From cd07a16a5ab78253452af941dd68721ce16b0a18 Mon Sep 17 00:00:00 2001 From: "Willem@105.pve1.lan" Date: Fri, 18 Feb 2022 08:52:52 +0200 Subject: [PATCH 1/9] added docker examples --- .gitignore | 10 ----- docker/.gitignore | 2 - docker/client/README.md | 33 ++++++++++++++++ docker/client/docker-compose.yml | 12 ++++++ docker/client/examples/README.md | 7 ++++ .../client/examples/home-assistant/.gitignore | 7 ---- .../client/examples/home-assistant/README.md | 26 +++++++++++++ .../home-assistant/config/configuration.yaml | 10 +++++ .../home-assistant/docker-compose.yml | 38 +++++++++++++++++++ .../client/examples/home-assistant/start.sh | 6 +++ docker/client/examples/home-assistant/stop.sh | 3 ++ docker/client/examples/nginx/README.md | 26 +++++++++++++ .../client/examples/nginx/docker-compose.yml | 19 ++++++++++ docker/client/examples/nginx/start.sh | 6 +++ docker/client/examples/nginx/stop.sh | 3 ++ docker/client/prebuild.yml | 4 ++ docker/client/source.yml | 5 +++ docker/server/README.md | 20 ++++++++++ docker/server/docker-compose.yml | 14 +++++++ docker/server/prebuild.yml | 4 ++ docker/server/source.yml | 5 +++ 21 files changed, 241 insertions(+), 19 deletions(-) delete mode 100644 .gitignore delete mode 100644 docker/.gitignore create mode 100644 docker/client/README.md create mode 100644 docker/client/docker-compose.yml create mode 100644 docker/client/examples/README.md delete mode 100644 docker/client/examples/home-assistant/.gitignore create mode 100644 docker/client/examples/home-assistant/README.md create mode 100644 docker/client/examples/home-assistant/config/configuration.yaml create mode 100644 docker/client/examples/home-assistant/docker-compose.yml create mode 100755 docker/client/examples/home-assistant/start.sh create mode 100755 docker/client/examples/home-assistant/stop.sh create mode 100644 docker/client/examples/nginx/README.md create mode 100644 docker/client/examples/nginx/docker-compose.yml create mode 100755 docker/client/examples/nginx/start.sh create mode 100755 docker/client/examples/nginx/stop.sh create mode 100644 docker/client/prebuild.yml create mode 100644 docker/client/source.yml create mode 100644 docker/server/README.md create mode 100644 docker/server/docker-compose.yml create mode 100644 docker/server/prebuild.yml create mode 100644 docker/server/source.yml diff --git a/.gitignore b/.gitignore deleted file mode 100644 index b388db8..0000000 --- a/.gitignore +++ /dev/null @@ -1,10 +0,0 @@ -# Logo -/logo.png - -# Build executables -/build -/cmd/boringproxy/boringproxy* -boringproxy_*.tar.gz - -# Boringproxy database, created if exec is run in boringproxy folder -boringproxy_db.json \ No newline at end of file diff --git a/docker/.gitignore b/docker/.gitignore deleted file mode 100644 index 9425d7b..0000000 --- a/docker/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -# Docker-compose file with local dev config -dev.yml \ No newline at end of file diff --git a/docker/client/README.md b/docker/client/README.md new file mode 100644 index 0000000..364ee77 --- /dev/null +++ b/docker/client/README.md @@ -0,0 +1,33 @@ +# Files to run client using docker + +## Update compose file + +Edit docker-compose.yml and change the following under **commands** for service **boringproxy** +- bp.example.com: your admin domain +- your-user-token: token generated by your server +- your-client-name: the name to identify your client +- your-user-name: the user associated with the server token + +### certmagic + +The certmagic volume is used to store certificats. This directory must also be passed to the container with the -cert-dir command. + +==If you make changes to this, make sure that the data in certmagic is persistent, otherwise new certificates will be generated everytime the container is started. This can result in triggering the [rate limits for Let's Encrypt](https://letsencrypt.org/docs/rate-limits/)== + +### /etc/ssl/certs +Alpine doesn't include ca-certificates in the docker base image. You can add your OS ca-certificates to the docker container by linking your local certs directory