From 4332ca4f906ae6d29b2e5bb2570580737b87e2d7 Mon Sep 17 00:00:00 2001 From: Spunkie Date: Sun, 11 Apr 2021 15:08:27 -0600 Subject: [PATCH 1/5] swag: ioncube loader mod initial release --- .github/workflows/BuildImage.yml | 4 +-- Dockerfile | 2 +- Dockerfile.complex | 23 -------------- README.md | 18 +++-------- root/etc/cont-init.d/98-ioncube-config | 42 ++++++++++++++++++++++++++ root/etc/cont-init.d/98-vpn-config | 27 ----------------- root/etc/services.d/sshvpn/run | 3 -- 7 files changed, 49 insertions(+), 70 deletions(-) delete mode 100644 Dockerfile.complex create mode 100644 root/etc/cont-init.d/98-ioncube-config delete mode 100644 root/etc/cont-init.d/98-vpn-config delete mode 100644 root/etc/services.d/sshvpn/run diff --git a/.github/workflows/BuildImage.yml b/.github/workflows/BuildImage.yml index 518b0d8..f6abaab 100644 --- a/.github/workflows/BuildImage.yml +++ b/.github/workflows/BuildImage.yml @@ -4,8 +4,8 @@ on: [push, pull_request, workflow_dispatch] env: ENDPOINT: "linuxserver/mods" #don't modify - BASEIMAGE: "replace_baseimage" #replace - MODNAME: "replace_modname" #replace + BASEIMAGE: "swag" #replace + MODNAME: "ioncube" #replace jobs: build: diff --git a/Dockerfile b/Dockerfile index 4ece5e8..64c1ba7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM scratch -LABEL maintainer="username" +LABEL maintainer="Spunkie" # copy local files COPY root/ / diff --git a/Dockerfile.complex b/Dockerfile.complex deleted file mode 100644 index db4598e..0000000 --- a/Dockerfile.complex +++ /dev/null @@ -1,23 +0,0 @@ -## Buildstage ## -FROM ghcr.io/linuxserver/baseimage-alpine:3.12 as buildstage - -RUN \ - echo "**** install packages ****" && \ - apk add --no-cache \ - curl && \ - echo "**** grab rclone ****" && \ - mkdir -p /root-layer && \ - curl -o \ - /root-layer/rclone.deb -L \ - "https://downloads.rclone.org/v1.47.0/rclone-v1.47.0-linux-amd64.deb" - -# copy local files -COPY root/ /root-layer/ - -## Single layer deployed image ## -FROM scratch - -LABEL maintainer="username" - -# Add files from buildstage -COPY --from=buildstage /root-layer/ / diff --git a/README.md b/README.md index 5636dec..ccacdf2 100644 --- a/README.md +++ b/README.md @@ -1,17 +1,7 @@ -# Rsync - Docker mod for openssh-server +# Ioncube Loader - Docker mod for SWAG/nginx -This mod adds rsync to openssh-server, to be installed/updated during container start. +This mod adds Ioncube loader to SWAG/nginx, to be installed/updated during container start. -In openssh-server docker arguments, set an environment variable `DOCKER_MODS=linuxserver/mods:openssh-server-rsync` +In SWAG/nginx docker arguments, set an environment variable `DOCKER_MODS=linuxserver/mods:swag-ioncube` -If adding multiple mods, enter them in an array separated by `|`, such as `DOCKER_MODS=linuxserver/mods:openssh-server-rsync|linuxserver/mods:openssh-server-mod2` - -# Mod creation instructions - -* Fork the repo, create a new branch based on the branch `template`. -* Edit the `Dockerfile` for the mod. `Dockerfile.complex` is only an example and included for reference; it should be deleted when done. -* Inspect the `root` folder contents. Edit, add and remove as necessary. -* Edit this readme with pertinent info, delete these instructions. -* Finally edit the `.github/workflows/BuildImage.yml`. Customize the build branch, and the vars for `BASEIMAGE` and `MODNAME`. -* Ask the team to create a new branch named `-`. Baseimage should be the name of the image the mod will be applied to. The new branch will be based on the `template` branch. -* Submit PR against the branch created by the team. +If adding multiple mods, enter them in an array separated by `|`, such as `DOCKER_MODS=linuxserver/mods:swag-ioncube|linuxserver/mods:swag-auto-reload` diff --git a/root/etc/cont-init.d/98-ioncube-config b/root/etc/cont-init.d/98-ioncube-config new file mode 100644 index 0000000..69f2626 --- /dev/null +++ b/root/etc/cont-init.d/98-ioncube-config @@ -0,0 +1,42 @@ +#!/usr/bin/with-contenv bash +echo "**** Installing Ioncube Loader ****" + +if php -m | grep -iq "ioncube"; then + echo "**** Ioncube Loader already installed, exiting... ****" + exit 0 +else + ARCH="$(command arch)" + if [ "${ARCH}" = "x86_64" ]; then + ARCH="x86-64" + echo "**** Linux architecture found: x86-64 ****" + elif [ "${ARCH}" = "aarch64" ]; then + ARCH="aarch64" + echo "**** Linux architecture found: arm64 ****" + elif [ "${ARCH}" = "armv7l" ]; then + ARCH="armv7l" + echo "**** Linux architecture found: armhf ****" + else + echo "**** Unsupported Linux architecture ${ARCH} found, exiting... ****" + exit 1 + fi + + PHP_MAJOR_VERSION="$(command php -r 'echo PHP_MAJOR_VERSION;')" + PHP_MINOR_VERSION="$(command php -r 'echo PHP_MINOR_VERSION;')" + echo "**** PHP Version found: ${PHP_MAJOR_VERSION}.${PHP_MINOR_VERSION}.x ****" + + echo "**** Downloading Ioncube Loader... ****" + wget https://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_${ARCH}.tar.gz -P /tmp/ + echo "**** Ioncube Loader downloaded: ioncube_loaders_lin_${ARCH}.tar.gz ****" + + echo "**** Extracting Ioncube Loader... ****" + tar -C /tmp -xzvf /tmp/ioncube_loaders_lin_${ARCH}.tar.gz \ + && mkdir -p /usr/local/ioncube && cp /tmp/ioncube/*.so /usr/local/ioncube \ + && rm /tmp/ioncube_loaders_lin_${ARCH}.tar.gz && rm -rf /tmp/ioncube + echo "**** Ioncube Loader extracted: /usr/local/ioncube ****" + + echo "zend_extension = /usr/local/ioncube/ioncube_loader_lin_${PHP_MAJOR_VERSION}.${PHP_MINOR_VERSION}.so" \ + > /etc/php${PHP_MAJOR_VERSION}/conf.d/00-ioncube.ini + echo "**** Ioncube Loader PHP extension enabled: ioncube_loader_lin_${PHP_MAJOR_VERSION}.${PHP_MINOR_VERSION}.so ****" + + echo "**** Ioncube Loader Installed ****" +fi \ No newline at end of file diff --git a/root/etc/cont-init.d/98-vpn-config b/root/etc/cont-init.d/98-vpn-config deleted file mode 100644 index a5f9127..0000000 --- a/root/etc/cont-init.d/98-vpn-config +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/with-contenv bash - -# Determine if setup is needed -if [ ! -f /usr/local/lib/python***/dist-packages/sshuttle ] && \ -[ -f /usr/bin/apt ]; then - ## Ubuntu - apt-get update - apt-get install --no-install-recommends -y \ - iptables \ - openssh-client \ - python3 \ - python3-pip - pip3 install sshuttle -fi -if [ ! -f /usr/lib/python***/site-packages/sshuttle ] && \ -[ -f /sbin/apk ]; then - # Alpine - apk add --no-cache \ - iptables \ - openssh \ - py3-pip \ - python3 - pip3 install sshuttle -fi - -chown -R root:root /root -chmod -R 600 /root/.ssh diff --git a/root/etc/services.d/sshvpn/run b/root/etc/services.d/sshvpn/run deleted file mode 100644 index 7d49e79..0000000 --- a/root/etc/services.d/sshvpn/run +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/bin/with-contenv bash - -sshuttle --dns --remote root@${HOST}:${PORT} 0/0 -x 172.17.0.0/16 From c4dc8bfe61a2c62323a56ffe661c41c68889604f Mon Sep 17 00:00:00 2001 From: Spunkie Date: Sun, 16 May 2021 05:23:49 -0600 Subject: [PATCH 2/5] universal: cloudflared mod initial release --- .github/workflows/BuildImage.yml | 4 +- Dockerfile | 28 +++ README.md | 74 +++++++- root/etc/cont-init.d/98-cloudflared-config | 195 +++++++++++++++++++++ root/etc/cont-init.d/98-ioncube-config | 42 ----- 5 files changed, 295 insertions(+), 48 deletions(-) create mode 100644 root/etc/cont-init.d/98-cloudflared-config delete mode 100644 root/etc/cont-init.d/98-ioncube-config diff --git a/.github/workflows/BuildImage.yml b/.github/workflows/BuildImage.yml index f6abaab..af720ae 100644 --- a/.github/workflows/BuildImage.yml +++ b/.github/workflows/BuildImage.yml @@ -4,8 +4,8 @@ on: [push, pull_request, workflow_dispatch] env: ENDPOINT: "linuxserver/mods" #don't modify - BASEIMAGE: "swag" #replace - MODNAME: "ioncube" #replace + BASEIMAGE: "universal" #replace + MODNAME: "cloudflared" #replace jobs: build: diff --git a/Dockerfile b/Dockerfile index 64c1ba7..cd88e76 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,34 @@ +# Build container +FROM golang:alpine AS buildstage + +RUN mkdir /cloudflared +WORKDIR /src + +RUN apk --no-cache add git build-base curl jq + +ENV GO111MODULE=on \ + CGO_ENABLED=0 + +RUN curl -s https://api.github.com/repos/cloudflare/cloudflared/releases/latest \ + | jq -rc ".tag_name" \ + | xargs -I TAG sh -c 'git -c advice.detachedHead=false clone https://github.com/cloudflare/cloudflared --depth=1 --branch TAG .' + +RUN GOOS=linux GOARCH=amd64 make cloudflared +RUN mv cloudflared /cloudflared/cloudflared-amd64 + +RUN GOOS=linux GOARCH=arm64 make cloudflared +RUN mv cloudflared /cloudflared/cloudflared-arm64 + +RUN GOOS=linux GOARCH=arm make cloudflared +RUN mv cloudflared /cloudflared/cloudflared-armhf + +# Runtime container FROM scratch +WORKDIR / LABEL maintainer="Spunkie" +# copy cloudflared bins +COPY --from=buildstage /cloudflared /cloudflared # copy local files COPY root/ / diff --git a/README.md b/README.md index ccacdf2..5fccad6 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,73 @@ -# Ioncube Loader - Docker mod for SWAG/nginx +# Cloudflared - Universal docker mod -This mod adds Ioncube loader to SWAG/nginx, to be installed/updated during container start. +In docker arguments, set an environment variable `DOCKER_MODS=linuxserver/mods:universal-cloudflared` -In SWAG/nginx docker arguments, set an environment variable `DOCKER_MODS=linuxserver/mods:swag-ioncube` +If no additional parameters are supplied this mod builds `cloudflared` from [source](https://github.com/cloudflare/cloudflared) using the [latest release tag](https://github.com/cloudflare/cloudflared/releases/latest) and adds it to [any LSIO docker image](https://fleet.linuxserver.io/). -If adding multiple mods, enter them in an array separated by `|`, such as `DOCKER_MODS=linuxserver/mods:swag-ioncube|linuxserver/mods:swag-auto-reload` +If all additional parameters are supplied this docker mod will also create/configure/route/enable a cloudflare tunnel via `cloudflared` and the cloudflare v4 API. + +## Usage + +Here an example snippet to help you get started using this docker mod. + +### docker-compose ([recommended](https://docs.linuxserver.io/general/docker-compose)) + +```yaml + swag: + image: ghcr.io/linuxserver/swag + container_name: swag + cap_add: + - NET_ADMIN + environment: + PUID: 1000 + PGID: 1000 + TZ: Europe/London + URL: yourdomain.url + SUBDOMAINS: test,gitlab,gitlab-ssh, + VALIDATION: dns + DNSPLUGIN: cloudflare #optional + ONLY_SUBDOMAINS: true #optional + EMAIL: #optional + EXTRA_DOMAINS: #optional + STAGING: false #optional + DOCKER_MODS: linuxserver/mods:universal-cloudflared + CF_ZONE_ID: #optional + CF_ACCOUNT_ID: #optional + CF_API_TOKEN: #optional + CF_TUNNEL_NAME: example #optional + CF_TUNNEL_PASSWORD: pleasedontusethisexamplepassword #optional + CF_TUNNEL_CONFIG: | #optional + ingress: + - hostname: test.yourdomain.url + service: hello_world + - hostname: gitlab.yourdomain.url + service: https://localhost:443 + - hostname: gitlab-ssh.yourdomain.url + service: ssh://localhost:22 + - service: http_status:404 + volumes: + - /path/to/appdata/config:/config + ports: + - 443:443 + # - 80:80 #optional + restart: unless-stopped +``` + +## Parameters + +Container images/mods are configured using parameters passed at runtime (such as those above). + +| Parameter | Function | Notes | +| :----: | --- | --- | +| `DOCKER_MODS` | Enabled this docker mod with `linuxserver/mods:universal-cloudflared` | If adding multiple mods, enter them in an array separated by `\|`, such as `DOCKER_MODS: linuxserver/mods:universal-cloudflared\|linuxserver/mods:universal-mod2` | + +### Optional tunnel parameters + +| Parameter | Function | Notes | +| :----: | --- | --- | +| `CF_ZONE_ID` | Cloudflare zone ID | | +| `CF_ACCOUNT_ID` | Cloudflare account ID | | +| `CF_API_TOKEN` | Cloudflare API token | Must have the `Account.Argo Tunnel:Edit` and `Zone.DNS:Edit` permissions. | +| `CF_TUNNEL_NAME` | Cloudflare tunnel name | | +| `CF_TUNNEL_PASSWORD` | Cloudflare tunnel password | 32 char minimum | +| `CF_TUNNEL_CONFIG` | Cloudflare tunnel config, please refer to cloudflares official tunnel docs. | Do not add `tunnel`/`credentials-file` headers, these are handled automatically. | \ No newline at end of file diff --git a/root/etc/cont-init.d/98-cloudflared-config b/root/etc/cont-init.d/98-cloudflared-config new file mode 100644 index 0000000..501c1e1 --- /dev/null +++ b/root/etc/cont-init.d/98-cloudflared-config @@ -0,0 +1,195 @@ +#!/usr/bin/with-contenv bash + +echo "**** Cloudflared setup script init... ****" + +echo "**** Checking cloudflared setup script requirements... ****" +ARCH="$(command arch)" +if [ "${ARCH}" = "x86_64" ]; then + ARCH="amd64" +elif [ "${ARCH}" = "aarch64" ]; then + ARCH="arm64" +elif [ "${ARCH}" = "armv7l" ]; then + ARCH="armhf" +else + echo "**** Unsupported Linux architecture ${ARCH} found, exiting... ****" + exit 1 +fi +echo "**** Linux architecture found: ${ARCH} ****" + +UBUNTU=false +ALPINE=false +if [ -f /usr/bin/apt ]; then + UBUNTU=true + echo "**** Linux distro found: ubuntu ****" +elif [ -f /sbin/apk ]; then + ALPINE=true + echo "**** Linux distro found: alpine ****" +else + echo "**** Unknown Linux distro, exiting... ****" + exit 1 +fi + +echo "**** Checking for cloudflared setup script dependencies... ****" +YQARCH="${ARCH}" +if [ "${YQ_ARCH}" = "armhf" ]; then + YQARCH="arm" +fi +echo "**** Temporarily installing /tmp/yq... ****" +curl -sLo /tmp/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_${YQARCH} +chmod +x /tmp/yq + +declare -A CLEANUP=( [curl]=false [jq]=false ) +for PKG in "${!CLEANUP[@]}"; do + if [ -x "$(command -v ${PKG})" ]; then + echo "**** ${PKG} already installed, skipping... ****" + else + CLEANUP[$PKG]=true + echo "**** Temporarily installing ${PKG}... ****" + if $ALPINE; then + apk add --no-cache ${PKG} + elif $UBUNTU; then + apt-get -qqy install --no-install-recommends ${PKG} + fi + fi +done + +echo "**** Installing cloudflared...****" +if [ -d "/cloudflared/" ]; then + echo "**** Moving /cloudflared/cloudflared-${ARCH} to /usr/local/bin/cloudflared... ****" + mv /cloudflared/cloudflared-${ARCH} /usr/local/bin/cloudflared + + echo "**** Deleting tmp /cloudflared dir... ****" + rm -rf /cloudflared + + echo "**** Cloudflared installed ****" +elif [ -x "$(command -v cloudflared)" ]; then + echo "**** Cloudflared already installed, skipping... ****" +else + echo "**** Cloudflared missing, exiting... ****" + exit 1 +fi +cloudflared -v + +echo "**** Checking for optional cloudflare tunnel parameters... ****" +if [[ ${#CF_ACCOUNT_ID} -gt 0 ]] && [[ ${#CF_API_TOKEN} -gt 0 ]] && [[ ${#CF_TUNNEL_NAME} -gt 0 ]]; then + if [[ ${#CF_TUNNEL_PASSWORD} -le 32 ]]; then + echo "**** Cloudflare tunnel password must be at least 32 characters long, exiting... ****" + exit 1 + else + echo "**** Cloudflare tunnel parameters found, starting cloudflare tunnel setup... ****" + echo "**** Creating cloudflare tunnel(${CF_TUNNEL_NAME}) via API... ****" + + CF_TUNNEL_SECRET="$(command echo ${CF_TUNNEL_PASSWORD} | base64)" + JSON_RESULT=$(curl -sX \ + POST "https://api.cloudflare.com/client/v4/accounts/${CF_ACCOUNT_ID}/tunnels" \ + -H "Authorization: Bearer ${CF_API_TOKEN}" \ + -H "Content-Type: application/json" \ + --data "{\"name\":\"${CF_TUNNEL_NAME}\",\"tunnel_secret\":\"${CF_TUNNEL_SECRET}\"}") + echo ${JSON_RESULT} | jq + + JSON_CODE_VALUE=$(echo ${JSON_RESULT} | jq -rc ".code") + if [[ ${JSON_CODE_VALUE} -eq 1013 ]]; then + echo "**** You already have a cloudflare tunnel named ${CF_TUNNEL_NAME} ****" + + echo "**** Searching existing cloudflare tunnels via API... ****" + JSON_RESULT=$(curl -sX \ + GET "https://api.cloudflare.com/client/v4/accounts/${CF_ACCOUNT_ID}/tunnels?name=${CF_TUNNEL_NAME}&is_deleted=false" \ + -H "Authorization: Bearer ${CF_API_TOKEN}" \ + -H "Content-Type: application/json") + echo ${JSON_RESULT} | jq + + echo "**** Fetching existing cloudflare tunnel(${CF_TUNNEL_NAME}) via API... ****" + CF_TUNNEL_ID=$(echo ${JSON_RESULT} | jq -rc ".[].id") + JSON_RESULT=$(curl -sX \ + GET "https://api.cloudflare.com/client/v4/accounts/${CF_ACCOUNT_ID}/tunnels/${CF_TUNNEL_ID}?" \ + -H "Authorization: Bearer ${CF_API_TOKEN}" \ + -H "Content-Type: application/json") + + JSON_RESULT=$(echo ${JSON_RESULT} | jq -rc ". + {\"credentials_file\": {\"AccountTag\": \"${CF_ACCOUNT_ID}\",\"TunnelID\": \"${CF_TUNNEL_ID}\",\"TunnelName\": \"${CF_TUNNEL_NAME}\",\"TunnelSecret\": \"${CF_TUNNEL_SECRET}\"}}") + echo ${JSON_RESULT} | jq + fi + + CF_TUNNEL_ID=$(echo ${JSON_RESULT} | jq -rc ".id") + CREDENTIALS_FILE=$(echo ${JSON_RESULT} | jq -rc ".credentials_file") + echo "**** Saving cloudflare tunnel(${CF_TUNNEL_NAME}) credentials json... ****" + if [ ! -d "/etc/cloudflared/" ]; then + mkdir -p "/etc/cloudflared"; + fi + printf "${CREDENTIALS_FILE}" > "/etc/cloudflared/${CF_TUNNEL_ID}.json" + echo ${JSON_RESULT} | jq -r ".credentials_file" + echo "**** Cloudflare tunnel(${CF_TUNNEL_NAME}) credentials saved to /etc/cloudflared/${CF_TUNNEL_ID}.json ****" + + echo "**** Generating config.yml for cloudflare tunnel(${CF_TUNNEL_NAME})... ****" + printf "tunnel: ${CF_TUNNEL_ID}\n" > "/etc/cloudflared/config.yml" + printf "credentials-file: /etc/cloudflared/${CF_TUNNEL_ID}.json\n" >> "/etc/cloudflared/config.yml" + printf "no-autoupdate: true\n\n" >> "/etc/cloudflared/config.yml" + printf "${CF_TUNNEL_CONFIG}" >> "/etc/cloudflared/config.yml" + /tmp/yq e /etc/cloudflared/config.yml + echo "**** Config for cloudflare tunnel(${CF_TUNNEL_NAME}) saved to /etc/cloudflared/config.yml ****" + + echo "**** Validating cloudflared tunnel rules... ****" + cloudflared tunnel ingress validate + + echo "**** Updating cloudflare zone... ****" + for HOSTNAME in $(/tmp/yq e ".ingress.[].hostname" /etc/cloudflared/config.yml); do + if [ ! "${HOSTNAME}" = "null" ]; then + echo "**** Searching zone for hostname(${HOSTNAME}) via API... ****" + JSON_RESULT=$(curl -sX \ + GET "https://api.cloudflare.com/client/v4/zones/${CF_ZONE_ID}/dns_records?name=${HOSTNAME}&type=CNAME&match=all" \ + -H "Authorization: Bearer ${CF_API_TOKEN}" \ + -H "Content-Type: application/json") + + COUNT=$(echo ${JSON_RESULT} | jq -rc ".result_info.count") + if [[ ${COUNT} -eq 0 ]]; then + echo "**** Creating new CNAME for hostname(${HOSTNAME}) via API... ****" + JSON_RESULT=$(curl -sX \ + POST "https://api.cloudflare.com/client/v4/zones/${CF_ZONE_ID}/dns_records" \ + -H "Authorization: Bearer ${CF_API_TOKEN}" \ + -H "Content-Type: application/json" \ + --data "{\"type\":\"CNAME\",\"name\":\"${HOSTNAME}\",\"content\":\"${CF_TUNNEL_ID}.cfargotunnel.com\",\"ttl\":1,\"proxied\":true}") + echo ${JSON_RESULT} | jq + else + echo "**** Updating existing CNAME for hostname(${HOSTNAME}) via API... ****" + RECORD_ID=$(echo ${JSON_RESULT} | jq -rc ".result[].id") + JSON_RESULT=$(curl -sX \ + PUT "https://api.cloudflare.com/client/v4/zones/${CF_ZONE_ID}/dns_records/${RECORD_ID}" \ + -H "Authorization: Bearer ${CF_API_TOKEN}" \ + -H "Content-Type: application/json" \ + --data "{\"type\":\"CNAME\",\"name\":\"${HOSTNAME}\",\"content\":\"${CF_TUNNEL_ID}.cfargotunnel.com\",\"ttl\":1,\"proxied\":true}") + echo ${JSON_RESULT} | jq + fi + fi + done + + echo "**** Installing cloudflared service... ****" + cloudflared service install + + echo "**** Enabling cloudflared service... ****" + if $ALPINE; then + rc-service cloudflared start + elif $UBUNTU; then + systemctl start cloudflared + fi + fi +else + echo "**** Optional parameters blank or missing, skipped cloudflare tunnel setup ****" +fi + +echo "**** Cleaning up cloudflared setup script dependencies if required... ****" +for PKG in "${!CLEANUP[@]}"; do + if [ "${CLEANUP[$PKG]}" = true ]; then + CLEANUP[$PKG]=false + echo "**** Uninstalling ${PKG}... ****" + if $ALPINE; then + apk del ${PKG} + elif $UBUNTU; then + apt-get -qqy remove ${PKG} + apt-get -qqy autoremove + fi + fi +done + +echo "**** Uninstalling /tmp/yq... ****" +rm /tmp/yq + +echo "**** Cloudflared setup script done, exiting... ****" \ No newline at end of file diff --git a/root/etc/cont-init.d/98-ioncube-config b/root/etc/cont-init.d/98-ioncube-config deleted file mode 100644 index 69f2626..0000000 --- a/root/etc/cont-init.d/98-ioncube-config +++ /dev/null @@ -1,42 +0,0 @@ -#!/usr/bin/with-contenv bash -echo "**** Installing Ioncube Loader ****" - -if php -m | grep -iq "ioncube"; then - echo "**** Ioncube Loader already installed, exiting... ****" - exit 0 -else - ARCH="$(command arch)" - if [ "${ARCH}" = "x86_64" ]; then - ARCH="x86-64" - echo "**** Linux architecture found: x86-64 ****" - elif [ "${ARCH}" = "aarch64" ]; then - ARCH="aarch64" - echo "**** Linux architecture found: arm64 ****" - elif [ "${ARCH}" = "armv7l" ]; then - ARCH="armv7l" - echo "**** Linux architecture found: armhf ****" - else - echo "**** Unsupported Linux architecture ${ARCH} found, exiting... ****" - exit 1 - fi - - PHP_MAJOR_VERSION="$(command php -r 'echo PHP_MAJOR_VERSION;')" - PHP_MINOR_VERSION="$(command php -r 'echo PHP_MINOR_VERSION;')" - echo "**** PHP Version found: ${PHP_MAJOR_VERSION}.${PHP_MINOR_VERSION}.x ****" - - echo "**** Downloading Ioncube Loader... ****" - wget https://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_${ARCH}.tar.gz -P /tmp/ - echo "**** Ioncube Loader downloaded: ioncube_loaders_lin_${ARCH}.tar.gz ****" - - echo "**** Extracting Ioncube Loader... ****" - tar -C /tmp -xzvf /tmp/ioncube_loaders_lin_${ARCH}.tar.gz \ - && mkdir -p /usr/local/ioncube && cp /tmp/ioncube/*.so /usr/local/ioncube \ - && rm /tmp/ioncube_loaders_lin_${ARCH}.tar.gz && rm -rf /tmp/ioncube - echo "**** Ioncube Loader extracted: /usr/local/ioncube ****" - - echo "zend_extension = /usr/local/ioncube/ioncube_loader_lin_${PHP_MAJOR_VERSION}.${PHP_MINOR_VERSION}.so" \ - > /etc/php${PHP_MAJOR_VERSION}/conf.d/00-ioncube.ini - echo "**** Ioncube Loader PHP extension enabled: ioncube_loader_lin_${PHP_MAJOR_VERSION}.${PHP_MINOR_VERSION}.so ****" - - echo "**** Ioncube Loader Installed ****" -fi \ No newline at end of file From d8cb836b4d6ca22fc487bc5cca1a3f88ad77fa4d Mon Sep 17 00:00:00 2001 From: aptalca Date: Wed, 26 May 2021 22:58:53 -0400 Subject: [PATCH 3/5] add versioning --- .github/workflows/BuildImage.yml | 12 +++++++++++- Dockerfile | 32 +++++++++++++++++++------------- 2 files changed, 30 insertions(+), 14 deletions(-) diff --git a/.github/workflows/BuildImage.yml b/.github/workflows/BuildImage.yml index af720ae..93a5bf7 100644 --- a/.github/workflows/BuildImage.yml +++ b/.github/workflows/BuildImage.yml @@ -15,14 +15,20 @@ jobs: - name: Build image run: | - docker