From 99f35e9d6e76578d633b52ee5a00ddac3ad4378f Mon Sep 17 00:00:00 2001
From: Eugene Pankov <e@ajenti.org>
Date: Tue, 5 Jul 2022 21:32:05 +0200
Subject: [PATCH] Updated Dockerfile & setup

---
 .dockerignore                  | 26 +++++++++++++++
 README.md                      |  2 +-
 docker/Dockerfile              | 15 +++------
 docker/run.sh                  | 45 --------------------------
 warpgate/src/commands/setup.rs | 59 ++++++++++++++++++++++------------
 5 files changed, 70 insertions(+), 77 deletions(-)
 create mode 100644 .dockerignore
 delete mode 100755 docker/run.sh

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..b882301
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,26 @@
+# Generated by Cargo
+# will have compiled files and executables
+target
+*/target
+
+# These are backup files generated by rustfmt
+**/*.rs.bk
+
+# MSVC Windows builds of rustc generate these, which store debugging information
+*.pdb
+
+temp
+host_key*
+.vscode
+
+# ---
+
+data
+config.*.yaml
+config.yaml
+
+.git
+warpgate-web/dist
+warpgate-web/node_modules
+warpgate-web/src/admin/lib/api-client/
+warpgate-web/src/gateway/lib/api-client/
diff --git a/README.md b/README.md
index 99b2078..92ab5ff 100644
--- a/README.md
+++ b/README.md
@@ -13,7 +13,7 @@ Warpgate is a smart SSH bastion host for Linux that can be used with _any_ SSH c
 
 ## Getting started & downloads
 
-* See the [Getting started](https://github.com/warp-tech/warpgate/wiki/Getting-started) wiki page.
+* See the [Getting started](https://github.com/warp-tech/warpgate/wiki/Getting-started) wiki page (or [Getting started on Docker](https://github.com/warp-tech/warpgate/wiki/Getting-started-on-Docker)).
 * [Release / beta binaries](https://github.com/warp-tech/warpgate/releases)
 * [Nightly builds](https://nightly.link/warp-tech/warpgate/workflows/build/main)
 
diff --git a/docker/Dockerfile b/docker/Dockerfile
index a2fc55c..18813e6 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -21,17 +21,10 @@ FROM debian:bullseye
 LABEL maintainer=heywoodlh
 
 COPY --from=build /opt/warpgate/target/release/warpgate /usr/local/bin/warpgate
-COPY docker/run.sh /run.sh
-
-ENV DEBIAN_FRONTEND noninteractive
-
-RUN apt-get update \
-    && apt-get install -y openssl \
-    && rm -rf /var/lib/apt/lists/*
-
-EXPOSE 2222
-EXPOSE 8888
 
 VOLUME /data
 
-ENTRYPOINT ["/run.sh"]
+ENV DOCKER 1
+
+ENTRYPOINT ["warpgate", "--config", "/data/warpgate.yaml"]
+CMD ["run"]
diff --git a/docker/run.sh b/docker/run.sh
deleted file mode 100755
index 69b4234..0000000
--- a/docker/run.sh
+++ /dev/null
@@ -1,45 +0,0 @@
-#!/usr/bin/env bash
-
-[[ -n ${ADMIN_USER} ]] || ADMIN_USER='admin'
-[[ -n ${ADMIN_PASS} ]] || ADMIN_PASS='admin'
-
-[[ -e /data/web-admin.certificate.pem ]] || openssl req -x509 -nodes -days 7300 -newkey rsa:4096 -keyout /data/web-admin.key.pem -out /data/web-admin.certificate.pem -subj "/C=PE/ST=Lima/L=Lima/O=Acme Inc. /OU=IT Department/CN=acme.com"
-
-password_hash=$(echo -n "${ADMIN_PASS}" | warpgate hash | cat)
-
-
-[[ -f '/data/warpgate.yaml'  ]] || cat << EOF > /data/warpgate.yaml
----
-targets:
-  - name: web-admin
-    allow_roles:
-      - "warpgate:admin"
-    web_admin: {}
-users:
-  - username: ${ADMIN_USER}
-    credentials:
-      - type: password
-        hash: "${password_hash}"
-    roles:
-      - "warpgate:admin"
-roles:
-  - name: "warpgate:admin"
-recordings:
-  enable: true
-  path: /data/recordings
-web_admin:
-  enable: true
-  listen: "0.0.0.0:8888"
-  certificate: /data/web-admin.certificate.pem
-  key: /data/web-admin.key.pem
-database_url: "sqlite:/data/db"
-ssh:
-  listen: "0.0.0.0:2222"
-  keys: /data/ssh-keys
-  client_key: "./client_key"
-retention: 7days
-EOF
-
-[[ -L /etc/warpgate.yaml  ]] || ln -s /data/warpgate.yaml /etc/warpgate.yaml
-
-warpgate $@
diff --git a/warpgate/src/commands/setup.rs b/warpgate/src/commands/setup.rs
index 7a4fcb6..8d09553 100644
--- a/warpgate/src/commands/setup.rs
+++ b/warpgate/src/commands/setup.rs
@@ -23,6 +23,16 @@ pub(crate) async fn command(cli: &crate::Cli) -> Result<()> {
         std::process::exit(1);
     }
 
