From cd07a16a5ab78253452af941dd68721ce16b0a18 Mon Sep 17 00:00:00 2001
From: "Willem@105.pve1.lan" <willem@joulco2.com>
Date: Fri, 18 Feb 2022 08:52:52 +0200
Subject: [PATCH] added docker examples

---
 .gitignore                                    | 10 -----
 docker/.gitignore                             |  2 -
 docker/client/README.md                       | 33 ++++++++++++++++
 docker/client/docker-compose.yml              | 12 ++++++
 docker/client/examples/README.md              |  7 ++++
 .../client/examples/home-assistant/.gitignore |  7 ----
 .../client/examples/home-assistant/README.md  | 26 +++++++++++++
 .../home-assistant/config/configuration.yaml  | 10 +++++
 .../home-assistant/docker-compose.yml         | 38 +++++++++++++++++++
 .../client/examples/home-assistant/start.sh   |  6 +++
 docker/client/examples/home-assistant/stop.sh |  3 ++
 docker/client/examples/nginx/README.md        | 26 +++++++++++++
 .../client/examples/nginx/docker-compose.yml  | 19 ++++++++++
 docker/client/examples/nginx/start.sh         |  6 +++
 docker/client/examples/nginx/stop.sh          |  3 ++
 docker/client/prebuild.yml                    |  4 ++
 docker/client/source.yml                      |  5 +++
 docker/server/README.md                       | 20 ++++++++++
 docker/server/docker-compose.yml              | 14 +++++++
 docker/server/prebuild.yml                    |  4 ++
 docker/server/source.yml                      |  5 +++
 21 files changed, 241 insertions(+), 19 deletions(-)
 delete mode 100644 .gitignore
 delete mode 100644 docker/.gitignore
 create mode 100644 docker/client/README.md
 create mode 100644 docker/client/docker-compose.yml
 create mode 100644 docker/client/examples/README.md
 delete mode 100644 docker/client/examples/home-assistant/.gitignore
 create mode 100644 docker/client/examples/home-assistant/README.md
 create mode 100644 docker/client/examples/home-assistant/config/configuration.yaml
 create mode 100644 docker/client/examples/home-assistant/docker-compose.yml
 create mode 100755 docker/client/examples/home-assistant/start.sh
 create mode 100755 docker/client/examples/home-assistant/stop.sh
 create mode 100644 docker/client/examples/nginx/README.md
 create mode 100644 docker/client/examples/nginx/docker-compose.yml
 create mode 100755 docker/client/examples/nginx/start.sh
 create mode 100755 docker/client/examples/nginx/stop.sh
 create mode 100644 docker/client/prebuild.yml
 create mode 100644 docker/client/source.yml
 create mode 100644 docker/server/README.md
 create mode 100644 docker/server/docker-compose.yml
 create mode 100644 docker/server/prebuild.yml
 create mode 100644 docker/server/source.yml

diff --git a/.gitignore b/.gitignore
deleted file mode 100644
index b388db8..0000000
--- a/.gitignore
+++ /dev/null
@@ -1,10 +0,0 @@
-# Logo
-/logo.png
-
-# Build executables
-/build
-/cmd/boringproxy/boringproxy*
-boringproxy_*.tar.gz
-
-# Boringproxy database, created if exec is run in boringproxy folder
-boringproxy_db.json
\ No newline at end of file
diff --git a/docker/.gitignore b/docker/.gitignore
deleted file mode 100644
index 9425d7b..0000000
--- a/docker/.gitignore
+++ /dev/null
@@ -1,2 +0,0 @@
-# Docker-compose file with local dev config
-dev.yml
\ No newline at end of file
diff --git a/docker/client/README.md b/docker/client/README.md
new file mode 100644
index 0000000..364ee77
--- /dev/null
+++ b/docker/client/README.md
@@ -0,0 +1,33 @@
+# Files to run client using docker
+
+## Update compose file
+
+Edit docker-compose.yml and change the following under **commands** for service **boringproxy**
+- bp.example.com: your admin domain
+- your-user-token: token generated by your server
+- your-client-name: the name to identify your client
+- your-user-name: the user associated with the server token
+
+### certmagic
+
+The certmagic volume is used to store certificats. This directory must also be passed to the container with the -cert-dir command.
