mirror of
https://github.com/warp-tech/warpgate.git
synced 2024-09-20 06:46:17 +08:00
Updated Dockerfile & setup
This commit is contained in:
parent
890c5d8b5a
commit
99f35e9d6e
26
.dockerignore
Normal file
26
.dockerignore
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
# Generated by Cargo
|
||||||
|
# will have compiled files and executables
|
||||||
|
target
|
||||||
|
*/target
|
||||||
|
|
||||||
|
# These are backup files generated by rustfmt
|
||||||
|
**/*.rs.bk
|
||||||
|
|
||||||
|
# MSVC Windows builds of rustc generate these, which store debugging information
|
||||||
|
*.pdb
|
||||||
|
|
||||||
|
temp
|
||||||
|
host_key*
|
||||||
|
.vscode
|
||||||
|
|
||||||
|
# ---
|
||||||
|
|
||||||
|
data
|
||||||
|
config.*.yaml
|
||||||
|
config.yaml
|
||||||
|
|
||||||
|
.git
|
||||||
|
warpgate-web/dist
|
||||||
|
warpgate-web/node_modules
|
||||||
|
warpgate-web/src/admin/lib/api-client/
|
||||||
|
warpgate-web/src/gateway/lib/api-client/
|
|
@ -13,7 +13,7 @@ Warpgate is a smart SSH bastion host for Linux that can be used with _any_ SSH c
|
||||||
|
|
||||||
## Getting started & downloads
|
## Getting started & downloads
|
||||||
|
|
||||||
* See the [Getting started](https://github.com/warp-tech/warpgate/wiki/Getting-started) wiki page.
|
* See the [Getting started](https://github.com/warp-tech/warpgate/wiki/Getting-started) wiki page (or [Getting started on Docker](https://github.com/warp-tech/warpgate/wiki/Getting-started-on-Docker)).
|
||||||
* [Release / beta binaries](https://github.com/warp-tech/warpgate/releases)
|
* [Release / beta binaries](https://github.com/warp-tech/warpgate/releases)
|
||||||
* [Nightly builds](https://nightly.link/warp-tech/warpgate/workflows/build/main)
|
* [Nightly builds](https://nightly.link/warp-tech/warpgate/workflows/build/main)
|
||||||
|
|
||||||
|
|
|
@ -21,17 +21,10 @@ FROM debian:bullseye
|
||||||
LABEL maintainer=heywoodlh
|
LABEL maintainer=heywoodlh
|
||||||
|
|
||||||
COPY --from=build /opt/warpgate/target/release/warpgate /usr/local/bin/warpgate
|
COPY --from=build /opt/warpgate/target/release/warpgate /usr/local/bin/warpgate
|
||||||
COPY docker/run.sh /run.sh
|
|
||||||
|
|
||||||
ENV DEBIAN_FRONTEND noninteractive
|
|
||||||
|
|
||||||
RUN apt-get update \
|
|
||||||
&& apt-get install -y openssl \
|
|
||||||
&& rm -rf /var/lib/apt/lists/*
|
|
||||||
|
|
||||||
EXPOSE 2222
|
|
||||||
EXPOSE 8888
|
|
||||||
|
|
||||||
VOLUME /data
|
VOLUME /data
|
||||||
|
|
||||||
ENTRYPOINT ["/run.sh"]
|
ENV DOCKER 1
|
||||||
|
|
||||||
|
ENTRYPOINT ["warpgate", "--config", "/data/warpgate.yaml"]
|
||||||
|
CMD ["run"]
|
||||||
|
|
|
@ -1,45 +0,0 @@
|
||||||
#!/usr/bin/env bash
|
|
||||||
|
|
||||||
[[ -n ${ADMIN_USER} ]] || ADMIN_USER='admin'
|
|
||||||
[[ -n ${ADMIN_PASS} ]] || ADMIN_PASS='admin'
|
|
||||||
|
|
||||||
[[ -e /data/web-admin.certificate.pem ]] || openssl req -x509 -nodes -days 7300 -newkey rsa:4096 -keyout /data/web-admin.key.pem -out /data/web-admin.certificate.pem -subj "/C=PE/ST=Lima/L=Lima/O=Acme Inc. /OU=IT Department/CN=acme.com"
|
|
||||||
|
|
||||||
password_hash=$(echo -n "${ADMIN_PASS}" | warpgate hash | cat)
|
|
||||||
|
|
||||||
|
|
||||||
[[ -f '/data/warpgate.yaml' ]] || cat << EOF > /data/warpgate.yaml
|
|
||||||
---
|
|
||||||
targets:
|
|
||||||
- name: web-admin
|
|
||||||
allow_roles:
|
|
||||||
- "warpgate:admin"
|
|
||||||
web_admin: {}
|
|
||||||
users:
|
|
||||||
- username: ${ADMIN_USER}
|
|
||||||
credentials:
|
|
||||||
- type: password
|
|
||||||
hash: "${password_hash}"
|
|
||||||
roles:
|
|
||||||
- "warpgate:admin"
|
|
||||||
roles:
|
|
||||||
- name: "warpgate:admin"
|
|
||||||
recordings:
|
|
||||||
enable: true
|
|
||||||
path: /data/recordings
|
|
||||||
web_admin:
|
|
||||||
enable: true
|
|
||||||
listen: "0.0.0.0:8888"
|
|
||||||
certificate: /data/web-admin.certificate.pem
|
|
||||||
key: /data/web-admin.key.pem
|
|
||||||
database_url: "sqlite:/data/db"
|
|
||||||
ssh:
|
|
||||||
listen: "0.0.0.0:2222"
|
|
||||||
keys: /data/ssh-keys
|
|
||||||
client_key: "./client_key"
|
|
