Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add QUIC Workflow #295

Merged
merged 6 commits into from
Aug 23, 2024
Merged

Add QUIC Workflow #295

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
ed6c94f
Add QUIC Workflow
pi-314159 Aug 22, 2024
62048f6
Update quic.yml
pi-314159 Aug 22, 2024
b42c57c
Update README.md
pi-314159 Aug 22, 2024
647d8d3
Update quic.yml
pi-314159 Aug 22, 2024
823c947
minor update
pi-314159 Aug 23, 2024
548e8cd
Update Dockerfile-QUIC
pi-314159 Aug 23, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
56 changes: 56 additions & 0 deletions .github/workflows/quic.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
name: QUIC

on:
push:
branches: ['main']
paths: ['.github/workflows/quic.yml', 'curl/**', 'nginx/**']
pull_request:
paths: ['.github/workflows/quic.yml', 'curl/**', 'nginx/**']
schedule:
baentsch marked this conversation as resolved.
Show resolved Hide resolved
- cron: '2 7 18,28 * *'
workflow_dispatch:

env:
TARGET_NAME: openquantumsafe

jobs:
test-push:
name: Test and push QUIC images
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Create a shared volume
run: docker volume create shared-1
shell: bash
- name: Generate a quantum-safe certificate chain
run: |
docker run -v shared-1:/certs $TARGET_NAME/oqs-ossl3 /bin/sh -c "\
openssl req -x509 -new -newkey p256_falcon512 -keyout /certs/CA.key -out /certs/CA.crt -nodes -subj '/C=US/O=Open Quantum Safe/CN=OQS Demos' -days 1461 && \
openssl req -new -newkey mldsa87 -keyout /certs/server.key -out /certs/server.csr -nodes -subj /CN=host.docker.internal && \
openssl x509 -req -in /certs/server.csr -out /certs/server.crt -CA /certs/CA.crt -CAkey /certs/CA.key -CAcreateserial -days 365"
shell: bash
- name: Build NGINX with QUIC support and start the server
working-directory: ./nginx
run: |
docker build -t $TARGET_NAME/nginx-quic:latest -f Dockerfile-QUIC . && \
docker run -d -p 443:443/udp -v shared-1:/certs --name nginx-quic-daemon $TARGET_NAME/nginx-quic:latest && \
docker cp ./nginx-conf/nginx-quic.conf nginx-quic-daemon:/etc/nginx/nginx-quic.conf && \
docker exec nginx-quic-daemon bash -c "cd /etc/nginx && rm nginx.conf && mv nginx-quic.conf nginx.conf && nginx -s reload"
shell: bash
- name: Build cURL with QUIC support and test it with the server that's started earlier
working-directory: ./curl
run: |
docker build -t $TARGET_NAME/curl-quic:latest -f Dockerfile-QUIC . && \
docker run -v shared-1:/certs --add-host=host.docker.internal:host-gateway $TARGET_NAME/curl-quic:latest \
curl --cacert /certs/CA.crt --http3-only https://host.docker.internal --curves hqc192 -vvvv
shell: bash
- name: Push Docker images to Docker Hub
run: |
docker push $TARGET_NAME/curl-quic:latest
docker push $TARGET_NAME/nginx-quic:latest
shell: bash
1 change: 1 addition & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
[![GitHub actions](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/linux.yml/badge.svg)](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/linux.yml)
[![QUIC](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/quic.yml/badge.svg)](https://github.com/open-quantum-safe/oqs-demos/actions/workflows/quic.yml)
[![open-quantum-safe](https://circleci.com/gh/open-quantum-safe/oqs-demos.svg?style=svg)](https://app.circleci.com/pipelines/github/open-quantum-safe/oqs-demos)

oqs-demos
Expand Down
49 changes: 49 additions & 0 deletions nginx/nginx-conf/nginx-quic.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@

#user nobody;
worker_processes 1;

events {
worker_connections 1024;
}

http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
gzip on;

server {
listen 443 ssl;
listen 443 quic reuseport;
listen [::]:443 ssl;
listen [::]:443 quic reuseport;

http2 on;
http3 on;
ssl_early_data on;
quic_retry on;
add_header Alt-Svc 'h3=":443"; ma=86400';

server_name host.docker.internal;
ssl_certificate /certs/server.crt;
ssl_certificate_key /certs/server.key;

ssl_ecdh_curve 'mlkem1024:bikel3:hqc192:x25519_frodo640shake';

location / {
add_header Content-Type text/plain;
return 200 'OK';
}

ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
}
}
Loading