remove arm build again, fix proxy_*_timeout directives and add authelia example
This commit is contained in:
parent
cd0438b8ce
commit
f2655e331d
|
@ -103,49 +103,49 @@ jobs:
|
|||
cache-to: type=registry,ref=bunkerity/cache:bw-ui-386-cache,mode=min
|
||||
|
||||
# Build bunkerweb/armv8
|
||||
build-bw-armv8:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# build-bw-armv8:
|
||||
# runs-on: ubuntu-latest
|
||||
# steps:
|
||||
# Prepare
|
||||
- name: Checkout source code
|
||||
uses: actions/checkout@v3
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v2
|
||||
- name: Setup Buildx
|
||||
uses: docker/setup-buildx-action@v2
|
||||
- name: Login to Docker Hub
|
||||
uses: docker/login-action@v2
|
||||
with:
|
||||
username: ${{ secrets.DOCKER_USERNAME }}
|
||||
password: ${{ secrets.DOCKER_TOKEN }}
|
||||
# - name: Checkout source code
|
||||
# uses: actions/checkout@v3
|
||||
# - name: Set up QEMU
|
||||
# uses: docker/setup-qemu-action@v2
|
||||
# - name: Setup Buildx
|
||||
# uses: docker/setup-buildx-action@v2
|
||||
# - name: Login to Docker Hub
|
||||
# uses: docker/login-action@v2
|
||||
# with:
|
||||
# username: ${{ secrets.DOCKER_USERNAME }}
|
||||
# password: ${{ secrets.DOCKER_TOKEN }}
|
||||
|
||||
# Build images
|
||||
- name: Build BW for armv8
|
||||
uses: docker/build-push-action@v3
|
||||
with:
|
||||
context: .
|
||||
platforms: linux/arm64/v8
|
||||
tags: bunkerweb-tests-armv8:latest
|
||||
cache-from: type=registry,ref=bunkerity/cache:bw-armv8-cache
|
||||
cache-to: type=registry,ref=bunkerity/cache:bw-armv8-cache,mode=min
|
||||
- name: Build BW autoconf for armv8
|
||||
uses: docker/build-push-action@v3
|
||||
with:
|
||||
context: .
|
||||
file: autoconf/Dockerfile
|
||||
platforms: linux/arm64/v8
|
||||
tags: bunkerweb-autoconf-tests-armv8:latest
|
||||
cache-from: type=registry,ref=bunkerity/cache:bw-autoconf-armv8-cache
|
||||
cache-to: type=registry,ref=bunkerity/cache:bw-autoconf-armv8-cache,mode=min
|
||||
- name: Build BW UI for armv8
|
||||
uses: docker/build-push-action@v3
|
||||
with:
|
||||
context: .
