Merge branch 'master' into limit-tokens

Dockerfile

@@ -1,19 +1,32 @@
 FROM golang:1.17-alpine3.15 as builder
+LABEL boringproxy=builder
+
+ARG VERSION
+ARG GOOS="linux"
+ARG GOARCH="amd64"
+ARG BRANCH="master"
+ARG REPO="https://github.com/boringproxy/boringproxy.git"
+ARG ORIGIN='local'
 
 WORKDIR /build
 
 RUN apk add git
 
+RUN if [[ "ORIGIN" == 'remote' ]] ; then git clone --depth 1 --branch "${BRANCH}" ${REPO}; fi
+
 COPY go.* ./
 RUN go mod download
 COPY . .
+RUN export VERSION='2'
 
-RUN cd cmd/boringproxy && CGO_ENABLED=0 go build -o boringproxy
+RUN cd cmd/boringproxy && CGO_ENABLED=0 GOOS=${GOOS} GOARCH=${GOARCH} \
+	go build -ldflags "-X main.Version=${VERSION}" \
+	-o boringproxy
 
-FROM scratch 
+FROM scratch
 EXPOSE 80 443
 
 COPY --from=builder /build/cmd/boringproxy/boringproxy /
 
 ENTRYPOINT ["/boringproxy"]
-CMD ["server"]
+CMD ["version"]

docker/client/README.md

@@ -0,0 +1,33 @@
+# Files to run client using docker
+
+## Update compose file
+
+Edit docker-compose.yml and change the following under **commands** for service **boringproxy**
+- bp.example.com: your admin domain
+- your-user-token: token generated by your server
+- your-client-name: the name to identify your client
+- your-user-name: the user associated with the server token
+
+### certmagic
+
+The certmagic volume is used to store certificats. This directory must also be passed to the container with the -cert-dir command.
+
+==If you make changes to this, make sure that the data in certmagic is persistent, otherwise new certificates will be generated everytime the container is started. This can result in triggering the [rate limits for Let's Encrypt](https://letsencrypt.org/docs/rate-limits/)==
+
+### /etc/ssl/certs
+Alpine doesn't include ca-certificates in the docker base image. You can add your OS ca-certificates to the docker container by linking your local certs directory to the image
+- /etc/ssl/certs/:/etc/ssl/certs/:ro
+
+## Build image from source and run server in docker
+You can build the image from source. This requires that you clone the GitHub repo and start docker using the compose command below:
+
+```bash
+docker-compose -f docker-compose.yml -f source.yml up -d
+```
+
+## Download prebuild image and run server in docker
+If you don't want to build the image, a prebuild image can be downloaded from GitHub. Start docker using the compose commands below to download the image and start the container.
+
+```bash
+docker-compose -f docker-compose.yml -f prebuild.yml up -d
+```

docker/client/docker-compose.yml

@@ -0,0 +1,12 @@
+version: '3.7'
+services:
+  boringproxy:
+    container_name: boringproxy-client
+    restart: unless-stopped
+    command: ["client", "-server", "bp.example.com", "-token", "your-user-token", "-client-name", "your-client-name", "-user", "your-user-name", "-cert-dir", "/certmagic"]
+    volumes:
+      - certmagic:/certmagic
+      - /etc/ssl/certs/:/etc/ssl/certs/:ro
+
+volumes:
+  certmagic:

docker/client/examples/README.md

@@ -0,0 +1,7 @@
+# Boringproxy docker examples
+The docker examples for boringproxy clients are set up to enable easy integration between boringproxy and popular self hosted services.
+
+## Usage
+To start using an example, copy the example content over to a local folder and start the containers using the `start.sh` script
+
+These compose files use prebuild images, if you want to build images yourself, follow the instructions in the parent folder to set up your own compose files.

docker/client/examples/home-assistant/README.md

@@ -0,0 +1,26 @@
+# FUse boringproxy with home-assistant
+
+## Update compose file
+
+Edit docker-compose.yml and change the following under **commands** for service **boringproxy**
+- bp.example.com: your admin domain
+- your-user-token: token generated by your server
+- your-user-name: the user associated with the server token
+
+
+## Add tunnel in WebUI
+
+Add new tunnel with the following config
+
+- Domain: domain for this tunnel
+- Tunnel Type: **Client TSL**
+- Tunnel Port: **Random**
+- Client Name: **docker-homeassistant**
+- Client Address: **homeassistant**
+- Client Port: **8123**
+
+## Start containers
+To start the container(s), run the start script in the example folder
+```bash
+./start.sh
+```