to the image +- /etc/ssl/certs/:/etc/ssl/certs/:ro + +## Build image from source and run server in docker +You can build the image from source. This requires that you clone the GitHub repo and start docker using the compose command below: + +```bash +docker-compose -f docker-compose.yml -f source.yml up -d +``` + +## Download prebuild image and run server in docker +If you don't want to build the image, a prebuild image can be downloaded from GitHub. Start docker using the compose commands below to download the image and start the container. + +```bash +docker-compose -f docker-compose.yml -f prebuild.yml up -d +``` \ No newline at end of file diff --git a/docker/client/docker-compose.yml b/docker/client/docker-compose.yml new file mode 100644 index 0000000..c0e708c --- /dev/null +++ b/docker/client/docker-compose.yml @@ -0,0 +1,12 @@ +version: '3.7' +services: + boringproxy: + container_name: boringproxy-client + restart: unless-stopped + command: ["client", "-server", "bp.example.com", "-token", "your-user-token", "-client-name", "your-client-name", "-user", "your-user-name", "-cert-dir", "/certmagic"] + volumes: + - certmagic:/certmagic + - /etc/ssl/certs/:/etc/ssl/certs/:ro + +volumes: + certmagic: \ No newline at end of file diff --git a/docker/client/examples/README.md b/docker/client/examples/README.md new file mode 100644 index 0000000..af121c6 --- /dev/null +++ b/docker/client/examples/README.md @@ -0,0 +1,7 @@ +# Boringproxy docker examples +The docker examples for boringproxy clients are set up to enable easy integration between boringproxy and popular self hosted services. + +## Usage +To start using an example, copy the example content over to a local folder and start the containers using the `start.sh` script + +These compose files use prebuild images, if you want to build images yourself, follow the instructions in the parent folder to set up your own compose files. \ No newline at end of file diff --git a/docker/client/examples/home-assistant/.gitignore b/docker/client/examples/home-assistant/.gitignore deleted file mode 100644 index 7333a75..0000000 --- a/docker/client/examples/home-assistant/.gitignore +++ /dev/null @@ -1,7 +0,0 @@ -# Ignore everything in config -config/* -# But not these files... -!config/configuration.yaml - -# Ignore everything in development config -dev-config/* \ No newline at end of file diff --git a/docker/client/examples/home-assistant/README.md b/docker/client/examples/home-assistant/README.md new file mode 100644 index 0000000..3e9b3a3 --- /dev/null +++ b/docker/client/examples/home-assistant/README.md @@ -0,0 +1,26 @@ +# FUse boringproxy with home-assistant + +## Update compose file + +Edit docker-compose.yml and change the following under **commands** for service **boringproxy** +- bp.example.com: your admin domain +- your-user-token: token generated by your server +- your-user-name: the user associated with the server token + + +## Add tunnel in WebUI + +Add new tunnel with the following config + +- Domain: domain for this tunnel +- Tunnel Type: **Client TSL** +- Tunnel Port: **Random** +- Client Name: **docker-homeassistant** +- Client Address: **homeassistant** +- Client Port: **8123** + +## Start containers +To start the container(s), run the start script in the example folder +```bash +./start.sh +``` \ No newline at end of file diff --git a/docker/client/examples/home-assistant/config/configuration.yaml b/docker/client/examples/home-assistant/config/configuration.yaml new file mode 100644 index 0000000..7f91794 --- /dev/null +++ b/docker/client/examples/home-assistant/config/configuration.yaml @@ -0,0 +1,10 @@ + +# Configure a default setup of Home Assistant (frontend, api, etc) +default_config: + +http: + # For extra security Homeassistant blocks proxy requests unless forwaring is set + use_x_forwarded_for: true + # If you changed the IP address of boringproxy in your docker-compose file, add the correct IP address here + trusted_proxies: + - 10.5.0.2 \ No newline at end of file diff --git a/docker/client/examples/home-assistant/docker-compose.yml b/docker/client/examples/home-assistant/docker-compose.yml new file mode 100644 index 0000000..f2b4f3f --- /dev/null +++ b/docker/client/examples/home-assistant/docker-compose.yml @@ -0,0 +1,38 @@ +version: '3.7' + +services: + boringproxy: + image: ghcr.io/wgrobler/boringproxy:latest + restart: unless-stopped + command: ["client", "-server", "bp.example.com", "-token", "your-user-token", "-client-name", "docker-homeassistant", "-user", "your-user-name", "-cert-dir", "/certmagic"] + volumes: + - certmagic:/certmagic + - /etc/ssl/certs/:/etc/ssl/certs/:ro + networks: + vpcbr: + ipv4_address: 10.5.0.2 + + homeassistant: + hostname: homeassistant + restart: unless-stopped + image: ghcr.io/home-assistant/home-assistant:latest + privileged: true + ports: + - "8123:8123" # Enable port on local machine, can be removed if you only want to use the tunnel + volumes: + - ./config:/config # Path to your home assistant config folder + - /etc/localtime:/etc/localtime:ro + networks: + vpcbr: + ipv4_address: 10.5.0.3 + +volumes: + certmagic: + +networks: + vpcbr: + driver: bridge + ipam: + config: + - subnet: 10.5.0.0/16 + gateway: 10.5.0.1 \ No newline at end of file diff --git a/docker/client/examples/home-assistant/start.sh b/docker/client/examples/home-assistant/start.sh new file mode 100755 index 0000000..4373a9c --- /dev/null +++ b/docker/client/examples/home-assistant/start.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +export COMPOSE_PROJECT_NAME="bpc-homeassistant" +docker-compose down; # Stop containers if running +docker-compose up -d; +docker-compose logs -f; \ No newline at end of file diff --git a/docker/client/examples/home-assistant/stop.sh b/docker/client/examples/home-assistant/stop.sh new file mode 100755 index 0000000..8bff4e7 --- /dev/null +++ b/docker/client/examples/home-assistant/stop.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +docker-compose down \ No newline at end of file diff --git a/docker/client/examples/nginx/README.md b/docker/client/examples/nginx/README.md new file mode 100644 index 0000000..c5fc088 --- /dev/null +++ b/docker/client/examples/nginx/README.md @@ -0,0 +1,26 @@ +# FUse boringproxy with nginx + +## Update compose file + +Edit docker-compose.yml and change the following under **commands** for service **boringproxy** +- bp.example.com: your admin domain +- your-user-token: token generated by your server +- your-user-name: the user associated with the server token + + +## Add tunnel in WebUI + +Add new tunnel with the following config + +- Domain: domain for this tunnel +- Tunnel Type: **Client TSL** +- Tunnel Port: **Random** +- Client Name: **docker-nginx** +- Client Address: **nginx** +- Client Port: **8123** + +## Start containers +To start the container(s), run the start script in the example folder +```bash +./start.sh +``` \ No newline at end of file diff --git a/docker/client/examples/nginx/docker-compose.yml b/docker/client/examples/nginx/docker-compose.yml new file mode 100644 index 0000000..d44e1b5 --- /dev/null +++ b/docker/client/examples/nginx/docker-compose.yml @@ -0,0 +1,19 @@ +version: '3.7' + +services: + boringproxy: + image: ghcr.io/wgrobler/boringproxy:latest + restart: unless-stopped + command: ["client", "-server", "bp.example.com", "-token", "your-user-token", "-client-name", "docker-nginx", "-user", "your-user-name","-cert-dir", "/certmagic"] + volumes: + - certmagic:/certmagic + - /etc/ssl/certs/:/etc/ssl/certs/:ro + + nginx: + image: nginx:1.17 + hostname: nginx + ports: + - 8080:80 # Enable port on local machine, can be removed if you only want to use the tunnel + +volumes: + certmagic: \ No newline at end of file diff --git a/docker/client/examples/nginx/start.sh b/docker/client/examples/nginx/start.sh new file mode 100755 index 0000000..050aa14 --- /dev/null +++ b/docker/client/examples/nginx/start.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +export COMPOSE_PROJECT_NAME="bpc-nginx" +docker-compose down; # Stop containers if running +docker-compose up -d; +docker-compose logs -f; \ No newline at end of file diff --git a/docker/client/examples/nginx/stop.sh b/docker/client/examples/nginx/stop.sh new file mode 100755 index 0000000..8bff4e7 --- /dev/null +++ b/docker/client/examples/nginx/stop.