Multiplex http and ssh ports

2023-03-08 11:27:19 +01:00 · 2023-03-08 11:27:19 +01:00 · f0073a649f
commit f0073a649f
parent 668f1dd193
20 changed files with 188 additions and 29 deletions
--- a/internal/dis/component/auth/panel/ssh.go
+++ b/internal/dis/component/auth/panel/ssh.go
@ -59,7 +59,7 @@ func (panel *UserPanel) sshRoute(ctx context.Context) http.Handler {
 		}

 		sc.Domain = panel.Config.HTTP.PrimaryDomain
-		sc.Port = panel.Config.PublicSSHPort
+		sc.Port = panel.Config.Listen.AdvertisedSSHPort

 		// pick the first domain that the user has access to as an example
 		grants, err := panel.Dependencies.Policy.User(r.Context(), user.User.User)
--- a/internal/dis/component/binder/binder.env
+++ b/internal/dis/component/binder/binder.env
@ -0,0 +1 @@
+DOCKER_NETWORK_NAME=${DOCKER_NETWORK_NAME}
--- a/internal/dis/component/binder/binder.go
+++ b/internal/dis/component/binder/binder.go
@ -0,0 +1,88 @@
+package binder
+
+import (
+	"bytes"
+	"embed"
+	"io"
+	"path/filepath"
+
+	"github.com/FAU-CDI/wisski-distillery/internal/dis/component"
+	"github.com/tkw1536/pkglib/yamlx"
+	"gopkg.in/yaml.v3"
+)
+
+type Binder struct {
+	component.Base
+}
+
+var (
+	_ component.Installable = (*Binder)(nil)
+)
+
+func (binder *Binder) Path() string {
+	return filepath.Join(binder.Still.Config.Paths.Root, "core", "binder")
+}
+
+func (binder *Binder) Context(parent component.InstallationContext) component.InstallationContext {
+	return parent
+}
+
+//go:embed docker-compose.yml
+var composeTemplate []byte
+
+func (binder *Binder) buildYML() ([]byte, error) {
+	var dockerCompose yaml.Node
+	if err := yaml.Unmarshal(composeTemplate, &dockerCompose); err != nil {
+		return nil, err
+	}
+
+	for dockerCompose.Kind == yaml.DocumentNode {
+		dockerCompose = *dockerCompose.Content[0]
+	}
+
+	{
+		ports := binder.Config.Listen.ComposePorts("8000")
+		portsNode, err := yamlx.Marshal(ports)
+		if err != nil {
+			return nil, err
+		}
+		if err := yamlx.Replace(&dockerCompose, *portsNode, "services", "binder", "ports"); err != nil {
+			return nil, err
+		}
+	}
+
+	{
+		command := binder.Config.HTTP.TCPMuxCommand("0.0.0.0:8000", "http:80", "http:443", "ssh:2222")
+		commandNode, err := yamlx.Marshal(command)
+		if err != nil {
+			return nil, err
+		}
+		if err := yamlx.Replace(&dockerCompose, *commandNode, "services", "binder", "command"); err != nil {
+			return nil, err
+		}
+	}
+
+	// do the final marshal
+	return yaml.Marshal(dockerCompose)
+}
+
+//go:embed binder.env
+var resources embed.FS
+
+func (binder *Binder) Stack() component.StackWithResources {
+	return component.MakeStack(binder, component.StackWithResources{
+		Resources: resources,
+		EnvPath:   "binder.env",
+		ReadComposeFile: func() (io.Reader, error) {
+			data, err := binder.buildYML()
+			if err != nil {
+				return nil, err
+			}
+			return bytes.NewReader(data), nil
+		},
+
+		EnvContext: map[string]string{
+			"DOCKER_NETWORK_NAME": binder.Config.Docker.Network,
+		},
+	})
+}
--- a/internal/dis/component/binder/docker-compose.yml
+++ b/internal/dis/component/binder/docker-compose.yml
@ -0,0 +1,17 @@
+version: "3.7"
+
+services:
+  binder:
+    image: ghcr.io/fau-cdi/tcpmux
+    # dynamically generated
+    command: []
+    # dynamically generated
+    ports: []
+    restart: always
+    networks:
+      - default
+
+networks:
+  default:
+    name: ${DOCKER_NETWORK_NAME}
+    external: true
--- a/internal/dis/component/ssh2/server_handler.go
+++ b/internal/dis/component/ssh2/server_handler.go
@ -82,7 +82,7 @@ func (ssh2 *SSH2) handleConnection(session ssh.Session) {
 		{"${SLUG}", slug},
 		{"${DOMAIN}", ssh2.Config.HTTP.PrimaryDomain},
 		{"${HOSTNAME}", slug + "." + ssh2.Config.HTTP.PrimaryDomain},
-		{"${PORT}", strconv.FormatUint(uint64(ssh2.Config.PublicSSHPort), 10)},
+		{"${PORT}", strconv.FormatUint(uint64(ssh2.Config.Listen.AdvertisedSSHPort), 10)},
 	} {
 		banner = strings.ReplaceAll(banner, oldnew[0], oldnew[1])
 	}
--- a/internal/dis/component/ssh2/ssh2.env
+++ b/internal/dis/component/ssh2/ssh2.env
@ -6,5 +6,3 @@ SELF_OVERRIDES_FILE=${SELF_OVERRIDES_FILE}
 SELF_RESOLVER_BLOCK_FILE=${SELF_RESOLVER_BLOCK_FILE}

 DOCKER_NETWORK_NAME=${DOCKER_NETWORK_NAME}
-HTTPS_ENABLED=${HTTPS_ENABLED}
-SSH_PORT=${SSH_PORT}
--- a/internal/dis/component/ssh2/ssh2/docker-compose.yml
+++ b/internal/dis/component/ssh2/ssh2/docker-compose.yml
@ -1,13 +1,12 @@
 version: "3.7"

 services:
-  dis:
+  ssh:
+    read_only: true
    build: .
    restart: always
    environment:
      CONFIG_PATH: ${CONFIG_PATH}
-    ports:
-      - "${SSH_PORT}:2222"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
      - "${CONFIG_PATH}:${CONFIG_PATH}:ro"
--- a/internal/dis/component/ssh2/stack.go
+++ b/internal/dis/component/ssh2/stack.go
@ -3,7 +3,6 @@ package ssh2
 import (
 	"embed"
 	"path/filepath"
-	"strconv"

 	"github.com/FAU-CDI/wisski-distillery/internal/bootstrap"
 	"github.com/FAU-CDI/wisski-distillery/internal/dis/component"
@ -17,7 +16,7 @@ func (ssh SSH2) Path() string {
 var resources embed.FS

 func (ssh *SSH2) Stack() component.StackWithResources {
-	stt := component.MakeStack(ssh, component.StackWithResources{
+	return component.MakeStack(ssh, component.StackWithResources{
 		Resources:   resources,
 		ContextPath: "ssh2",
 		EnvPath:     "ssh2.env",
@ -25,20 +24,16 @@ func (ssh *SSH2) Stack() component.StackWithResources {
 		EnvContext: map[string]string{
 			"DOCKER_NETWORK_NAME": ssh.Config.Docker.Network,
 			"HOST_RULE":           ssh.Config.HTTP.DefaultHostRule(),
-			"HTTPS_ENABLED":       ssh.Config.HTTP.HTTPSEnabledEnv(),

 			"CONFIG_PATH": ssh.Config.ConfigPath,
 			"DEPLOY_ROOT": ssh.Config.Paths.Root,

 			"SELF_OVERRIDES_FILE":      ssh.Config.Paths.OverridesJSON,
 			"SELF_RESOLVER_BLOCK_FILE": ssh.Config.Paths.ResolverBlocks,
-
-			"SSH_PORT": strconv.FormatUint(uint64(ssh.Config.PublicSSHPort), 10),
 		},

 		CopyContextFiles: []string{bootstrap.Executable},
 	})
-	return stt
 }

 func (ssh SSH2) Context(parent component.InstallationContext) component.InstallationContext {
--- a/internal/dis/component/stack.go
+++ b/internal/dis/component/stack.go
@ -192,6 +192,10 @@ func (is StackWithResources) Install(ctx context.Context, progress io.Writer, co
 		); err != nil {
 			return err
 		}
+	} else {
+		if err := fsx.MkdirAll(is.Dir, fsx.DefaultDirPerm); err != nil {
+			return err
+		}
 	}

 	// write the docker-compose.yml file
--- a/internal/dis/component/web/docker-compose-http.yml
+++ b/internal/dis/component/web/docker-compose-http.yml
@ -1,7 +1,7 @@
 version: "3.7"

 services:
-  reverse-proxy:
+  http:
    image: docker.io/library/traefik:v2.9
    command:
      - "--providers.docker"
@ -12,9 +12,9 @@ services:

      ## for debugging purposes, the following can be enabled.
      # - "--api.insecure=true"
-    ports:
-      - "80:80"
-      # - "127.0.0.1:8888:8080"
+    #ports:
+    #  # - "80:80"
+    #  # - "127.0.0.1:8888:8080"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
    restart: always
--- a/internal/dis/component/web/docker-compose-https.yml
+++ b/internal/dis/component/web/docker-compose-https.yml
@ -1,7 +1,7 @@
 version: "3.7"

 services:
-  reverse-proxy:
+  http:
    image: docker.io/library/traefik:v2.9
    command:
      - "--providers.docker"
@ -24,10 +24,10 @@ services:
      # - "--api.insecure=true"
      # - "--certificatesresolvers.distillery.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"

-    ports:
-      - "80:80"
-      - "443:443"
-      # - "127.0.0.1:8888:8080"
+    #ports:
+    #  # - "80:80"
+    #  # - "443:443"
+    #  # - "127.0.0.1:8888:8080"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
      - "./acme.json:/acme.json"