docker/client/examples/home-assistant/config/configuration.yaml

@@ -0,0 +1,10 @@
+
+# Configure a default setup of Home Assistant (frontend, api, etc)
+default_config:
+
+http:
+  # For extra security Homeassistant blocks proxy requests unless forwaring is set
+  use_x_forwarded_for: true
+  # If you changed the IP address of boringproxy in your docker-compose file, add the correct IP address here
+  trusted_proxies:
+    - 10.5.0.2

docker/client/examples/home-assistant/docker-compose.yml

@@ -0,0 +1,38 @@
+version: '3.7'
+
+services:
+  boringproxy:
+    image: ghcr.io/wgrobler/boringproxy:latest
+    restart: unless-stopped
+    command: ["client", "-server", "bp.example.com", "-token", "your-user-token", "-client-name", "docker-homeassistant", "-user", "your-user-name", "-cert-dir", "/certmagic"]
+    volumes:
+      - certmagic:/certmagic
+      - /etc/ssl/certs/:/etc/ssl/certs/:ro
+    networks:
+      vpcbr:
+        ipv4_address: 10.5.0.2
+
+  homeassistant:
+    hostname: homeassistant
+    restart: unless-stopped
+    image: ghcr.io/home-assistant/home-assistant:latest
+    privileged: true
+    ports:
+      - "8123:8123" # Enable port on local machine, can be removed if you only want to use the tunnel
+    volumes:
+      - ./config:/config # Path to your home assistant config folder
+      - /etc/localtime:/etc/localtime:ro
+    networks:
+      vpcbr:
+        ipv4_address: 10.5.0.3
+
+volumes:
+  certmagic:
+
+networks:
+  vpcbr:
+    driver: bridge
+    ipam:
+     config:
+       - subnet: 10.5.0.0/16
+         gateway: 10.5.0.1

docker/client/examples/home-assistant/start.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+export COMPOSE_PROJECT_NAME="bpc-homeassistant"
+docker-compose down; # Stop containers if running
+docker-compose up -d;
+docker-compose logs -f;

docker/client/examples/home-assistant/stop.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+docker-compose down

docker/client/examples/nginx/README.md

@@ -0,0 +1,26 @@
+# FUse boringproxy with nginx
+
+## Update compose file
+
+Edit docker-compose.yml and change the following under **commands** for service **boringproxy**
+- bp.example.com: your admin domain
+- your-user-token: token generated by your server
+- your-user-name: the user associated with the server token
+
+
+## Add tunnel in WebUI
+
+Add new tunnel with the following config
+
+- Domain: domain for this tunnel
+- Tunnel Type: **Client TSL**
+- Tunnel Port: **Random**
+- Client Name: **docker-nginx**
+- Client Address: **nginx**
+- Client Port: **8123**
+
+## Start containers
+To start the container(s), run the start script in the example folder
+```bash
+./start.sh
+```

docker/client/examples/nginx/docker-compose.yml

@@ -0,0 +1,19 @@
+version: '3.7'
+
+services:
+  boringproxy:
+    image: ghcr.io/wgrobler/boringproxy:latest
+    restart: unless-stopped
+    command: ["client", "-server", "bp.example.com", "-token", "your-user-token", "-client-name", "docker-nginx", "-user", "your-user-name","-cert-dir", "/certmagic"]
+    volumes:
+      - certmagic:/certmagic
+      - /etc/ssl/certs/:/etc/ssl/certs/:ro
+
+  nginx:
+    image: nginx:1.17
+    hostname: nginx
+    ports:
+      - 8080:80 # Enable port on local machine, can be removed if you only want to use the tunnel
+
+volumes:
+  certmagic:

docker/client/examples/nginx/start.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+export COMPOSE_PROJECT_NAME="bpc-nginx"
+docker-compose down; # Stop containers if running
+docker-compose up -d;
+docker-compose logs -f;

docker/client/examples/nginx/stop.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+docker-compose down

docker/client/prebuild.yml

@@ -0,0 +1,4 @@
+version: '3.7'
+services:
+  boringproxy:
+    image: ghcr.io/wgrobler/boringproxy:latest

docker/client/source.yml

@@ -0,0 +1,5 @@
+version: '3.7'
+services:
+  boringproxy:
+    image: boringproxy
+    build: ../../

docker/server/README.md

@@ -0,0 +1,20 @@
+# Files to run server using docker
+
+## Update compose file
+
+Edit docker-compose.yml and change the following under **commands** for service **boringproxy**
+- bp.example.com: your admin domain
+
+## Build image from source and run server in docker
+You can build the image from source. This requires that you clone the GitHub repo and start docker using the compose command below:
+
+```bash
+docker-compose -f docker-compose.yml -f source.yml up -d
+```
+
+## Download prebuild image and run server in docker
+If you don't want to build the image, a prebuild image can be downloaded from GitHub. Start docker using the compose commands below to download the image and start the container.
+
+```bash
+docker-compose -f docker-compose.yml -f prebuild.yml up -d
+```

docker/server/docker-compose.yml

@@ -0,0 +1,14 @@
+version: '3.7'
+services:
+  boringproxy:
+    container_name: boringproxy-server
+    restart: unless-stopped
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - data:/opt/boringproxy/
+    command: ["server", "-admin-domain", "bp.example.com"]
+
+volumes:
+  data:

docker/server/prebuild.yml

@@ -0,0 +1,4 @@
+version: '3.7'
+services:
+  boringproxy:
+    image: ghcr.io/wgrobler/boringproxy:latest

docker/server/source.yml

@@ -0,0 +1,5 @@
+version: '3.7'
+services:
+  boringproxy:
+    image: boringproxy
+    build: ../../