+    let is_docker = std::env::var("DOCKER").is_ok();
+
+    if !atty::is(atty::Stream::Stdin) {
+        error!("Please run this command from an interactive terminal.");
+        if is_docker {
+            info!("(have you forgotten `-it`?)");
+        }
+        std::process::exit(1);
+    }
+
     let mut config_dir = cli.config.parent().unwrap_or_else(|| Path::new(&"."));
     if config_dir.as_os_str().is_empty() {
         config_dir = Path::new(&".");
@@ -52,10 +62,14 @@ pub(crate) async fn command(cli: &crate::Cli) -> Result<()> {
 
     // ---
 
-    let data_path: String = dialoguer::Input::with_theme(&theme)
-        .default("/var/lib/warpgate".into())
-        .with_prompt("Directory to store app data (up to a few MB) in")
-        .interact_text()?;
+    let data_path: String = if is_docker {
+        "/data".to_owned()
+    } else {
+        dialoguer::Input::with_theme(&theme)
+            .default("/var/lib/warpgate".into())
+            .with_prompt("Directory to store app data (up to a few MB) in")
+            .interact_text()?
+    };
 
     let db_path = PathBuf::from(&data_path).join("db");
     create_dir_all(&db_path)?;
@@ -72,22 +86,23 @@ pub(crate) async fn command(cli: &crate::Cli) -> Result<()> {
     store.database_url = Secret::new(database_url);
 
     // ---
+    if !is_docker {
+        store.ssh.listen = dialoguer::Input::with_theme(&theme)
+            .default(SSHConfig::default().listen)
+            .with_prompt("Endpoint to listen for SSH connections on")
+            .interact_text()?;
 
-    store.ssh.listen = dialoguer::Input::with_theme(&theme)
-        .default(SSHConfig::default().listen)
-        .with_prompt("Endpoint to listen for SSH connections on")
-        .interact_text()?;
+        // ---
 
-    // ---
-
-    store.http.listen = dialoguer::Input::with_theme(&theme)
-        .default(HTTPConfig::default().listen)
-        .with_prompt("Endpoint to listen for HTTP connections on")
-        .interact_text()?;
+        store.http.listen = dialoguer::Input::with_theme(&theme)
+            .default(HTTPConfig::default().listen)
+            .with_prompt("Endpoint to listen for HTTP connections on")
+            .interact_text()?;
+    }
 
     if store.http.enable {
         store.targets.push(Target {
-            name: "web-admin".to_owned(),
+            name: "Web admin".to_owned(),
             allow_roles: vec!["warpgate:admin".to_owned()],
             options: TargetOptions::WebAdmin(TargetWebAdminOptions {}),
         });
@@ -173,11 +188,15 @@ pub(crate) async fn command(cli: &crate::Cli) -> Result<()> {
     info!("  * Password: <your password>");
     info!("");
     info!("You can now start Warpgate with:");
-    info!(
-        "  {} --config {} run",
-        std::env::args().next().unwrap(),
-        cli.config.display()
-    );
+    if is_docker {
+        info!("docker run -p 8888:8888 -p 2222:2222 -it -v <your data dir>:/data ghcr.io/warp-tech/warpgate");
+    } else {
+        info!(
+            "  {} --config {} run",
+            std::env::args().next().unwrap(),
+            cli.config.display()
+        );
+    }
 
     Ok(())
 }