From 1eaabdc83d6257d4454a6d127c84e50d80312e31 Mon Sep 17 00:00:00 2001 From: till Date: Tue, 11 Jun 2024 11:20:45 +0200 Subject: [PATCH 1/3] Chore(deps): update docker module --- rootfs/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rootfs/Dockerfile b/rootfs/Dockerfile index 18f110b..8838573 100644 --- a/rootfs/Dockerfile +++ b/rootfs/Dockerfile @@ -2,7 +2,7 @@ FROM caddy:2.8.4-builder as builder RUN xcaddy build \ --with github.com/ss098/certmagic-s3 \ - --with github.com/lucaslorentz/caddy-docker-proxy@v2.8.4 + --with github.com/lucaslorentz/caddy-docker-proxy@v2.9.1 FROM caddy:2.8.4 From daa5206173aec706ec219862ae853fcffde73e4f Mon Sep 17 00:00:00 2001 From: till Date: Tue, 11 Jun 2024 11:21:06 +0200 Subject: [PATCH 2/3] Update(caddy): cors config --- rootfs/etc/quantum-caddy/Caddyfile | 32 ++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/rootfs/etc/quantum-caddy/Caddyfile b/rootfs/etc/quantum-caddy/Caddyfile index 5b421bb..2e76a8b 100644 --- a/rootfs/etc/quantum-caddy/Caddyfile +++ b/rootfs/etc/quantum-caddy/Caddyfile @@ -11,6 +11,38 @@ } } +# cors import +(cors) { + @cors_preflight { + method OPTIONS + header Origin * + header Access-Control-Request-Method * + } + + @cors { + header Origin * + } + + handle @cors_preflight { + header Access-Control-Allow-Origin "{args.0}" + header Access-Control-Allow-Methods "{args.1}" { + GET, POST, PUT, DELETE, OPTIONS + } + header Access-Control-Allow-Headers "Content-Type" + header Access-Control-Allow-Credentials true + respond 204 + } + + handle @cors { + header Access-Control-Allow-Origin "{args.0}" + header Access-Control-Allow-Methods "{args.1}" { + GET, POST, PUT, DELETE, OPTIONS + } + header Access-Control-Allow-Headers "Content-Type" + header Access-Control-Allow-Credentials true + } +} + # admin-ui host # {$ADMIN_UI_URL} { # # @blocked not remote_ip 178.23.120.12 From 5b7225d9a24906981b00cbd10e2ffc6e7adb3e10 Mon Sep 17 00:00:00 2001 From: till Date: Tue, 11 Jun 2024 13:14:00 +0200 Subject: [PATCH 3/3] Update(s3): conditionally enable s3 storage --- e2e/docker-compose.yml | 6 +++--- rootfs/Dockerfile | 13 +++++-------- rootfs/etc/quantum-caddy/Caddyfile | 16 ++++++++++++++++ 3 files changed, 24 insertions(+), 11 deletions(-) diff --git a/e2e/docker-compose.yml b/e2e/docker-compose.yml index 82aa1fc..08825e0 100644 --- a/e2e/docker-compose.yml +++ b/e2e/docker-compose.yml @@ -13,9 +13,9 @@ services: protocol: tcp mode: host environment: - - "S3_BUCKET=" - - "S3_ACCESS_ID=" - - "S3_SECRET_KEY=" + - "AWS_BUCKET=" + - "AWS_ACCESS_KEY_ID=" + - "AWS_SECRET_ACCESS_KEY=" - ADMIN_UI_URL=${ADMIN_UI_URL} volumes: - /var/run/docker.sock:/var/run/docker.sock:ro diff --git a/rootfs/Dockerfile b/rootfs/Dockerfile index 8838573..25923e0 100644 --- a/rootfs/Dockerfile +++ b/rootfs/Dockerfile @@ -8,14 +8,11 @@ FROM caddy:2.8.4 LABEL org.opencontainers.image.description "A Caddy reverse proxy with s3 storage for certmagic, service discovery via labels" -ENV S3_BUCKET "" -ENV S3_ACCESS_ID "" -ENV S3_SECRET_KEY "" - -# optional -ENV S3_HOST "s3.storage.planetary-networks.de" -ENV S3_PREFIX "" -ENV S3_INSECURE "false" +ENV AWS_ENDPOINT=https://s3.storage.planetary-networks.de + +ENV AWS_BUCKET="" +ENV AWS_ACCESS_KEY_ID="" +ENV AWS_SECRET_ACCESS_KEY="" WORKDIR / ADD . . diff --git a/rootfs/etc/quantum-caddy/Caddyfile b/rootfs/etc/quantum-caddy/Caddyfile index 2e76a8b..961eff5 100644 --- a/rootfs/etc/quantum-caddy/Caddyfile +++ b/rootfs/etc/quantum-caddy/Caddyfile @@ -9,6 +9,22 @@ servers { metrics } + + @s3storage { + storage s3 { + s3_force_path_style true + endpoint {env.AWS_ENDPOINT} + bucket {env.AWS_BUCKET} + region us-east-1 + access_key_id {env.AWS_ACCESS_KEY_ID} + secret_access_key {env.AWS_SECRET_ACCESS_KEY} + } + } + + # conditionally enable s3-certmagic only when AWS_ACCESS_KEY_ID is set + {if {env.AWS_ACCESS_KEY_ID} {len} > 0} { + import @s3storage + } } # cors import