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +docker-compose down \ No newline at end of file diff --git a/docker/client/prebuild.yml b/docker/client/prebuild.yml new file mode 100644 index 0000000..abe74b2 --- /dev/null +++ b/docker/client/prebuild.yml @@ -0,0 +1,4 @@ +version: '3.7' +services: + boringproxy: + image: ghcr.io/wgrobler/boringproxy:latest \ No newline at end of file diff --git a/docker/client/source.yml b/docker/client/source.yml new file mode 100644 index 0000000..3a5bfc5 --- /dev/null +++ b/docker/client/source.yml @@ -0,0 +1,5 @@ +version: '3.7' +services: + boringproxy: + image: boringproxy + build: ../../ \ No newline at end of file diff --git a/docker/server/README.md b/docker/server/README.md new file mode 100644 index 0000000..4e589d4 --- /dev/null +++ b/docker/server/README.md @@ -0,0 +1,20 @@ +# Files to run server using docker + +## Update compose file + +Edit docker-compose.yml and change the following under **commands** for service **boringproxy** +- bp.example.com: your admin domain + +## Build image from source and run server in docker +You can build the image from source. This requires that you clone the GitHub repo and start docker using the compose command below: + +```bash +docker-compose -f docker-compose.yml -f source.yml up -d +``` + +## Download prebuild image and run server in docker +If you don't want to build the image, a prebuild image can be downloaded from GitHub. Start docker using the compose commands below to download the image and start the container. + +```bash +docker-compose -f docker-compose.yml -f prebuild.yml up -d +``` \ No newline at end of file diff --git a/docker/server/docker-compose.yml b/docker/server/docker-compose.yml new file mode 100644 index 0000000..4bb197d --- /dev/null +++ b/docker/server/docker-compose.yml @@ -0,0 +1,14 @@ +version: '3.7' +services: + boringproxy: + container_name: boringproxy-server + restart: unless-stopped + ports: + - "80:80" + - "443:443" + volumes: + - data:/opt/boringproxy/ + command: ["server", "-admin-domain", "bp.example.com"] + +volumes: + data: \ No newline at end of file diff --git a/docker/server/prebuild.yml b/docker/server/prebuild.yml new file mode 100644 index 0000000..abe74b2 --- /dev/null +++ b/docker/server/prebuild.yml @@ -0,0 +1,4 @@ +version: '3.7' +services: + boringproxy: + image: ghcr.io/wgrobler/boringproxy:latest \ No newline at end of file diff --git a/docker/server/source.yml b/docker/server/source.yml new file mode 100644 index 0000000..3a5bfc5 --- /dev/null +++ b/docker/server/source.yml @@ -0,0 +1,5 @@ +version: '3.7' +services: + boringproxy: + image: boringproxy + build: ../../ \ No newline at end of file From 9a4863c4f419ecd5acee2df146ebed75816e84e3 Mon Sep 17 00:00:00 2001 From: "Willem@105.pve1.lan" Date: Fri, 18 Feb 2022 14:30:12 +0200 Subject: [PATCH 2/9] build files using docker --- .gitignore | 11 +- Dockerfile | 19 +- default_logo.png | Bin 0 -> 913 bytes docker/.gitignore | 2 - .../client/examples/home-assistant/.gitignore | 7 - scripts/build_docker.sh | 220 ++++++++++++++++++ scripts/upload_docker_github.sh | 32 +++ 7 files changed, 278 insertions(+), 13 deletions(-) create mode 100644 default_logo.png delete mode 100644 docker/.gitignore delete mode 100644 docker/client/examples/home-assistant/.gitignore create mode 100755 scripts/build_docker.sh create mode 100755 scripts/upload_docker_github.sh diff --git a/.gitignore b/.gitignore index b388db8..5e94504 100644 --- a/.gitignore +++ b/.gitignore @@ -7,4 +7,13 @@ boringproxy_*.tar.gz # Boringproxy database, created if exec is run in boringproxy folder -boringproxy_db.json \ No newline at end of file +boringproxy_db.json + +# Development files +dev.yml + +# Docker client examples +# Ignore everything in config +docker/client/examples/home-assistant/config/* +# But not these files... +!docker/client/examples/home-assistant/config/configuration.yaml \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 9522d51..945640f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,19 +1,32 @@ FROM golang:1.17-alpine3.15 as builder +LABEL boringproxy=builder + +ARG VERSION +ARG GOOS="linux" +ARG GOARCH="amd64" +ARG BRANCH="master" +ARG REPO="https://github.com/boringproxy/boringproxy.git" +ARG ORIGIN='local' WORKDIR /build RUN apk add git +RUN if [[ "ORIGIN" == 'remote' ]] ; then git clone --depth 1 --branch "${BRANCH}" ${REPO}; fi + COPY go.