Compare commits
No commits in common. "63211c3f371258389daa3e23d7be11d15596e131" and "5ea408247379a44f56cc36b79fe7e39724e77dbc" have entirely different histories.
63211c3f37
...
5ea4082473
|
@ -1,4 +1,3 @@
|
||||||
*.swp
|
*.swp
|
||||||
public/
|
public/
|
||||||
resources/
|
resources/
|
||||||
app
|
|
||||||
|
|
|
@ -1,3 +1,11 @@
|
||||||
|
# Build and publish Docker images for multible architectures.
|
||||||
|
#
|
||||||
|
# Pushing an image to codeberg as container registry,
|
||||||
|
# package owner will be the repo owner.
|
||||||
|
#
|
||||||
|
# this config also shows usage of yaml aliases and
|
||||||
|
# was taken from https://codeberg.org/6543/docker-images/src/commit/37e29c227717c1c07d2776cddcf14725bf952875/.woodpecker/hello.yml
|
||||||
|
|
||||||
when:
|
when:
|
||||||
branch: main
|
branch: main
|
||||||
|
|
||||||
|
@ -6,7 +14,7 @@ variables:
|
||||||
- &repo git.jmbit.de/${CI_REPO_OWNER}/${CI_REPO_NAME}
|
- &repo git.jmbit.de/${CI_REPO_OWNER}/${CI_REPO_NAME}
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
hugo:
|
dryrun:
|
||||||
image: git.jmbit.de/jmb/docker-hugo
|
image: git.jmbit.de/jmb/docker-hugo
|
||||||
commands:
|
commands:
|
||||||
- hugo --minify
|
- hugo --minify
|
||||||
|
|
13
Dockerfile
13
Dockerfile
|
@ -1,11 +1,2 @@
|
||||||
FROM golang:alpine AS builder
|
FROM nginx:latest
|
||||||
RUN apk update && apk add --no-cache git
|
COPY public /usr/share/nginx/html
|
||||||
|
|
||||||
WORKDIR $GOPATH/src/www-jmbit-de
|
|
||||||
COPY . .
|
|
||||||
RUN go get -d -v
|
|
||||||
RUN go build -a -installsuffix cgo -ldflags="-w -s" -o /go/bin/www
|
|
||||||
|
|
||||||
FROM scratch
|
|
||||||
COPY --from=builder /go/bin/www /go/bin/www
|
|
||||||
ENTRYPOINT ["/go/bin/www"]
|
|
||||||
|
|
25
Makefile
25
Makefile
|
@ -1,23 +1,22 @@
|
||||||
HEAD=$(shell git rev-parse --short HEAD)
|
HEAD=$(shell git rev-parse --short HEAD)
|
||||||
CTNAME:=git.jmbit.de/jmb/www-jmbit-de
|
|
||||||
|
|
||||||
all: hugo container
|
|
||||||
|
|
||||||
dev:
|
dev:
|
||||||
hugo server -D
|
hugo server -D
|
||||||
|
|
||||||
hugo:
|
hugo:
|
||||||
hugo --minify
|
hugo
|
||||||
|
|
||||||
webserver:
|
|
||||||
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o app .
|
|
||||||
|
|
||||||
container:
|
container:
|
||||||
podman build -t $(CTNAME):latest -t $(CTNAME):$(HEAD) .
|
podman build -t docker.io/jmbitci/www-jmbit-de:latest -t docker.io/jmbitci/www-jmbit-de:$(HEAD) .
|
||||||
|
publish:
|
||||||
|
podman push docker.io/jmbitci/www-jmbit-de:latest --all-tags
|
||||||
|
|
||||||
run:
|
nopub: hugo container
|
||||||
podman run --rm -p8080:80 $(CTNAME)
|
podman run --rm -p8080:80 docker.io/jmbitci/www-jmbit-de
|
||||||
|
|
||||||
|
#rollout:
|
||||||
|
# kubectl --context=jmbit-prod rollout restart deployment www-jmbit-de -n jmbit-web
|
||||||
|
|
||||||
clean:
|
clean:
|
||||||
rm -rf public
|
rm -rf public
|
||||||
|
|
||||||
|
all: hugo container publish
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -4,46 +4,5 @@ date: 2023-12-27
|
||||||
draft: true
|
draft: true
|
||||||
---
|
---
|
||||||
|
|
||||||
Im letzten Teil dieser Reihe haben wir eine grundlegende CAPEv2-Umgebung aufgebaut.
|
|
||||||
Außerhalb dieser Blogpost-Reihe habe ich auch noch ein paar andere VMs installiert mit anderen Betriebssystemen.
|
|
||||||
|
|
||||||
## Guacamole installieren
|
|
||||||
|
|
||||||
```sh
|
|
||||||
cd /opt/CAPEv2/installer/
|
|
||||||
./cape2.sh guacamole | tee guacamole.log
|
|
||||||
systemctl status guacd guac-web
|
|
||||||
```
|
|
||||||
|
|
||||||
## CAPE-Web-Service
|
|
||||||
|
|
||||||
in der `/opt/CAPEv2/conf/web.conf` das Guacamole-Feature aktivieren:
|
|
||||||
```ini
|
|
||||||
[guacamole]
|
|
||||||
enabled = yes
|
|
||||||
mode = vnc
|
|
||||||
username =
|
|
||||||
password =
|
|
||||||
guacd_host = localhost
|
|
||||||
guacd_port = 4822
|
|
||||||
# Server that exposes the VNC ports (e.g., your KVM host)
|
|
||||||
vnc_host = localhost
|
|
||||||
# You might need to add your server IP to ALLOWED_HOSTS in web/web/settings.py if it not ["*""]
|
|
||||||
# vnc or rdp
|
|
||||||
guest_protocol = vnc
|
|
||||||
guacd_recording_path = /opt/CAPEv2/storage/guacrecordings
|
|
||||||
guest_width = 1280
|
|
||||||
guest_height = 1024
|
|
||||||
# rdp settings
|
|
||||||
guest_rdp_port = 3389
|
|
||||||
```
|
|
||||||
|
|
||||||
In dieser Datei kann man auch z.B. Authentifizierung aktivieren, persönlich würde ich das jedoch eher an einem
|
|
||||||
vorgelagerten Reverse-Proxy bzw. WAF tun.
|
|
||||||
|
|
||||||
Nach der Änderung dieser Konfiguration sollte man die `cape-web` und `guacd`-Dienste neu starten.
|
|
||||||
|
|
||||||
## Webserver/Reverse-Proxy
|
|
||||||
|
|
||||||
Die genauere Konfiguration für Nginx im Produktivbetrieb ist etwas aufwändiger, siehe dazu
|
|
||||||
[CAPEv2 Docs Nginx](https://capev2.readthedocs.io/en/latest/usage/web.html#best-practices-for-production)
|
|
||||||
|
|
32
server.go
32
server.go
|
@ -1,32 +0,0 @@
|
||||||
package main
|
|
||||||
|
|
||||||
import (
|
|
||||||
"log"
|
|
||||||
"net/http"
|
|
||||||
|
|
||||||
"git.jmbit.de/jmb/www-jmbit-de/public"
|
|
||||||
)
|
|
||||||
|
|
||||||
func main() {
|
|
||||||
// Register a custom handler
|
|
||||||
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
|
|
||||||
// Specify the file path you want to block
|
|
||||||
blockFilePath := "/public.go"
|
|
||||||
|
|
||||||
// Check if the requested path matches the blocked file path
|
|
||||||
if r.URL.Path == blockFilePath {
|
|
||||||
// Return a 404 Not Found error
|
|
||||||
http.NotFound(w, r)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// For other paths, serve the files using the file server
|
|
||||||
http.FileServer(http.FS(public.HtmlFS)).ServeHTTP(w, r)
|
|
||||||
})
|
|
||||||
|
|
||||||
// Start the HTTP server on port 80
|
|
||||||
err := http.ListenAndServe(":80", nil)
|
|
||||||
if err != nil {
|
|
||||||
log.Fatal(err)
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,8 +0,0 @@
|
||||||
package public
|
|
||||||
|
|
||||||
import (
|
|
||||||
"embed"
|
|
||||||
)
|
|
||||||
|
|
||||||
//go:embed *
|
|
||||||
var HtmlFS embed.FS
|
|
Loading…
Reference in New Issue