diff --git a/.gitignore b/.gitignore index 203fe051..1b5d37b8 100644 --- a/.gitignore +++ b/.gitignore @@ -61,6 +61,7 @@ conduit.db # Etc. **/*.rs.bk +cached_target # Nix artifacts /result* diff --git a/complement/Dockerfile b/complement/Dockerfile new file mode 100644 index 00000000..43416fa1 --- /dev/null +++ b/complement/Dockerfile @@ -0,0 +1,47 @@ +# For use in our CI only. This requires a build artifact created by a previous run pipline stage to be placed in cached_target/release/conduit +FROM registry.gitlab.com/jfowl/conduit-containers/rust-with-tools:commit-16a08e9b as builder +#FROM rust:latest as builder + +WORKDIR /workdir + +ARG RUSTC_WRAPPER +ARG AWS_ACCESS_KEY_ID +ARG AWS_SECRET_ACCESS_KEY +ARG SCCACHE_BUCKET +ARG SCCACHE_ENDPOINT +ARG SCCACHE_S3_USE_SSL + +COPY . . +RUN mkdir -p target/release +RUN test -e cached_target/release/conduit && cp cached_target/release/conduit target/release/conduit || cargo build --release + +## Actual image +FROM debian:bullseye +WORKDIR /workdir + +# Install caddy +RUN apt-get update && apt-get install -y debian-keyring debian-archive-keyring apt-transport-https curl && curl -1sLf 'https://dl.cloudsmith.io/public/caddy/testing/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-testing-archive-keyring.gpg && curl -1sLf 'https://dl.cloudsmith.io/public/caddy/testing/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-testing.list && apt-get update && apt-get install -y caddy + +COPY conduit-example.toml conduit.toml +COPY complement/caddy.json caddy.json + +ENV SERVER_NAME=localhost +ENV CONDUIT_CONFIG=/workdir/conduit.toml + +RUN sed -i "s/port = 6167/port = 8008/g" conduit.toml +RUN echo "allow_federation = true" >> conduit.toml +RUN echo "allow_encryption = true" >> conduit.toml +RUN echo "allow_registration = true" >> conduit.toml +RUN echo "log = \"warn,_=off,sled=off\"" >> conduit.toml +RUN sed -i "s/address = \"127.0.0.1\"/address = \"0.0.0.0\"/g" conduit.toml + +COPY --from=builder /workdir/target/release/conduit /workdir/conduit +RUN chmod +x /workdir/conduit + +EXPOSE 8008 8448 + +CMD uname -a && \ + sed -i "s/#server_name = \"your.server.name\"/server_name = \"${SERVER_NAME}\"/g" conduit.toml && \ + sed -i "s/your.server.name/${SERVER_NAME}/g" caddy.json && \ + caddy start --config caddy.json > /dev/null && \ + /workdir/conduit diff --git a/complement/README.md b/complement/README.md new file mode 100644 index 00000000..b86aab38 --- /dev/null +++ b/complement/README.md @@ -0,0 +1,13 @@ +# Running Conduit on Complement + +This assumes that you're familiar with complement, if not, please readme +[their readme](https://github.com/matrix-org/complement#running). + +Complement works with "base images", this directory (and Dockerfile) helps build the conduit complement-ready docker +image. + +To build, `cd` to the base directory of the workspace, and run this: + +`docker build -t complement-conduit:dev -f complement/Dockerfile .` + +Then use `complement-conduit:dev` as a base image for running complement tests. diff --git a/complement/caddy.json b/complement/caddy.json new file mode 100644 index 00000000..ea52c2c9 --- /dev/null +++ b/complement/caddy.json @@ -0,0 +1,72 @@ +{ + "logging": { + "logs": { + "default": { + "level": "WARN" + } + } + }, + "apps": { + "http": { + "https_port": 8448, + "servers": { + "srv0": { + "listen": [":8448"], + "routes": [{ + "match": [{ + "host": ["your.server.name"] + }], + "handle": [{ + "handler": "subroute", + "routes": [{ + "handle": [{ + "handler": "reverse_proxy", + "upstreams": [{ + "dial": "127.0.0.1:8008" + }] + }] + }] + }], + "terminal": true + }], + "tls_connection_policies": [{ + "match": { + "sni": ["your.server.name"] + } + }] + } + } + }, + "pki": { + "certificate_authorities": { + "local": { + "name": "Complement