* ./ RUN go mod download COPY . . +RUN export VERSION='2' -RUN cd cmd/boringproxy && CGO_ENABLED=0 go build -o boringproxy +RUN cd cmd/boringproxy && CGO_ENABLED=0 GOOS=${GOOS} GOARCH=${GOARCH} \ + go build -ldflags "-X main.Version=${VERSION}" \ + -o boringproxy -FROM scratch +FROM scratch EXPOSE 80 443 COPY --from=builder /build/cmd/boringproxy/boringproxy / ENTRYPOINT ["/boringproxy"] -CMD ["server"] +CMD ["version"] \ No newline at end of file diff --git a/default_logo.png b/default_logo.png new file mode 100644 index 0000000000000000000000000000000000000000..09e6a58e5f8778a07ba8a155c3c518d279778317 GIT binary patch literal 913 zcmV;C18)3@P);b6~!9Vaj%5%y(kYd1KRhW7&IS+IwT% zd}H2xWZ->c;eBM`ePrT&WaE8qxqfBher4l-X5)Wn;HH<~rkLNUoZhLN->RM8uA|+5J3bHM5+fNRQ(J;Vy7;LpS3v%#1d@$= zSLyMpCzb_AmWisiBG5kd1o|2ocUXAcP$AK*%)@M2K@hi1m#FLfkwM z(=#L@9z~T*CJ{LlS;Yy6c;A1Mq=!`=pb#NQXICaV^+F**HoT$%YqnwqE`M*+0zee~fa$EcO2Km-_KG zc59Me{^rBYCbEwGq-i3j`|*dBbUG38o7vB|vpSHmE>cq6>e}O5M@unw^|eHkwX?+y zi{9pLuyLW7vGSz5P3`V0hTQ0HxEDJH3L7U7M~Aug-lhBm)FEiGr+y~yoIipc=Z5M= zw2i$4;K6jNv)QR8w(r1iBxK(j)0p~X_{)NyVM-224vX1rb4X_oDX41?1638fz(E8N nL=Zs)5k$BnP=yF0{~Y-SffN5Q4;P&~00000NkvXXu0mjfL>tW? literal 0 HcmV?d00001 diff --git a/docker/.gitignore b/docker/.gitignore deleted file mode 100644 index 9425d7b..0000000 --- a/docker/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -# Docker-compose file with local dev config -dev.yml \ No newline at end of file diff --git a/docker/client/examples/home-assistant/.gitignore b/docker/client/examples/home-assistant/.gitignore deleted file mode 100644 index 7333a75..0000000 --- a/docker/client/examples/home-assistant/.gitignore +++ /dev/null @@ -1,7 +0,0 @@ -# Ignore everything in config -config/* -# But not these files... -!config/configuration.yaml - -# Ignore everything in development config -dev-config/* \ No newline at end of file diff --git a/scripts/build_docker.sh b/scripts/build_docker.sh new file mode 100755 index 0000000..1c46398 --- /dev/null +++ b/scripts/build_docker.sh @@ -0,0 +1,220 @@ +#!/bin/bash + +# Run from root boringproxy folder and call with ./scripts/build_docker.sh + +############################################################ +# Help # +############################################################ +Help() +{ + # Display Help + echo "Script to buid BoringProxy executables using docker" + echo "Syntax: build_docker.sh [h|help|local|remote]" + echo + echo "h & help: Display help documetation" + echo + echo "local: Build executables from local repo (current folder)" + echo "options:" + echo " a|arch Architecture to build for build (amd64,arm,arm64)" + echo " os Operating System to build for (linux,freebsd,openbsd,windows,darwin)" + echo " o|output Output format (image,exec)" + echo "example: " + echo " build_docker.sh local -a=amd -s=linux -o=image" + echo + echo "local: Build executables remote repo (Github fork)" + echo "options:" + echo " a|arch Architecture to build for build (amd64,arm,arm64)" + echo " os Operating System to build for (linux,freebsd,openbsd,windows,darwin)" + echo " u|user Github user" + echo " b|branch Branch/Tree" + echo " o|output Output format (image,exec)" + echo "example: " + echo " generate_docker.sh remote -a=amd -s=linux -u=wgrobler -b=dev -o=exec" + echo +} + +############################################################ +############################################################ +# Main program # +############################################################ +############################################################ + +# Check if file was run from correct working directory, if correct script file will exists +FILE=./scripts/build_docker.sh +if [ ! -f "$FILE" ]; then + echo "Script needs to be run from root boringproxy folder, call with ./scripts/build_docker.sh" + exit; +fi + +if [ -z "$1" ]; +then + echo "No input variabled supplied" + echo "Here is the script help documentation:" + echo + Help + exit; +else + if [ "$1" == "help" ] || [ "$1" == "h" ]; + then + Help + exit; + fi + if [ "$1" == "local" ]; + then + CMD='local' + GOARCH='amd64'; + GOOS='linux'; + OUTPUT_FORMAT='image'; + # Get the options + for i in "$@"; do + case $i in + -a=*|--arch=*) + GOARCH="${i#*=}"; + shift; + ;; + -os=*) + GOOS="${i#*=}"; + shift; + ;; + -o=*|--output=*) + OUTPUT_FORMAT="${i#*=}"; + shift; + ;; + -*|--*) + echo "Unknown option $i" + exit 1 + ;; + *) + ;; + esac + done + fi + if [ "$1" == "remote" ]; + then + CMD='remote' + GOARCH='amd64'; + GOOS='linux'; + BRANCH='master'; + GITHUB_USER="boringproxy" + OUTPUT_FORMAT='image'; + # Get the options + for i in "$@"; do + case $i in + -a=*|--arch=*) + GOARCH="${i#*=}"; + shift; + ;; + -os=*) + GOOS="${i#*=}"; + shift; + ;; + -b=*|--branch=*) + BRANCH="${i#*=}"; + shift; + ;; + -u=*|--user=*) + GITHUB_USER="${i#*=}"; + shift; + ;; + -o=*|--output=*) + OUTPUT_FORMAT="${i#*=}"; + shift; + ;; + -*|--*) + echo "Unknown option $i" + exit 1 + ;; + *) + ;; + esac + done + fi +fi + +# Get current timestamp and set at TAG +timestamp=$(date +%s) + +# Make build folder if not already exists +mkdir -p ./build + +# Check if logo.png exists, if not create +FILE=./logo.png +if [ -f "$FILE" ]; +then + echo "$FILE exists. Using file in build"; +else + echo "$FILE does not exist. Creating file"; + cp ./default_logo.png ./logo.png; +fi + +if [ "$CMD" == "local" ]; +then + echo "Building from local git repo" + + # Get current version from git tags + version=$(git describe --tags) + + # Set docker image name + if [ "$OUTPUT_FORMAT" == "image" ]; + then DockerImage="boringproxy-$GOOS-$GOARCH"; + else DockerImage="boringproxy-$GOOS-$GOARCH:$timestamp"; + fi + + # Build docker image(s) + docker build -t $DockerImage . \ + --build-arg VERSION=$(git describe --tags) \ + --build-arg GOARCH=$GOARCH \ + --build-arg GOOS=$GOOS; +fi + +if [ "$CMD" == "remote" ]; +then + echo "Building from remote git repo" + + # Set docker image name + if [ "$OUTPUT_FORMAT" == "image" ]; + then DockerImage="$GITHUB_USER.$BRANCH.boringproxy-$GOOS-$GOARCH"; + else DockerImage="$GITHUB_USER.$BRANCH.boringproxy-$GOOS-$GOARCH:$timestamp"; + fi + + # Build docker image(s) + REPO="https://github.com/$GITHUB_USER/boringproxy.git" + docker build -t $DockerImage . \ + --build-arg VERSION="$GITHUB_USER:$BRANCH" \ + --build-arg GOARCH=$GOARCH \ + --build-arg GOOS=$GOOS \ + --build-arg BRANCH=$BRANCH \ + --build-arg REPO=$REPO; +fi + +# if DockerImage is set, continue +if [ -n "$DockerImage" ]; +then + if [ "$OUTPUT_FORMAT" == "image" ]; + then + # Prune intermediate images + docker image prune -f --filter label=boringproxy=builder + + echo + echo "Docker file created with filename: $DockerImage" + echo "Use $DockerImage as image name when uploading" + else + # Prune intermediate images + docker image prune -f --filter label=boringproxy=builder + + # Set filename for exec + if [ "$CMD" == "local" ]; + then FILENAME="boringproxy-$GOOS-$GOARCH"; + else FILENAME="$GITHUB_USER.$BRANCH.boringproxy-$GOOS-$GOARCH"; + fi + + # Copy exec from image + docker cp $(docker create $DockerImage):/boringproxy ./build/$FILENAME; + + # Remove temp container + docker rm $(docker container ls -n 1 | awk '{ print $1 }' | grep -v CONTAINER) + + # Remove image + docker rmi $DockerImage; + fi +fi \ No newline at end of file diff --git a/scripts/upload_docker_github.sh b/scripts/upload_docker_github.sh new file mode 100755 index 0000000..832c8dd --- /dev/null +++ b/scripts/upload_docker_github.sh @@ -0,0 +1,32 @@ +#!