now starts webserver in goroutine, can now (in theory) listen on SSL
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
This commit is contained in:
Johannes Bülow
parent
a6df7487b0
commit
d8e9d7a738
GPG key ID:
B56971CF7B8F83A6
7 changed files with 54 additions and 25 deletions
3
Vagrantfile
vendored
3
Vagrantfile
vendored
|
|
@ -93,10 +93,11 @@ Vagrant.configure("2") do |config|
|
||||||
# OS
|
# OS
|
||||||
apt-get update
|
apt-get update
|
||||||
apt-get upgrade -y
|
apt-get upgrade -y
|
||||||
apt-get install -y vim curl git wget qemu-guest-agent
|
apt-get install -y vim curl git wget qemu-guest-agent make-ssl-cert
|
||||||
apt-get install -y nfs-common podman pwgen open-vm-tools make gcc libgpgme-dev
|
apt-get install -y nfs-common podman pwgen open-vm-tools make gcc libgpgme-dev
|
||||||
apt-get install -y build-essential pkgconf pkgconf-bin libdevmapper-dev libbtrfs-dev
|
apt-get install -y build-essential pkgconf pkgconf-bin libdevmapper-dev libbtrfs-dev
|
||||||
echo "export EDITOR=vim" >> /etc/profile
|
echo "export EDITOR=vim" >> /etc/profile
|
||||||
|
make-ssl-cert generate-default-snakeoil
|
||||||
useradd -r -s /bin/false podterminal
|
useradd -r -s /bin/false podterminal
|
||||||
|
|
||||||
## NEOVIM
|
## NEOVIM
|
||||||
|
|
|
||||||
|
|
@ -14,3 +14,8 @@ image: lscr.io/linuxserver/webtop
|
||||||
maxage: 10800
|
maxage: 10800
|
||||||
# Port Podterminal should listen to
|
# Port Podterminal should listen to
|
||||||
port: 80
|
port: 80
|
||||||
|
# Files that will be copied into container on startup
|
||||||
|
skel: /etc/podterminal/skel/
|
||||||
|
ssl: false
|
||||||
|
ssl_cert: /etc/ssl/certs/ssl-cert-snakeoil.pem
|
||||||
|
ssl_cert_key: /etc/ssl/private/ssl-cert-snakeoil.key
|
||||||
|
|
|
||||||
33
main.go
33
main.go
|
|
@ -2,45 +2,48 @@ package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"log"
|
"log"
|
||||||
"net"
|
|
||||||
"os"
|
"os"
|
||||||
|
|
||||||
"github.com/spf13/viper"
|
"github.com/spf13/viper"
|
||||||
|
"golang.org/x/sync/errgroup"
|
||||||
|
|
||||||
"git.jmbit.de/jmb/podterminal/pods"
|
"git.jmbit.de/jmb/podterminal/pods"
|
||||||
"git.jmbit.de/jmb/podterminal/utils"
|
"git.jmbit.de/jmb/podterminal/utils"
|
||||||
"git.jmbit.de/jmb/podterminal/web"
|
"git.jmbit.de/jmb/podterminal/web"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
var (
|
||||||
|
g errgroup.Group
|
||||||
|
)
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
readConfigFile()
|
readConfigFile()
|
||||||
laddr := &net.TCPAddr{
|
|
||||||
IP: net.IPv4zero,
|
|
||||||
Port: viper.GetInt("port"),
|
|
||||||
}
|
|
||||||
log.Println("Binding Port ", viper.GetInt("port"))
|
|
||||||
listener, err := net.ListenTCP("tcp", laddr)
|
|
||||||
if err != nil {
|
|
||||||
log.Fatalln("could not bind to port ", viper.GetInt("port"), ": ", err)
|
|
||||||
}
|
|
||||||
pods.ConnectSocket()
|
pods.ConnectSocket()
|
||||||
// Dumm, ich weiß
|
|
||||||
|
// Start Webserver
|
||||||
|
g.Go(web.Run)
|
||||||
|
|
||||||
utils.DropPrivileges("podterminal")
|
utils.DropPrivileges("podterminal")
|
||||||
log.Println("Dropped Privileges")
|
log.Println("Dropped Privileges")
|
||||||
pods.PullImage()
|
g.Go(pods.GarbageCollector)
|
||||||
// Jank
|
g.Go(pods.PullImage)
|
||||||
go pods.GarbageCollector()
|
|
||||||
web.Run(listener)
|
// prevent main thread from dying
|
||||||
|
if err := g.Wait(); err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func readConfigFile() {
|
func readConfigFile() {
|
||||||
log.Println("Reading Config")
|
log.Println("Reading Config")
|
||||||
viper.SetConfigFile("/etc/podterminal/config.yaml")
|
viper.SetConfigFile("/etc/podterminal/config.yaml")
|
||||||
viper.SetDefault("port", 80)
|
viper.SetDefault("port", 80)
|
||||||
|
viper.SetDefault("ip_addr", "0.0.0.0")
|
||||||
viper.SetDefault("image", "lscr.io/linuxserver/webtop")
|
viper.SetDefault("image", "lscr.io/linuxserver/webtop")
|
||||||
viper.SetDefault("maxAge", 10800)
|
viper.SetDefault("maxAge", 10800)
|
||||||
viper.SetDefault("dri", false)
|
viper.SetDefault("dri", false)
|
||||||
viper.SetDefault("dir_node", "/dev/dri/renderD128")
|
viper.SetDefault("dir_node", "/dev/dri/renderD128")
|
||||||
|
viper.SetDefault("skel", "/etc/podterminal/skel")
|
||||||
viper.SetDefault("envvars",
|
viper.SetDefault("envvars",
|
||||||
map[string]string{
|
map[string]string{
|
||||||
"CUSTOM_USER": "user",
|
"CUSTOM_USER": "user",
|
||||||
|
|
|
||||||
|
|
@ -4,9 +4,12 @@ import (
|
||||||
"time"
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
func GarbageCollector() {
|
func GarbageCollector() error {
|
||||||
for {
|
for {
|
