From d1761d3087b9b9e1358993c96c501334e1f04027 Mon Sep 17 00:00:00 2001 From: Stephane de Labrusse Date: Mon, 26 Feb 2024 13:33:11 +0100 Subject: [PATCH 1/5] Add ldapproxy-binary image and update ldapproxy image configuration --- build-images.sh | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/build-images.sh b/build-images.sh index 41c54e8..5b12a6d 100644 --- a/build-images.sh +++ b/build-images.sh @@ -4,6 +4,17 @@ set -e images=() repobase="${REPOBASE:-ghcr.io/nethserver}" +reponame="ldapproxy-binary" +container=$(buildah from docker.io/library/nginx:1.25.3-alpine) +buildah run "${container}" /bin/sh <<'EOF' +set -e +apk add --no-cache ca-certificates +EOF +# Commit the image +buildah commit --rm "${container}" "${repobase}/${reponame}" +# Append the image URL to the images array +images+=("${repobase}/${reponame}") + reponame="ldapproxy" container=$(buildah from scratch) @@ -12,7 +23,7 @@ buildah add "${container}" ui /ui buildah config \ --label='org.nethserver.tcp-ports-demand=8' \ --label='org.nethserver.flags=core_module no_data_backup' \ - --label="org.nethserver.images=docker.io/library/nginx:1.25.3-alpine" \ + --label="org.nethserver.images=${repobase}/ldapproxy-binary:${IMAGETAG:-latest}" \ --entrypoint=/ "${container}" buildah commit "${container}" "${repobase}/${reponame}" images+=("${repobase}/${reponame}") From 1cb2b1f56fcc936af05d1a03939b143f91cdcd44 Mon Sep 17 00:00:00 2001 From: Stephane de Labrusse Date: Mon, 26 Feb 2024 13:33:21 +0100 Subject: [PATCH 2/5] Update Docker image reference for LDAP proxy --- imageroot/bin/update-conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/imageroot/bin/update-conf b/imageroot/bin/update-conf index 5eaa02e..d85a882 100755 --- a/imageroot/bin/update-conf +++ b/imageroot/bin/update-conf @@ -46,7 +46,7 @@ if ! diff -q nginx.conf ${tmpconf} ; then --log-driver=none \ --env=NGINX_ENTRYPOINT_QUIET_LOGS=1 \ --volume=./:/srv:z \ - --rm "${NGINX_IMAGE}" \ + --rm "${LDAPPROXY_BINARY_IMAGE}" \ nginx -t -c "/srv/${tmpconf}" mv -v ${tmpconf} nginx.conf fi From e69fd47e619586951866fc491900cb095687847a Mon Sep 17 00:00:00 2001 From: Stephane de Labrusse Date: Mon, 26 Feb 2024 13:33:27 +0100 Subject: [PATCH 3/5] Update ldapproxy.service to use LDAPPROXY_BINARY_IMAGE --- imageroot/systemd/user/ldapproxy.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/imageroot/systemd/user/ldapproxy.service b/imageroot/systemd/user/ldapproxy.service index 230a83e..87e0d6f 100644 --- a/imageroot/systemd/user/ldapproxy.service +++ b/imageroot/systemd/user/ldapproxy.service @@ -19,7 +19,7 @@ ExecStart=/usr/bin/podman run \ --network=host \ --replace --name=%N \ --volume=./nginx:/srv:z \ - ${NGINX_IMAGE} nginx -g "daemon off;" -c /srv/nginx.conf + ${LDAPPROXY_BINARY_IMAGE} nginx -g "daemon off;" -c /srv/nginx.conf ExecReload=-/usr/local/bin/runagent update-conf ExecReload=/usr/bin/podman exec %N nginx -s reload ExecStop=/usr/bin/podman stop --ignore --cidfile %t/ldapproxy.ctr-id -t 10 From a6397727604e21693f81d7d7110565b5bd2e4d24 Mon Sep 17 00:00:00 2001 From: Stephane de Labrusse Date: Mon, 26 Feb 2024 13:33:32 +0100 Subject: [PATCH 4/5] Add proxy SSL trusted certificate and name configuration --- imageroot/templates/nginx.conf.