/bin/bash + +# This file is used to upload a build docker image to GitHub. +# Run build_docker.sh first to create new image +# Run from root boringproxy folder and call with ./scripts/upload_docker_image.sh github-username +# github-username must be lowercase + +# https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry + +if [ -z "$1" ]; +then { + echo "Container name required"; + exit; +} +fi + +if [ -z "$2" ]; +then echo "GitHub username required"; +else { + if [ -z "$3" ]; + then { + echo "No TAG set, using latest"; + tag='latest'; + } + else tag=$3; + fi + docker image tag $1 ghcr.io/$2/$1:$tag + CR_PAT=`cat ~/.auth_tokens/github` + echo $CR_PAT | docker login ghcr.io -u $2 --password-stdin + docker push ghcr.io/$2/$1:$tag +} fi + From 6f089e2d758e1f737acd01abd0c787e88b4e44f9 Mon Sep 17 00:00:00 2001 From: Willem Grobler <40760504+WGrobler@users.noreply.github.com> Date: Fri, 18 Feb 2022 14:43:17 +0200 Subject: [PATCH 3/9] Delete .gitignore --- .gitignore | 19 ------------------- 1 file changed, 19 deletions(-) delete mode 100644 .gitignore diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 5e94504..0000000 --- a/.gitignore +++ /dev/null @@ -1,19 +0,0 @@ -# Logo -/logo.png - -# Build executables -/build -/cmd/boringproxy/boringproxy* -boringproxy_*.tar.gz - -# Boringproxy database, created if exec is run in boringproxy folder -boringproxy_db.json - -# Development files -dev.yml - -# Docker client examples -# Ignore everything in config -docker/client/examples/home-assistant/config/* -# But not these files... -!docker/client/examples/home-assistant/config/configuration.yaml \ No newline at end of file From b7dd326c96b334abbcdbfa287ded95b6834cb89b Mon Sep 17 00:00:00 2001 From: Anders Pitman Date: Sat, 19 Feb 2022 08:45:38 -0700 Subject: [PATCH 4/9] Fix token bug When creating a fresh DB, it was setting the first token client to "any" instead of "", which prevented initial login. --- boringproxy.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/boringproxy.go b/boringproxy.go index 42f5ae1..410f696 100644 --- a/boringproxy.go +++ b/boringproxy.go @@ -133,7 +133,7 @@ func Listen() { users := db.GetUsers() if len(users) == 0 { db.AddUser("admin", true) - _, err := db.AddToken("admin", "any") + _, err := db.AddToken("admin", "") if err != nil { log.Fatal("Failed to initialize admin user") } From f2e3e710d91a85809ec0d9e7b9bafe2e89de731a Mon Sep 17 00:00:00 2001 From: Anders Pitman Date: Sat, 19 Feb 2022 08:49:38 -0700 Subject: [PATCH 5/9] Don't show login link for scoped tokens --- templates/tokens.tmpl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/tokens.tmpl b/templates/tokens.tmpl index ba223cf..566250f 100644 --- a/templates/tokens.tmpl +++ b/templates/tokens.tmpl @@ -5,11 +5,11 @@
{{ if eq $tokenData.Client "" }} {{$token}} (Owner: {{$tokenData.Owner}}) (Client: Any) + Login link + {{ else }} {{$token}} (Owner: {{$tokenData.Owner}}) (Client: {{$tokenData.Client}}) {{ end }} - Login link - From b9a022688c71706c8c7a813c709b8b2831cc4a7c Mon Sep 17 00:00:00 2001 From: Anders Pitman Date: Sat, 19 Feb 2022 09:03:43 -0700 Subject: [PATCH 6/9] Use default_logo.png for release builds --- scripts/build_release.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/build_release.sh b/scripts/build_release.sh index a55a9b1..2ebc920 100755 --- a/scripts/build_release.sh +++ b/scripts/build_release.sh @@ -2,7 +2,7 @@ version=$(git describe --tags) -./scripts/generate_logo.sh +cp default_logo.png logo.png cd ./cmd/boringproxy From 2aaeb60c1a7d3a018cdebb4cc9427297d85dbb17 Mon Sep 17 00:00:00 2001 From: Anders Pitman Date: Sat, 19 Feb 2022 09:15:17 -0700 Subject: [PATCH 7/9] Add changelog --- CHANGELOG.md | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 CHANGELOG.md diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..5419b6b --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,56 @@ +# v0.9.0 + +* Raw TLS tunnels implemented, which adds WebSockets support. +* Improved security of tokens. They can now be limited to only work for + specific clients. +* A default logo is included in the repo, so inkscape is no longer required to + build the project (thanks @WGrobler!). +* Docker instructions, scripts, and examples greatly improved (thanks + @WGRobler!) +* Added IPv6 support. +* API simplified so client doesn't need to be run with `-user` or + `-client-name` if that information can be extracted from the token. +* Added `-acme-use-staging` to allow use of Let's Encrypt staging servers. +* Added page to allow managing clients from the web UI. Previously they were + silently added when the client first connected. +* Added `-behind-proxy` flag so X-Forwarded-For header is only added when the + flag is set. This improves security so clients can't spoof their IPs. + + +# v0.8.2 + +* Integration with [TakingNames.io](https://takingnames.io). +* Support now available through the [IndieBits forum](https://forum.indiebits.io/). +* Switch to more traditional HTML UI. Was doing some cool but hacky CSS stuff. +* Replaced go.rice with embed from stdlib. +* Check if ports are publicly accessible on startup. +* Add individual pages to look at tunnel details. +* Implement support for unencrypted HTTP. +* Can now select server HTTP/HTTPS ports. +* Add Forwarded and X-Forwarded-For proxy headers. +* Implement printing login link as QR code on the command line. + + +# v0.7.0 + +* Fixed server authorized_key file getting huge. +* Added FreeBSD and OpenBSD builds. +* Fix redirects on client-terminated tunnels. + + +# v0.6.0 + +* Various internal improvements, especially to make boringproxy easier to use as a library in other programs. +* Renamed amd64 to x86_64 to be easier to distinguish from arm64. +* Allow tunnel port to be selected, allowing boringproxy to more easily be used like a normal reverse proxy. +* Various other small bug fixes and UX improvements. + + +# v0.5.0 + +* Improved UX + * Print usage information (thanks @arp242!) + * Some better error messages +* Added systemd docs and examples (thanks @voidrot!) +* Move main package into cmd/boringproxy so server and client can be imported into other programs. +* Stream requests. Server was reading entire requests before forwarding to upstream (similar to nginx default). Now streams everything. From cca2b06827e57defb029dd8552ff46b15fa58b1a Mon Sep 17 00:00:00 2001 From: Anders Pitman Date: Sat, 19 Feb 2022 09:44:06 -0700 Subject: [PATCH 8/9] Don't set admin user by default This created a bug that prevented determining the user from the token. --- client.go | 2 +- cmd/boringproxy/main.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/client.go b/client.go index 3883c78..cfbeda0 100644 --- a/client.go +++ b/client.go @@ -140,7 +140,7 @@ func (c *Client) Run(ctx context.Context) error { } msg := string(body) - return errors.New(fmt.Sprintf("Failed to create client. Are the user (%s) and token correct? HTTP Status code: %d. Message: %s", c.user, resp.StatusCode, msg)) + return errors.New(fmt.Sprintf("Failed to create client. Are the user ('%s') and token correct? HTTP Status code: %d. Message: %s", c.user, resp.StatusCode, msg)) } for { diff --git a/cmd/boringproxy/main.go b/cmd/boringproxy/main.go index ba37082..4e28b61 100644 --- a/cmd/boringproxy/main.go +++ b/cmd/boringproxy/main.go @@ -47,7 +47,7 @@ func main() { server := flagSet.String("server", "", "boringproxy server") token := flagSet.String("token", "", "Access token") name := flagSet.String("client-name", "", "Client name") - user := flagSet.String("user", "admin", "user") + user := flagSet.String("user", "", "user") certDir := flagSet.String("cert-dir", "", "TLS cert directory") acmeEmail := flagSet.String("acme-email", "", "Email for ACME (ie Let's Encrypt)") acmeUseStaging := flagSet.Bool("acme-use-staging", false, "Use ACME (ie Let's Encrypt) staging servers") From b1eb2cec438b260d0ec804c6d8a53b8815692b9f Mon Sep 17 00:00:00 2001 From: Anders Pitman Date: Sat, 19 Feb 2022 09:45:35 -0700 Subject: [PATCH 9/9] Update changelog --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5419b6b..210aacd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # v0.9.0 +* Fix bug where client doesn't automatically detect user because the client + defaulted to "admin" when no user was provided. + + +# v0.9.0 + * Raw TLS tunnels implemented, which adds WebSockets support. * Improved security of tokens. They can now be limited to only work for specific clients.