Initial commit

fully operational caddy death star
2023-03-31 13:43:26 -07:00 · 2023-03-31 13:43:26 -07:00 · 55648e8155
commit 55648e8155
28 changed files with 342 additions and 0 deletions
--- a/.env
+++ b/.env
@ -0,0 +1,9 @@
+CREDENTIALS=/data/secure/aws-credentials.env
+CONF=seldon
+NAME=caddy
+# just base alpine image unless used here
+BASE_IMAGE=ucommandit/alpine
+BUILD_SRC=./src
+NAME=caddy
+# version is latest unless used here
+# TAG=2.1.5
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,4 @@
+archive/
+config/
+data/
+logs/
--- a/8
+++ b/8
@ -0,0 +1,8 @@
+build=${UDBUILD:-$(command -v udbuild)} 
+if [[ $build ]];then
+echo copying conf directory into image source before build
+/bin/cp -R -p conf/. src/init/opt/caddy/conf
+$build -a "$@"
+else
+echo can not find UCI Docker Build script, run ./install from the uci-docker-build repo
+fi
--- a/conf/Caddyfile
+++ b/conf/Caddyfile
@ -0,0 +1,13 @@
+*.mydomain.net {
+
+  tls email@gmail.com {
+    dns route53 {
+      max_retries 10
+    }
+  }
+
+  @portainerr host docker.mydomain.net 
+      handle @portainer {
+      reverse_proxy 10.0.0.5:9000
+      }
+}   
--- a/conf/caddy.pkgs
+++ b/conf/caddy.pkgs
@ -0,0 +1,3 @@
+github.com/caddy-dns/route53
+# comment lines are ignored thus a way to disable a package on build
+# github.com/greenpau/caddy-security
--- a/dev/build
+++ b/dev/build
@ -0,0 +1,9 @@
+#!/bin/bash
+build=${UDBUILD:-$(command -v udbuild)} 
+if [[ $build ]];then
+DIR=$(dirname "$(realpath "$BASH_SOURCE")")
+$build -t dev -e $DIR/build.env "$@"
+else
+echo can not find UCI Docker Build script, run ./install from the uci-docker-build repo
+fi
+
--- a/dev/build.env
+++ b/dev/build.env
@ -0,0 +1,4 @@
+BASE_IMAGE=ucommandit/alpine
+BUILD_SRC=../src
+RUSER=ucommandit
+NAME=caddy
--- a/dev/deploy
+++ b/dev/deploy
@ -0,0 +1,4 @@
+#!/bin/bash
+DIR=$(dirname "$(realpath "$BASH_SOURCE")")
+$DIR/build -t deploy
+
--- a/dev/try
+++ b/dev/try
@ -0,0 +1 @@
+udbuild try -e aws-credentials.env -m opt/caddy -h mnt/caddy -k ucommandit/caddy "$@"
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@ -0,0 +1,35 @@
+# Example usage
+
+services:
+  caddy:
+    container_name: ${NAME:-caddy}
+    image: ${IMAGE:-caddy}
+    # if no $CONF is given then Caddyfile in ${PWD}/conf:/opt/caddy/conf will be used
+    command: /opt/caddy/caddy run $CONF
+    env_file:
+      - $CREDENTIALS
+    volumes:
+      - data:/opt/caddy/data
+      - config:/opt/caddy/config
+      - conf:/opt/caddy/conf
+    restart: unless-stopped
+    ports:
+      - 80:80
+      - 443:443
+      - 2019:2019
+volumes:
+  data:
+    driver_opts:
+      type: none
+      device: ${PWD}/data
+      o: bind
+  config:
+    driver_opts:
+      type: none
+      device: ${PWD}/config
+      o: bind
+  conf:
+    driver_opts:
+      type: none
+      device: ${PWD}/conf
+      o: bind
--- a/readme.md
+++ b/readme.md
@ -0,0 +1,8 @@
+#!/bin/bash
+clone repo
+in conf folder edit Caddyfile (or create your own conf) and edit caddy.pkgs
+
+edit .env accordingly
+You can use an image from a repository or build your own locally
+echo now execute the .run-log script to make sure caddy runs ok.