build --no-cache -t ${{ github.sha }} . + CLOUDFLARED_TAG=$(curl -s https://api.github.com/repos/cloudflare/cloudflared/releases/latest | jq -rc ".tag_name") + echo "CLOUDFLARED_TAG=${CLOUDFLARED_TAG}" >> $GITHUB_ENV + docker build --no-cache --build-arg CLOUDFLARED_TAG=${CLOUDFLARED_TAG} -t ${{ github.sha }} . - name: Tag image if: ${{ github.ref == format('refs/heads/{0}-{1}', env.BASEIMAGE, env.MODNAME) }} run: | docker tag ${{ github.sha }} ${ENDPOINT}:${BASEIMAGE}-${MODNAME} + docker tag ${{ github.sha }} ${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${CLOUDFLARED_TAG} + docker tag ${{ github.sha }} ${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${CLOUDFLARED_TAG}-${{ github.sha }} docker tag ${{ github.sha }} ${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${{ github.sha }} docker tag ${{ github.sha }} ghcr.io/${ENDPOINT}:${BASEIMAGE}-${MODNAME} + docker tag ${{ github.sha }} ghcr.io/${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${CLOUDFLARED_TAG} + docker tag ${{ github.sha }} ghcr.io/${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${CLOUDFLARED_TAG}-${{ github.sha }} docker tag ${{ github.sha }} ghcr.io/${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${{ github.sha }} - name: Credential check @@ -48,6 +54,8 @@ jobs: if: ${{ github.ref == format('refs/heads/{0}-{1}', env.BASEIMAGE, env.MODNAME) && env.CR_USER && env.CR_PAT }} run: | docker push ghcr.io/${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${{ github.sha }} + docker push ghcr.io/${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${CLOUDFLARED_TAG}-${{ github.sha }} + docker push ghcr.io/${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${CLOUDFLARED_TAG} docker push ghcr.io/${ENDPOINT}:${BASEIMAGE}-${MODNAME} - name: Login to DockerHub @@ -59,4 +67,6 @@ jobs: if: ${{ github.ref == format('refs/heads/{0}-{1}', env.BASEIMAGE, env.MODNAME) && env.DOCKERUSER && env.DOCKERPASS }} run: | docker push ${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${{ github.sha }} + docker push ${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${CLOUDFLARED_TAG}-${{ github.sha }} + docker push ${ENDPOINT}:${BASEIMAGE}-${MODNAME}-${CLOUDFLARED_TAG} docker push ${ENDPOINT}:${BASEIMAGE}-${MODNAME} diff --git a/Dockerfile b/Dockerfile index cd88e76..ddcfac5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,9 @@ # Build container FROM golang:alpine AS buildstage -RUN mkdir /cloudflared +ARG CLOUDFLARED_TAG + +RUN mkdir -p /root-layer/cloudflared WORKDIR /src RUN apk --no-cache add git build-base curl jq @@ -9,26 +11,30 @@ RUN apk --no-cache add git build-base curl jq ENV GO111MODULE=on \ CGO_ENABLED=0 -RUN curl -s https://api.github.com/repos/cloudflare/cloudflared/releases/latest \ - | jq -rc ".tag_name" \ - | xargs -I TAG sh -c 'git -c advice.detachedHead=false clone https://github.com/cloudflare/cloudflared --depth=1 --branch TAG .' +RUN \ + if [ -z "${CLOUDFLARED_TAG}" ]; then \ + curl -s https://api.github.com/repos/cloudflare/cloudflared/releases/latest \ + | jq -rc ".tag_name" \ + | xargs -I TAG sh -c 'git -c advice.detachedHead=false clone https://github.com/cloudflare/cloudflared --depth=1 --branch TAG .'; \ + else \ + git -c advice.detachedHead=false clone https://github.com/cloudflare/cloudflared --depth=1 --branch ${CLOUDFLARED_TAG} .; \ + fi RUN GOOS=linux GOARCH=amd64 make cloudflared -RUN mv cloudflared /cloudflared/cloudflared-amd64 +RUN mv cloudflared /root-layer/cloudflared/cloudflared-amd64 RUN GOOS=linux GOARCH=arm64 make cloudflared -RUN mv cloudflared /cloudflared/cloudflared-arm64 +RUN mv cloudflared /root-layer/cloudflared/cloudflared-arm64 RUN GOOS=linux GOARCH=arm make cloudflared -RUN mv cloudflared /cloudflared/cloudflared-armhf +RUN mv