baileytownsend.dev / pds-gatekeeper
Microservice to bring 2FA to self hosted PDSes
fork atom

Docker setup #2

merged opened by baileytownsend.dev targeting main from feature/DockerSetup
Labels

None yet.

Participants 1
AT URI
at://did:plc:rnpkyqnmsw4ipey6eotbdnnf/sh.tangled.repo.pull/3lxvmkxgesn22
+754 -34
Diff #0
unified split
+4
.dockerignore
··· 1 + target 2 + /target 3 + **/.idea 4 + .idea
+564 -12
Cargo.lock
··· 108 108 109 109 110 110 111 + source = "registry+https://github.com/rust-lang/crates.io-index" 112 + checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8" 111 113 114 + [[package]] 115 + name = "aws-lc-rs" 116 + version = "1.13.3" 117 + source = "registry+https://github.com/rust-lang/crates.io-index" 118 + checksum = "5c953fe1ba023e6b7730c0d4b031d06f267f23a46167dcbd40316644b10a17ba" 119 + dependencies = [ 120 + "aws-lc-sys", 121 + "untrusted 0.7.1", 122 + "zeroize", 123 + ] 112 124 125 + [[package]] 126 + name = "aws-lc-sys" 127 + version = "0.30.0" 128 + source = "registry+https://github.com/rust-lang/crates.io-index" 129 + checksum = "dbfd150b5dbdb988bcc8fb1fe787eb6b7ee6180ca24da683b61ea5405f3d43ff" 130 + dependencies = [ 131 + "bindgen", 132 + "cc", 133 + "cmake", 134 + "dunce", 135 + "fs_extra", 136 + ] 113 137 138 + [[package]] 139 + name = "axum" 140 + version = "0.8.4" 114 141 115 142 116 143 ··· 210 237 211 238 212 239 240 + source = "registry+https://github.com/rust-lang/crates.io-index" 241 + checksum = "55248b47b0caf0546f7988906588779981c43bb1bc9d0c44087278f80cdb44ba" 213 242 243 + [[package]] 244 + name = "bindgen" 245 + version = "0.69.5" 246 + source = "registry+https://github.com/rust-lang/crates.io-index" 247 + checksum = "271383c67ccabffb7381723dea0672a673f292304fcb45c01cc648c7a8d58088" 248 + dependencies = [ 249 + "bitflags", 250 + "cexpr", 251 + "clang-sys", 252 + "itertools", 253 + "lazy_static", 254 + "lazycell", 255 + "log", 256 + "prettyplease", 257 + "proc-macro2", 258 + "quote", 259 + "regex", 260 + "rustc-hash", 261 + "shlex", 262 + "syn", 263 + "which", 264 + ] 214 265 266 + [[package]] 267 + name = "bitflags" 268 + version = "2.9.1" 215 269 216 270 217 271 ··· 263 317 264 318 265 319 320 + "shlex", 321 + ] 266 322 323 + [[package]] 324 + name = "cexpr" 325 + version = "0.6.0" 326 + source = "registry+https://github.com/rust-lang/crates.io-index" 327 + checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766" 328 + dependencies = [ 329 + "nom 7.1.3", 330 + ] 267 331 332 + [[package]] 333 + name = "cfg-if" 334 + version = "1.0.1" 268 335 269 336 270 337 ··· 326 393 327 394 328 395 396 + "inout", 397 + ] 329 398 399 + [[package]] 400 + name = "clang-sys" 401 + version = "1.8.1" 402 + source = "registry+https://github.com/rust-lang/crates.io-index" 403 + checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4" 404 + dependencies = [ 405 + "glob", 406 + "libc", 407 + "libloading", 408 + ] 330 409 410 + [[package]] 411 + name = "cmake" 412 + version = "0.1.54" 413 + source = "registry+https://github.com/rust-lang/crates.io-index" 414 + checksum = "e7caa3f9de89ddbe2c607f4101924c5abec803763ae9534e4f4d7d8f84aa81f0" 415 + dependencies = [ 416 + "cc", 417 + ] 331 418 419 + [[package]] 420 + name = "concurrent-queue" 421 + version = "2.5.0" 332 422 333 423 334 424 ··· 338 428 339 429 340 430 431 + source = "registry+https://github.com/rust-lang/crates.io-index" 432 + checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" 341 433 434 + [[package]] 435 + name = "core-foundation-sys" 436 + version = "0.8.7" 342 437 343 438 344 439 ··· 514 609 515 610 516 611 612 + source = "registry+https://github.com/rust-lang/crates.io-index" 613 + checksum = "1aaf95b3e5c8f23aa320147307562d361db0ae0d51242340f558153b4eb2439b" 517 614 615 + [[package]] 616 + name = "dunce" 617 + version = "1.0.5" 618 + source = "registry+https://github.com/rust-lang/crates.io-index" 619 + checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813" 518 620 621 + [[package]] 622 + name = "either" 623 + version = "1.15.0" 519 624 520 625 521 626 ··· 548 653 549 654 550 655 656 + checksum = "778e2ac28f6c47af28e4907f13ffd1e1ddbd400980a9abd7c8df189bf578a5ad" 657 + dependencies = [ 658 + "libc", 659 + "windows-sys 0.52.0", 660 + ] 551 661 662 + [[package]] 552 663 553 664 554 665 ··· 581 692 582 693 583 694 584 - checksum = "778e2ac28f6c47af28e4907f13ffd1e1ddbd400980a9abd7c8df189bf578a5ad" 585 - dependencies = [ 586 - "libc", 587 - "windows-sys 0.59.0", 695 + 696 + 697 + 698 + 699 + 700 + 701 + 702 + 703 + 704 + 705 + 706 + 707 + 708 + 709 + 710 + source = "registry+https://github.com/rust-lang/crates.io-index" 711 + checksum = "d9c4f5dac5e15c24eb999c26181a6ca40b39fe946cbe4c263c7209467bc83af2" 712 + 713 + [[package]] 714 + name = "form_urlencoded" 715 + version = "1.2.1" 716 + 717 + 718 + 719 + 720 + 721 + 722 + 723 + 724 + 725 + 726 + 727 + 728 + 729 + "thiserror 1.0.69", 588 730 ] 589 731 590 732 [[package]] 733 + name = "fs_extra" 734 + version = "1.3.0" 735 + source = "registry+https://github.com/rust-lang/crates.io-index" 736 + checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c" 591 737 738 + [[package]] 739 + name = "futures-channel" 740 + version = "0.3.31" 592 741 593 742 594 743 ··· 702 851 703 852 704 853 854 + source = "registry+https://github.com/rust-lang/crates.io-index" 855 + checksum = "07e28edb80900c19c28f1072f2e8aeca7fa06b23cd4169cefe1af5aa3260783f" 705 856 857 + [[package]] 858 + name = "glob" 859 + version = "0.3.3" 860 + source = "registry+https://github.com/rust-lang/crates.io-index" 861 + checksum = "0cc23270f6e1808e30a928bdc84dea0b9b4136a8bc82338574f23baf47bbd280" 706 862 863 + [[package]] 864 + name = "globset" 865 + version = "0.4.16" 707 866 708 867 709 868 ··· 849 1008 850 1009 851 1010 1011 + "windows-sys 0.59.0", 1012 + ] 852 1013 1014 + [[package]] 1015 + name = "http" 1016 + version = "1.3.1" 853 1017 854 1018 855 1019 ··· 1112 1276 1113 1277 1114 1278 1279 + "libc", 1280 + ] 1115 1281 1282 + [[package]] 1283 + name = "itertools" 1284 + version = "0.12.1" 1285 + source = "registry+https://github.com/rust-lang/crates.io-index" 1286 + checksum = "ba291022dbbd398a455acf126c1e341954079855bc60dfdda641363bd6922569" 1287 + dependencies = [ 1288 + "either", 1289 + ] 1116 1290 1291 + [[package]] 1292 + name = "itoa" 1293 + version = "1.0.15" 1117 1294 1118 1295 1119 1296 ··· 1165 1342 1166 1343 1167 1344 1345 + "spin", 1346 + ] 1168 1347 1348 + [[package]] 1349 + name = "lazycell" 1350 + version = "1.3.0" 1351 + source = "registry+https://github.com/rust-lang/crates.io-index" 1352 + checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" 1169 1353 1354 + [[package]] 1355 + name = "lettre" 1356 + version = "0.11.18" 1170 1357 1171 1358 1172 1359 ··· 1175 1362 1176 1363 1177 1364 1365 + "fastrand", 1366 + "futures-io", 1367 + "futures-util", 1368 + "httpdate", 1369 + "idna", 1370 + "mime", 1371 + "nom 8.0.0", 1372 + "percent-encoding", 1373 + "quoted_printable", 1374 + "rustls", 1375 + "socket2", 1376 + "tokio", 1377 + "tokio-rustls", 1378 + "url", 1379 + "webpki-roots 1.0.2", 1380 + ] 1178 1381 1382 + [[package]] 1179 1383 1180 1384 1385 + source = "registry+https://github.com/rust-lang/crates.io-index" 1386 + checksum = "6a82ae493e598baaea5209805c49bbf2ea7de956d50d7da0da1164f9c6d28543" 1181 1387 1388 + [[package]] 1389 + name = "libloading" 1390 + version = "0.8.8" 1391 + source = "registry+https://github.com/rust-lang/crates.io-index" 1392 + checksum = "07033963ba89ebaf1584d767badaa2e8fcec21aedea6b8c0346d487d49c28667" 1393 + dependencies = [ 1394 + "cfg-if", 1395 + "windows-targets 0.48.5", 1396 + ] 1182 1397 1398 + [[package]] 1399 + name = "libm" 1400 + version = "0.2.15" 1183 1401 1184 1402 1185 1403 ··· 1205 1423 1206 1424 1207 1425 1426 + [[package]] 1427 + name = "linux-raw-sys" 1428 + version = "0.4.15" 1429 + source = "registry+https://github.com/rust-lang/crates.io-index" 1430 + checksum = "d26c52dbd32dccf2d10cac7725f8eae5296885fb5703b261f7d0a0739ec807ab" 1208 1431 1432 + [[package]] 1433 + name = "litemap" 1209 1434 1210 1435 1211 1436 ··· 1260 1485 1261 1486 1262 1487 1488 + source = "registry+https://github.com/rust-lang/crates.io-index" 1489 + checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a" 1263 1490 1491 + [[package]] 1492 + name = "minimal-lexical" 1493 + version = "0.2.1" 1494 + source = "registry+https://github.com/rust-lang/crates.io-index" 1495 + checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" 1264 1496 1497 + [[package]] 1498 + name = "miniz_oxide" 1499 + version = "0.8.9" 1265 1500 1266 1501 1267 1502 ··· 1277 1512 1278 1513 1279 1514 1515 + ] 1280 1516 1517 + [[package]] 1518 + name = "nom" 1519 + version = "7.1.3" 1520 + source = "registry+https://github.com/rust-lang/crates.io-index" 1521 + checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a" 1522 + dependencies = [ 1523 + "memchr", 1524 + "minimal-lexical", 1525 + ] 1281 1526 1527 + [[package]] 1282 1528 1283 1529 1284 1530 ··· 1383 1629 1384 1630 1385 1631 1632 + source = "registry+https://github.com/rust-lang/crates.io-index" 1633 + checksum = "42f5e15c9953c5e4ccceeb2e7382a716482c34515315f7b03532b8b4e8393d2d" 1386 1634 1635 + [[package]] 1636 + name = "overload" 1637 + version = "0.1.1" 