|
||||
file: ui/Dockerfile
|
||||
platforms: linux/arm64/v8
|
||||
tags: bunkerweb-ui-tests-armv8:latest
|
||||
cache-from: type=registry,ref=bunkerity/cache:bw-ui-armv8-cache
|
||||
cache-to: type=registry,ref=bunkerity/cache:bw-ui-armv8-cache,mode=min
|
||||
# - name: Build BW for armv8
|
||||
# uses: docker/build-push-action@v3
|
||||
# with:
|
||||
# context: .
|
||||
# platforms: linux/arm64/v8
|
||||
# tags: bunkerweb-tests-armv8:latest
|
||||
# cache-from: type=registry,ref=bunkerity/cache:bw-armv8-cache
|
||||
# cache-to: type=registry,ref=bunkerity/cache:bw-armv8-cache,mode=min
|
||||
# - name: Build BW autoconf for armv8
|
||||
# uses: docker/build-push-action@v3
|
||||
# with:
|
||||
# context: .
|
||||
# file: autoconf/Dockerfile
|
||||
# platforms: linux/arm64/v8
|
||||
# tags: bunkerweb-autoconf-tests-armv8:latest
|
||||
# cache-from: type=registry,ref=bunkerity/cache:bw-autoconf-armv8-cache
|
||||
# cache-to: type=registry,ref=bunkerity/cache:bw-autoconf-armv8-cache,mode=min
|
||||
# - name: Build BW UI for armv8
|
||||
# uses: docker/build-push-action@v3
|
||||
# with:
|
||||
# context: .
|
||||
# file: ui/Dockerfile
|
||||
# platforms: linux/arm64/v8
|
||||
# tags: bunkerweb-ui-tests-armv8:latest
|
||||
# cache-from: type=registry,ref=bunkerity/cache:bw-ui-armv8-cache
|
||||
# cache-to: type=registry,ref=bunkerity/cache:bw-ui-armv8-cache,mode=min
|
||||
|
||||
# Run tests
|
||||
tests:
|
||||
|
@ -228,7 +228,7 @@ jobs:
|
|||
# Push to dev registries
|
||||
push-docker:
|
||||
# needs: [tests, build-bw-386, build-bw-arm]
|
||||
needs: [tests, build-bw-386, build-bw-armv8]
|
||||
needs: [tests, build-bw-386]
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
|
||||
|
@ -256,37 +256,34 @@ jobs:
|
|||
uses: docker/build-push-action@v3
|
||||
with:
|
||||
context: .
|
||||
platforms: linux/amd64,linux/386,linux/arm64/v8
|
||||
platforms: linux/amd64,linux/386
|
||||
push: true
|
||||
tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb:staging,bunkerity/bunkerweb:dev
|
||||
cache-from: |
|
||||
type=registry,ref=bunkerity/cache:bw-amd64-cache
|
||||
type=registry,ref=bunkerity/cache:bw-386-cache
|
||||
type=registry,ref=bunkerity/cache:bw-armv8-cache
|
||||
- name: Build and push BW autoconf
|
||||
uses: docker/build-push-action@v3
|
||||
with:
|
||||
context: .
|
||||
file: autoconf/Dockerfile
|
||||
platforms: linux/amd64,linux/386,linux/arm64/v8
|
||||
platforms: linux/amd64,linux/386
|
||||
push: true
|
||||
tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-autoconf:staging,bunkerity/bunkerweb-autoconf:dev
|
||||
cache-from: |
|
||||
type=registry,ref=bunkerity/cache:bw-autoconf-amd64-cache
|
||||
type=registry,ref=bunkerity/cache:bw-autoconf-386-cache
|
||||
type=registry,ref=bunkerity/cache:bw-autoconf-armv8-cache
|
||||
- name: Build and push BW UI
|
||||
uses: docker/build-push-action@v3
|
||||
with:
|
||||
context: .
|
||||
file: ui/Dockerfile
|
||||
platforms: linux/amd64,linux/386,linux/arm64/v8
|
||||
platforms: linux/amd64,linux/386
|
||||
push: true
|
||||
tags: ${{ secrets.PRIVATE_REGISTRY }}/infra/bunkerweb-ui:staging,bunkerity/bunkerweb-ui:dev
|
||||
cache-from: |
|
||||
type=registry,ref=bunkerity/cache:bw-ui-amd64-cache
|
||||
type=registry,ref=bunkerity/cache:bw-ui-386-cache
|
||||
type=registry,ref=bunkerity/cache:bw-ui-armv8-cache
|
||||
|
||||
# Push to PackageCloud
|
||||
push-linux:
|
||||
|
|
|
@ -35,9 +35,9 @@ add_header X-Proxy-Cache $upstream_cache_status;
|
|||
{% set auth_request = all[k.replace("URL", "AUTH_REQUEST")] if k.replace("URL", "AUTH_REQUEST") in all else "" %}
|
||||
{% set auth_request_signin_url = all[k.replace("URL", "AUTH_REQUEST_SIGNIN_URL")] if k.replace("URL", "AUTH_REQUEST_SIGNIN_URL") in all else "" %}
|
||||