scripts/build_docker.sh

@@ -0,0 +1,220 @@
+#!/bin/bash
+
+# Run from root boringproxy folder and call with ./scripts/build_docker.sh
+
+############################################################
+# Help                                                     #
+############################################################
+Help()
+{
+	# Display Help
+	echo "Script to buid BoringProxy executables using docker"
+	echo "Syntax: build_docker.sh [h|help|local|remote]"
+	echo
+	echo "h & help: Display help documetation"
+	echo
+	echo "local: Build executables from local repo (current folder)"
+	echo "options:"
+	echo "  a|arch    Architecture to build for build (amd64,arm,arm64)"
+	echo "  os        Operating System to build for (linux,freebsd,openbsd,windows,darwin)"
+	echo "  o|output  Output format (image,exec)"
+	echo "example: "
+	echo "  build_docker.sh local -a=amd -s=linux -o=image"
+	echo
+	echo "local: Build executables remote repo (Github fork)"
+	echo "options:"
+	echo "  a|arch    Architecture to build for build (amd64,arm,arm64)"
+	echo "  os        Operating System to build for (linux,freebsd,openbsd,windows,darwin)"
+	echo "  u|user    Github user"
+	echo "  b|branch  Branch/Tree"
+	echo "  o|output  Output format (image,exec)"
+	echo "example: "
+	echo "  generate_docker.sh remote -a=amd -s=linux -u=wgrobler -b=dev -o=exec"
+	echo
+}
+
+############################################################
+############################################################
+# Main program                                             #
+############################################################
+############################################################
+
+# Check if file was run from correct working directory, if correct script file will exists
+FILE=./scripts/build_docker.sh
+if [ ! -f "$FILE" ]; then
+  echo "Script needs to be run from root boringproxy folder, call with ./scripts/build_docker.sh"
+	exit;
+fi
+
+if [ -z "$1" ];
+then
+	echo "No input variabled supplied"
+	echo "Here is the script help documentation:"
+	echo
+	Help
+	exit;
+else
+	if [ "$1" == "help" ] || [ "$1" == "h" ];
+	then
+		Help
+		exit;
+	fi
+	if [ "$1" == "local" ];
+	then
+		CMD='local'
+		GOARCH='amd64';
+		GOOS='linux';
+		OUTPUT_FORMAT='image';
+		# Get the options
+		for i in "$@"; do
+  		  case $i in
+					-a=*|--arch=*)
+						GOARCH="${i#*=}";
+						shift;
+						;;
+					-os=*)
+						GOOS="${i#*=}";
+						shift;
+						;;
+					-o=*|--output=*)
+						OUTPUT_FORMAT="${i#*=}";
+						shift;
+						;;
+					-*|--*)
+						echo "Unknown option $i"
+						exit 1
+						;;
+					*)
+						;;
+				esac
+			done
+	fi
+	if [ "$1" == "remote" ];
+	then
+		CMD='remote'
+		GOARCH='amd64';
+		GOOS='linux';
+		BRANCH='master';
+		GITHUB_USER="boringproxy"
+		OUTPUT_FORMAT='image';
+		# Get the options
+		for i in "$@"; do
+  		  case $i in
+					-a=*|--arch=*)
+						GOARCH="${i#*=}";
+						shift;
+						;;
+					-os=*)
+						GOOS="${i#*=}";
+						shift;
+						;;
+					-b=*|--branch=*)
+						BRANCH="${i#*=}";
+						shift;
+						;;
+					-u=*|--user=*)
+						GITHUB_USER="${i#*=}";
+						shift;
+						;;
+					-o=*|--output=*)
+						OUTPUT_FORMAT="${i#*=}";
+						shift;
+						;;
+					-*|--*)
+						echo "Unknown option $i"
+						exit 1
+						;;
+					*)
+						;;
+				esac
+			done
+	fi
+fi
+
+# Get current timestamp and set at TAG
+timestamp=$(date +%s)
+
+# Make build folder if not already exists
+mkdir -p ./build
+
+# Check if logo.png exists, if not create
+FILE=./logo.png
+if [ -f "$FILE" ];
+then
+	echo "$FILE exists. Using file in build";
+else
+	echo "$FILE does not exist. Creating file";
+	cp ./default_logo.png ./logo.png;
+fi
+
+if [ "$CMD" == "local" ];
+then
+	echo "Building from local git repo"
+
+	# Get current version from git tags
+	version=$(git describe --tags)
+
+	# Set docker image name
+	if [ "$OUTPUT_FORMAT" == "image" ];
+		then DockerImage="boringproxy-$GOOS-$GOARCH";
+		else DockerImage="boringproxy-$GOOS-$GOARCH:$timestamp";
+	fi
+
+	# Build docker image(s)
+	docker build -t $DockerImage . \
+		--build-arg VERSION=$(git describe --tags) \
+		--build-arg GOARCH=$GOARCH \
+		--build-arg GOOS=$GOOS;
+fi
+
+if [ "$CMD" == "remote" ];
+then
+	echo "Building from remote git repo"
+
+	# Set docker image name
+	if [ "$OUTPUT_FORMAT" == "image" ];
+		then DockerImage="$GITHUB_USER.$BRANCH.boringproxy-$GOOS-$GOARCH";
+		else DockerImage="$GITHUB_USER.$BRANCH.boringproxy-$GOOS-$GOARCH:$timestamp";
+	fi
+
+	# Build docker image(s)
+	REPO="https://github.com/$GITHUB_USER/boringproxy.git"
+	docker build -t $DockerImage . \
+		--build-arg VERSION="$GITHUB_USER:$BRANCH" \
+		--build-arg GOARCH=$GOARCH \
+		--build-arg GOOS=$GOOS \
+		--build-arg BRANCH=$BRANCH \
+		--build-arg REPO=$REPO;
+fi
+
+# if DockerImage is set, continue
+if [ -n "$DockerImage" ];
+then
+	if [ "$OUTPUT_FORMAT" == "image" ];
+	then
+		# Prune intermediate images
+		docker image prune -f --filter label=boringproxy=builder
+
+		echo
+		echo "Docker file created with filename: $DockerImage"
+		echo "Use $DockerImage as image name when uploading"
+	else
+		# Prune intermediate images
+		docker image prune -f --filter label=boringproxy=builder
+
+		# Set filename for exec
+		if [ "$CMD" == "local" ];
+			then FILENAME="boringproxy-$GOOS-$GOARCH";
+			else FILENAME="$GITHUB_USER.$BRANCH.boringproxy-$GOOS-$GOARCH";
+		fi
+
+		# Copy exec from image
+		docker cp $(docker create $DockerImage):/boringproxy ./build/$FILENAME;
+
+		# Remove temp container
+		docker rm $(docker container ls -n 1  | awk '{ print $1 }' | grep -v CONTAINER)
+
+		# Remove image
+		docker rmi $DockerImage;
+	fi
+fi

scripts/upload_docker_github.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+
+# This file is used to upload a build docker image to GitHub.
+# Run build_docker.sh first to create new image
+# Run from root boringproxy folder and call with ./scripts/upload_docker_image.sh github-username
+# github-username must be lowercase
+
+# https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry
+
+if [ -z "$1" ];
+then {
+	echo "Container name required";
+	exit;
+}
+fi
+
+if [ -z "$2" ];
+then echo "GitHub username required";
+else {
+	if [ -z "$3" ];
+	then {
+		echo "No TAG set, using latest";
+		tag='latest';
+	}
+	else tag=$3;
+	fi
+	docker image tag $1 ghcr.io/$2/$1:$tag
+	CR_PAT=`cat ~/.auth_tokens/github`
+	echo $CR_PAT | docker login ghcr.io -u $2 --password-stdin
+	docker push ghcr.io/$2/$1:$tag
+} fi
+