Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Switch to mainline certmagic (closes #19) #29

Merged
merged 6 commits into from
Feb 9, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 11 additions & 6 deletions .github/workflows/docker.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,18 +19,21 @@ jobs:

steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
# TODO: fetch-tags: true may also work here (commits are required for the goreleaser changelog, though)
fetch-depth: 0 # Used to get tags to populate the version number

- name: Log in to the Container registry
uses: docker/login-action@v2
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v4
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
Expand All @@ -42,16 +45,18 @@ jobs:
latest=true

- name: Set up QEMU
uses: docker/setup-qemu-action@v2
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
uses: docker/setup-buildx-action@v3

- name: Build and push Docker image
uses: docker/build-push-action@v3
uses: docker/build-push-action@v5
with:
context: .
push: true
platforms: ${{ env.PLATFORMS }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
6 changes: 3 additions & 3 deletions .github/workflows/go.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,13 +13,13 @@ jobs:
steps:

- name: Set up Go 1.x
uses: actions/setup-go@v2
uses: actions/setup-go@v5
with:
go-version: 1.17
go-version: 1.19
id: go

- name: Check out code into the Go module directory
uses: actions/checkout@v2
uses: actions/checkout@v4

- name: Get dependencies
run: go get -v -t ./...
Expand Down
12 changes: 7 additions & 5 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,12 +10,14 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Set up Go
uses: actions/setup-go@v2
uses: actions/setup-go@v5
with:
go-version: 1.17
go-version: 1.19

- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@v4
with:
fetch-depth: 0 # Used to get tags to populate the version number

- name: Go module init
run: |
Expand All @@ -24,9 +26,9 @@ jobs:
cd ..

- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v2
uses: goreleaser/goreleaser-action@v5
with:
version: latest
args: release --rm-dist
args: release --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ Casketfile.*
!casketfile/
casket/go.mod
casket/go.sum
caskethttp/browse/tempTemplate*

og_static/

Expand Down
4 changes: 0 additions & 4 deletions .goreleaser.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,6 @@ builds:
# Set dist directory to build/ since we have files in dist/
dist: build

before:
hooks:
- sh ./.prerelease.sh

archives:
- id: casket
builds:
Expand Down
6 changes: 0 additions & 6 deletions .prerelease.sh

This file was deleted.

25 changes: 18 additions & 7 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,16 +1,27 @@
FROM golang:1.17-bullseye AS builder
FROM golang:1.19-bullseye AS builder

WORKDIR /workdir

ENV GOPROXY=https://proxy.golang.org,direct
ENV GOPRIVATE=github.com/tmpim/casket
COPY go.mod go.sum /workdir
RUN GOPROXY=https://proxy.golang.org,direct go mod download
RUN go mod download

COPY . /workdir
WORKDIR /workdir
WORKDIR /workdir/casket

# Required to build with version information - but allow this step to fail (e.g. we're building a PR). Casket will try
# to get the version from the module (this step) first, and then try to get it from `main.version` (goreleaser and
# ldflags). See also:
# - casket/casketmain/run.go#getBuildModule()
# - https://goreleaser.com/cookbooks/using-main.version/
RUN go get "github.com/tmpim/casket@master"; exit 0

RUN cd casket && go mod init casket \
&& GOPROXY=https://proxy.golang.org,direct GOPRIVATE=github.com/tmpim/casket go get "github.com/tmpim/casket@master" \
&& go mod tidy && CGO_ENABLED=0 go build -o casket .
ENV CGO_ENABLED=0
# -s: Omit the symbol table and debug information
# -w: Omit the DWARF symbol table
# -X: Include the git tag as the version (goreleaser also uses main.version tag)
RUN go build -ldflags="-s -w -X 'main.version=$(git describe --tags --dirty)'" -o casket .