{% set auth_request_sets = all[k.replace("URL", "AUTH_REQUEST_SET")] if k.replace("URL", "AUTH_REQUEST_SET") in all else "" %}
|
||||
{% set connect_timeout = all[k.replace("URL", "CONNECT_TIMEOUT")] if k.replace("URL", "CONNECT_TIMEOUT") in all else "" %}
|
||||
{% set read_timeout = all[k.replace("URL", "READ_TIMEOUT")] if k.replace("URL", "READ_TIMEOUT") in all else "" %}
|
||||
{% set send_timeout = all[k.replace("URL", "SEND_TIMEOUT")] if k.replace("URL", "SEND_TIMEOUT") in all else "" %}
|
||||
{% set connect_timeout = all[k.replace("URL", "CONNECT_TIMEOUT")] if k.replace("URL", "CONNECT_TIMEOUT") in all else "60s" %}
|
||||
{% set read_timeout = all[k.replace("URL", "READ_TIMEOUT")] if k.replace("URL", "READ_TIMEOUT") in all else "60s" %}
|
||||
{% set send_timeout = all[k.replace("URL", "SEND_TIMEOUT")] if k.replace("URL", "SEND_TIMEOUT") in all else "60s" %}
|
||||
location {{ url }} {% raw %}{{% endraw +%}
|
||||
etag off;
|
||||
set $backend{{ counter.value }} "{{ host }}";
|
||||
|
@ -82,11 +82,11 @@ location {{ url }} {% raw %}{{% endraw +%}
|
|||
add_header {{ header_client }};
|
||||
{% endfor +%}
|
||||
{% endif +%}
|
||||
{% raw %}}{% endraw %}
|
||||
{% endif %}
|
||||
proxy_connect_timeout {{ connect_timeout }};
|
||||
proxy_read_timeout {{ read_timeout }};
|
||||
proxy_send_timeout {{ send_timeout }};
|
||||
{% raw %}}{% endraw %}
|
||||
{% endif %}
|
||||
{% set counter.value = counter.value + 1 %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
|
|
@ -0,0 +1,79 @@
|
|||
---
|
||||
###############################################################
|
||||
# Authelia configuration #
|
||||
###############################################################
|
||||
|
||||
jwt_secret: a_very_important_secret
|
||||
default_redirection_url: https://auth.example.com
|
||||
|
||||
ntp:
|
||||
disable_failure: true
|
||||
|
||||
server:
|
||||
host: 0.0.0.0
|
||||
port: 9091
|
||||
|
||||
log:
|
||||
level: debug
|
||||
# This secret can also be set using the env variables AUTHELIA_JWT_SECRET_FILE
|
||||
|
||||
totp:
|
||||
issuer: authelia.com
|
||||
|
||||
# duo_api:
|
||||
# hostname: api-123456789.example.com
|
||||
# integration_key: ABCDEF
|
||||
# # This secret can also be set using the env variables AUTHELIA_DUO_API_SECRET_KEY_FILE
|
||||
# secret_key: 1234567890abcdefghifjkl
|
||||
|
||||
authentication_backend:
|
||||
file:
|
||||
path: /config/users_database.yml
|
||||
|
||||
access_control:
|
||||
default_policy: deny
|
||||
rules:
|
||||
# Rules applied to everyone
|
||||
- domain: auth.example.com
|
||||
policy: bypass
|
||||
- domain: app1.example.com
|
||||
policy: one_factor
|
||||
- domain: app2.example.com
|
||||
policy: two_factor
|
||||
|
||||
session:
|
||||
name: authelia_session
|
||||
# This secret can also be set using the env variables AUTHELIA_SESSION_SECRET_FILE
|
||||
secret: unsecure_session_secret
|
||||
expiration: 3600 # 1 hour
|
||||
inactivity: 300 # 5 minutes
|
||||
domain: example.com # Should match whatever your root protected domain is
|
||||
|
||||
redis:
|
||||
host: redis
|
||||
port: 6379
|
||||
# This secret can also be set using the env variables AUTHELIA_SESSION_REDIS_PASSWORD_FILE
|
||||
# password: authelia
|
||||
|
||||
regulation:
|
||||
max_retries: 3
|
||||
find_time: 120
|
||||
ban_time: 300
|
||||
|
||||
storage:
|
||||
encryption_key: you_must_generate_a_random_string_of_more_than_twenty_chars_and_configure_this
|
||||
local:
|
||||
path: /config/db.sqlite3
|
||||
|
||||
notifier:
|
||||
filesystem:
|
||||
filename: /config/notification.txt
|
||||
#notifier:
|
||||
# smtp:
|
||||
# username: test
|
||||
# This secret can also be set using the env variables AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE
|
||||
# password: password
|
||||
# host: mail.example.com
|
||||
# port: 25
|
||||
# sender: admin@example.com
|
||||
...
|
|
@ -0,0 +1,18 @@
|
|||
---
|
||||
###############################################################
|
||||
# Users Database #
|
||||
###############################################################
|
||||
|
||||
# This file can be used if you do not have an LDAP set up.
|
||||
|
||||
# List of users
|
||||
users:
|
||||
authelia:
|
||||
displayname: "Authelia User"
|
||||
# Password is authelia
|
||||
password: "$6$rounds=50000$BpLnfgDsc2WD8F2q$Zis.ixdg9s/UOJYrs56b5QEZFiZECu0qZVNsIYxBaNJ7ucIL.nlxVCT5tqh8KHG8X4tlwCFm5r6NTOZZ5qRFN/" # yamllint disable-line rule:line-length
|
||||
email: authelia@authelia.com
|
||||
groups:
|
||||
- admins
|
||||
- dev
|
||||
...
|
|
@ -0,0 +1,85 @@
|
|||
version: '3.4'
|
||||
|
||||
services:
|
||||
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.0
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
# ⚠️ read this if you use local folders for volumes ⚠️
|
||||
# bunkerweb runs as an unprivileged user with UID/GID 101
|
||||
# don't forget to edit the permissions of the files and folders accordingly
|
||||
# example if you need to create a directory : mkdir folder && chown root:101 folder && chmod 770 folder
|
||||
# or for an existing one : chown -R root:101 folder && chmod -R 770 folder
|
||||
# more info at https://docs.bunkerweb.io
|
||||
volumes:
|
||||
- bw_data:/data
|
||||
environment:
|
||||
- MULTISITE=yes
|
||||
- SERVER_NAME=auth.example.com app1.example.com app2.example.com # replace with your domains
|
||||
- SERVE_FILES=no
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
- USE_CLIENT_CACHE=yes
|
||||
- USE_GZIP=yes
|
||||
- USE_REVERSE_PROXY=yes
|
||||
# Proxy to auth_request URI
|
||||
- REVERSE_PROXY_URL_999=/authelia
|
||||
- REVERSE_PROXY_HOST_999=http://authelia:9091/api/verify
|
||||
- REVERSE_PROXY_HEADERS_999=X-Original-URL $$scheme://$$http_host$$request_uri;Content-Length ""
|
||||
# Authelia
|
||||
- auth.example.com_REVERSE_PROXY_URL=/
|
||||
- auth.example.com_REVERSE_PROXY_HOST=http://authelia:9091
|
||||
- auth.example.com_REVERSE_PROXY_INTERCEPT_ERRORS=no
|
||||
# Applications
|
||||
- app1.example.com_REVERSE_PROXY_URL=/
|
||||
- app1.example.com_REVERSE_PROXY_HOST=http://app1:3000
|
||||
- app1.example.com_REVERSE_PROXY_AUTH_REQUEST=/authelia
|
||||
- app1.example.com_REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL=https://auth.example.com/?rd=$$scheme%3A%2F%2F$$host$$request_uri
|
||||
- app1.example.com_REVERSE_PROXY_AUTH_REQUEST_SET=$$user $$upstream_http_remote_user;$$groups $$upstream_http_remote_groups;$$name $$upstream_http_remote_name;$$email $$upstream_http_remote_email
|
||||
- app1.example.com_REVERSE_PROXY_HEADERS=Remote-User $$user;Remote-Groups $$groups;Remote-Name $$name;Remote-Email $$email
|
||||
- app2.example.com_REVERSE_PROXY_URL=/
|
||||
- app2.example.com_REVERSE_PROXY_HOST=http://app2
|
||||
- app2.example.com_REVERSE_PROXY_AUTH_REQUEST=/authelia
|
||||
- app2.example.com_REVERSE_PROXY_AUTH_REQUEST_SIGNIN_URL=https://auth.example.com/?rd=$$scheme%3A%2F%2F$$host$$request_uri
