mirror of
https://github.com/warp-tech/warpgate.git
synced 2024-09-20 06:46:17 +08:00
Updated Dockerfile & setup
This commit is contained in:
parent
890c5d8b5a
commit
99f35e9d6e
26
.dockerignore
Normal file
26
.dockerignore
Normal file
|
@ -0,0 +1,26 @@
|
|||
# Generated by Cargo
|
||||
# will have compiled files and executables
|
||||
target
|
||||
*/target
|
||||
|
||||
# These are backup files generated by rustfmt
|
||||
**/*.rs.bk
|
||||
|
||||
# MSVC Windows builds of rustc generate these, which store debugging information
|
||||
*.pdb
|
||||
|
||||
temp
|
||||
host_key*
|
||||
.vscode
|
||||
|
||||
# ---
|
||||
|
||||
data
|
||||
config.*.yaml
|
||||
config.yaml
|
||||
|
||||
.git
|
||||
warpgate-web/dist
|
||||
warpgate-web/node_modules
|
||||
warpgate-web/src/admin/lib/api-client/
|
||||
warpgate-web/src/gateway/lib/api-client/
|
|
@ -13,7 +13,7 @@ Warpgate is a smart SSH bastion host for Linux that can be used with _any_ SSH c
|
|||
|
||||
## Getting started & downloads
|
||||
|
||||
* See the [Getting started](https://github.com/warp-tech/warpgate/wiki/Getting-started) wiki page.
|
||||
* See the [Getting started](https://github.com/warp-tech/warpgate/wiki/Getting-started) wiki page (or [Getting started on Docker](https://github.com/warp-tech/warpgate/wiki/Getting-started-on-Docker)).
|
||||
* [Release / beta binaries](https://github.com/warp-tech/warpgate/releases)
|
||||
* [Nightly builds](https://nightly.link/warp-tech/warpgate/workflows/build/main)
|
||||
|
||||
|
|
|
@ -21,17 +21,10 @@ FROM debian:bullseye
|
|||
LABEL maintainer=heywoodlh
|
||||
|
||||
COPY --from=build /opt/warpgate/target/release/warpgate /usr/local/bin/warpgate
|
||||
COPY docker/run.sh /run.sh
|
||||
|
||||
ENV DEBIAN_FRONTEND noninteractive
|
||||
|
||||
RUN apt-get update \
|
||||
&& apt-get install -y openssl \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
EXPOSE 2222
|
||||
EXPOSE 8888
|
||||
|
||||
VOLUME /data
|
||||
|
||||
ENTRYPOINT ["/run.sh"]
|
||||
ENV DOCKER 1
|
||||
|
||||
ENTRYPOINT ["warpgate", "--config", "/data/warpgate.yaml"]
|
||||
CMD ["run"]
|
||||
|
|
|
@ -1,45 +0,0 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
[[ -n ${ADMIN_USER} ]] || ADMIN_USER='admin'
|
||||
[[ -n ${ADMIN_PASS} ]] || ADMIN_PASS='admin'
|
||||
|
||||
[[ -e /data/web-admin.certificate.pem ]] || openssl req -x509 -nodes -days 7300 -newkey rsa:4096 -keyout /data/web-admin.key.pem -out /data/web-admin.certificate.pem -subj "/C=PE/ST=Lima/L=Lima/O=Acme Inc. /OU=IT Department/CN=acme.com"
|
||||
|
||||
password_hash=$(echo -n "${ADMIN_PASS}" | warpgate hash | cat)
|
||||
|
||||
|
||||
[[ -f '/data/warpgate.yaml' ]] || cat << EOF > /data/warpgate.yaml
|
||||
---
|
||||
targets:
|
||||
- name: web-admin
|
||||
allow_roles:
|
||||
- "warpgate:admin"
|
||||
web_admin: {}
|
||||
users:
|
||||
- username: ${ADMIN_USER}
|
||||
credentials:
|
||||
- type: password
|
||||
hash: "${password_hash}"
|
||||
roles:
|
||||
- "warpgate:admin"
|
||||
roles:
|
||||
- name: "warpgate:admin"
|
||||
recordings:
|
||||
enable: true
|
||||
path: /data/recordings
|
||||
web_admin:
|
||||
enable: true
|
||||
listen: "0.0.0.0:8888"
|
||||
certificate: /data/web-admin.certificate.pem
|
||||
key: /data/web-admin.key.pem
|
||||
database_url: "sqlite:/data/db"
|
||||
ssh:
|
||||
listen: "0.0.0.0:2222"
|
||||
keys: /data/ssh-keys
|
||||
client_key: "./client_key"
|
||||
retention: 7days
|