||||||
Cleanup()
|
err := Cleanup()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
time.Sleep(time.Minute * 10)
|
time.Sleep(time.Minute * 10)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -31,18 +31,20 @@ func ConnectSocket() {
|
||||||
Socket = socketConnection()
|
Socket = socketConnection()
|
||||||
}
|
}
|
||||||
|
|
||||||
func PullImage() {
|
func PullImage() error {
|
||||||
log.Println("Downloading Container image ", viper.GetString("image"))
|
log.Println("Downloading Container image ", viper.GetString("image"))
|
||||||
image := viper.GetString("image")
|
image := viper.GetString("image")
|
||||||
conn := Socket
|
conn := Socket
|
||||||
_, err := images.Pull(conn, image, nil)
|
_, err := images.Pull(conn, image, nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println(err)
|
log.Println(err)
|
||||||
|
return err
|
||||||
}
|
}
|
||||||
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Cleanup deletes Containers older than the specified maximum Age (Equal to session cookie maximum age)
|
// Cleanup deletes Containers older than the specified maximum Age (Equal to session cookie maximum age)
|
||||||
func Cleanup() {
|
func Cleanup() error {
|
||||||
log.Println("Starting cleanup function")
|
log.Println("Starting cleanup function")
|
||||||
containerList := containerList()
|
containerList := containerList()
|
||||||
|
|
||||||
|
|
@ -55,13 +57,16 @@ func Cleanup() {
|
||||||
err := containers.Kill(Socket, container.ID, nil)
|
err := containers.Kill(Socket, container.ID, nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println(err)
|
log.Println(err)
|
||||||
|
return err
|
||||||
}
|
}
|
||||||
_, err = containers.Remove(Socket, container.ID, nil)
|
_, err = containers.Remove(Socket, container.ID, nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println(err)
|
log.Println(err)
|
||||||
|
return err
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func containerList() []entities.ListContainer {
|
func containerList() []entities.ListContainer {
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@ After=podman.service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
ExecStart=/usr/local/bin/podterminal
|
ExecStart=/usr/local/bin/podterminal
|
||||||
Type=Simple
|
Type=simple
|
||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
DeviceAllow=/dev/dri/renderD128
|
DeviceAllow=/dev/dri/renderD128
|
||||||
ProtectKernelModules=true
|
ProtectKernelModules=true
|
||||||
|
|
|
||||||
|
|
@ -3,7 +3,6 @@ package web
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"log"
|
"log"
|
||||||
"net"
|
|
||||||
"net/http/httputil"
|
"net/http/httputil"
|
||||||
"net/url"
|
"net/url"
|
||||||
"time"
|
"time"
|
||||||
|
|
@ -19,9 +18,22 @@ import (
|
||||||
|
|
||||||
var proxies = make(map[string]*httputil.ReverseProxy)
|
var proxies = make(map[string]*httputil.ReverseProxy)
|
||||||
|
|
||||||
func Run(listener net.Listener) error {
|
func Run() error {
|
||||||
router := setupRouter()
|
router := setupRouter()
|
||||||
err := router.RunListener(listener)
|
address := fmt.Sprintf("%s:%d", viper.GetString("ip_addr"), viper.GetInt("port"))
|
||||||
|
log.Println("Listening on address", address)
|
||||||
|
var err error
|
||||||
|
if viper.GetBool("ssl") == true {
|
||||||
|
err = router.RunTLS(
|
||||||
|
address,
|
||||||
|
viper.GetString("ssl_cert"),
|
||||||
|
viper.GetString("ssl_cert_key"),
|
||||||
|
)
|
||||||
|
log.Println("Using SSL")
|
||||||
|
} else {
|
||||||
|
err = router.Run(address)
|
||||||
|
}
|
||||||
|
log.Println("Router is ready")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
@ -42,7 +54,6 @@ func setupRouter() *gin.Engine {
|
||||||
//router.Use(urlLog())
|
//router.Use(urlLog())
|
||||||
router.Use(containerProxy)
|
router.Use(containerProxy)
|
||||||
// router.Any("/", containerProxy)
|
// router.Any("/", containerProxy)
|
||||||
log.Println("Router is ready")
|
|
||||||
return router
|
return router
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -79,6 +90,7 @@ func createReverseProxy(backendService string) (*httputil.ReverseProxy, error) {
|
||||||
|
|
||||||
func containerProxy(c *gin.Context) {
|
func containerProxy(c *gin.Context) {
|
||||||
session := sessions.Default(c)
|
session := sessions.Default(c)
|
||||||
|
session.Save()
|
||||||
sessionID := session.ID()
|
sessionID := session.ID()
|
||||||
if session.Get("ct") == nil {
|
if session.Get("ct") == nil {
|
||||||
log.Println("Creating Container for Session ", sessionID)
|
log.Println("Creating Container for Session ", sessionID)
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue