Compare commits

..

3 Commits

Author SHA1 Message Date
Johannes Bülow 63211c3f37
yes
ci/woodpecker/push/woodpecker Pipeline was successful Details
2024-01-12 10:51:51 +01:00
Johannes Bülow 3fd7f2ca3c
now builds 10MB container image only including webserver binary 2024-01-11 14:42:33 +01:00
Johannes Bülow c9bf1221ff
adding integrated Gin webserver 2024-01-11 09:08:11 +01:00
9 changed files with 110 additions and 23 deletions

1
.gitignore vendored
View File

@ -1,3 +1,4 @@
*.swp *.swp
public/ public/
resources/ resources/
app

View File

@ -1,11 +1,3 @@
# Build and publish Docker images for multible architectures.
#
# Pushing an image to codeberg as container registry,
# package owner will be the repo owner.
#
# this config also shows usage of yaml aliases and
# was taken from https://codeberg.org/6543/docker-images/src/commit/37e29c227717c1c07d2776cddcf14725bf952875/.woodpecker/hello.yml
when: when:
branch: main branch: main
@ -14,7 +6,7 @@ variables:
- &repo git.jmbit.de/${CI_REPO_OWNER}/${CI_REPO_NAME} - &repo git.jmbit.de/${CI_REPO_OWNER}/${CI_REPO_NAME}
steps: steps:
dryrun: hugo:
image: git.jmbit.de/jmb/docker-hugo image: git.jmbit.de/jmb/docker-hugo
commands: commands:
- hugo --minify - hugo --minify

View File

@ -1,2 +1,11 @@
FROM nginx:latest FROM golang:alpine AS builder
COPY public /usr/share/nginx/html RUN apk update && apk add --no-cache git
WORKDIR $GOPATH/src/www-jmbit-de
COPY . .
RUN go get -d -v
RUN go build -a -installsuffix cgo -ldflags="-w -s" -o /go/bin/www
FROM scratch
COPY --from=builder /go/bin/www /go/bin/www
ENTRYPOINT ["/go/bin/www"]

View File

@ -1,22 +1,23 @@
HEAD=$(shell git rev-parse --short HEAD) HEAD=$(shell git rev-parse --short HEAD)
CTNAME:=git.jmbit.de/jmb/www-jmbit-de
all: hugo container
dev: dev:
hugo server -D hugo server -D
hugo: hugo:
hugo hugo --minify
webserver:
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o app .
container: container:
podman build -t docker.io/jmbitci/www-jmbit-de:latest -t docker.io/jmbitci/www-jmbit-de:$(HEAD) . podman build -t $(CTNAME):latest -t $(CTNAME):$(HEAD) .
publish:
podman push docker.io/jmbitci/www-jmbit-de:latest --all-tags
nopub: hugo container run:
podman run --rm -p8080:80 docker.io/jmbitci/www-jmbit-de podman run --rm -p8080:80 $(CTNAME)
#rollout:
# kubectl --context=jmbit-prod rollout restart deployment www-jmbit-de -n jmbit-web
clean: clean:
rm -rf public rm -rf public
all: hugo container publish

View File

@ -4,5 +4,46 @@ date: 2023-12-27
draft: true draft: true
--- ---
Im letzten Teil dieser Reihe haben wir eine grundlegende CAPEv2-Umgebung aufgebaut.
Außerhalb dieser Blogpost-Reihe habe ich auch noch ein paar andere VMs installiert mit anderen Betriebssystemen.
## Guacamole installieren
```sh
cd /opt/CAPEv2/installer/
./cape2.sh guacamole | tee guacamole.log
systemctl status guacd guac-web
```
## CAPE-Web-Service
in der `/opt/CAPEv2/conf/web.conf` das Guacamole-Feature aktivieren:
```ini
[guacamole]
enabled = yes
mode = vnc
username =
password =
guacd_host = localhost
guacd_port = 4822
# Server that exposes the VNC ports (e.g., your KVM host)
vnc_host = localhost
# You might need to add your server IP to ALLOWED_HOSTS in web/web/settings.py if it not ["*""]
# vnc or rdp
guest_protocol = vnc
guacd_recording_path = /opt/CAPEv2/storage/guacrecordings
guest_width = 1280
guest_height = 1024
# rdp settings
guest_rdp_port = 3389
```
In dieser Datei kann man auch z.B. Authentifizierung aktivieren, persönlich würde ich das jedoch eher an einem
vorgelagerten Reverse-Proxy bzw. WAF tun.
Nach der Änderung dieser Konfiguration sollte man die `cape-web` und `guacd`-Dienste neu starten.
## Webserver/Reverse-Proxy
Die genauere Konfiguration für Nginx im Produktivbetrieb ist etwas aufwändiger, siehe dazu
[CAPEv2 Docs Nginx](https://capev2.readthedocs.io/en/latest/usage/web.html#best-practices-for-production)

3
go.mod Normal file
View File

@ -0,0 +1,3 @@
module git.jmbit.de/jmb/www-jmbit-de
go 1.21.5

0
go.sum Normal file
View File

32
server.go Normal file
View File

@ -0,0 +1,32 @@
package main
import (
"log"
"net/http"
"git.jmbit.de/jmb/www-jmbit-de/public"
)
func main() {
// Register a custom handler
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
// Specify the file path you want to block
blockFilePath := "/public.go"
// Check if the requested path matches the blocked file path
if r.URL.Path == blockFilePath {
// Return a 404 Not Found error
http.NotFound(w, r)
return
}
// For other paths, serve the files using the file server
http.FileServer(http.FS(public.HtmlFS)).ServeHTTP(w, r)
})
// Start the HTTP server on port 80
err := http.ListenAndServe(":80", nil)
if err != nil {
log.Fatal(err)
}
}

8
static/public.go Normal file
View File

@ -0,0 +1,8 @@
package public
import (
"embed"
)
//go:embed *
var HtmlFS embed.FS