Skip to content

Commit

Permalink
Merge pull request #35 from Start9Labs/feat/https-over-tor
Browse files Browse the repository at this point in the history
Feat/https over tor
  • Loading branch information
Blu-J authored Mar 29, 2023
2 parents 009c16d + 6c950ea commit 1a96399
Show file tree
Hide file tree
Showing 4 changed files with 125 additions and 34 deletions.
21 changes: 17 additions & 4 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,9 +1,22 @@
FROM vaultwarden/server:1.27.0


RUN apt update && \
apt install -y \
tini \
nginx-core; \
apt clean; \
rm -rf \
/tmp/* \
/var/lib/apt/lists/* \
/var/tmp/*
RUN mkdir /run/nginx


# arm64 or amd64
ARG PLATFORM
ENV YQ_VER v4.3.2
RUN curl -L https://github.com/mikefarah/yq/releases/download/${YQ_VER}/yq_linux_${PLATFORM} -o /usr/local/bin/yq \
&& chmod a+x /usr/local/bin/yq

RUN apt-get update && apt-get install -y wget tini
RUN wget -O /usr/local/bin/yq https://github.com/mikefarah/yq/releases/download/v4.13.5/yq_linux_${PLATFORM} && chmod a+x /usr/local/bin/yq
ADD ./docker_entrypoint.sh /usr/local/bin/docker_entrypoint.sh
ENTRYPOINT ["/usr/local/bin/docker_entrypoint.sh"]
COPY --chmod=755 ./docker_entrypoint.sh /usr/local/bin/docker_entrypoint.sh
40 changes: 28 additions & 12 deletions Makefile
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
DOC_ASSETS := $(shell find ./docs/assets)
PKG_VERSION := $(shell cat manifest.json | jq -r '.version')
PKG_ID := $(shell cat manifest.json | jq -r '.id')
TS_FILES := $(shell find ./ -name \*.ts)
Expand All @@ -7,30 +6,47 @@ TS_FILES := $(shell find ./ -name \*.ts)

all: verify

# assumes /etc/embassy/config.yaml exists on local system with `host: "http://embassy-server-name.local"` configured
install: $(PKG_ID).s9pk
embassy-cli package install $(PKG_ID).s9pk

verify: $(PKG_ID).s9pk
embassy-sdk verify s9pk $(PKG_ID).s9pk
@embassy-sdk verify s9pk $(PKG_ID).s9pk
@echo " Done!"
@echo " Filesize: $(shell du -h $(PKG_ID).s9pk) is ready"

install:
ifeq (,$(wildcard ~/.embassy/config.yaml))
@echo; echo "You must define \"host: http://embassy-server-name.local\" in ~/.embassy/config.yaml config file first"; echo
else
embassy-cli package install $(PKG_ID).s9pk
endif

clean:
rm -rf docker-images
rm -f $(PKG_ID).s9pk
rm -f image.tar
rm -f scripts/*.js

$(PKG_ID).s9pk: manifest.json LICENSE instructions.md icon.png scripts/embassy.js docker-images/aarch64.tar docker-images/x86_64.tar
if ! [ -z "$(ARCH)" ]; then cp docker-images/$(ARCH).tar image.tar; fi
embassy-sdk pack

docker-images/aarch64.tar: Dockerfile docker_entrypoint.sh manifest.json
$(PKG_ID).s9pk: manifest.json LICENSE instructions.md icon.png scripts/embassy.js docker-images/x86_64.tar docker-images/aarch64.tar
ifeq ($(ARCH),aarch64)
@echo "embassy-sdk: Preparing aarch64 package ..."
else ifeq ($(ARCH),x86_64)
@echo "embassy-sdk: Preparing x86_64 package ..."
else
@echo "embassy-sdk: Preparing Universal Package ..."
endif
@embassy-sdk pack

docker-images/aarch64.tar: Dockerfile docker_entrypoint.sh manifest.json
ifeq ($(ARCH),x86_64)
else
mkdir -p docker-images
DOCKER_CLI_EXPERIMENTAL=enabled docker buildx build --build-arg DB=sqlite --build-arg PLATFORM=arm64 --tag start9/$(PKG_ID)/main:$(PKG_VERSION) --platform=linux/arm64/v8 -o type=docker,dest=docker-images/aarch64.tar -f Dockerfile .
endif

