diff --git a/.github/workflows/e2e_test.yml b/.github/workflows/e2e_test.yml index c42365a..3abca3b 100644 --- a/.github/workflows/e2e_test.yml +++ b/.github/workflows/e2e_test.yml @@ -8,13 +8,17 @@ on: jobs: test: + strategy: + fail-fast: false + matrix: + profile: ["proxy", "proxy2"] name: Test runs-on: "ubuntu-latest" steps: - uses: actions/checkout@v3 - name: Run test server working-directory: ./test - run: docker compose up --build --detach --wait --wait-timeout 30 + run: docker compose --profile ${{matrix.profile}} up --build --detach --wait --wait-timeout 60 - name: querying http returns redirect run: | output=$(curl -s -o /dev/null -w "%{http_code}" http://localhost) @@ -39,7 +43,7 @@ jobs: fi - name: Copy the SSL key working-directory: ./test - run: docker compose cp proxy:/etc/reverse_proxy/data/certs/localhost/fullchain.pem . + run: docker compose --profile ${{matrix.profile}} cp ${{matrix.profile}}:/etc/reverse_proxy/data/certs/localhost/fullchain.pem . - name: Querying the https route returns 200 working-directory: ./test run: | diff --git a/README.md b/README.md index 252417f..b88d591 100644 --- a/README.md +++ b/README.md @@ -53,6 +53,7 @@ So. that's basically it :) - `SKIP_RENEW_CERTS=1` - don't call acme --install-cronjob to renew the certificates - `SKIP_WRITE_NGINX_CONF=1` - that /etc/reverse_proxy/nginx.conf is not overriden during the config process - `DEBUG=1` - add verbose logging (set -x) to figure out what's going wrong +- `CONFIG_JSON={...}` - Instead of using a config.json file, you can instead set it as an environment variable instead # Advanced configuration diff --git a/bootstrap.sh b/bootstrap.sh index 405f447..326fe7c 100644 --- a/bootstrap.sh +++ b/bootstrap.sh @@ -17,13 +17,22 @@ bootstrap_fn() { exit 1 fi - # First, validate the config file - if [ ! -f "$config_file" ]; then - echo "Missing $config_file. Did you forget to mount the config file?" + if [ -z "${CONFIG_JSON:-}" ]; then + if [ -f "$config_file" ]; then + CONFIG_JSON=$(cat "$config_file") + else + echo "Missing $config_file. Did you forget to mount the config file?" + exit 1 + fi + fi + + echo "$CONFIG_JSON" | jq empty 2>/dev/null + if [ $? -ne 0 ]; then + echo "Failed to parse the config file" exit 1 fi - num_domains=$(jq -e -r '.domains | length' "$config_file") + num_domains=$(echo "$CONFIG_JSON" | jq -e -r '.domains | length') if [ $? -ne 0 ] || [ "$num_domains" -lt 1 ]; then echo "No domains listed in the config" exit 1 @@ -39,9 +48,9 @@ bootstrap_fn() { else # Install acme.sh with the email in the config, ensure the account_thumbprint if [ ! -d "$acme_dir" ]; then - email=$(jq -e -r '.email' "$config_file") + email=$(echo "$CONFIG_JSON" | jq -e -r '.email') if [ $? -ne 0 ]; then - echo "$config_file is missing the email to use when registering the SSL certificates" + echo "The config is missing the email to use when registering the SSL certificates" exit 1 fi echo "Installing acme.sh" @@ -74,8 +83,8 @@ bootstrap_fn() { echo "Creating the self-signed certificate" mkdir -p "$cert_dir" || exit 1 - subject=$(jq -e -r '.domains[0].name' "$config_file") - alt_names=$(jq -e -r '.domains | map([.name] + .aliases) | flatten | map("DNS:" + .) | join(",")' "$config_file") + subject=$(echo "$CONFIG_JSON" | jq -e -r '.domains[0].name') + alt_names=$(echo "$CONFIG_JSON" | jq -e -r '.domains | map([.name] + .aliases) | flatten | map("DNS:" + .) | join(",")') echo "subject: $subject" echo "alt_names: $alt_names" openssl req -x509 -newkey rsa:4096 -sha256 -days 365 -nodes \ @@ -85,7 +94,7 @@ bootstrap_fn() { -addext "subjectAltName=$alt_names" || exit 1 fi - domains=$(jq -e -r '.domains[].name' "$config_file") + domains=$(echo "$CONFIG_JSON" | jq -e -r '.domains[].name') # Note that this script assumes that the config.json is trusted input # and the domain doesn't have e.g. ../../ in it for domain in $domains; do @@ -105,7 +114,7 @@ bootstrap_fn() { cat /dev/null > "$data_dir/nginx_generated.conf" i=0 while [ "$i" -lt "$num_domains" ]; do - domain_json=$(jq -e ".domains[$i]" "$config_file") + domain_json=$(echo "$CONFIG_JSON" | jq -e ".domains[$i]") domain=$(echo "$domain_json" | jq -e -r '.name') if [ $? -ne 0 ]; then echo "Failed to get the name for $domain_json" diff --git a/test/docker-compose.yml b/test/docker-compose.yml index 73f554e..bbd41cb 100644 --- a/test/docker-compose.yml +++ b/test/docker-compose.yml @@ -1,5 +1,7 @@ services: proxy: + profiles: + - proxy build: context: ./reverse-proxy volumes: @@ -19,8 +21,34 @@ services: timeout: 5s interval: 5s retries: 6 + proxy2: + profiles: + - proxy2 + build: + context: ./reverse-proxy + volumes: + - reverse-proxy-test:/etc/reverse_proxy/data + environment: + - SKIP_CREATE_CERTS=1 + - SKIP_RENEW_CERTS=1 + - DEBUG=1 + - 'CONFIG_JSON={ "email": "test@example.com", "domains": [ { "name": "localhost", "dest": "http://hello:80" } ] }' + + ports: + - 80:80 + - 443:443 + networks: + - web + healthcheck: + test: ['CMD-SHELL', 'curl -so /dev/null http://localhost/ || exit 1'] + timeout: 5s + interval: 5s + retries: 6 hello: + profiles: + - proxy + - proxy2 image: nginxdemos/hello:plain-text networks: - web