warp-tech/warpgate
1
1
Fork 0
mirror of https://github.com/warp-tech/warpgate.git synced 2024-09-19 22:36:19 +08:00
Code Issues Packages Projects Releases Wiki Activity

Updated Dockerfile & setup

Browse source
This commit is contained in:
Eugene Pankov 2022-07-05 21:32:05 +02:00
parent 890c5d8b5a
commit 99f35e9d6e
No known key found for this signature in database
GPG key ID: 5896FCBBDD1CF4F4
5 changed files with 70 additions and 77 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
.dockerignore Normal file
View file

@ -0,0 +1,26 @@
# Generated by Cargo
# will have compiled files and executables
target
*/target
# These are backup files generated by rustfmt
**/*.rs.bk
# MSVC Windows builds of rustc generate these, which store debugging information
*.pdb
temp
host_key*
.vscode
# ---
data
config.*.yaml
config.yaml
.git
warpgate-web/dist
warpgate-web/node_modules
warpgate-web/src/admin/lib/api-client/
warpgate-web/src/gateway/lib/api-client/

2
README.md
View file

@ -13,7 +13,7 @@ Warpgate is a smart SSH bastion host for Linux that can be used with _any_ SSH c
## Getting started & downloads
* See the [Getting started](https://github.com/warp-tech/warpgate/wiki/Getting-started) wiki page.
* See the [Getting started](https://github.com/warp-tech/warpgate/wiki/Getting-started) wiki page (or [Getting started on Docker](https://github.com/warp-tech/warpgate/wiki/Getting-started-on-Docker)).
* [Release / beta binaries](https://github.com/warp-tech/warpgate/releases)
* [Nightly builds](https://nightly.link/warp-tech/warpgate/workflows/build/main)

15
docker/Dockerfile
View file

@ -21,17 +21,10 @@ FROM debian:bullseye
LABEL maintainer=heywoodlh
COPY --from=build /opt/warpgate/target/release/warpgate /usr/local/bin/warpgate
COPY docker/run.sh /run.sh
ENV DEBIAN_FRONTEND noninteractive
RUN apt-get update \
&& apt-get install -y openssl \
&& rm -rf /var/lib/apt/lists/*
EXPOSE 2222
EXPOSE 8888
VOLUME /data
ENTRYPOINT ["/run.sh"]
ENV DOCKER 1
ENTRYPOINT ["warpgate", "--config", "/data/warpgate.yaml"]
CMD ["run"]

45
docker/run.sh
View file

@ -1,45 +0,0 @@
#!/usr/bin/env bash
[[ -n ${ADMIN_USER} ]] || ADMIN_USER='admin'
[[ -n ${ADMIN_PASS} ]] || ADMIN_PASS='admin'
[[ -e /data/web-admin.certificate.pem ]] || openssl req -x509 -nodes -days 7300 -newkey rsa:4096 -keyout /data/web-admin.key.pem -out /data/web-admin.certificate.pem -subj "/C=PE/ST=Lima/L=Lima/O=Acme Inc. /OU=IT Department/CN=acme.com"
password_hash=$(echo -n "${ADMIN_PASS}" | warpgate hash | cat)
[[ -f '/data/warpgate.yaml' ]] || cat << EOF > /data/warpgate.yaml
---
targets:
- name: web-admin
allow_roles:
- "warpgate:admin"
web_admin: {}
users:
- username: ${ADMIN_USER}
credentials:
- type: password
hash: "${password_hash}"
roles:
- "warpgate:admin"
roles:
- name: "warpgate:admin"
recordings:
enable: true
path: /data/recordings
web_admin:
enable: true
listen: "0.0.0.0:8888"
certificate: /data/web-admin.certificate.pem
key: /data/web-admin.key.pem
database_url: "sqlite:/data/db"
ssh:
listen: "0.0.0.0:2222"
keys: /data/ssh-keys
client_key: "./client_key"
retention: 7days
EOF
[[ -L /etc/warpgate.yaml ]] || ln -s /data/warpgate.yaml /etc/warpgate.yaml
warpgate $@

59
warpgate/src/commands/setup.rs
View file

@ -23,6 +23,16 @@ pub(crate) async fn command(cli: &crate::Cli) -> Result<()> {
std::process::exit(1);
}
let is_docker = std::env::var("DOCKER").is_ok();
if !atty::is(atty::Stream::Stdin) {
error!("Please run this command from an interactive terminal.");
if is_docker {
info!("(have you forgotten `-it`?)");
}
std::process::exit(1);
}
let mut config_dir = cli.config.parent().unwrap_or_else(|| Path::new(&"."));
if config_dir.as_os_str().is_empty() {
config_dir = Path::new(&".");
@ -52,10 +62,14 @@ pub(crate) async fn command(cli: &crate::Cli) -> Result<()> {
// ---
let data_path: String = dialoguer::Input::with_theme(&theme)
.default("/var/lib/warpgate".into())
.with_prompt("Directory to store app data (up to a few MB) in")
.interact_text()?;
let data_path: String = if is_docker {
"/data".to_owned()
} else {
dialoguer::Input::with_theme(&theme)
.default("/var/lib/warpgate".into())
.with_prompt("Directory to store app data (up to a few MB) in")
.interact_text()?
};
let db_path = PathBuf::from(&data_path).join("db");
create_dir_all(&db_path)?;
@ -72,22 +86,23 @@ pub(crate) async fn command(cli: &crate::Cli) -> Result<()> {
store.database_url = Secret::new(database_url);
// ---
if !is_docker {
store.ssh.listen = dialoguer::Input::with_theme(&theme)
.default(SSHConfig::default().listen)
.with_prompt("Endpoint to listen for SSH connections on")
.interact_text()?;
store.ssh.listen = dialoguer::Input::with_theme(&theme)
.default(SSHConfig::default().listen)
.with_prompt("Endpoint to listen for SSH connections on")
.interact_text()?;
// ---
// ---
store.http.listen = dialoguer::Input::with_theme(&theme)
.default(HTTPConfig::default().listen)
.with_prompt("Endpoint to listen for HTTP connections on")
.interact_text()?;
store.http.listen = dialoguer::Input::with_theme(&theme)
.default(HTTPConfig::default().listen)
.with_prompt("Endpoint to listen for HTTP connections on")
.interact_text()?;
}
if store.http.enable {
store.targets.push(Target {
name: "web-admin".to_owned(),
name: "Web admin".to_owned(),
allow_roles: vec!["warpgate:admin".to_owned()],
options: TargetOptions::WebAdmin(TargetWebAdminOptions {}),
});
@ -173,11 +188,15 @@ pub(crate) async fn command(cli: &crate::Cli) -> Result<()> {
info!(" * Password: <your password>");
info!("");
info!("You can now start Warpgate with:");
info!(
" {} --config {} run",
std::env::args().next().unwrap(),
cli.config.display()
);
if is_docker {
info!("docker run -p 8888:8888 -p 2222:2222 -it -v <your data dir>:/data ghcr.io/warp-tech/warpgate");
} else {
info!(
" {} --config {} run",
std::env::args().next().unwrap(),
cli.config.display()
);
}
Ok(())
}