Merge pull request #1 from hostwithquantum/container

Chore: setup

.dockerignore

@@ -0,0 +1,7 @@
+.git
+.envrc
+.github
+.vscode
+dev
+Makefile
+README.md

.github/dependabot.yml

@@ -1,11 +1,10 @@
----
 version: 2
 updates:
-  - package-ecosystem: "docker"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "weekly"
+- package-ecosystem: "docker"
+  directory: "/rootfs"
+  schedule:
+    interval: "weekly"
+- package-ecosystem: "github-actions"
+  directory: "/"
+  schedule:
+    interval: "weekly"

.github/workflows/pr.yml

@@ -0,0 +1,19 @@
+name: pr
+
+on: pull_request
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - id: meta
+      uses: docker/metadata-action@v4
+      with:
+        images: r.planetary-quantum.com/quantum-public/${{ github.repository }}
+    - uses: docker/build-push-action@v4
+      with:
+        context: rootfs
+        push: false
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}

.github/workflows/release.yml

@@ -0,0 +1,27 @@
+name: release
+
+on:
+  push:
+    tags:
+    - 'v*'
+
+jobs:
+  build_push:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - uses: docker/login-action@v2
+      with:
+        registry: r.planetary-quantum.com
+        username: ${{ secrets.QUANTUM_REGISTRY_USERNAME }}
+        password: ${{ secrets.QUANTUM_REGISTRY_PASSWORD }}
+    - id: meta
+      uses: docker/metadata-action@v4
+      with:
+        images: r.planetary-quantum.com/quantum-public/${{ github.repository }}
+    - uses: docker/build-push-action@v4
+      with:
+        context: rootfs/
+        push: true
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}

LICENSE

@@ -0,0 +1,20 @@
+Copyright 2023 Planetary Quantum GmbH
+
+Redistribution and use in source and binary forms, with or without modification, are permitted
+provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this list of
+conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice, this list of
+conditions and the following disclaimer in the documentation and/or other materials provided
+with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS IS” AND ANY EXPRESS OR
+IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
+FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
+CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Makefile

@@ -0,0 +1,39 @@
+.PHONY: build clean e2e publish run-dev
+
+image := r.planetary-quantum.com/quantum-public/caddy:dev
+
+build:
+	docker build -t $(image) -f rootfs/Dockerfile rootfs/
+
+clean:
+	docker stack rm caddy-local-dev
+
+publish: build
+	docker push $(image)
+
+run-dev: build
+	docker network create \
+		--attachable \
+		--scope swarm \
+		public || true
+	docker stack deploy \
+		--compose-file docker-compose.yml \
+		caddy-local-dev
+
+e2e: build publish
+	cd e2e \
+		&& quantum-cli stack update --create \
+			--stack caddy-dev \
+		&& quantum-cli stack update --create \
+			--environment test \
+			--stack caddy-whoami
+
+test: build
+	docker run --rm -it \
+		--name caddy-dev-local \
+		-p 80:80 \
+		-p 2019:2019 \
+		-e ADMIN_UI_URL=http://admin-api.quantum.127.0.0.1.nip.io \
+		-v /var/run/docker.sock:/var/run/docker.sock:ro \
+		-v $(CURDIR)/rootfs/etc/quantum-caddy:/etc/quantum-caddy \
+		$(image)

README.md

@@ -4,4 +4,5 @@ A Caddy reverse proxy with s3 storage for certmagic and service discovery via la
 
 Modules/plugins:
 
+* [certmagic-s3](https://github.com/ss098/certmagic-s3)
 * [caddy-docker-proxy](https://github.com/lucaslorentz/caddy-docker-proxy/)

e2e/.quantum

@@ -0,0 +1,7 @@
+---
+version: 1.0
+compose: docker-compose.yml
+
+environments:
+- name: test
+  compose: stack.yml

e2e/docker-compose.yml

@@ -0,0 +1,39 @@
+version: "3.7"
+
+services:
+  proxy:
+    image: r.planetary-quantum.com/quantum-public/caddy:dev
+    ports:
+      - target: 80
+        published: 80
+        protocol: tcp
+        mode: host
+      - target: 443
+        published: 443
+        protocol: tcp
+        mode: host
+    environment:
+      - "S3_BUCKET="
+      - "S3_ACCESS_ID="
+      - "S3_SECRET_KEY="
+      - ADMIN_UI_URL=${ADMIN_UI_URL}
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - caddy-data:/data # FIXME
+    labels:
+      # this is global
+      - '[email protected]' # FIXME
+    deploy:
+      mode: global
+      placement:
+        constraints: 
+          - node.role == manager
+    networks:
+      - public
+
+volumes:
+  caddy-data:
+
+networks:
+  public:
+    external: true

e2e/stack.yml

@@ -0,0 +1,14 @@
+version: "3.7"
+
+services:
+  caddy_test:
+    image: containous/whoami
+    networks:
+      - public
+    labels:
+      caddy: caddy-whoami.${QUANTUM_ENDPOINT}.customer.planetary-quantum.net
+      caddy.reverse_proxy: "{{upstreams 80}}"
+
+networks:
+  public:
+    external: true

rootfs/Dockerfile

@@ -0,0 +1,28 @@
+FROM caddy:2.6.4-builder as builder
+
+RUN xcaddy build \
+    --with github.com/ss098/certmagic-s3 \
+    --with github.com/lucaslorentz/[email protected]
+
+FROM caddy:2.6.4
+
+LABEL org.opencontainers.image.description "A Caddy reverse proxy with s3 storage for certmagic, service discovery via labels"
+
+ENV S3_BUCKET ""
+ENV S3_ACCESS_ID ""
+ENV S3_SECRET_KEY ""
+
+# optional
+ENV S3_HOST "s3.storage.planetary-networks.de"
+ENV S3_PREFIX ""
+ENV S3_INSECURE "false"
+
+WORKDIR /
+ADD . .
+
+WORKDIR /srv
+
+COPY --from=builder /usr/bin/caddy /usr/bin/caddy
+
+ENTRYPOINT [ "/usr/bin/caddy" ]
+CMD ["docker-proxy", "--caddyfile-path=/etc/quantum-caddy/Caddyfile", "--ingress-networks=public"]

rootfs/etc/quantum-caddy/Caddyfile

@@ -0,0 +1,23 @@
+{
+	debug
+	admin localhost:2019
+	log default {
+		output stdout
+		format console
+		include http.log.access admin.api
+	}
+	servers {
+		metrics
+	}
+}
+
+# admin-ui host
+# {$ADMIN_UI_URL} {
+# 	# @blocked not remote_ip 178.23.120.12
+# 	# respond @blocked "<h1>Access Denied</h1>" 403
+# 	route {
+# 		reverse_proxy localhost:2019 {
+# 			header_up Host localhost:2019
+# 		}
+# 	}
+# }