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/imageroot/templates/nginx.conf.j2 b/imageroot/templates/nginx.conf.j2 index 82a0a38..6aa48e9 100644 --- a/imageroot/templates/nginx.conf.j2 +++ b/imageroot/templates/nginx.conf.j2 @@ -19,6 +19,8 @@ stream { proxy_ssl {{ 'on' if item.tls == '1' else 'off' }}; proxy_ssl_verify {{ 'on' if item.tls_verify == '1' else 'off' }}; proxy_ssl_verify_depth {{ item.tls_verify_depth | default('2') }}; + proxy_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt; + proxy_ssl_name {{ item.domain }}; } upstream {{ item.domain | replace('.', '_') }} { {%- for server in item.servers %} From 75d4c2c3a365f1928c2dd0c5e5dbb099a886f75d Mon Sep 17 00:00:00 2001 From: Stephane de Labrusse Date: Tue, 27 Feb 2024 12:59:07 +0100 Subject: [PATCH 5/5] Update ldapproxy image name and container name --- build-images.sh | 4 ++-- imageroot/bin/update-conf | 2 +- imageroot/systemd/user/ldapproxy.service | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/build-images.sh b/build-images.sh index 5b12a6d..0b0683b 100644 --- a/build-images.sh +++ b/build-images.sh @@ -4,7 +4,7 @@ set -e images=() repobase="${REPOBASE:-ghcr.io/nethserver}" -reponame="ldapproxy-binary" +reponame="ldapproxy-app" container=$(buildah from docker.io/library/nginx:1.25.3-alpine) buildah run "${container}" /bin/sh <<'EOF' set -e @@ -23,7 +23,7 @@ buildah add "${container}" ui /ui buildah config \ --label='org.nethserver.tcp-ports-demand=8' \ --label='org.nethserver.flags=core_module no_data_backup' \ - --label="org.nethserver.images=${repobase}/ldapproxy-binary:${IMAGETAG:-latest}" \ + --label="org.nethserver.images=${repobase}/ldapproxy-app:${IMAGETAG:-latest}" \ --entrypoint=/ "${container}" buildah commit "${container}" "${repobase}/${reponame}" images+=("${repobase}/${reponame}") diff --git a/imageroot/bin/update-conf b/imageroot/bin/update-conf index d85a882..977e6bd 100755 --- a/imageroot/bin/update-conf +++ b/imageroot/bin/update-conf @@ -46,7 +46,7 @@ if ! diff -q nginx.conf ${tmpconf} ; then --log-driver=none \ --env=NGINX_ENTRYPOINT_QUIET_LOGS=1 \ --volume=./:/srv:z \ - --rm "${LDAPPROXY_BINARY_IMAGE}" \ + --rm "${LDAPPROXY_APP_IMAGE}" \ nginx -t -c "/srv/${tmpconf}" mv -v ${tmpconf} nginx.conf fi diff --git a/imageroot/systemd/user/ldapproxy.service b/imageroot/systemd/user/ldapproxy.service index 87e0d6f..b89ed27 100644 --- a/imageroot/systemd/user/ldapproxy.service +++ b/imageroot/systemd/user/ldapproxy.service @@ -19,7 +19,7 @@ ExecStart=/usr/bin/podman run \ --network=host \ --replace --name=%N \ --volume=./nginx:/srv:z \ - ${LDAPPROXY_BINARY_IMAGE} nginx -g "daemon off;" -c /srv/nginx.conf + ${LDAPPROXY_APP_IMAGE} nginx -g "daemon off;" -c /srv/nginx.conf ExecReload=-/usr/local/bin/runagent update-conf ExecReload=/usr/bin/podman exec %N nginx -s reload ExecStop=/usr/bin/podman stop --ignore --cidfile %t/ldapproxy.ctr-id -t 10