FROM alpine:3

Expand All @@ -33,4 +44,4 @@ WORKDIR /config

COPY --from=builder /workdir/casket/casket /usr/bin/casket

ENTRYPOINT ["/usr/bin/casket", "-agree", "-root", "/www"]
ENTRYPOINT ["/usr/bin/casket", "-agree", "-root", "/www"]
10 changes: 5 additions & 5 deletions casket/casketmain/plugins.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,22 +11,22 @@ import (
_ "github.com/tmpim/casket-plugins/realip"
_ "github.com/tmpim/casket-plugins/tmpauth"
_ "github.com/tmpim/casket-plugins/webdav"
_ "github.com/tmpim/dnsproviders/acmedns"
_ "github.com/tmpim/dnsproviders/azure"
_ "github.com/tmpim/dnsproviders/cloudflare"
_ "github.com/tmpim/dnsproviders/digitalocean"
_ "github.com/tmpim/dnsproviders/dnsimple"
_ "github.com/tmpim/dnsproviders/dnspod"
_ "github.com/tmpim/dnsproviders/duckdns"
_ "github.com/tmpim/dnsproviders/dyn"
_ "github.com/tmpim/dnsproviders/gandi"
_ "github.com/tmpim/dnsproviders/godaddy"
_ "github.com/tmpim/dnsproviders/googlecloud"
_ "github.com/tmpim/dnsproviders/httpreq"
_ "github.com/tmpim/dnsproviders/lightsail"
_ "github.com/tmpim/dnsproviders/linode"
_ "github.com/tmpim/dnsproviders/namecheap"
_ "github.com/tmpim/dnsproviders/namedotcom"
_ "github.com/tmpim/dnsproviders/ovh"
_ "github.com/tmpim/dnsproviders/rackspace"
_ "github.com/tmpim/dnsproviders/pdns"
_ "github.com/tmpim/dnsproviders/rfc2136"
_ "github.com/tmpim/dnsproviders/route53"
_ "github.com/tmpim/dnsproviders/transip"
_ "github.com/tmpim/dnsproviders/vultr"
)
43 changes: 28 additions & 15 deletions casket/casketmain/run.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,11 @@ package casketmain

import (
"bufio"
"context"
"errors"
"flag"
"fmt"
"go.uber.org/zap"
"io"
"io/ioutil"
"log"
Expand All @@ -29,13 +31,13 @@ import (
"strconv"
"strings"

"github.com/caddyserver/certmagic"
"github.com/google/uuid"
"github.com/klauspost/cpuid"
"github.com/tmpim/casket"
"github.com/tmpim/casket/casketfile"
"github.com/tmpim/casket/caskettls"
"github.com/tmpim/casket/telemetry"
"github.com/tmpim/certmagic"
lumberjack "gopkg.in/natefinch/lumberjack.v2"

_ "github.com/tmpim/casket/caskethttp" // plug in the HTTP server type
Expand All @@ -45,19 +47,19 @@ import (
func init() {
casket.TrapSignals()

flag.BoolVar(&certmagic.Default.Agreed, "agree", true, "Agree to the CA's Subscriber Agreement")
flag.StringVar(&certmagic.Default.CA, "ca", certmagic.Default.CA, "URL to certificate authority's ACME server directory")
flag.BoolVar(&certmagic.DefaultACME.Agreed, "agree", true, "Agree to the CA's Subscriber Agreement")
flag.StringVar(&certmagic.DefaultACME.CA, "ca", certmagic.DefaultACME.CA, "URL to certificate authority's ACME server directory")
flag.StringVar(&certmagic.Default.DefaultServerName, "default-sni", certmagic.Default.DefaultServerName, "If a ClientHello ServerName is empty, use this ServerName to choose a TLS certificate")
flag.BoolVar(&certmagic.Default.DisableHTTPChallenge, "disable-http-challenge", certmagic.Default.DisableHTTPChallenge, "Disable the ACME HTTP challenge")
flag.BoolVar(&certmagic.Default.DisableTLSALPNChallenge, "disable-tls-alpn-challenge", certmagic.Default.DisableTLSALPNChallenge, "Disable the ACME TLS-ALPN challenge")
flag.BoolVar(&certmagic.DefaultACME.DisableHTTPChallenge, "disable-http-challenge", certmagic.DefaultACME.DisableHTTPChallenge, "Disable the ACME HTTP challenge")
flag.BoolVar(&certmagic.DefaultACME.DisableTLSALPNChallenge, "disable-tls-alpn-challenge", certmagic.DefaultACME.DisableTLSALPNChallenge, "Disable the ACME TLS-ALPN challenge")
flag.StringVar(&disabledMetrics, "disabled-metrics", "", "Comma-separated list of telemetry metrics to disable")
flag.StringVar(&conf, "conf", "", "Casketfile to load (default \""+casket.DefaultConfigFile+"\")")
flag.StringVar(&cpu, "cpu", "100%", "CPU cap")
flag.BoolVar(&printEnv, "env", false, "Enable to print environment variables")
flag.StringVar(&envFile, "envfile", "", "Path to file with environment variables to load in KEY=VALUE format")
flag.BoolVar(&fromJSON, "json-to-casketfile", false, "From JSON stdin to Casketfile stdout")
flag.BoolVar(&plugins, "plugins", false, "List installed plugins")
flag.StringVar(&certmagic.Default.Email, "email", "", "Default ACME CA account email address")
flag.StringVar(&certmagic.DefaultACME.Email, "email", "", "Default ACME CA account email address")
flag.DurationVar(&certmagic.HTTPTimeout, "catimeout", certmagic.HTTPTimeout, "Default ACME CA HTTP timeout")
flag.StringVar(&logfile, "log", "", "Process log file")
flag.BoolVar(&logTimestamps, "log-timestamps", true, "Enable timestamps for the process log")
Expand All @@ -79,13 +81,24 @@ func init() {
func Run() {
flag.Parse()

