warp-tech/warpgate
1
1
Fork 0
mirror of https://github.com/warp-tech/warpgate.git synced 2024-09-20 06:46:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

added docker image

Browse source
This commit is contained in:
Spencer Heywood 2022-04-11 00:56:19 -06:00
parent 6251492dd0
commit 465c164953
3 changed files with 86 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
docker/Dockerfile Normal file
View file

@ -0,0 +1,36 @@
FROM rust:bullseye AS build
ENV DEBIAN_FRONTEND noninteractive
RUN curl -fsSL https://deb.nodesource.com/setup_17.x | bash - \
&& apt-get update \
&& apt-get install -y nodejs openjdk-17-jdk \
&& rm -rf /var/lib/apt/lists/* \
&& npm install -g yarn \
&& cargo install just
RUN git clone https://github.com/Eugeny/warpgate /opt/warpgate \
&& cd /opt/warpgate \
&& just yarn \
&& just yarn build \
&& cargo build
FROM debian:bullseye
LABEL maintainer=heywoodlh
COPY --from=build /opt/warpgate/target/debug/warpgate /usr/local/bin/warpgate
COPY run.sh /run.sh
COPY expect.sh /expect.sh
ENV DEBIAN_FRONTEND noninteractive
RUN apt-get update \
&& apt-get install -y expect openssl \
&& rm -rf /var/lib/apt/lists/*
EXPOSE 2222
EXPOSE 8888
VOLUME /data
ENTRYPOINT ["/run.sh"]

8
docker/expect.sh Executable file
View file

@ -0,0 +1,8 @@
#!/usr/bin/expect -f
set password [lindex $argv 0];
spawn warpgate hash
expect "*Password to be hashed*"
send -- "$password\r"
expect eof

42
docker/run.sh Executable file
View file

@ -0,0 +1,42 @@
#!/usr/bin/env bash
[[ -n ${ADMIN_USER} ]] || ADMIN_USER='admin'
[[ -n ${ADMIN_PASS} ]] || ADMIN_PASS='admin'
[[ -e /data/web-admin.certificate.pem ]] || openssl req -x509 -nodes -days 7300 -newkey rsa:4096 -keyout /data/web-admin.key.pem -out /data/web-admin.certificate.pem -subj "/C=PE/ST=Lima/L=Lima/O=Acme Inc. /OU=IT Department/CN=acme.com"
password_hash=$(/expect.sh "${ADMIN_PASS}" | tail -1 | sed 's/\r$//')
cat << EOF > /etc/warpgate.yaml
---
targets:
- name: web-admin
allow_roles:
- "warpgate:admin"
web_admin: {}
users:
- username: ${ADMIN_USER}
credentials:
- type: password
hash: "${password_hash}"
roles:
- "warpgate:admin"
roles:
- name: "warpgate:admin"
recordings:
enable: true
path: /data/recordings
web_admin:
enable: true
listen: "0.0.0.0:8888"
certificate: /data/web-admin.certificate.pem
key: /data/web-admin.key.pem
database_url: "sqlite:/data/db"
ssh:
listen: "0.0.0.0:2222"
keys: /data/ssh-keys
client_key: "./client_key"
retention: 7days
EOF
warpgate -c /etc/warpgate.yaml $@