+then execute the the start script for detached container
--- a/2
+++ b/2
@ -0,0 +1,2 @@
+mkdir data conf config
+docker-compose up
--- a/src/init/init.sh
+++ b/src/init/init.sh
@ -0,0 +1,12 @@
+#!/bin/bash
+# set -eu
+echo -e "*************************"
+/bin/cp -R -p opt/. /opt  
+chown -R 1000:1000 /opt
+# ls -la /opt
+# ls -la /opt/caddy
+echo -e "*************************"
+source /opt/caddy/caddy.env
+#  || { echo no file /opt/caddy/caddy.env; exit 1; }
+source $CADDY_LIB
+caddy_install_bin
--- a/src/init/opt/caddy/caddy
+++ b/src/init/opt/caddy/caddy
@ -0,0 +1,47 @@
+#!/bin/bash 
+
+caddy () {
+
+if [[ ! $CADDY_HOME ]]; then
+ if [[ -f /opt/caddy/caddy.env ]]; then
+  source /opt/caddy/caddy.env
+ else
+  echo default environment can not be sourced at /opt/caddy/caddy.env
+  return 1 
+ fi 
+fi 
+
+[[ ! $CADDY_BIN ]] && CADDY_BIN is not set unable to find caddy binary
+[ ! -f "$CADDY_BIN" ] && echo caddy binary file at $CADDY_BIN does not exist && return 1
+[ ! -x "$CADDY_BIN" ] && echo caddy binary file $CADDY_BIN is not executable && return 1
+
+case "$1" in
+  shell)
+  /bin/bash -c "cd $CADDY_HOME; exec bash -l"
+  ;;
+  run)
+  shift 1
+  local conf
+  cd $CADDY_CONF || { echo could not enter conf directory in container; return 2; } 
+  if [[ $1 ]];then
+  [[ -f $1 ]] && conf=$1 || conf=$1.conf
+  else
+   conf=Caddyfile
+  fi
+  if [[ -f $conf ]]; then
+    echo running: $CADDY_BIN run --config $conf --adapter caddyfile
+    $CADDY_BIN run --config $conf --adapter caddyfile
+    else
+    echo no configuration file found at $conf in the container
+    echo make sure you have mounted one from the host into /opt/caddy/conf
+  fi
+  ;;
+  *)
+  $CADDY_BIN/caddy "$@"
+
+esac
+
+}
+
+# # if script was executed then call the function
+(return 0 2>/dev/null) || caddy "$@"
--- a/src/init/opt/caddy/caddy.env
+++ b/src/init/opt/caddy/caddy.env
@ -0,0 +1,6 @@
+export CADDY_HOME="$(realpath $(dirname ${BASH_SOURCE[0]}))"
+export XDG_CONFIG_HOME=$CADDY_HOME/config
+export XDG_DATA_HOME=$CADDY_HOME/data
+export CADDY_CONF=$CADDY_HOME/conf
+export CADDY_BIN=$CADDY_HOME/bin/caddy
+export CADDY_LIB=$CADDY_HOME/caddy.lib
--- a/src/init/opt/caddy/caddy.lib
+++ b/src/init/opt/caddy/caddy.lib
@ -0,0 +1,64 @@
+#!/bin/bash
+
+caddy_add_packages () {
+  local bin; local repos; local pkgs; local pkg
+  [[ ! -f $1 ]] && echo "cannot find file $1 of packages, nothing to add" && return 0
+  bin=${2:-$CADDY_BIN}
+  bin=${bin:-$(command -v caddy)}
+  [[ ! $bin ]] && echo no caddy binary found && return 1
+  pkgs=$(sed '/^[[:space:]]*#[^!]/d; /#$/d' $1)
+  echo caddy pkgs to be added:
+  echo $pkgs
+  if ! $bin add-package $pkgs >/dev/null 2>&1; then
+    echo Error: Aborting further package installs and reverting to last good binary 
+    return 2
+    else
+    echo packages added successfully
+    $bin list-modules | grep -E -A15 "Standard modules:"
+  fi  
+}
+
+caddy_checksum () {
+  echo "verifying checksum of $2"
+  source /opt/scripts/github.lib
+  local download=$(github_asset caddyserver caddy $1 caddy_$(echo ${1})_checksums.txt)
+  echo checksum file to download: $download
+  wget -q -O /tmp/caddy_checksum $download
+  # cat /tmp/caddy_checksum
+  local sha=$(grep $2 /tmp/caddy_checksum | cut -d " " -f1)
+  # echo $sha
+  # sha512sum $3
+  # must have TWO spaces in echo command!