CA", + "root": { + "certificate": "/complement/ca/ca.crt", + "private_key": "/complement/ca/ca.key" + }, + "intermediate": { + "certificate": "/complement/ca/ca.crt", + "private_key": "/complement/ca/ca.key" + } + } + } + }, + "tls": { + "automation": { + "policies": [{ + "subjects": ["your.server.name"], + "issuers": [{ + "module": "internal" + }], + "on_demand": true + }, { + "issuers": [{ + "module": "internal", + "ca": "local" + }] + }] + } + } + } +} \ No newline at end of file diff --git a/src/api/ruma_wrapper/axum.rs b/src/api/ruma_wrapper/axum.rs index ed28f9d3..74f506f6 100644 --- a/src/api/ruma_wrapper/axum.rs +++ b/src/api/ruma_wrapper/axum.rs @@ -281,7 +281,10 @@ where debug!("{:?}", http_request); let body = T::try_from_http_request(http_request, &path_params).map_err(|e| { - warn!("{:?}\n{:?}", e, json_body); + warn!( + "try_from_http_request failed: {:?}\nJSON body: {:?}", + e, json_body + ); Error::BadRequest(ErrorKind::BadJson, "Failed to deserialize request.") })?; diff --git a/tests/Complement.Dockerfile b/tests/Complement.Dockerfile deleted file mode 100644 index b9d0f8c9..00000000 --- a/tests/Complement.Dockerfile +++ /dev/null @@ -1,48 +0,0 @@ -# For use in our CI only. This requires a build artifact created by a previous run pipline stage to be placed in cached_target/release/conduit -FROM valkum/docker-rust-ci:latest as builder -WORKDIR /workdir - -ARG RUSTC_WRAPPER -ARG AWS_ACCESS_KEY_ID -ARG AWS_SECRET_ACCESS_KEY -ARG SCCACHE_BUCKET -ARG SCCACHE_ENDPOINT -ARG SCCACHE_S3_USE_SSL - -COPY . . -RUN mkdir -p target/release -RUN test -e cached_target/release/conduit && cp cached_target/release/conduit target/release/conduit || cargo build --release - - -FROM valkum/docker-rust-ci:latest -WORKDIR /workdir - -RUN curl -OL "https://github.com/caddyserver/caddy/releases/download/v2.2.1/caddy_2.2.1_linux_amd64.tar.gz" -RUN tar xzf caddy_2.2.1_linux_amd64.tar.gz - -COPY cached_target/release/conduit /workdir/conduit -RUN chmod +x /workdir/conduit -RUN chmod +x /workdir/caddy - -COPY conduit-example.toml conduit.toml - -ENV SERVER_NAME=localhost -ENV CONDUIT_CONFIG=/workdir/conduit.toml - -RUN sed -i "s/port = 6167/port = 8008/g" conduit.toml -RUN echo "allow_federation = true" >> conduit.toml -RUN echo "allow_encryption = true" >> conduit.toml -RUN echo "allow_registration = true" >> conduit.toml -RUN echo "log = \"warn,_=off,sled=off\"" >> conduit.toml -RUN sed -i "s/address = \"127.0.0.1\"/address = \"0.0.0.0\"/g" conduit.toml - -# Enabled Caddy auto cert generation for complement provided CA. -RUN echo '{"logging":{"logs":{"default":{"level":"WARN"}}}, "apps":{"http":{"https_port":8448,"servers":{"srv0":{"listen":[":8448"],"routes":[{"match":[{"host":["your.server.name"]}],"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"127.0.0.1:8008"}]}]}]}],"terminal":true}],"tls_connection_policies": [{"match": {"sni": ["your.server.name"]}}]}}},"pki": {"certificate_authorities": {"local": {"name": "Complement CA","root": {"certificate": "/ca/ca.crt","private_key": "/ca/ca.key"},"intermediate": {"certificate": "/ca/ca.crt","private_key": "/ca/ca.key"}}}},"tls":{"automation":{"policies":[{"subjects":["your.server.name"],"issuer":{"module":"internal"},"on_demand":true},{"issuer":{"module":"internal", "ca": "local"}}]}}}}' > caddy.json - -EXPOSE 8008 8448 - -CMD ([ -z "${COMPLEMENT_CA}" ] && echo "Error: Need Complement PKI support" && true) || \ - sed -i "s/#server_name = \"your.server.name\"/server_name = \"${SERVER_NAME}\"/g" conduit.toml && \ - sed -i "s/your.server.name/${SERVER_NAME}/g" caddy.json && \ - /workdir/caddy start --config caddy.json > /dev/null && \ - /workdir/conduit