencrypt" diff --git a/docker-compose.yml b/docker-compose.yml index 48470e6..afd3699 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,17 +3,18 @@ version: '3' services: homeserver: - ### If you already built the Conduit image with 'docker build', then you are ready to - ### go. Otherwise, you need to comment the 'image' line and uncomment the 'build' lines - ### and run: CREATED=$(date -u +'%Y-%m-%dT%H:%M:%SZ') VERSION=$(grep -m1 -o '[0-9].[0-9].[0-9]' Cargo.toml) docker-compose up -d - image: conduit_homeserver:latest - # build: - # context: . - # args: - # CREATED: - # VERSION: - # LOCAL: "false" - # GIT_REF: HEAD + ### If you already built the Conduit image with 'docker build', then you can uncomment the + ### 'image' line and comment out the 'build' option. + # image: conduit_homeserver:latest + ### If you want meaningful labels in you built Conduit image, you should run docker-compose like this: + ### CREATED=$(date -u +'%Y-%m-%dT%H:%M:%SZ') VERSION=$(grep -m1 -o '[0-9].[0-9].[0-9]' Cargo.toml) docker-compose up -d + build: + context: . + args: + CREATED: + VERSION: + LOCAL: "false" + GIT_REF: HEAD restart: unless-stopped ports: - 8448:8000 diff --git a/docker/docker-compose.override.traefik.yml b/docker/docker-compose.override.traefik.yml new file mode 100644 index 0000000..2096d79 --- /dev/null +++ b/docker/docker-compose.override.traefik.yml @@ -0,0 +1,22 @@ +# Conduit - Traefik Reverse Proxy Labels +version: '3' + +services: + homeserver: + labels: + - "traefik.enable=true" + - "traefik.docker.network=proxy" # Change this to the name of your Traefik docker proxy network + + - "traefik.http.routers.to-conduit.rule=Host(`.`)" # Change to the address on which Conduit is hosted + - "traefik.http.routers.to-conduit.tls=true" + - "traefik.http.routers.to-conduit.tls.certresolver=letsencrypt" + + ### Uncomment this if you uncommented Element-Web App in the docker-compose.yml + # element-web: + # labels: + # - "traefik.enable=true" + # - "traefik.docker.network=proxy" # Change this to the name of your Traefik docker proxy network + + # - "traefik.http.routers.to-element-web.rule=Host(`.`)" # Change to the address on which Element-Web is hosted + # - "traefik.http.routers.to-element-web.tls=true" + # - "traefik.http.routers.to-element-web.tls.certresolver=letsencrypt" diff --git a/docker-compose.traefik.yml b/docker/docker-compose.traefik.yml similarity index 77% rename from docker-compose.traefik.yml rename to docker/docker-compose.traefik.yml index 8edc29c..ad1dad8 100644 --- a/docker-compose.traefik.yml +++ b/docker/docker-compose.traefik.yml @@ -3,17 +3,18 @@ version: '3' services: homeserver: - ### If you already built the Conduit image with 'docker build', then you are ready to - ### go. Otherwise, you need to comment the 'image' line and uncomment the 'build' lines - ### and run: CREATED=$(date -u +'%Y-%m-%dT%H:%M:%SZ') VERSION=$(grep -m1 -o '[0-9].[0-9].[0-9]' Cargo.toml) docker-compose up -d - image: conduit_homeserver:latest - # build: - # context: . - # args: - # CREATED: - # VERSION: - # LOCAL: false - # GIT_REF: HEAD + ### If you already built the Conduit image with 'docker build', then you can uncomment the + ### 'image' line and comment out the 'build' option. + # image: conduit_homeserver:latest + ### If you want meaningful labels in you built Conduit image, you should run docker-compose like this: + ### CREATED=$(date -u +'%Y-%m-%dT%H:%M:%SZ') VERSION=$(grep -m1 -o '[0-9].[0-9].