casket.AppName = appName
casket.OnProcessExit = append(casket.OnProcessExit, func() {
// TODO: Redirect to our own logger instead of zap.NewNop()
certmagic.CleanUpOwnLocks(context.TODO(), zap.NewNop())
})

// AppVersion may be set by ldflags or by the module
module := getBuildModule()
cleanModVersion := strings.TrimPrefix(module.Version, "v")
if module.Version != "" && module.Version != "(devel)" {
casket.AppVersion = module.Version
}

casket.AppName = appName
casket.AppVersion = module.Version
casket.OnProcessExit = append(casket.OnProcessExit, certmagic.CleanUpOwnLocks)
certmagic.UserAgent = appName + "/" + cleanModVersion
if casket.AppVersion == "" {
casket.AppVersion = "unknown"
}

cleanVersion := strings.TrimPrefix(casket.AppVersion, "v")
certmagic.UserAgent = appName + "/" + cleanVersion

if !logTimestamps {
// Disable timestamps for logging
Expand Down Expand Up @@ -156,9 +169,9 @@ func Run() {
if version {
if module.Sum != "" {
// a build with a known version will also have a checksum
fmt.Printf("Casket %s (%s)\n", module.Version, module.Sum)
fmt.Printf("Casket %s (%s)\n", casket.AppVersion, module.Sum)
} else {
fmt.Println(module.Version)
fmt.Println("Casket " + casket.AppVersion)
}
os.Exit(0)
}
Expand Down Expand Up @@ -197,7 +210,7 @@ func Run() {
}

// Log Casket version before start
log.Printf("[INFO] Casket version: %s", module.Version)
log.Printf("[INFO] Casket version: %s", casket.AppVersion)

// Start your engines
instance, err := casket.Start(casketfileinput)
Expand All @@ -206,7 +219,7 @@ func Run() {
}

// Begin telemetry (these are no-ops if telemetry disabled)
telemetry.Set("casket_version", module.Version)
telemetry.Set("casket_version", casket.AppVersion)
telemetry.Set("num_listeners", len(instance.Servers()))
telemetry.Set("server_type", serverType)
telemetry.Set("os", runtime.GOOS)
Expand Down
8 changes: 8 additions & 0 deletions casket/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,14 +20,22 @@
package main

import (
"github.com/tmpim/casket"
"log"

"github.com/tmpim/casket/casket/casketmain"
)

var (
// Populated by ldflags (Docker builds) and goreleaser - https://goreleaser.com/cookbooks/using-main.version/
version = "devel"
)

var run = casketmain.Run // replaced for tests

func main() {
casket.AppVersion = version

log.SetFlags(log.Ldate | log.Ltime | log.Lmicroseconds | log.Llongfile)
run()
}
Loading
Loading