-
Notifications
You must be signed in to change notification settings - Fork 9
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #35 from Start9Labs/feat/https-over-tor
Feat/https over tor
- Loading branch information
Showing
4 changed files
with
125 additions
and
34 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,9 +1,22 @@ | ||
FROM vaultwarden/server:1.27.0 | ||
|
||
|
||
RUN apt update && \ | ||
apt install -y \ | ||
tini \ | ||
nginx-core; \ | ||
apt clean; \ | ||
rm -rf \ | ||
/tmp/* \ | ||
/var/lib/apt/lists/* \ | ||
/var/tmp/* | ||
RUN mkdir /run/nginx | ||
|
||
|
||
# arm64 or amd64 | ||
ARG PLATFORM | ||
ENV YQ_VER v4.3.2 | ||
RUN curl -L https://github.com/mikefarah/yq/releases/download/${YQ_VER}/yq_linux_${PLATFORM} -o /usr/local/bin/yq \ | ||
&& chmod a+x /usr/local/bin/yq | ||
|
||
RUN apt-get update && apt-get install -y wget tini | ||
RUN wget -O /usr/local/bin/yq https://github.com/mikefarah/yq/releases/download/v4.13.5/yq_linux_${PLATFORM} && chmod a+x /usr/local/bin/yq | ||
ADD ./docker_entrypoint.sh /usr/local/bin/docker_entrypoint.sh | ||
ENTRYPOINT ["/usr/local/bin/docker_entrypoint.sh"] | ||
COPY --chmod=755 ./docker_entrypoint.sh /usr/local/bin/docker_entrypoint.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,15 +1,71 @@ | ||
#!/bin/sh | ||
ADMIN_TOKEN=`yq e '.admin-token' /data/start9/config.yaml` | ||
ADMIN_TOKEN=$(yq e '.admin-token' /data/start9/config.yaml) | ||
echo "ADMIN_TOKEN=\"${ADMIN_TOKEN}\"" >> /.env | ||
echo "version: 2" > /data/start9/stats.yaml | ||
echo "data:" >> /data/start9/stats.yaml | ||
echo " \"Admin Token\":" >> /data/start9/stats.yaml | ||
echo " type: string" >> /data/start9/stats.yaml | ||
echo " value: \"${ADMIN_TOKEN}\"" >> /data/start9/stats.yaml | ||
echo " description: \"Authentication token for logging into your admin dashboard.\"" >> /data/start9/stats.yaml | ||
echo " copyable: true" >> /data/start9/stats.yaml | ||
echo " qr: false" >> /data/start9/stats.yaml | ||
echo " masked: true" >> /data/start9/stats.yaml | ||
|
||
# /usr/bin/dumb-init -- | ||
cat << EOF >> /.env | ||
PASSWORD_ITERATIONS=2000000 | ||
EOF | ||
|
||
cat << EOF > /data/start9/stats.yaml | ||
version: 2 | ||
data: | ||
"Admin Token": | ||
type: string | ||
value: "$ADMIN_TOKEN" | ||
description: "Authentication token for logging into your admin dashboard." | ||
copyable: true | ||
qr: false | ||
masked: true | ||
EOF | ||
|
||
CONF_FILE="/etc/nginx/conf.d/default.conf" | ||
NGINX_CONF=' | ||
server { | ||
## | ||
# `gzip` Settings | ||
# | ||
# | ||
gzip on; | ||
gzip_disable "msie6"; | ||
gzip_vary on; | ||
gzip_proxied any; | ||
gzip_comp_level 6; | ||
gzip_buffers 16 8k; | ||
gzip_http_version 1.1; | ||
gzip_min_length 256; | ||
gzip_types | ||
application/atom+xml | ||
application/geo+json | ||
application/javascript | ||
application/x-javascript | ||
application/json | ||
application/ld+json | ||
application/manifest+json | ||
application/rdf+xml | ||
application/rss+xml | ||
application/xhtml+xml | ||
application/xml | ||
font/eot | ||
font/otf | ||
font/ttf | ||
image/svg+xml | ||
text/css | ||
text/javascript | ||
text/plain | ||
text/xml; | ||
listen 3443 ssl; | ||
listen 8080; | ||
ssl_certificate /mnt/cert/main.cert.pem; | ||
ssl_certificate_key /mnt/cert/main.key.pem; | ||
server_name localhost; | ||
location / { | ||
proxy_pass http://0.0.0.0:80; | ||
} | ||
} | ||
' | ||
rm /etc/nginx/sites-enabled/default | ||
echo "$NGINX_CONF" > $CONF_FILE | ||
|
||
nginx -g 'daemon off;' & | ||
exec tini -p SIGTERM -- /start.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters