Complement improvements

4 files changed, 120 insertions, 48 deletions

diff --git a/.gitignore b/.gitignore
index f5e9505..f5cbfaa 100644
--- a/.gitignore
+++ b/.gitignore
@@ -62,3 +62,4 @@ conduit.db
 
 # Etc.
 **/*.rs.bk
+cached_target
\ No newline at end of file
diff --git a/complement/Dockerfile b/complement/Dockerfile
new file mode 100644
index 0000000..43416fa
--- /dev/null
+++ b/complement/Dockerfile
@@ -0,0 +1,47 @@
+# For use in our CI only. This requires a build artifact created by a previous run pipline stage to be placed in cached_target/release/conduit
+FROM registry.gitlab.com/jfowl/conduit-containers/rust-with-tools:commit-16a08e9b as builder
+#FROM rust:latest as builder
+
+WORKDIR /workdir
+
+ARG RUSTC_WRAPPER
+ARG AWS_ACCESS_KEY_ID
+ARG AWS_SECRET_ACCESS_KEY
+ARG SCCACHE_BUCKET
+ARG SCCACHE_ENDPOINT
+ARG SCCACHE_S3_USE_SSL
+
+COPY . .
+RUN mkdir -p target/release
+RUN test -e cached_target/release/conduit && cp cached_target/release/conduit target/release/conduit || cargo build --release
+
+## Actual image
+FROM debian:bullseye
+WORKDIR /workdir
+
+# Install caddy
+RUN apt-get update && apt-get install -y debian-keyring debian-archive-keyring apt-transport-https curl && curl -1sLf 'https://dl.cloudsmith.io/public/caddy/testing/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-testing-archive-keyring.gpg && curl -1sLf 'https://dl.cloudsmith.io/public/caddy/testing/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-testing.list && apt-get update && apt-get install -y caddy
+
+COPY conduit-example.toml conduit.toml
+COPY complement/caddy.json caddy.json
+
+ENV SERVER_NAME=localhost
+ENV CONDUIT_CONFIG=/workdir/conduit.toml
+
+RUN sed -i "s/port = 6167/port = 8008/g" conduit.toml
+RUN echo "allow_federation = true" >> conduit.toml
+RUN echo "allow_encryption = true" >> conduit.toml
+RUN echo "allow_registration = true" >> conduit.toml
+RUN echo "log = \"warn,_=off,sled=off\"" >> conduit.toml
+RUN sed -i "s/address = \"127.0.0.1\"/address = \"0.0.0.0\"/g" conduit.toml
+
+COPY --from=builder /workdir/target/release/conduit /workdir/conduit
+RUN chmod +x /workdir/conduit
+
+EXPOSE 8008 8448
+
+CMD uname -a && \
+    sed -i "s/#server_name = \"your.server.name\"/server_name = \"${SERVER_NAME}\"/g" conduit.toml && \
+    sed -i "s/your.server.name/${SERVER_NAME}/g" caddy.json && \
+    caddy start --config caddy.json > /dev/null && \
+    /workdir/conduit
diff --git a/complement/caddy.json b/complement/caddy.json
new file mode 100644
index 0000000..ea52c2c
--- /dev/null
+++ b/complement/caddy.json
@@ -0,0 +1,72 @@
+{
+    "logging": {
+        "logs": {
+            "default": {
+                "level": "WARN"
+            }
+        }
+    },
+    "apps": {
+        "http": {
+            "https_port": 8448,
+            "servers": {
+                "srv0": {
+                    "listen": [":8448"],
+                    "routes": [{
+                        "match": [{
+                            "host": ["your.server.name"]
+                        }],
+                        "handle": [{
+                            "handler": "subroute",
+                            "routes": [{
+                                "handle": [{
+                                    "handler": "reverse_proxy",
+                                    "upstreams": [{
+                                        "dial": "127.0.0.1:8008"
+                                    }]
+                                }]
+                            }]
+                        }],
+                        "terminal": true
+                    }],
+                    "tls_connection_policies": [{
+                        "match": {
+                            "sni": ["your.server.name"]
+                        }
+                    }]
+                }
+            }
+        },
+        "pki": {
+            "certificate_authorities": {
+                "local": {
+                    "name": "Complement CA",
+                    "root": {
+                        "certificate": "/complement/ca/ca.crt",
+                        "private_key": "/complement/ca/ca.key"
+                    },
+                    "intermediate": {
+                        "certificate": "/complement/ca/ca.crt",
+                        "private_key": "/complement/ca/ca.key"
+                    }
+                }
+            }
+        },
+        "tls": {
+            "automation": {
+                "policies": [{
+                    "subjects": ["your.server.name"],
+                    "issuers": [{
+                        "module": "internal"
+                    }],
+                    "on_demand": true
+                }, {
+                    "issuers": [{
+                        "module": "internal",
+                        "ca": "local"
+                    }]
+                }]
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/Complement.Dockerfile b/tests/Complement.Dockerfile
deleted file mode 100644
index b9d0f8c..0000000
--- a/tests/Complement.Dockerfile
+++ /dev/null
@@ -1,48 +0,0 @@
-# For use in our CI only. This requires a build artifact created by a previous run pipline stage to be placed in cached_target/release/conduit
-FROM valkum/docker-rust-ci:latest as builder
-WORKDIR /workdir
-
-ARG RUSTC_WRAPPER
-ARG AWS_ACCESS_KEY_ID
-ARG AWS_SECRET_ACCESS_KEY
-ARG SCCACHE_BUCKET
-ARG SCCACHE_ENDPOINT
-ARG SCCACHE_S3_USE_SSL
-
-COPY . .
-RUN mkdir -p target/release
-RUN test -e cached_target/release/conduit && cp cached_target/release/conduit target/release/conduit || cargo build --release
-
-
-FROM valkum/docker-rust-ci:latest
-WORKDIR /workdir
-
-RUN curl -OL "https://github.com/caddyserver/caddy/releases/download/v2.2.1/caddy_2.2.1_linux_amd64.tar.gz"
-RUN tar xzf caddy_2.2.1_linux_amd64.tar.gz
-
-COPY cached_target/release/conduit /workdir/conduit
-RUN chmod +x /workdir/conduit
-RUN chmod +x /workdir/caddy
-
-COPY conduit-example.toml conduit.toml
-
-ENV SERVER_NAME=localhost
-ENV CONDUIT_CONFIG=/workdir/conduit.toml
-
-RUN sed -i "s/port = 6167/port = 8008/g" conduit.toml
-RUN echo "allow_federation = true" >> conduit.toml
-RUN echo "allow_encryption = true" >> conduit.toml
-RUN echo "allow_registration = true" >> conduit.toml
-RUN echo "log = \"warn,_=off,sled=off\"" >> conduit.toml
-RUN sed -i "s/address = \"127.0.0.1\"/address = \"0.0.0.0\"/g" conduit.toml
-
-# Enabled Caddy auto cert generation for complement provided CA.
-RUN echo '{"logging":{"logs":{"default":{"level":"WARN"}}}, "apps":{"http":{"https_port":8448,"servers":{"srv0":{"listen":[":8448"],"routes":[{"match":[{"host":["your.server.name"]}],"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"127.0.0.1:8008"}]}]}]}],"terminal":true}],"tls_connection_policies": [{"match": {"sni": ["your.server.name"]}}]}}},"pki": {"certificate_authorities": {"local": {"name": "Complement CA","root": {"certificate": "/ca/ca.crt","private_key": "/ca/ca.key"},"intermediate": {"certificate": "/ca/ca.crt","private_key": "/ca/ca.key"}}}},"tls":{"automation":{"policies":[{"subjects":["your.server.name"],"issuer":{"module":"internal"},"on_demand":true},{"issuer":{"module":"internal", "ca": "local"}}]}}}}' > caddy.json
-
-EXPOSE 8008 8448
-
-CMD ([ -z "${COMPLEMENT_CA}" ] && echo "Error: Need Complement PKI support" && true) || \
-    sed -i "s/#server_name = \"your.server.name\"/server_name = \"${SERVER_NAME}\"/g" conduit.toml && \
-    sed -i "s/your.server.name/${SERVER_NAME}/g" caddy.json && \
-    /workdir/caddy start --config caddy.json > /dev/null && \
-    /workdir/conduit