+  echo "$sha  $3" | sha512sum -c >/dev/null 2>&1;
+  ret=$?
+  rm -r /tmp/caddy_checksum
+  return $ret
+}
+
+
+
+caddy_install_bin () {
+
+  source /opt/scripts/github.lib
+  arch=$(/opt/scripts/getarch.sh)
+  ver=${CADDY_VER:-$(github_latest caddyserver caddy | sed 's/^v//')} 
+  caddytar="caddy_${ver}_linux_${arch}.tar.gz" 
+  download=$(github_asset caddyserver caddy $ver $caddytar)
+  # echo "github_asset caddyserver caddy $ver $caddytar"
+  echo caddy version: $ver
+  echo caddy tarball: $caddytar
+  echo getting tarball from: $download
+  wget -q -O /tmp/caddy.tar.gz $download
+  if caddy_checksum $ver $caddytar /tmp/caddy.tar.gz; then
+    echo download tarball verified 
+    tar x -z -f /tmp/caddy.tar.gz -C $CADDY_HOME/bin caddy
+    rm -f /tmp/caddy.tar.gz 
+    chmod +x $CADDY_BIN
+    setcap cap_net_bind_service=+ep $CADDY_BIN 
+    chmod +x $CADDY_BIN 
+    $CADDY_BIN version
+    if ! caddy_add_packages $CADDY_CONF/caddy.pkgs;  then
+      return 4
+    fi
+  fi  
+}
--- a/src/init/opt/caddy/conf/Caddyfile
+++ b/src/init/opt/caddy/conf/Caddyfile
@ -0,0 +1,13 @@
+*.mydomain.net {
+
+  tls email@gmail.com {
+    dns route53 {
+      max_retries 10
+    }
+  }
+
+  @portainerr host docker.mydomain.net 
+      handle @portainer {
+      reverse_proxy 10.0.0.5:9000
+      }
+}   
--- a/src/init/opt/caddy/conf/caddy.pkgs
+++ b/src/init/opt/caddy/conf/caddy.pkgs
@ -0,0 +1,3 @@
+github.com/caddy-dns/route53
+# comment lines are ignored thus a way to disable a package on build
+# github.com/greenpau/caddy-security
--- a/src/init/opt/caddy/conf/seldon.conf
+++ b/src/init/opt/caddy/conf/seldon.conf
@ -0,0 +1,13 @@
+*.seldon.kebler.net {
+
+  tls kebler.net@gmail.com {
+    dns route53 {
+      max_retries 10
+    }
+  }
+
+  @docker host docker.seldon.kebler.net 
+      handle @docker {
+      reverse_proxy seldon.kebler.net:9016
+      }
+}   
--- a/src/init/opt/scripts/entrypoint.sh
+++ b/src/init/opt/scripts/entrypoint.sh
@ -0,0 +1,6 @@
+#!/bin/bash
+export SCRIPTS_DIR="$(dirname $(realpath "${BASH_SOURCE:-$0}"))"
+# echo arguments in entry $@
+# execute the start script in a login shell so that the uci shell will be sourced 
+# see https://stackoverflow.com/a/1711985/4695378 passing $@
+/bin/bash -l -c '${SCRIPTS_DIR}/start.sh $@' $0 "$@"
--- a/src/init/opt/scripts/getarch.sh
+++ b/src/init/opt/scripts/getarch.sh
@ -0,0 +1,17 @@
+get_arch () {
+	local apkArch="$(apk --print-arch)" 
+	case "$apkArch" in 
+		x86_64)  binArch='amd64' ;; 
+		armhf)   binArch='armv6' ;; 
+		armv7)   binArch='armv7' ;; 
+		aarch64) binArch='arm64' ;; 
+		ppc64el|ppc64le) binArch='ppc64le' ;; 
+		s390x)   binArch='s390x';; 
+		*) return 1 ;;\
+	esac; 
+    echo $binArch
+}
+
+(return 0 2>/dev/null) || get_arch $@
+
+
--- a/src/init/opt/scripts/github.lib
+++ b/src/init/opt/scripts/github.lib
@ -0,0 +1,29 @@
+#!/bin/bash
+
+export GITHUB_REPOS=https://api.github.com/repos
+
+github_latest() {
+  local endpoint=$GITHUB_REPOS/$1/$2/releases/latest
+  local auth; local res
+  [[ $GITHUB_TOKEN ]] && auth="-u $GITHUB_USER:$GITHUB_TOKEN"
+  if ! res=$(curl $auth -s $endpoint); then 
+  return 1
+  fi
+  echo $res| jq .name -r
+}
+
+github_asset () {
+# user repo version asset        
+
+asset_url=$(curl -s "$GITHUB_REPOS/$1/$2/releases/tags/v$3" \
+        | jq --arg aname "$4" -r '.assets[] | select(.name == $aname).browser_download_url' \
+        | head -1)
+
+if [ -z "${asset_url}" ]; then
+        return 1
+fi
+
+echo $asset_url
+
+}
+
--- a/src/init/opt/scripts/start.sh
+++ b/src/init/opt/scripts/start.sh
@ -0,0 +1,15 @@
+#!/bin/bash
+# echo arguments in start script:  "$@"
+source /opt/caddy/caddy.env
+case "$1" in
+  shell)
+  /bin/bash -c "cd $CADDY_HOME; exec bash -l"
+  ;;
+  run)
+  shift 1
+  $CADDY_BIN run --config $CADDY_CONF/$1 --adapter caddyfile
+  ;;
+  *)
+  $CADDY_BIN/caddy "$@"
+
+esac
--- a/src/packages/packages.sh
+++ b/src/packages/packages.sh
@ -0,0 +1,8 @@
+#!/bin/sh
+echo install packages for alpine caddy
+apk update; apk upgrade; 
+apk add --no-cache ca-certificates libcap mailcap git jq bash curl
+# wget -O /etc/caddy/Caddyfile "https://github.com/caddyserver/dist/raw/{{ .config.dist_commit }}/config/Caddyfile"; \
+# wget -O /usr/share/caddy/index.html "https://github.com/caddyserver/dist/raw/{{ .config.dist_commit }}/welcome/index.html"
+
+
--- a/2
+++ b/2
@ -0,0 +1,2 @@
+mkdir data conf config
+docker-compose up -d
--- a/1
+++ b/1
@ -0,0 +1 @@
+docker-compose down
--- a/2
+++ b/2
@ -0,0 +1,2 @@
+#!/bin/bash
+docker exec -it caddy-testing 
--- a/4
+++ b/4
@ -0,0 +1,4 @@
+#!/bin/bash
+docker-compose down
+docker-compose pull
+docker-compose up -d
				`@ -0,0 +1 @@`
				`udbuild try -e aws-credentials.env -m opt/caddy -h mnt/caddy -k ucommandit/caddy "$@"`