docker-images/x86_64.tar: Dockerfile docker_entrypoint.sh manifest.json
docker-images/x86_64.tar: Dockerfile docker_entrypoint.sh manifest.json
ifeq ($(ARCH),aarch64)
else
mkdir -p docker-images
DOCKER_CLI_EXPERIMENTAL=enabled docker buildx build --build-arg DB=sqlite --build-arg PLATFORM=amd64 --tag start9/$(PKG_ID)/main:$(PKG_VERSION) --platform=linux/amd64 -o type=docker,dest=docker-images/x86_64.tar -f Dockerfile .
endif

scripts/embassy.js: $(TS_FILES) scripts/generated/manifest.ts
deno bundle scripts/embassy.ts scripts/embassy.js
Expand Down
80 changes: 68 additions & 12 deletions docker_entrypoint.sh
Original file line number Diff line number Diff line change
@@ -1,15 +1,71 @@
#!/bin/sh
ADMIN_TOKEN=`yq e '.admin-token' /data/start9/config.yaml`
ADMIN_TOKEN=$(yq e '.admin-token' /data/start9/config.yaml)
echo "ADMIN_TOKEN=\"${ADMIN_TOKEN}\"" >> /.env
echo "version: 2" > /data/start9/stats.yaml
echo "data:" >> /data/start9/stats.yaml
echo " \"Admin Token\":" >> /data/start9/stats.yaml
echo " type: string" >> /data/start9/stats.yaml
echo " value: \"${ADMIN_TOKEN}\"" >> /data/start9/stats.yaml
echo " description: \"Authentication token for logging into your admin dashboard.\"" >> /data/start9/stats.yaml
echo " copyable: true" >> /data/start9/stats.yaml
echo " qr: false" >> /data/start9/stats.yaml
echo " masked: true" >> /data/start9/stats.yaml

# /usr/bin/dumb-init --
cat << EOF >> /.env
PASSWORD_ITERATIONS=2000000
EOF

cat << EOF > /data/start9/stats.yaml
version: 2
data:
"Admin Token":
type: string
value: "$ADMIN_TOKEN"
description: "Authentication token for logging into your admin dashboard."
copyable: true
qr: false
masked: true
EOF

CONF_FILE="/etc/nginx/conf.d/default.conf"
NGINX_CONF='
server {
##
# `gzip` Settings
#
#
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types
application/atom+xml
application/geo+json
application/javascript
application/x-javascript
application/json
application/ld+json
application/manifest+json
application/rdf+xml
application/rss+xml
application/xhtml+xml
application/xml
font/eot
font/otf
font/ttf
image/svg+xml
text/css
text/javascript
text/plain
text/xml;
listen 3443 ssl;
listen 8080;
ssl_certificate /mnt/cert/main.cert.pem;
ssl_certificate_key /mnt/cert/main.key.pem;
server_name localhost;
location / {
proxy_pass http://0.0.0.0:80;
}
}
'
rm /etc/nginx/sites-enabled/default
echo "$NGINX_CONF" > $CONF_FILE

nginx -g 'daemon off;' &
exec tini -p SIGTERM -- /start.sh
18 changes: 12 additions & 6 deletions manifest.json
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
{
"id": "vaultwarden",
"title": "Vaultwarden",
"version": "1.27.0.1",
"release-notes": "* Use new eOS APIs for backups",
"version": "1.27.0.2",
"release-notes": "* Using gzip \n * Allow tls/https over onion \n * Set the password iterations to 2_000_000",
"license": "GPL-3.0",
"wrapper-repo": "https://github.com/Start9Labs/vaultwarden-wrapper",
"upstream-repo": "https://github.com/dani-garcia/vaultwarden",
Expand All @@ -25,7 +25,8 @@
"entrypoint": "/usr/local/bin/docker_entrypoint.sh",
"args": [],
"mounts": {
"main": "/data"
"main": "/data",
"cert": "/mnt/cert"
},
"io-format": "yaml"
},
Expand All @@ -51,6 +52,10 @@
"volumes": {
"main": {
"type": "data"
},
"cert": {
"type": "certificate",
"interface-id": "main"
}
},
"alerts": {},
Expand All @@ -60,14 +65,15 @@
"description": "Main user interface for interacting with Vaultwarden in a web browser. Also serves the bitwarden protocol.",
"tor-config": {
"port-mapping": {
"80": "80",
"3012": "3012"
"80": "8080",
"3012": "3012",
"443": "3443"
}
},
"lan-config": {
"443": {
"ssl": true,
"internal": 80
"internal": 8080
},
"3012": {
"ssl": false,
Expand Down

0 comments on commit 1a96399

Please sign in to comment.