[0-9]' Cargo.toml) docker-compose up -d + build: + context: . + args: + CREATED: + VERSION: + LOCAL: false + GIT_REF: HEAD restart: unless-stopped volumes: - db:/srv/conduit/.local/share/conduit From 87ed132ae4d23724818b4f3ee967a1ed24220a92 Mon Sep 17 00:00:00 2001 From: Daniel Wiesenberg Date: Tue, 4 Aug 2020 22:06:13 +0200 Subject: [PATCH 09/10] Add README in docker folder and mention docker in Conduit's README --- README.md | 3 +++ docker/README.md | 62 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 65 insertions(+) create mode 100644 docker/README.md diff --git a/README.md b/README.md index 404636a..4c84040 100644 --- a/README.md +++ b/README.md @@ -21,6 +21,9 @@ Yes! Just open a Matrix client ( or Element Android for You just have to clone the repo, build it with `cargo build --release` and call the binary (target/release/conduit) from somewhere like a systemd script. It's explained in more detail [here](https://git.koesters.xyz/timo/conduit/wiki/Deploy). +Or you can just build the docker image and run it with docker or docker-compose. +It's explained in more details [here](https://git.koesters.xyz/timo/conduit/wiki/Docker) or in the [README](docker/README.md) in the docker folder. + #### What is it build on? - [Ruma](https://www.ruma.io): Useful structures for endpoint requests and responses that can be (de)serialized diff --git a/docker/README.md b/docker/README.md new file mode 100644 index 0000000..f7add18 --- /dev/null +++ b/docker/README.md @@ -0,0 +1,62 @@ +# Docker +> **Note:** To run and use Conduit you should probably use it with a Domain or Subdomain behind a reverse proxy (like Nginx, Traefik, Apache, ...) with a Lets Encrypt certificate. + +This text is also available at the [official wiki](https://git.koesters.xyz/timo/conduit/wiki/docker). + +## Build & Dockerfile +The Dockerfile provided by Conduit has two stages, each of which creates an image. +1. **Builder:** Builds the binary from local context or by cloning a git revision from the official repository. +2. **Runtime:** Copies the built binary from **Builder** and sets up the runtime environment, like creating a volume to persist the database and applying the correct permissions. + +The Dockerfile includes a few build arguments that should be supplied when building it. + +``` Dockerfile +ARG LOCAL=false +ARG CREATED +ARG VERSION +ARG GIT_REF=HEAD +``` + +- **CREATED:** Date and time as string (date-time as defined by RFC 3339). Will be used to create the Open Container Initiative compliant label `org.opencontainers.image.created`. Supply by it like this `$(date -u +'%Y-%m-%dT%H:%M:%SZ')` +- **VERSION:** The SemVer version of Conduit, which is in the image. Will be used to create the Open Container Initiative compliant label `org.opencontainers.image.version`. If you have a `Cargo.toml` in your build context, you can get it with `$(grep -m1 -o '[0-9].[0-9].[0-9]' Cargo.toml)` +- **LOCAL:** *(Optional)* A boolean value, specifies if the local build context should be used, or if the official repository will be cloned. If not supplied with the build command, it will default to `false`. +- **GIT_REF:** *(Optional)* A git ref, like `HEAD` or a commit ID. The supplied ref will be used to create the Open Container Initiative compliant label `org.opencontainers.image.revision` and will be the ref that is cloned from the repository when not building from the local context. If not supplied with the build command, it will default to `HEAD`. + +To build the image you can use the following command + +``` bash +docker build . -t conduit_homeserver:latest --build-arg CREATED=$(date -u +'%Y-%m-%dT%H:%M:%SZ') --build-arg VERSION=$(grep -m1 -o '[0-9].[0-9].[0-9]' Cargo.toml) +``` + +which also will tag the resulting image as `conduit_homeserver:latest`. +**Note:** it ommits the two optional `build-arg`s. + +## Run +After building the image you can simply run it with + +``` bash +docker run conduit_homeserver:latest -p 8448:8000 -v db:/srv/conduit/.local/share/conduit -e ROCKET_SERVER_NAME="localhost:8000" +``` + +For detached mode, you also need to use the `-d` flag. You can pass in more env vars as are shown here, for an overview of possible values, you can take a look at the `docker-compose.yml` file. +If you just want to test Conduit for a short time, you can use the `--rm` flag, which will clean up everything related to your container after you stop it. + + +# Docker-compose +If the docker command is not for you or your setup, you can also use one of the provided `docker-compose` files. Depending on your proxy setup, use the `docker-compose.traefik.yml` including `docker-compose.override.traefik.yml` or the normal `docker-compose.yml` for every other reverse proxy. + +## Build +To build the Conduit image with docker-compose, you first need to open and modify the `docker-compose.yml` file. There you need to comment the `image:` option and uncomment the `build:` option. Then call docker-compose with: + +``` bash +CREATED=$(date -u +'%Y-%m-%dT%H:%M:%SZ') VERSION=$(grep -m1 -o '[0-9].[0-9].[0-9]' Cargo.toml) docker-compose up +``` + +This will also start the container right afterwards, so if want it to run in detached mode, you also should use the `-d` flag. For possible `build-args`, please take a look at the above `Build & Dockerfile` section. + +## Run +If you already have built the image, you can just start the container and everything else in the compose file in detached mode with: + +``` bash +docker-compose up -d +``` From 2fc99c05e1ebff3c9955b1930b0896d660e5a230 Mon Sep 17 00:00:00 2001 From: Timo Date: Wed, 12 Aug 2020 21:17:53 +0200 Subject: [PATCH 10/10] docs: add documentation to the repo and improve layout --- DEPLOY_FROM_SOURCE.md | 100 ++++++++++++++++++++++++++++++++++++++++++ README.md | 13 +++--- docker/README.md | 24 +++++++--- 3 files changed, 125 insertions(+), 12 deletions(-) create mode 100644 DEPLOY_FROM_SOURCE.md diff --git a/DEPLOY_FROM_SOURCE.md b/DEPLOY_FROM_SOURCE.md new file mode 100644 index 0000000..2d6804d --- /dev/null +++ b/DEPLOY_FROM_SOURCE.md @@ -0,0 +1,100 @@ +# Deploy from source + +## Prerequisites + +Make sure you have `libssl-dev` and `pkg-config` installed and the [rust toolchain](https://rustup.rs) is available on at least on user. + + +## Install Conduit + +```bash +$ sudo useradd -m conduit +$ sudo -u conduit cargo install --git "https://git.koesters.xyz/timo/conduit.git" +``` + + +## Setup systemd service + +In this guide, we set up a systemd service for Conduit, so it's easy to start, stop Conduit and set it to autostart when your server reboots. Paste the default systemd service below and configure it to fit your setup (in /etc/systemd/system/conduit.service). + +```systemd +[Unit] +Description=Conduit +After=network.target + +[Service] +Environment="ROCKET_SERVER_NAME=conduit.rs" # EDIT THIS + +Environment="ROCKET_PORT=14004" # Reverse proxy port + +#Environment="ROCKET_REGISTRATION_DISABLED=true" +#Environment="ROCKET_LOG=normal" # Detailed logging + +Environment="ROCKET_ENV=production" +User=conduit +Group=conduit +Type=simple +Restart=always +ExecStart=/home/conduit/.cargo/bin/conduit + +[Install] +WantedBy=multi-user.target +``` + +Finally, run +```bash +$ sudo systemctl daemon-reload +``` + + +## Setup Reverse Proxy + +This depends on whether you use Apache, Nginx or something else. For Apache it looks like this (in /etc/apache2/sites-enabled/050-conduit.conf): +``` + + +ServerName conduit.koesters.xyz # EDIT THIS + +AllowEncodedSlashes NoDecode + +ServerAlias conduit.koesters.xyz # EDIT THIS + +ProxyPreserveHost On +ProxyRequests off +AllowEncodedSlashes NoDecode +ProxyPass / http://localhost:14004/ nocanon +ProxyPassReverse / http://localhost:14004/ nocanon + +Include /etc/letsencrypt/options-ssl-apache.conf + +# EDIT THESE: +SSLCertificateFile /etc/letsencrypt/live/conduit.koesters.xyz/fullchain.pem +SSLCertificateKeyFile /etc/letsencrypt/live/conduit.koesters.xyz/privkey.pem + +``` + +Then run +```bash +$ sudo systemctl reload apache2 +``` + + +## SSL Certificate + +The easiest way to get an SSL certificate for the domain is to install `certbot` and run this: +```bash +$ sudo certbot -d conduit.koesters.xyz +``` + + +## You're done! + +Now you can start Conduit with +```bash +$ sudo systemctl start conduit +``` + +and set it to start automatically when your system boots with +```bash +$ sudo systemctl enable conduit +``` diff --git a/README.md b/README.md index 4c84040..ad13089 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ [![Liberapay](https://img.shields.io/liberapay/receives/timokoesters?logo=liberapay)](https://liberapay.com/timokoesters) [![Matrix](https://img.shields.io/matrix/conduit:koesters.xyz?server_fqdn=matrix.koesters.xyz&logo=matrix)](https://matrix.to/#/#conduit:koesters.xyz) -#### What is the goal +#### What is the goal? A fast Matrix homeserver that's easy to set up and just works. You can install it on a mini-computer like the Raspberry Pi to host Matrix for your family, friends or company. @@ -18,11 +18,14 @@ Yes! Just open a Matrix client ( or Element Android for #### How can I deploy my own? -You just have to clone the repo, build it with `cargo build --release` and call the binary (target/release/conduit) from somewhere like a systemd script. -It's explained in more detail [here](https://git.koesters.xyz/timo/conduit/wiki/Deploy). +##### From source -Or you can just build the docker image and run it with docker or docker-compose. -It's explained in more details [here](https://git.koesters.xyz/timo/conduit/wiki/Docker) or in the [README](docker/README.md) in the docker folder. +Clone the repo, build it with `cargo build --release` and call the binary +(target/release/conduit) from somewhere like a systemd script. [Read more](DEPLOY_FROM_SOURCE.md) + +##### Using Docker + +Build the docker image and run it with docker or docker-compose. [Read more](docker/README.md) #### What is it build on? diff --git a/docker/README.md b/docker/README.md index f7add18..5a6ecde 100644 --- a/docker/README.md +++ b/docker/README.md @@ -1,9 +1,12 @@ -# Docker +# Deploy using Docker + > **Note:** To run and use Conduit you should probably use it with a Domain or Subdomain behind a reverse proxy (like Nginx, Traefik, Apache, ...) with a Lets Encrypt certificate. -This text is also available at the [official wiki](https://git.koesters.xyz/timo/conduit/wiki/docker). -## Build & Dockerfile +## Docker + +### Build & Dockerfile + The Dockerfile provided by Conduit has two stages, each of which creates an image. 1. **Builder:** Builds the binary from local context or by cloning a git revision from the official repository. 2. **Runtime:** Copies the built binary from **Builder** and sets up the runtime environment, like creating a volume to persist the database and applying the correct permissions. @@ -31,7 +34,9 @@ docker build . -t conduit_homeserver:latest --build-arg CREATED=$(date -u +'%Y-% which also will tag the resulting image as `conduit_homeserver:latest`. **Note:** it ommits the two optional `build-arg`s. -## Run + +### Run + After building the image you can simply run it with ``` bash @@ -42,10 +47,13 @@ For detached mode, you also need to use the `-d` flag. You can pass in more env If you just want to test Conduit for a short time, you can use the `--rm` flag, which will clean up everything related to your container after you stop it. -# Docker-compose +## Docker-compose + If the docker command is not for you or your setup, you can also use one of the provided `docker-compose` files. Depending on your proxy setup, use the `docker-compose.traefik.yml` including `docker-compose.override.traefik.yml` or the normal `docker-compose.yml` for every other reverse proxy. -## Build + +### Build + To build the Conduit image with docker-compose, you first need to open and modify the `docker-compose.yml` file. There you need to comment the `image:` option and uncomment the `build:` option. Then call docker-compose with: ``` bash @@ -54,7 +62,9 @@ CREATED=$(date -u +'%Y-%m-%dT%H:%M:%SZ') VERSION=$(grep -m1 -o '[0-9].[0-9].[0-9 This will also start the container right afterwards, so if want it to run in detached mode, you also should use the `-d` flag. For possible `build-args`, please take a look at the above `Build & Dockerfile` section. -## Run + +### Run + If you already have built the image, you can just start the container and everything else in the compose file in detached mode with: ``` bash