+
+==If you make changes to this, make sure that the data in certmagic is persistent, otherwise new certificates will be generated everytime the container is started. This can result in triggering the [rate limits for Let's Encrypt](https://letsencrypt.org/docs/rate-limits/)==
+
+### /etc/ssl/certs
+Alpine doesn't include ca-certificates in the docker base image. You can add your OS ca-certificates to the docker container by linking your local certs directory to the image
+- /etc/ssl/certs/:/etc/ssl/certs/:ro
+
+## Build image from source and run server in docker
+You can build the image from source. This requires that you clone the GitHub repo and start docker using the compose command below:
+
+```bash
+docker-compose -f docker-compose.yml -f source.yml up -d
+```
+
+## Download prebuild image and run server in docker
+If you don't want to build the image, a prebuild image can be downloaded from GitHub. Start docker using the compose commands below to download the image and start the container.
+
+```bash
+docker-compose -f docker-compose.yml -f prebuild.yml up -d
+```
\ No newline at end of file
diff --git a/docker/client/docker-compose.yml b/docker/client/docker-compose.yml
new file mode 100644
index 0000000..c0e708c
--- /dev/null
+++ b/docker/client/docker-compose.yml
@@ -0,0 +1,12 @@
+version: '3.7'
+services:
+  boringproxy:
+    container_name: boringproxy-client
+    restart: unless-stopped
+    command: ["client", "-server", "bp.example.com", "-token", "your-user-token", "-client-name", "your-client-name", "-user", "your-user-name", "-cert-dir", "/certmagic"]
+    volumes:
+      - certmagic:/certmagic
+      - /etc/ssl/certs/:/etc/ssl/certs/:ro
+
+volumes:
+  certmagic:
\ No newline at end of file
diff --git a/docker/client/examples/README.md b/docker/client/examples/README.md
new file mode 100644
index 0000000..af121c6
--- /dev/null
+++ b/docker/client/examples/README.md
@@ -0,0 +1,7 @@
+# Boringproxy docker examples
+The docker examples for boringproxy clients are set up to enable easy integration between boringproxy and popular self hosted services.
+
+## Usage
+To start using an example, copy the example content over to a local folder and start the containers using the `start.sh` script
+
+These compose files use prebuild images, if you want to build images yourself, follow the instructions in the parent folder to set up your own compose files.
\ No newline at end of file
diff --git a/docker/client/examples/home-assistant/.gitignore b/docker/client/examples/home-assistant/.gitignore
deleted file mode 100644
index 7333a75..0000000
--- a/docker/client/examples/home-assistant/.gitignore
+++ /dev/null
@@ -1,7 +0,0 @@
-# Ignore everything in config
-config/*
-# But not these files...
-!config/configuration.yaml
-
-# Ignore everything in development config
-dev-config/*
\ No newline at end of file
diff --git a/docker/client/examples/home-assistant/README.md b/docker/client/examples/home-assistant/README.md
new file mode 100644
index 0000000..3e9b3a3
--- /dev/null
+++ b/docker/client/examples/home-assistant/README.md
@@ -0,0 +1,26 @@
+# FUse boringproxy with home-assistant
+
+## Update compose file
+
+Edit docker-compose.yml and change the following under **commands** for service **boringproxy**
+- bp.example.com: your admin domain
+- your-user-token: token generated by your server
+- your-user-name: the user associated with the server token
+
+
+## Add tunnel in WebUI
+
+Add new tunnel with the following config
+
+- Domain: domain for this tunnel
+- Tunnel Type: **Client TSL**
+- Tunnel Port: **Random**
+- Client Name: **docker-homeassistant**
+- Client Address: **homeassistant**
+- Client Port: **8123**
+
+## Start containers
+To start the container(s), run the start script in the example folder
+```bash
+./start.sh
+```
\ No newline at end of file