|
||||
- app2.example.com_REVERSE_PROXY_AUTH_REQUEST_SET=$$user $$upstream_http_remote_user;$$groups $$upstream_http_remote_groups;$$name $$upstream_http_remote_name;$$email $$upstream_http_remote_email
|
||||
- app2.example.com_REVERSE_PROXY_HEADERS=Remote-User $$user;Remote-Groups $$groups;Remote-Name $$name;Remote-Email $$email
|
||||
|
||||
# APPLICATIONS
|
||||
app1:
|
||||
image: node
|
||||
working_dir: /home/node/app
|
||||
volumes:
|
||||
- ./js-app:/home/node/app
|
||||
environment:
|
||||
- NODE_ENV=production
|
||||
command: bash -c "npm install express && node index.js"
|
||||
app2:
|
||||
image: tutum/hello-world
|
||||
|
||||
# AUTHELIA
|
||||
authelia:
|
||||
image: authelia/authelia
|
||||
container_name: authelia
|
||||
volumes:
|
||||
- ./authelia:/config
|
||||
restart: unless-stopped
|
||||
healthcheck:
|
||||
disable: true
|
||||
environment:
|
||||
- TZ=Europe/Paris
|
||||
|
||||
redis:
|
||||
image: redis:alpine
|
||||
container_name: redis
|
||||
volumes:
|
||||
- ./redis:/data
|
||||
expose:
|
||||
- 6379
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- TZ=Europe/Paris
|
||||
|
||||
volumes:
|
||||
bw_data:
|
|
@ -0,0 +1,13 @@
|
|||
const express = require('express')
|
||||
const app = express()
|
||||
const port = 3000
|
||||
|
||||
app.get('/', (req, res) => {
|
||||
res.send('Hello World from app1!')
|
||||
})
|
||||
|
||||
app.listen(port, () => {
|
||||
console.log(`Example app listening at http://localhost:${port}`)
|
||||
})
|
||||
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
{
|
||||
"name": "js-app",
|
||||
"version": "1.0.0",
|
||||
"description": "demo",
|
||||
"main": "index.js",
|
||||
"scripts": {
|
||||
"test": "echo \"Error: no test specified\" && exit 1"
|
||||
},
|
||||
"author": "",
|
||||
"license": "ISC",
|
||||
"dependencies": {
|
||||
"express": "^4.17.1"
|
||||
}
|
||||
}
|
||||
|
|
@ -48,6 +48,12 @@ fi
|
|||
|
||||
echo "Running Docker tests ..."
|
||||
|
||||
# authelia
|
||||
single_docker_test "authelia" "60" "https://$TEST_DOMAIN1_1 authelia" "https://$TEST_DOMAIN1_2 authelia"
|
||||
|
||||
# authentik
|
||||
single_docker_test "authentik" "60" "https://$TEST_DOMAIN1_1 authentik" "https://$TEST_DOMAIN1_2 authentik"
|
||||
|
||||
# drupal
|
||||
single_docker_test "drupal" "60" "https://$TEST_DOMAIN1 drupal"
|
||||
|
||||
|
|
|
@ -23,6 +23,7 @@ function exec_docker_example() {
|
|||
sed -i 's@\./bw\-data:/@/tmp/bw\-data:/@g' docker-compose.yml
|
||||
sed -i 's@- bw_data:/@- /tmp/bw\-data:/@g' docker-compose.yml
|
||||
sed -i "s@www.example.com@${TEST_DOMAIN1}@g" docker-compose.yml
|
||||
sed -i "s@auth.example.com@${TEST_DOMAIN1}@g" docker-compose.yml
|
||||
sed -i "s@app1.example.com@${TEST_DOMAIN1_1}@g" docker-compose.yml
|
||||
sed -i "s@app2.example.com@${TEST_DOMAIN1_2}@g" docker-compose.yml
|
||||
sed -i "s@app3.example.com@${TEST_DOMAIN1_3}@g" docker-compose.yml
|
||||
|
|
Loading…
Reference in New Issue