||||||
retention: 7days
|
|
||||||
EOF
|
|
||||||
|
|
||||||
[[ -L /etc/warpgate.yaml ]] || ln -s /data/warpgate.yaml /etc/warpgate.yaml
|
|
||||||
|
|
||||||
warpgate $@
|
|
|
@ -23,6 +23,16 @@ pub(crate) async fn command(cli: &crate::Cli) -> Result<()> {
|
||||||
std::process::exit(1);
|
std::process::exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
let is_docker = std::env::var("DOCKER").is_ok();
|
||||||
|
|
||||||
|
if !atty::is(atty::Stream::Stdin) {
|
||||||
|
error!("Please run this command from an interactive terminal.");
|
||||||
|
if is_docker {
|
||||||
|
info!("(have you forgotten `-it`?)");
|
||||||
|
}
|
||||||
|
std::process::exit(1);
|
||||||
|
}
|
||||||
|
|
||||||
let mut config_dir = cli.config.parent().unwrap_or_else(|| Path::new(&"."));
|
let mut config_dir = cli.config.parent().unwrap_or_else(|| Path::new(&"."));
|
||||||
if config_dir.as_os_str().is_empty() {
|
if config_dir.as_os_str().is_empty() {
|
||||||
config_dir = Path::new(&".");
|
config_dir = Path::new(&".");
|
||||||
|
@ -52,10 +62,14 @@ pub(crate) async fn command(cli: &crate::Cli) -> Result<()> {
|
||||||
|
|
||||||
// ---
|
// ---
|
||||||
|
|
||||||
let data_path: String = dialoguer::Input::with_theme(&theme)
|
let data_path: String = if is_docker {
|
||||||
|
"/data".to_owned()
|
||||||
|
} else {
|
||||||
|
dialoguer::Input::with_theme(&theme)
|
||||||
.default("/var/lib/warpgate".into())
|
.default("/var/lib/warpgate".into())
|
||||||
.with_prompt("Directory to store app data (up to a few MB) in")
|
.with_prompt("Directory to store app data (up to a few MB) in")
|
||||||
.interact_text()?;
|
.interact_text()?
|
||||||
|
};
|
||||||
|
|
||||||
let db_path = PathBuf::from(&data_path).join("db");
|
let db_path = PathBuf::from(&data_path).join("db");
|
||||||
create_dir_all(&db_path)?;
|
create_dir_all(&db_path)?;
|
||||||
|
@ -72,7 +86,7 @@ pub(crate) async fn command(cli: &crate::Cli) -> Result<()> {
|
||||||
store.database_url = Secret::new(database_url);
|
store.database_url = Secret::new(database_url);
|
||||||
|
|
||||||
// ---
|
// ---
|
||||||
|
if !is_docker {
|
||||||
store.ssh.listen = dialoguer::Input::with_theme(&theme)
|
store.ssh.listen = dialoguer::Input::with_theme(&theme)
|
||||||
.default(SSHConfig::default().listen)
|
.default(SSHConfig::default().listen)
|
||||||
.with_prompt("Endpoint to listen for SSH connections on")
|
.with_prompt("Endpoint to listen for SSH connections on")
|
||||||
|
@ -84,10 +98,11 @@ pub(crate) async fn command(cli: &crate::Cli) -> Result<()> {
|
||||||
.default(HTTPConfig::default().listen)
|
.default(HTTPConfig::default().listen)
|
||||||
.with_prompt("Endpoint to listen for HTTP connections on")
|
.with_prompt("Endpoint to listen for HTTP connections on")
|
||||||
.interact_text()?;
|
.interact_text()?;
|
||||||
|
}
|
||||||
|
|
||||||
if store.http.enable {
|
if store.http.enable {
|
||||||
store.targets.push(Target {
|
store.targets.push(Target {
|
||||||
name: "web-admin".to_owned(),
|
name: "Web admin".to_owned(),
|
||||||
allow_roles: vec!["warpgate:admin".to_owned()],
|
allow_roles: vec!["warpgate:admin".to_owned()],
|
||||||
options: TargetOptions::WebAdmin(TargetWebAdminOptions {}),
|
options: TargetOptions::WebAdmin(TargetWebAdminOptions {}),
|
||||||
});
|
});
|
||||||
|
@ -173,11 +188,15 @@ pub(crate) async fn command(cli: &crate::Cli) -> Result<()> {
|
||||||
info!(" * Password: <your password>");
|
info!(" * Password: <your password>");
|
||||||
info!("");
|
info!("");
|
||||||
info!("You can now start Warpgate with:");
|
info!("You can now start Warpgate with:");
|
||||||
|
if is_docker {
|
||||||
|
info!("docker run -p 8888:8888 -p 2222:2222 -it -v <your data dir>:/data ghcr.io/warp-tech/warpgate");
|
||||||
|
} else {
|
||||||
info!(
|
info!(
|
||||||
" {} --config {} run",
|
" {} --config {} run",
|
||||||
std::env::args().next().unwrap(),
|
std::env::args().next().unwrap(),
|
||||||
cli.config.display()
|
cli.config.display()
|
||||||
);
|
);
|
||||||
|
}
|
||||||
|
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue