Compare commits
No commits in common. "63211c3f371258389daa3e23d7be11d15596e131" and "5ea408247379a44f56cc36b79fe7e39724e77dbc" have entirely different histories.
63211c3f37
...
5ea4082473
|
@ -1,4 +1,3 @@
|
|||
*.swp
|
||||
public/
|
||||
resources/
|
||||
app
|
||||
|
|
|
@ -1,3 +1,11 @@
|
|||
# Build and publish Docker images for multible architectures.
|
||||
#
|
||||
# Pushing an image to codeberg as container registry,
|
||||
# package owner will be the repo owner.
|
||||
#
|
||||
# this config also shows usage of yaml aliases and
|
||||
# was taken from https://codeberg.org/6543/docker-images/src/commit/37e29c227717c1c07d2776cddcf14725bf952875/.woodpecker/hello.yml
|
||||
|
||||
when:
|
||||
branch: main
|
||||
|
||||
|
@ -6,7 +14,7 @@ variables:
|
|||
- &repo git.jmbit.de/${CI_REPO_OWNER}/${CI_REPO_NAME}
|
||||
|
||||
steps:
|
||||
hugo:
|
||||
dryrun:
|
||||
image: git.jmbit.de/jmb/docker-hugo
|
||||
commands:
|
||||
- hugo --minify
|
||||
|
|
13
Dockerfile
13
Dockerfile
|
@ -1,11 +1,2 @@
|
|||
FROM golang:alpine AS builder
|
||||
RUN apk update && apk add --no-cache git
|
||||
|
||||
WORKDIR $GOPATH/src/www-jmbit-de
|
||||
COPY . .
|
||||
RUN go get -d -v
|
||||
RUN go build -a -installsuffix cgo -ldflags="-w -s" -o /go/bin/www
|
||||
|
||||
FROM scratch
|
||||
COPY --from=builder /go/bin/www /go/bin/www
|
||||
ENTRYPOINT ["/go/bin/www"]
|
||||
FROM nginx:latest
|
||||
COPY public /usr/share/nginx/html
|
||||
|
|
25
Makefile
25
Makefile
|
@ -1,23 +1,22 @@
|
|||
HEAD=$(shell git rev-parse --short HEAD)
|
||||
CTNAME:=git.jmbit.de/jmb/www-jmbit-de
|
||||
|
||||
all: hugo container
|
||||
|
||||
dev:
|
||||
hugo server -D
|
||||
|
||||
hugo:
|
||||
hugo --minify
|
||||
|
||||
webserver:
|
||||
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o app .
|
||||
|
||||
hugo
|
||||
container:
|
||||
podman build -t $(CTNAME):latest -t $(CTNAME):$(HEAD) .
|
||||
podman build -t docker.io/jmbitci/www-jmbit-de:latest -t docker.io/jmbitci/www-jmbit-de:$(HEAD) .
|
||||
publish:
|
||||
podman push docker.io/jmbitci/www-jmbit-de:latest --all-tags
|
||||
|
||||
run:
|
||||
podman run --rm -p8080:80 $(CTNAME)
|
||||
nopub: hugo container
|
||||
podman run --rm -p8080:80 docker.io/jmbitci/www-jmbit-de
|
||||
|
||||
#rollout:
|
||||
# kubectl --context=jmbit-prod rollout restart deployment www-jmbit-de -n jmbit-web
|
||||
|
||||
clean:
|
||||
rm -rf public
|
||||
|
||||
all: hugo container publish
|
||||
|
||||
|
||||
|
|
|
@ -4,46 +4,5 @@ date: 2023-12-27
|
|||
draft: true
|
||||
---
|
||||
|
||||
Im letzten Teil dieser Reihe haben wir eine grundlegende CAPEv2-Umgebung aufgebaut.
|
||||
Außerhalb dieser Blogpost-Reihe habe ich auch noch ein paar andere VMs installiert mit anderen Betriebssystemen.
|
||||
|
||||
## Guacamole installieren
|
||||
|
||||
```sh
|
||||
cd /opt/CAPEv2/installer/
|
||||
./cape2.sh guacamole | tee guacamole.log
|
||||
systemctl status guacd guac-web
|
||||
```
|
||||
|
||||
## CAPE-Web-Service
|
||||
|
||||
in der `/opt/CAPEv2/conf/web.conf` das Guacamole-Feature aktivieren:
|
||||
```ini
|
||||
[guacamole]
|
||||
enabled = yes
|
||||
mode = vnc
|
||||
username =
|
||||
password =
|
||||
guacd_host = localhost
|
||||
guacd_port = 4822
|
||||
# Server that exposes the VNC ports (e.g., your KVM host)
|
||||
vnc_host = localhost
|
||||
# You might need to add your server IP to ALLOWED_HOSTS in web/web/settings.py if it not ["*""]
|
||||
# vnc or rdp
|
||||
guest_protocol = vnc
|
||||
guacd_recording_path = /opt/CAPEv2/storage/guacrecordings
|
||||
guest_width = 1280
|
||||
guest_height = 1024
|
||||
# rdp settings
|
||||
guest_rdp_port = 3389
|
||||
```
|
||||
|
||||
In dieser Datei kann man auch z.B. Authentifizierung aktivieren, persönlich würde ich das jedoch eher an einem
|
||||
vorgelagerten Reverse-Proxy bzw. WAF tun.
|
||||
|
||||
Nach der Änderung dieser Konfiguration sollte man die `cape-web` und `guacd`-Dienste neu starten.
|
||||
|
||||
## Webserver/Reverse-Proxy
|
||||
|
||||
Die genauere Konfiguration für Nginx im Produktivbetrieb ist etwas aufwändiger, siehe dazu
|
||||
[CAPEv2 Docs Nginx](https://capev2.readthedocs.io/en/latest/usage/web.html#best-practices-for-production)
|
||||
|
|
32
server.go
32
server.go
|
@ -1,32 +0,0 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"log"
|
||||
"net/http"
|
||||
|
||||
"git.jmbit.de/jmb/www-jmbit-de/public"
|
||||
)
|
||||
|
||||
func main() {
|
||||
// Register a custom handler
|
||||
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
|
||||
// Specify the file path you want to block
|
||||
blockFilePath := "/public.go"
|
||||
|
||||
// Check if the requested path matches the blocked file path
|
||||
if r.URL.Path == blockFilePath {
|
||||
// Return a 404 Not Found error
|
||||
http.NotFound(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
// For other paths, serve the files using the file server
|
||||
http.FileServer(http.FS(public.HtmlFS)).ServeHTTP(w, r)
|
||||
})
|
||||
|
||||
// Start the HTTP server on port 80
|
||||
err := http.ListenAndServe(":80", nil)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
}
|
|
@ -1,8 +0,0 @@
|
|||
package public
|
||||
|
||||
import (
|
||||
"embed"
|
||||
)
|
||||
|
||||
//go:embed *
|
||||
var HtmlFS embed.FS
|
Loading…
Reference in New Issue