diff --git a/docker/client/examples/home-assistant/config/configuration.yaml b/docker/client/examples/home-assistant/config/configuration.yaml
new file mode 100644
index 0000000..7f91794
--- /dev/null
+++ b/docker/client/examples/home-assistant/config/configuration.yaml
@@ -0,0 +1,10 @@
+
+# Configure a default setup of Home Assistant (frontend, api, etc)
+default_config:
+
+http:
+  # For extra security Homeassistant blocks proxy requests unless forwaring is set
+  use_x_forwarded_for: true
+  # If you changed the IP address of boringproxy in your docker-compose file, add the correct IP address here
+  trusted_proxies:
+    - 10.5.0.2
\ No newline at end of file
diff --git a/docker/client/examples/home-assistant/docker-compose.yml b/docker/client/examples/home-assistant/docker-compose.yml
new file mode 100644
index 0000000..f2b4f3f
--- /dev/null
+++ b/docker/client/examples/home-assistant/docker-compose.yml
@@ -0,0 +1,38 @@
+version: '3.7'
+
+services:
+  boringproxy:
+    image: ghcr.io/wgrobler/boringproxy:latest
+    restart: unless-stopped
+    command: ["client", "-server", "bp.example.com", "-token", "your-user-token", "-client-name", "docker-homeassistant", "-user", "your-user-name", "-cert-dir", "/certmagic"]
+    volumes:
+      - certmagic:/certmagic
+      - /etc/ssl/certs/:/etc/ssl/certs/:ro
+    networks:
+      vpcbr:
+        ipv4_address: 10.5.0.2
+
+  homeassistant:
+    hostname: homeassistant
+    restart: unless-stopped
+    image: ghcr.io/home-assistant/home-assistant:latest
+    privileged: true
+    ports:
+      - "8123:8123" # Enable port on local machine, can be removed if you only want to use the tunnel
+    volumes:
+      - ./config:/config # Path to your home assistant config folder
+      - /etc/localtime:/etc/localtime:ro
+    networks:
+      vpcbr:
+        ipv4_address: 10.5.0.3
+
+volumes:
+  certmagic:
+
+networks:
+  vpcbr:
+    driver: bridge
+    ipam:
+     config:
+       - subnet: 10.5.0.0/16
+         gateway: 10.5.0.1
\ No newline at end of file
diff --git a/docker/client/examples/home-assistant/start.sh b/docker/client/examples/home-assistant/start.sh
new file mode 100755
index 0000000..4373a9c
--- /dev/null
+++ b/docker/client/examples/home-assistant/start.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+export COMPOSE_PROJECT_NAME="bpc-homeassistant"
+docker-compose down; # Stop containers if running
+docker-compose up -d;
+docker-compose logs -f;
\ No newline at end of file
diff --git a/docker/client/examples/home-assistant/stop.sh b/docker/client/examples/home-assistant/stop.sh
new file mode 100755
index 0000000..8bff4e7
--- /dev/null
+++ b/docker/client/examples/home-assistant/stop.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+docker-compose down
\ No newline at end of file
diff --git a/docker/client/examples/nginx/README.md b/docker/client/examples/nginx/README.md
new file mode 100644
index 0000000..c5fc088
--- /dev/null
+++ b/docker/client/examples/nginx/README.md
@@ -0,0 +1,26 @@
+# FUse boringproxy with nginx
+
+## Update compose file
+
+Edit docker-compose.yml and change the following under **commands** for service **boringproxy**
+- bp.example.com: your admin domain
+- your-user-token: token generated by your server
+- your-user-name: the user associated with the server token
+
+
+## Add tunnel in WebUI
+
+Add new tunnel with the following config
+
+- Domain: domain for this tunnel
+- Tunnel Type: **Client TSL**
+- Tunnel Port: **Random**
+- Client Name: **docker-nginx**
+- Client Address: **nginx**
+- Client Port: **8123**
+
+## Start containers
+To start the container(s), run the start script in the example folder
+```bash
+./start.sh
+```
\ No newline at end of file
diff --git a/docker/client/examples/nginx/docker-compose.yml b/docker/client/examples/nginx/docker-compose.yml
new file mode 100644
index 0000000..d44e1b5
--- /dev/null
+++ b/docker/client/examples/nginx/docker-compose.yml
@@ -0,0 +1,19 @@
+version: '3.7'
+
