From 335a33c901b5ed13b665d3256c6616b4ca7b2c03 Mon Sep 17 00:00:00 2001 From: Rudi Floren Date: Fri, 30 Oct 2020 02:57:22 +0100 Subject: [PATCH 1/3] Fix and Improve Complement testing Dockerfile --- tests/Complement.Dockerfile | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/tests/Complement.Dockerfile b/tests/Complement.Dockerfile index f32f8786..f3cbd99c 100644 --- a/tests/Complement.Dockerfile +++ b/tests/Complement.Dockerfile @@ -14,17 +14,25 @@ RUN cargo build FROM valkum/docker-rust-ci:latest WORKDIR /workdir -RUN curl -OL "https://github.com/caddyserver/caddy/releases/download/v2.1.1/caddy_2.1.1_linux_amd64.tar.gz" -RUN tar xzf caddy_2.1.1_linux_amd64.tar.gz +RUN curl -OL "https://github.com/caddyserver/caddy/releases/download/v2.2.1/caddy_2.2.1_linux_amd64.tar.gz" +RUN tar xzf caddy_2.2.1_linux_amd64.tar.gz COPY --from=builder /workdir/target/debug/conduit /workdir/conduit COPY Rocket-example.toml Rocket.toml ENV SERVER_NAME=localhost +ENV ROCKET_LOG=normal -RUN sed -i "s/server_name = \"your.server.name\"/server_name = \"${SERVER_NAME}\"/g" Rocket.toml RUN sed -i "s/port = 14004/port = 8008/g" Rocket.toml +RUN echo "federation_enabled = true" >> Rocket.toml +# Enabled Caddy auto cert generation for complement provided CA. +RUN echo '{"apps":{"http":{"https_port":8448,"servers":{"srv0":{"listen":[":8448"],"routes":[{"match":[{"host":["your.server.name"]}],"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"localhost:8008"}]}]}]}],"terminal":true}],"tls_connection_policies": [{"match": {"sni": ["your.server.name"]}}]}}},"pki": {"certificate_authorities": {"local": {"name": "Complement CA","root": {"certificate": "/ca/ca.crt","private_key": "/ca/ca.key"},"intermediate": {"certificate": "/ca/ca.crt","private_key": "/ca/ca.key"}}}},"tls":{"automation":{"policies":[{"subjects":["your.server.name"],"issuer":{"module":"internal"},"on_demand":true},{"issuer":{"module":"internal", "ca": "local"}}]}}}}' > caddy.json + EXPOSE 8008 8448 -CMD /workdir/caddy reverse-proxy --from ${SERVER_NAME}:8448 --to localhost:8008 > /dev/null 2>&1 & /workdir/conduit \ No newline at end of file + +CMD sed -i "s/server_name = \"your.server.name\"/server_name = \"${SERVER_NAME}\"/g" Rocket.toml && \ + sed -i "s/your.server.name/${SERVER_NAME}/g" caddy.json && \ + /workdir/caddy start --config caddy.json > /dev/null && \ + /workdir/conduit \ No newline at end of file From e4c5ed96a9612b0e10a42bb108cf2ae58a776d3a Mon Sep 17 00:00:00 2001 From: Rudi Floren Date: Mon, 9 Nov 2020 17:21:35 +0100 Subject: [PATCH 2/3] Sync with newest complement changes --- tests/Complement.Dockerfile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/Complement.Dockerfile b/tests/Complement.Dockerfile index f3cbd99c..21c3105a 100644 --- a/tests/Complement.Dockerfile +++ b/tests/Complement.Dockerfile @@ -32,7 +32,9 @@ RUN echo '{"apps":{"http":{"https_port":8448,"servers":{"srv0":{"listen":[":8448 EXPOSE 8008 8448 -CMD sed -i "s/server_name = \"your.server.name\"/server_name = \"${SERVER_NAME}\"/g" Rocket.toml && \ +CMD ([ -z "${COMPLEMENT_CA}" ] && echo "Error: Need Complement CA support" && true) || \ + sed -i "s/server_name = \"your.server.name\"/server_name = \"${SERVER_NAME}\"/g" Rocket.toml && \ sed -i "s/your.server.name/${SERVER_NAME}/g" caddy.json && \ /workdir/caddy start --config caddy.json > /dev/null && \ - /workdir/conduit \ No newline at end of file + /workdir/conduit + \ No newline at end of file From fc08b13db1987064c3a9532a9cda0e4d7d0bd25a Mon Sep 17 00:00:00 2001 From: Rudi Floren Date: Mon, 9 Nov 2020 17:32:04 +0100 Subject: [PATCH 3/3] Change CA to PKI per naming in Complement --- tests/Complement.Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/Complement.Dockerfile b/tests/Complement.Dockerfile index 21c3105a..306105a7 100644 --- a/tests/Complement.Dockerfile +++ b/tests/Complement.Dockerfile @@ -32,7 +32,7 @@ RUN echo '{"apps":{"http":{"https_port":8448,"servers":{"srv0":{"listen":[":8448 EXPOSE 8008 8448 -CMD ([ -z "${COMPLEMENT_CA}" ] && echo "Error: Need Complement CA support" && true) || \ +CMD ([ -z "${COMPLEMENT_CA}" ] && echo "Error: Need Complement PKI support" && true) || \ sed -i "s/server_name = \"your.server.name\"/server_name = \"${SERVER_NAME}\"/g" Rocket.toml && \ sed -i "s/your.server.name/${SERVER_NAME}/g" caddy.json && \ /workdir/caddy start --config caddy.json > /dev/null && \