cloudflared /root-layer/cloudflared/cloudflared-armhf -# Runtime container +COPY root/ /root-layer/ + +## Single layer deployed image ## FROM scratch -WORKDIR / LABEL maintainer="Spunkie" -# copy cloudflared bins -COPY --from=buildstage /cloudflared /cloudflared -# copy local files -COPY root/ / +# Add files from buildstage +COPY --from=buildstage /root-layer/ / From 4ee67c9bc5c2acc2835773b39de1253debc7f89a Mon Sep 17 00:00:00 2001 From: Spunkie Date: Thu, 27 May 2021 11:57:01 -0600 Subject: [PATCH 4/5] universal: cloudflared add s6 service, README.md tweaks --- README.md | 11 ++--------- root/etc/services.d/cloudflared/run | 3 +++ 2 files changed, 5 insertions(+), 9 deletions(-) create mode 100644 root/etc/services.d/cloudflared/run diff --git a/README.md b/README.md index 5fccad6..0dd572b 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ In docker arguments, set an environment variable `DOCKER_MODS=linuxserver/mods:universal-cloudflared` -If no additional parameters are supplied this mod builds `cloudflared` from [source](https://github.com/cloudflare/cloudflared) using the [latest release tag](https://github.com/cloudflare/cloudflared/releases/latest) and adds it to [any LSIO docker image](https://fleet.linuxserver.io/). +If no additional parameters are supplied this mod adds [`cloudflared`](https://github.com/cloudflare/cloudflared) using the [latest release tag](https://github.com/cloudflare/cloudflared/releases/latest) to any [LSIO docker image](https://fleet.linuxserver.io/), to be installed/updated during container start. If all additional parameters are supplied this docker mod will also create/configure/route/enable a cloudflare tunnel via `cloudflared` and the cloudflare v4 API. @@ -23,7 +23,7 @@ Here an example snippet to help you get started using this docker mod. PGID: 1000 TZ: Europe/London URL: yourdomain.url - SUBDOMAINS: test,gitlab,gitlab-ssh, + SUBDOMAINS: test, VALIDATION: dns DNSPLUGIN: cloudflare #optional ONLY_SUBDOMAINS: true #optional @@ -40,16 +40,9 @@ Here an example snippet to help you get started using this docker mod. ingress: - hostname: test.yourdomain.url service: hello_world - - hostname: gitlab.yourdomain.url - service: https://localhost:443 - - hostname: gitlab-ssh.yourdomain.url - service: ssh://localhost:22 - service: http_status:404 volumes: - /path/to/appdata/config:/config - ports: - - 443:443 - # - 80:80 #optional restart: unless-stopped ``` diff --git a/root/etc/services.d/cloudflared/run b/root/etc/services.d/cloudflared/run new file mode 100644 index 0000000..b1813de --- /dev/null +++ b/root/etc/services.d/cloudflared/run @@ -0,0 +1,3 @@ +#!/usr/bin/with-contenv bash + +exec s6-setuidgid abc cloudflared tunnel --no-autoupdate --config /etc/cloudflared/config.yml run \ No newline at end of file From 6d20aac42f6b5f73f0bfca1a168634768906630c Mon Sep 17 00:00:00 2001 From: Spunkie Date: Thu, 27 May 2021 12:39:16 -0600 Subject: [PATCH 5/5] universal: cloudflared cleanup old service code --- root/etc/cont-init.d/98-cloudflared-config | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/root/etc/cont-init.d/98-cloudflared-config b/root/etc/cont-init.d/98-cloudflared-config index 501c1e1..6dd0b36 100644 --- a/root/etc/cont-init.d/98-cloudflared-config +++ b/root/etc/cont-init.d/98-cloudflared-config @@ -160,16 +160,6 @@ if [[ ${#CF_ACCOUNT_ID} -gt 0 ]] && [[ ${#CF_API_TOKEN} -gt 0 ]] && [[ ${#CF_TUN fi fi done - - echo "**** Installing cloudflared service... ****" - cloudflared service install - - echo "**** Enabling cloudflared service... ****" - if $ALPINE; then - rc-service cloudflared start - elif $UBUNTU; then - systemctl start cloudflared - fi fi else echo "**** Optional parameters blank or missing, skipped cloudflare tunnel setup ****"