||||
EOF
|
||||
|
||||
[[ -L /etc/warpgate.yaml ]] || ln -s /data/warpgate.yaml /etc/warpgate.yaml
|
||||
|
||||
warpgate $@
|
|
@ -23,6 +23,16 @@ pub(crate) async fn command(cli: &crate::Cli) -> Result<()> {
|
|||
std::process::exit(1);
|
||||
}
|
||||
|
||||
let is_docker = std::env::var("DOCKER").is_ok();
|
||||
|
||||
if !atty::is(atty::Stream::Stdin) {
|
||||
error!("Please run this command from an interactive terminal.");
|
||||
if is_docker {
|
||||
info!("(have you forgotten `-it`?)");
|
||||
}
|
||||
std::process::exit(1);
|
||||
}
|
||||
|
||||
let mut config_dir = cli.config.parent().unwrap_or_else(|| Path::new(&"."));
|
||||
if config_dir.as_os_str().is_empty() {
|
||||
config_dir = Path::new(&".");
|
||||
|
@ -52,10 +62,14 @@ pub(crate) async fn command(cli: &crate::Cli) -> Result<()> {
|
|||
|
||||
// ---
|
||||
|
||||
let data_path: String = dialoguer::Input::with_theme(&theme)
|
||||
.default("/var/lib/warpgate".into())
|
||||
.with_prompt("Directory to store app data (up to a few MB) in")
|
||||
.interact_text()?;
|
||||
let data_path: String = if is_docker {
|
||||
"/data".to_owned()
|
||||
} else {
|
||||
dialoguer::Input::with_theme(&theme)
|
||||
.default("/var/lib/warpgate".into())
|
||||
.with_prompt("Directory to store app data (up to a few MB) in")
|
||||
.interact_text()?
|
||||
};
|
||||
|
||||
let db_path = PathBuf::from(&data_path).join("db");
|
||||
create_dir_all(&db_path)?;
|
||||
|
@ -72,22 +86,23 @@ pub(crate) async fn command(cli: &crate::Cli) -> Result<()> {
|
|||
store.database_url = Secret::new(database_url);
|
||||
|
||||
// ---
|
||||
if !is_docker {
|
||||
store.ssh.listen = dialoguer::Input::with_theme(&theme)
|
||||
.default(SSHConfig::default().listen)
|
||||
.with_prompt("Endpoint to listen for SSH connections on")
|
||||
.interact_text()?;
|
||||
|
||||
store.ssh.listen = dialoguer::Input::with_theme(&theme)
|
||||
.default(SSHConfig::default().listen)
|
||||
.with_prompt("Endpoint to listen for SSH connections on")
|
||||
.interact_text()?;
|
||||
// ---
|
||||
|
||||
// ---
|
||||
|
||||
store.http.listen = dialoguer::Input::with_theme(&theme)
|
||||
.default(HTTPConfig::default().listen)
|
||||
.with_prompt("Endpoint to listen for HTTP connections on")
|
||||
.interact_text()?;
|
||||
store.http.listen = dialoguer::Input::with_theme(&theme)
|
||||
.default(HTTPConfig::default().listen)
|
||||
.with_prompt("Endpoint to listen for HTTP connections on")
|
||||
.interact_text()?;
|
||||
}
|
||||
|
||||
if store.http.enable {
|
||||
store.targets.push(Target {
|
||||
name: "web-admin".to_owned(),
|
||||
name: "Web admin".to_owned(),
|
||||
allow_roles: vec!["warpgate:admin".to_owned()],
|
||||
options: TargetOptions::WebAdmin(TargetWebAdminOptions {}),
|
||||
});
|
||||
|
@ -173,11 +188,15 @@ pub(crate) async fn command(cli: &crate::Cli) -> Result<()> {
|
|||
info!(" * Password: <your password>");
|
||||
info!("");
|
||||
info!("You can now start Warpgate with:");
|
||||
info!(
|
||||
" {} --config {} run",
|
||||
std::env::args().next().unwrap(),
|
||||
cli.config.display()
|
||||
);
|
||||
if is_docker {
|
||||
info!("docker run -p 8888:8888 -p 2222:2222 -it -v <your data dir>:/data ghcr.io/warp-tech/warpgate");
|
||||
} else {
|
||||
info!(
|
||||
" {} --config {} run",
|
||||
std::env::args().next().unwrap(),
|
||||
cli.config.display()
|
||||
);
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue