Compare commits
3 Commits
5ea4082473
...
63211c3f37
Author | SHA1 | Date |
---|---|---|
Johannes Bülow | 63211c3f37 | |
Johannes Bülow | 3fd7f2ca3c | |
Johannes Bülow | c9bf1221ff |
|
@ -1,3 +1,4 @@
|
||||||
*.swp
|
*.swp
|
||||||
public/
|
public/
|
||||||
resources/
|
resources/
|
||||||
|
app
|
||||||
|
|
|
@ -1,11 +1,3 @@
|
||||||
# Build and publish Docker images for multible architectures.
|
|
||||||
#
|
|
||||||
# Pushing an image to codeberg as container registry,
|
|
||||||
# package owner will be the repo owner.
|
|
||||||
#
|
|
||||||
# this config also shows usage of yaml aliases and
|
|
||||||
# was taken from https://codeberg.org/6543/docker-images/src/commit/37e29c227717c1c07d2776cddcf14725bf952875/.woodpecker/hello.yml
|
|
||||||
|
|
||||||
when:
|
when:
|
||||||
branch: main
|
branch: main
|
||||||
|
|
||||||
|
@ -14,7 +6,7 @@ variables:
|
||||||
- &repo git.jmbit.de/${CI_REPO_OWNER}/${CI_REPO_NAME}
|
- &repo git.jmbit.de/${CI_REPO_OWNER}/${CI_REPO_NAME}
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
dryrun:
|
hugo:
|
||||||
image: git.jmbit.de/jmb/docker-hugo
|
image: git.jmbit.de/jmb/docker-hugo
|
||||||
commands:
|
commands:
|
||||||
- hugo --minify
|
- hugo --minify
|
||||||
|
|
13
Dockerfile
13
Dockerfile
|
@ -1,2 +1,11 @@
|
||||||
FROM nginx:latest
|
FROM golang:alpine AS builder
|
||||||
COPY public /usr/share/nginx/html
|
RUN apk update && apk add --no-cache git
|
||||||
|
|
||||||
|
WORKDIR $GOPATH/src/www-jmbit-de
|
||||||
|
COPY . .
|
||||||
|
RUN go get -d -v
|
||||||
|
RUN go build -a -installsuffix cgo -ldflags="-w -s" -o /go/bin/www
|
||||||
|
|
||||||
|
FROM scratch
|
||||||
|
COPY --from=builder /go/bin/www /go/bin/www
|
||||||
|
ENTRYPOINT ["/go/bin/www"]
|
||||||
|
|
25
Makefile
25
Makefile
|
@ -1,22 +1,23 @@
|
||||||
HEAD=$(shell git rev-parse --short HEAD)
|
HEAD=$(shell git rev-parse --short HEAD)
|
||||||
|
CTNAME:=git.jmbit.de/jmb/www-jmbit-de
|
||||||
|
|
||||||
|
all: hugo container
|
||||||
|
|
||||||
dev:
|
dev:
|
||||||
hugo server -D
|
hugo server -D
|
||||||
|
|
||||||
hugo:
|
hugo:
|
||||||
hugo
|
hugo --minify
|
||||||
|
|
||||||
|
webserver:
|
||||||
|
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o app .
|
||||||
|
|
||||||
container:
|
container:
|
||||||
podman build -t docker.io/jmbitci/www-jmbit-de:latest -t docker.io/jmbitci/www-jmbit-de:$(HEAD) .
|
podman build -t $(CTNAME):latest -t $(CTNAME):$(HEAD) .
|
||||||
publish:
|
|
||||||
podman push docker.io/jmbitci/www-jmbit-de:latest --all-tags
|
|
||||||
|
|
||||||
nopub: hugo container
|
run:
|
||||||
podman run --rm -p8080:80 docker.io/jmbitci/www-jmbit-de
|
podman run --rm -p8080:80 $(CTNAME)
|
||||||
|
|
||||||
#rollout:
|
|
||||||
# kubectl --context=jmbit-prod rollout restart deployment www-jmbit-de -n jmbit-web
|
|
||||||
|
|
||||||
clean:
|
clean:
|
||||||
rm -rf public
|
rm -rf public
|
||||||
|
|
||||||
all: hugo container publish
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -4,5 +4,46 @@ date: 2023-12-27
|
||||||
draft: true
|
draft: true
|
||||||
---
|
---
|
||||||
|
|
||||||
|
Im letzten Teil dieser Reihe haben wir eine grundlegende CAPEv2-Umgebung aufgebaut.
|
||||||
|
Außerhalb dieser Blogpost-Reihe habe ich auch noch ein paar andere VMs installiert mit anderen Betriebssystemen.
|
||||||
|
|
||||||
|
## Guacamole installieren
|
||||||
|
|
||||||
|
```sh
|
||||||
|
cd /opt/CAPEv2/installer/
|
||||||
|
./cape2.sh guacamole | tee guacamole.log
|
||||||
|
systemctl status guacd guac-web
|
||||||
|
```
|
||||||
|
|
||||||
|
## CAPE-Web-Service
|
||||||
|
|
||||||
|
in der `/opt/CAPEv2/conf/web.conf` das Guacamole-Feature aktivieren:
|
||||||
|
```ini
|
||||||
|
[guacamole]
|
||||||
|
enabled = yes
|
||||||
|
mode = vnc
|
||||||
|
username =
|
||||||
|
password =
|
||||||
|
guacd_host = localhost
|
||||||
|
guacd_port = 4822
|
||||||
|
# Server that exposes the VNC ports (e.g., your KVM host)
|
||||||
|
vnc_host = localhost
|
||||||
|
# You might need to add your server IP to ALLOWED_HOSTS in web/web/settings.py if it not ["*""]
|
||||||
|
# vnc or rdp
|
||||||
|
guest_protocol = vnc
|
||||||
|
guacd_recording_path = /opt/CAPEv2/storage/guacrecordings
|
||||||
|
guest_width = 1280
|
||||||
|
guest_height = 1024
|
||||||
|
# rdp settings
|
||||||
|
guest_rdp_port = 3389
|
||||||
|
```
|
||||||
|
|
||||||
|
In dieser Datei kann man auch z.B. Authentifizierung aktivieren, persönlich würde ich das jedoch eher an einem
|
||||||
|
vorgelagerten Reverse-Proxy bzw. WAF tun.
|
||||||
|
|
||||||
|
Nach der Änderung dieser Konfiguration sollte man die `cape-web` und `guacd`-Dienste neu starten.
|
||||||
|
|
||||||
|
## Webserver/Reverse-Proxy
|
||||||
|
|
||||||
|
Die genauere Konfiguration für Nginx im Produktivbetrieb ist etwas aufwändiger, siehe dazu
|
||||||
|
[CAPEv2 Docs Nginx](https://capev2.readthedocs.io/en/latest/usage/web.html#best-practices-for-production)
|
||||||
|
|
|
@ -0,0 +1,32 @@
|
||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"log"
|
||||||
|
"net/http"
|
||||||
|
|
||||||
|
"git.jmbit.de/jmb/www-jmbit-de/public"
|
||||||
|
)
|
||||||
|
|
||||||
|
func main() {
|
||||||
|
// Register a custom handler
|
||||||
|
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
// Specify the file path you want to block
|
||||||
|
blockFilePath := "/public.go"
|
||||||
|
|
||||||
|
// Check if the requested path matches the blocked file path
|
||||||
|
if r.URL.Path == blockFilePath {
|
||||||
|
// Return a 404 Not Found error
|
||||||
|
http.NotFound(w, r)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// For other paths, serve the files using the file server
|
||||||
|
http.FileServer(http.FS(public.HtmlFS)).ServeHTTP(w, r)
|
||||||
|
})
|
||||||
|
|
||||||
|
// Start the HTTP server on port 80
|
||||||
|
err := http.ListenAndServe(":80", nil)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,8 @@
|
||||||
|
package public
|
||||||
|
|
||||||
|
import (
|
||||||
|
"embed"
|
||||||
|
)
|
||||||
|
|
||||||
|
//go:embed *
|
||||||
|
var HtmlFS embed.FS
|
Loading…
Reference in New Issue