+services:
+  boringproxy:
+    image: ghcr.io/wgrobler/boringproxy:latest
+    restart: unless-stopped
+    command: ["client", "-server", "bp.example.com", "-token", "your-user-token", "-client-name", "docker-nginx", "-user", "your-user-name","-cert-dir", "/certmagic"]
+    volumes:
+      - certmagic:/certmagic
+      - /etc/ssl/certs/:/etc/ssl/certs/:ro
+
+  nginx:
+    image: nginx:1.17
+    hostname: nginx
+    ports:
+      - 8080:80 # Enable port on local machine, can be removed if you only want to use the tunnel
+
+volumes:
+  certmagic:
\ No newline at end of file
diff --git a/docker/client/examples/nginx/start.sh b/docker/client/examples/nginx/start.sh
new file mode 100755
index 0000000..050aa14
--- /dev/null
+++ b/docker/client/examples/nginx/start.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+export COMPOSE_PROJECT_NAME="bpc-nginx"
+docker-compose down; # Stop containers if running
+docker-compose up -d;
+docker-compose logs -f;
\ No newline at end of file
diff --git a/docker/client/examples/nginx/stop.sh b/docker/client/examples/nginx/stop.sh
new file mode 100755
index 0000000..8bff4e7
--- /dev/null
+++ b/docker/client/examples/nginx/stop.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+docker-compose down
\ No newline at end of file
diff --git a/docker/client/prebuild.yml b/docker/client/prebuild.yml
new file mode 100644
index 0000000..abe74b2
--- /dev/null
+++ b/docker/client/prebuild.yml
@@ -0,0 +1,4 @@
+version: '3.7'
+services:
+  boringproxy:
+    image: ghcr.io/wgrobler/boringproxy:latest
\ No newline at end of file
diff --git a/docker/client/source.yml b/docker/client/source.yml
new file mode 100644
index 0000000..3a5bfc5
--- /dev/null
+++ b/docker/client/source.yml
@@ -0,0 +1,5 @@
+version: '3.7'
+services:
+  boringproxy:
+    image: boringproxy
+    build: ../../
\ No newline at end of file
diff --git a/docker/server/README.md b/docker/server/README.md
new file mode 100644
index 0000000..4e589d4
--- /dev/null
+++ b/docker/server/README.md
@@ -0,0 +1,20 @@
+# Files to run server using docker
+
+## Update compose file
+
+Edit docker-compose.yml and change the following under **commands** for service **boringproxy**
+- bp.example.com: your admin domain
+
+## Build image from source and run server in docker
+You can build the image from source. This requires that you clone the GitHub repo and start docker using the compose command below:
+
+```bash
+docker-compose -f docker-compose.yml -f source.yml up -d
+```
+
+## Download prebuild image and run server in docker
+If you don't want to build the image, a prebuild image can be downloaded from GitHub. Start docker using the compose commands below to download the image and start the container.
+
+```bash
+docker-compose -f docker-compose.yml -f prebuild.yml up -d
+```
\ No newline at end of file
diff --git a/docker/server/docker-compose.yml b/docker/server/docker-compose.yml
new file mode 100644
index 0000000..4bb197d
--- /dev/null
+++ b/docker/server/docker-compose.yml
@@ -0,0 +1,14 @@
+version: '3.7'
+services:
+  boringproxy:
+    container_name: boringproxy-server
+    restart: unless-stopped
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - data:/opt/boringproxy/
+    command: ["server", "-admin-domain", "bp.example.com"]
+
+volumes:
+  data:
\ No newline at end of file
diff --git a/docker/server/prebuild.yml b/docker/server/prebuild.yml
new file mode 100644
index 0000000..abe74b2
--- /dev/null
+++ b/docker/server/prebuild.yml
@@ -0,0 +1,4 @@
+version: '3.7'
+services:
+  boringproxy:
+    image: ghcr.io/wgrobler/boringproxy:latest
\ No newline at end of file
diff --git a/docker/server/source.yml b/docker/server/source.yml
new file mode 100644
index 0000000..3a5bfc5
--- /dev/null
+++ b/docker/server/source.yml
@@ -0,0 +1,5 @@
+version: '3.7'
+services:
+  boringproxy:
+    image: boringproxy
+    build: ../../
\ No newline at end of file