From 64e3a54b7bfe8a78b317bf5cf6cf8daf1a24e6b3 Mon Sep 17 00:00:00 2001 From: BluJ Date: Wed, 29 Mar 2023 09:48:26 -0600 Subject: [PATCH 01/11] chore: Add in the nginx --- Dockerfile | 9 ++++++--- Makefile | 2 +- docker_entrypoint.sh | 30 ++++++++++++++++++++++++++++++ manifest.json | 10 ++++++++-- 4 files changed, 45 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3035621..cf606d8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,12 @@ FROM vaultwarden/server:1.27.0 +RUN apt-get update +RUN apt-get install -y wget tini nginx +ADD ./docker_entrypoint.sh /usr/local/bin/docker_entrypoint.sh + # arm64 or amd64 ARG PLATFORM +RUN wget --no-check-certificate -O /usr/local/bin/yq https://github.com/mikefarah/yq/releases/download/v4.13.5/yq_linux_${PLATFORM} && chmod a+x /usr/local/bin/yq +RUN wget --no-check-certificate -O /usr/local/bin/proxyboi https://github.com/svenstaro/proxyboi/releases/download/v0.5.0/proxyboi-v0.5.0-linux-x86_64 && chmod a+x /usr/local/bin/proxyboi -RUN apt-get update && apt-get install -y wget tini -RUN wget -O /usr/local/bin/yq https://github.com/mikefarah/yq/releases/download/v4.13.5/yq_linux_${PLATFORM} && chmod a+x /usr/local/bin/yq -ADD ./docker_entrypoint.sh /usr/local/bin/docker_entrypoint.sh ENTRYPOINT ["/usr/local/bin/docker_entrypoint.sh"] diff --git a/Makefile b/Makefile index aded261..80a2043 100644 --- a/Makefile +++ b/Makefile @@ -20,7 +20,7 @@ clean: rm -f image.tar rm -f scripts/*.js -$(PKG_ID).s9pk: manifest.json LICENSE instructions.md icon.png scripts/embassy.js docker-images/aarch64.tar docker-images/x86_64.tar +$(PKG_ID).s9pk: manifest.json LICENSE instructions.md icon.png scripts/embassy.js docker-images/x86_64.tar if ! [ -z "$(ARCH)" ]; then cp docker-images/$(ARCH).tar image.tar; fi embassy-sdk pack diff --git a/docker_entrypoint.sh b/docker_entrypoint.sh index 81ebe85..02763c4 100755 --- a/docker_entrypoint.sh +++ b/docker_entrypoint.sh @@ -11,5 +11,35 @@ echo " copyable: true" >> /data/start9/stats.yaml echo " qr: false" >> /data/start9/stats.yaml echo " masked: true" >> /data/start9/stats.yaml + +CONF_FILE="/etc/nginx/conf.d/default.conf" +NGINX_CONF=' +server { + listen 3443 ssl; + ssl_certificate /mnt/cert/main.cert.pem; + ssl_certificate_key /mnt/cert/main.key.pem; + server_name localhost; + location ~{ + proxy_pass http://0.0.0.0:80; + } + +} +' +rm /etc/nginx/sites-enabled/default +echo "$NGINX_CONF" > $CONF_FILE + +# _term_nginx() { +# echo "Caught SIGTERM signal!" +# kill -SIGTERM "$nginx_process" 2>/dev/null +# } + +nginx -g 'daemon off;' & +# nginx_process=$! + + +# trap _term SIGTERM + +# proxyboi -l 0.0.0.0:3443 --cert /mnt/cert/main.cert.pem --key /mnt/cert/main.key.pem http://0.0.0.0:80/ -v + # /usr/bin/dumb-init -- exec tini -p SIGTERM -- /start.sh diff --git a/manifest.json b/manifest.json index 24edc49..3f542c1 100644 --- a/manifest.json +++ b/manifest.json @@ -25,7 +25,8 @@ "entrypoint": "/usr/local/bin/docker_entrypoint.sh", "args": [], "mounts": { - "main": "/data" + "main": "/data", + "cert": "/mnt/cert" }, "io-format": "yaml" }, @@ -51,6 +52,10 @@ "volumes": { "main": { "type": "data" + }, + "cert": { + "type": "certificate", + "interface-id": "main" } }, "alerts": {}, @@ -61,7 +66,8 @@ "tor-config": { "port-mapping": { "80": "80", - "3012": "3012" + "3012": "3012", + "443": "3443" } }, "lan-config": { From b9ff8f9a57837ec451e741b872f5bc9cd7d55181 Mon Sep 17 00:00:00 2001 From: BluJ Date: Wed, 29 Mar 2023 10:06:56 -0600 Subject: [PATCH 02/11] chore: fixed the build --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 80a2043..d106fb3 100644 --- a/Makefile +++ b/Makefile @@ -20,7 +20,7 @@ clean: rm -f image.tar rm -f scripts/*.js -$(PKG_ID).s9pk: manifest.json LICENSE instructions.md icon.png scripts/embassy.js docker-images/x86_64.tar +$(PKG_ID).s9pk: manifest.json LICENSE instructions.md icon.png scripts/embassy.js docker-images/x86_64.tar docker-images/aarch64.tar if ! [ -z "$(ARCH)" ]; then cp docker-images/$(ARCH).tar image.tar; fi embassy-sdk pack From 68880b665ae0db9471e325edf6305977f0ca39f5 Mon Sep 17 00:00:00 2001 From: Mariusz Kogen Date: Wed, 29 Mar 2023 19:22:48 +0200 Subject: [PATCH 03/11] use curl for yq, add nginx and clean --- Dockerfile | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index cf606d8..0c47d9b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,12 +1,20 @@ FROM vaultwarden/server:1.27.0 -RUN apt-get update -RUN apt-get install -y wget tini nginx -ADD ./docker_entrypoint.sh /usr/local/bin/docker_entrypoint.sh - # arm64 or amd64 ARG PLATFORM -RUN wget --no-check-certificate -O /usr/local/bin/yq https://github.com/mikefarah/yq/releases/download/v4.13.5/yq_linux_${PLATFORM} && chmod a+x /usr/local/bin/yq -RUN wget --no-check-certificate -O /usr/local/bin/proxyboi https://github.com/svenstaro/proxyboi/releases/download/v0.5.0/proxyboi-v0.5.0-linux-x86_64 && chmod a+x /usr/local/bin/proxyboi +ENV YQ_VER v4.3.2 + +RUN apt update && \ + apt install -y \ + tini \ + nginx-core; \ + apt clean; \ + rm -rf \ + /tmp/* \ + /var/lib/apt/lists/* \ + /var/tmp/* +RUN mkdir /run/nginx +RUN curl -L https://github.com/mikefarah/yq/releases/download/${YQ_VER}/yq_linux_${PLATFORM} -o /usr/local/bin/yq \ + && chmod a+x /usr/local/bin/yq -ENTRYPOINT ["/usr/local/bin/docker_entrypoint.sh"] +COPY --chmod=755 ./docker_entrypoint.sh /usr/local/bin/docker_entrypoint.sh From 85d0f8df3dfde4bd8875596f7875c1a7a20e1712 Mon Sep 17 00:00:00 2001 From: Mariusz Kogen Date: Wed, 29 Mar 2023 19:36:51 +0200 Subject: [PATCH 04/11] Makefile refactor and cleaning --- Makefile | 38 +++++++++++++++++++++++++++----------- 1 file changed, 27 insertions(+), 11 deletions(-) diff --git a/Makefile b/Makefile index d106fb3..cf0cf72 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,3 @@ -DOC_ASSETS := $(shell find ./docs/assets) PKG_VERSION := $(shell cat manifest.json | jq -r '.version') PKG_ID := $(shell cat manifest.json | jq -r '.id') TS_FILES := $(shell find ./ -name \*.ts) @@ -7,12 +6,17 @@ TS_FILES := $(shell find ./ -name \*.ts) all: verify -# assumes /etc/embassy/config.yaml exists on local system with `host: "http://embassy-server-name.local"` configured -install: $(PKG_ID).s9pk - embassy-cli package install $(PKG_ID).s9pk - verify: $(PKG_ID).s9pk - embassy-sdk verify s9pk $(PKG_ID).s9pk + @embassy-sdk verify s9pk $(PKG_ID).s9pk + @echo " Done!" + @echo " Filesize: $(shell du -h $(PKG_ID).s9pk) is ready" + +install: +ifeq (,$(wildcard ~/.embassy/config.yaml)) + @echo; echo "You must define \"host: http://embassy-server-name.local\" in ~/.embassy/config.yaml config file first"; echo +else + embassy-cli package install $(PKG_ID).s9pk +endif clean: rm -rf docker-images @@ -21,16 +25,28 @@ clean: rm -f scripts/*.js $(PKG_ID).s9pk: manifest.json LICENSE instructions.md icon.png scripts/embassy.js docker-images/x86_64.tar docker-images/aarch64.tar - if ! [ -z "$(ARCH)" ]; then cp docker-images/$(ARCH).tar image.tar; fi - embassy-sdk pack - - docker-images/aarch64.tar: Dockerfile docker_entrypoint.sh manifest.json +ifeq ($(ARCH),aarch64) + @echo "embassy-sdk: Preparing aarch64 package ..." +else ifeq ($(ARCH),x86_64) + @echo "embassy-sdk: Preparing x86_64 package ..." +else + @echo "embassy-sdk: Preparing Universal Package ..." +endif + @embassy-sdk pack + +docker-images/aarch64.tar: Dockerfile docker_entrypoint.sh manifest.json +ifeq ($(ARCH),x86_64) +else mkdir -p docker-images DOCKER_CLI_EXPERIMENTAL=enabled docker buildx build --build-arg DB=sqlite --build-arg PLATFORM=arm64 --tag start9/$(PKG_ID)/main:$(PKG_VERSION) --platform=linux/arm64/v8 -o type=docker,dest=docker-images/aarch64.tar -f Dockerfile . +endif - docker-images/x86_64.tar: Dockerfile docker_entrypoint.sh manifest.json +docker-images/x86_64.tar: Dockerfile docker_entrypoint.sh manifest.json +ifeq ($(ARCH),aarch64) +else mkdir -p docker-images DOCKER_CLI_EXPERIMENTAL=enabled docker buildx build --build-arg DB=sqlite --build-arg PLATFORM=amd64 --tag start9/$(PKG_ID)/main:$(PKG_VERSION) --platform=linux/amd64 -o type=docker,dest=docker-images/x86_64.tar -f Dockerfile . +endif scripts/embassy.js: $(TS_FILES) scripts/generated/manifest.ts deno bundle scripts/embassy.ts scripts/embassy.js From e56fef2f1a7c5b25a70eb3a77708f24c4234cf66 Mon Sep 17 00:00:00 2001 From: Mariusz Kogen Date: Wed, 29 Mar 2023 20:28:19 +0200 Subject: [PATCH 05/11] gzip on for nginx and code simplification --- docker_entrypoint.sh | 44 +++++++++++++++++--------------------------- 1 file changed, 17 insertions(+), 27 deletions(-) diff --git a/docker_entrypoint.sh b/docker_entrypoint.sh index 02763c4..28c89cd 100755 --- a/docker_entrypoint.sh +++ b/docker_entrypoint.sh @@ -1,16 +1,16 @@ #!/bin/sh -ADMIN_TOKEN=`yq e '.admin-token' /data/start9/config.yaml` -echo "ADMIN_TOKEN=\"${ADMIN_TOKEN}\"" >> /.env -echo "version: 2" > /data/start9/stats.yaml -echo "data:" >> /data/start9/stats.yaml -echo " \"Admin Token\":" >> /data/start9/stats.yaml -echo " type: string" >> /data/start9/stats.yaml -echo " value: \"${ADMIN_TOKEN}\"" >> /data/start9/stats.yaml -echo " description: \"Authentication token for logging into your admin dashboard.\"" >> /data/start9/stats.yaml -echo " copyable: true" >> /data/start9/stats.yaml -echo " qr: false" >> /data/start9/stats.yaml -echo " masked: true" >> /data/start9/stats.yaml - +ADMIN_TOKEN=$(yq e '.admin-token' /data/start9/config.yaml) +cat << EOF > /data/start9/stats.yaml +version: 2 +data: + "Admin Token": + type: string + value: "$ADMIN_TOKEN" + description: "Authentication token for logging into your admin dashboard." + copyable: true + qr: false + masked: true +EOF CONF_FILE="/etc/nginx/conf.d/default.conf" NGINX_CONF=' @@ -19,27 +19,17 @@ server { ssl_certificate /mnt/cert/main.cert.pem; ssl_certificate_key /mnt/cert/main.key.pem; server_name localhost; - location ~{ + + gzip on; + gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + location / { proxy_pass http://0.0.0.0:80; } - } ' rm /etc/nginx/sites-enabled/default echo "$NGINX_CONF" > $CONF_FILE -# _term_nginx() { -# echo "Caught SIGTERM signal!" -# kill -SIGTERM "$nginx_process" 2>/dev/null -# } - nginx -g 'daemon off;' & -# nginx_process=$! - - -# trap _term SIGTERM - -# proxyboi -l 0.0.0.0:3443 --cert /mnt/cert/main.cert.pem --key /mnt/cert/main.key.pem http://0.0.0.0:80/ -v - -# /usr/bin/dumb-init -- exec tini -p SIGTERM -- /start.sh From b6638c907eead311a8c84b602542798aea8b7953 Mon Sep 17 00:00:00 2001 From: BluJ Date: Wed, 29 Mar 2023 12:35:06 -0600 Subject: [PATCH 06/11] chore: New version --- Dockerfile | 8 +++++--- docker_entrypoint.sh | 37 ++++++++++++++++++++++++++++++++++--- manifest.json | 6 +++--- 3 files changed, 42 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index 0c47d9b..1215fea 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,5 @@ FROM vaultwarden/server:1.27.0 -# arm64 or amd64 -ARG PLATFORM -ENV YQ_VER v4.3.2 RUN apt update && \ apt install -y \ @@ -14,6 +11,11 @@ RUN apt update && \ /var/lib/apt/lists/* \ /var/tmp/* RUN mkdir /run/nginx + + +# arm64 or amd64 +ARG PLATFORM +ENV YQ_VER v4.3.2 RUN curl -L https://github.com/mikefarah/yq/releases/download/${YQ_VER}/yq_linux_${PLATFORM} -o /usr/local/bin/yq \ && chmod a+x /usr/local/bin/yq diff --git a/docker_entrypoint.sh b/docker_entrypoint.sh index 28c89cd..8661e8d 100755 --- a/docker_entrypoint.sh +++ b/docker_entrypoint.sh @@ -15,14 +15,45 @@ EOF CONF_FILE="/etc/nginx/conf.d/default.conf" NGINX_CONF=' server { + ## + # `gzip` Settings + # + # + gzip on; + gzip_disable "msie6"; + + gzip_vary on; + gzip_proxied any; + gzip_comp_level 6; + gzip_buffers 16 8k; + gzip_http_version 1.1; + gzip_min_length 256; + gzip_types + application/atom+xml + application/geo+json + application/javascript + application/x-javascript + application/json + application/ld+json + application/manifest+json + application/rdf+xml + application/rss+xml + application/xhtml+xml + application/xml + font/eot + font/otf + font/ttf + image/svg+xml + text/css + text/javascript + text/plain + text/xml; listen 3443 ssl; + listen 8080; ssl_certificate /mnt/cert/main.cert.pem; ssl_certificate_key /mnt/cert/main.key.pem; server_name localhost; - gzip on; - gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; - location / { proxy_pass http://0.0.0.0:80; } diff --git a/manifest.json b/manifest.json index 3f542c1..a6f2192 100644 --- a/manifest.json +++ b/manifest.json @@ -1,7 +1,7 @@ { "id": "vaultwarden", "title": "Vaultwarden", - "version": "1.27.0.1", + "version": "1.27.0.2", "release-notes": "* Use new eOS APIs for backups", "license": "GPL-3.0", "wrapper-repo": "https://github.com/Start9Labs/vaultwarden-wrapper", @@ -65,7 +65,7 @@ "description": "Main user interface for interacting with Vaultwarden in a web browser. Also serves the bitwarden protocol.", "tor-config": { "port-mapping": { - "80": "80", + "80": "8080", "3012": "3012", "443": "3443" } @@ -73,7 +73,7 @@ "lan-config": { "443": { "ssl": true, - "internal": 80 + "internal": 8080 }, "3012": { "ssl": false, From 8afdc987434b784b039c711235f95ca46e3362e5 Mon Sep 17 00:00:00 2001 From: BluJ Date: Wed, 29 Mar 2023 12:37:22 -0600 Subject: [PATCH 07/11] chore: Add in the release notes --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index a6f2192..0335b46 100644 --- a/manifest.json +++ b/manifest.json @@ -2,7 +2,7 @@ "id": "vaultwarden", "title": "Vaultwarden", "version": "1.27.0.2", - "release-notes": "* Use new eOS APIs for backups", + "release-notes": "* Using gzip \n * Allow ssh over onion", "license": "GPL-3.0", "wrapper-repo": "https://github.com/Start9Labs/vaultwarden-wrapper", "upstream-repo": "https://github.com/dani-garcia/vaultwarden", From 9d53f477bc615aee0500303d44082c4a98683127 Mon Sep 17 00:00:00 2001 From: BluJ Date: Wed, 29 Mar 2023 12:51:13 -0600 Subject: [PATCH 08/11] chore: Adding a correct release notes --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index 0335b46..8da09f0 100644 --- a/manifest.json +++ b/manifest.json @@ -2,7 +2,7 @@ "id": "vaultwarden", "title": "Vaultwarden", "version": "1.27.0.2", - "release-notes": "* Using gzip \n * Allow ssh over onion", + "release-notes": "* Using gzip \n * Allow tls/https over onion", "license": "GPL-3.0", "wrapper-repo": "https://github.com/Start9Labs/vaultwarden-wrapper", "upstream-repo": "https://github.com/dani-garcia/vaultwarden", From 0f256ee5015242e8b625550ee35b93958f59f437 Mon Sep 17 00:00:00 2001 From: BluJ Date: Wed, 29 Mar 2023 13:17:11 -0600 Subject: [PATCH 09/11] chore: Add back the token --- docker_entrypoint.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/docker_entrypoint.sh b/docker_entrypoint.sh index 8661e8d..4ff8172 100755 --- a/docker_entrypoint.sh +++ b/docker_entrypoint.sh @@ -1,5 +1,6 @@ #!/bin/sh ADMIN_TOKEN=$(yq e '.admin-token' /data/start9/config.yaml) +echo "ADMIN_TOKEN=\"${ADMIN_TOKEN}\"" >> /.env cat << EOF > /data/start9/stats.yaml version: 2 data: From 1fde863c73eeb66c35c66c4120f28504b44a8d7e Mon Sep 17 00:00:00 2001 From: BluJ Date: Wed, 29 Mar 2023 15:02:07 -0600 Subject: [PATCH 10/11] chore: Add in the permutations --- docker_entrypoint.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docker_entrypoint.sh b/docker_entrypoint.sh index 4ff8172..6698793 100755 --- a/docker_entrypoint.sh +++ b/docker_entrypoint.sh @@ -1,6 +1,10 @@ #!/bin/sh ADMIN_TOKEN=$(yq e '.admin-token' /data/start9/config.yaml) echo "ADMIN_TOKEN=\"${ADMIN_TOKEN}\"" >> /.env +cat << EOF >> /.env +PASSWORD_ITERATIONS=2000000 +EOF + cat << EOF > /data/start9/stats.yaml version: 2 data: From 6c950ea7fea0cb39294542cdaa330f97ab1f87f1 Mon Sep 17 00:00:00 2001 From: BluJ Date: Wed, 29 Mar 2023 15:02:36 -0600 Subject: [PATCH 11/11] chore: Update the changes --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index 8da09f0..2cf7ef5 100644 --- a/manifest.json +++ b/manifest.json @@ -2,7 +2,7 @@ "id": "vaultwarden", "title": "Vaultwarden", "version": "1.27.0.2", - "release-notes": "* Using gzip \n * Allow tls/https over onion", + "release-notes": "* Using gzip \n * Allow tls/https over onion \n * Set the password iterations to 2_000_000", "license": "GPL-3.0", "wrapper-repo": "https://github.com/Start9Labs/vaultwarden-wrapper", "upstream-repo": "https://github.com/dani-garcia/vaultwarden",