1387 1638 1388 1639 1389 1640 ··· 1439 1690 1440 1691 1441 1692 1693 + version = "0.1.0" 1694 + dependencies = [ 1695 + "anyhow", 1696 + "aws-lc-rs", 1697 + "axum", 1698 + "axum-template", 1699 + "chrono", 1442 1700 1443 1701 1444 1702 1445 1703 1446 1704 1705 + "lettre", 1706 + "rand 0.9.2", 1707 + "rust-embed", 1708 + "rustls", 1709 + "scrypt", 1710 + "serde", 1711 + "serde_json", 1447 1712 1448 1713 1449 1714 ··· 1592 1857 1593 1858 1594 1859 1860 + "zerocopy", 1861 + ] 1595 1862 1863 + [[package]] 1864 + name = "prettyplease" 1865 + version = "0.2.35" 1866 + source = "registry+https://github.com/rust-lang/crates.io-index" 1867 + checksum = "061c1221631e079b26479d25bbf2275bfe5917ae8419cd7e34f13bfc2aa7539a" 1868 + dependencies = [ 1869 + "proc-macro2", 1870 + "syn", 1871 + ] 1596 1872 1873 + [[package]] 1874 + name = "proc-macro2" 1875 + version = "1.0.97" 1597 1876 1598 1877 1599 1878 ··· 1773 2052 1774 2053 1775 2054 2055 + "cfg-if", 2056 + "getrandom 0.2.16", 2057 + "libc", 2058 + "untrusted 0.9.0", 2059 + "windows-sys 0.52.0", 2060 + ] 1776 2061 1777 2062 1778 2063 ··· 1832 2117 1833 2118 1834 2119 2120 + source = "registry+https://github.com/rust-lang/crates.io-index" 2121 + checksum = "56f7d92ca342cea22a06f2121d944b4fd82af56988c270852495420f961d4ace" 1835 2122 2123 + [[package]] 2124 + name = "rustc-hash" 2125 + version = "1.1.0" 2126 + source = "registry+https://github.com/rust-lang/crates.io-index" 2127 + checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" 1836 2128 2129 + [[package]] 2130 + name = "rustix" 2131 + version = "0.38.44" 2132 + source = "registry+https://github.com/rust-lang/crates.io-index" 2133 + checksum = "fdb5bc1ae2baa591800df16c9ca78619bf65c0488b41b96ccec5d11220d8c154" 2134 + dependencies = [ 2135 + "bitflags", 2136 + "errno", 2137 + "libc", 2138 + "linux-raw-sys", 2139 + "windows-sys 0.52.0", 2140 + ] 1837 2141 2142 + [[package]] 1838 2143 1839 2144 2145 + source = "registry+https://github.com/rust-lang/crates.io-index" 2146 + checksum = "c0ebcbd2f03de0fc1122ad9bb24b127a5a6cd51d72604a3f3c50ac459762b6cc" 2147 + dependencies = [ 2148 + "aws-lc-rs", 2149 + "log", 2150 + "once_cell", 2151 + "ring", 2152 + "rustls-pki-types", 1840 2153 1841 2154 1842 2155 ··· 1854 2167 1855 2168 1856 2169 2170 + source = "registry+https://github.com/rust-lang/crates.io-index" 2171 + checksum = "0a17884ae0c1b773f1ccd2bd4a8c72f16da897310a98b0e84bf349ad5ead92fc" 2172 + dependencies = [ 2173 + "aws-lc-rs", 2174 + "ring", 2175 + "rustls-pki-types", 2176 + "untrusted 0.9.0", 2177 + ] 1857 2178 2179 + [[package]] 1858 2180 1859 2181 1860 2182 ··· 1881 2203 1882 2204 1883 2205 2206 + "winapi-util", 2207 + ] 1884 2208 2209 + [[package]] 2210 + name = "scopeguard" 2211 + version = "1.2.0" 1885 2212 1886 2213 1887 2214 ··· 1912 2239 1913 2240 1914 2241 2242 + "cc", 2243 + ] 1915 2244 2245 + [[package]] 2246 + name = "serde" 2247 + version = "1.0.219" 1916 2248 1917 2249 1918 2250 ··· 2077 2409 2078 2410 2079 2411 2080 - "errno", 2081 - "libc", 2082 - "linux-raw-sys", 2083 - "windows-sys 0.59.0", 2084 - ] 2085 2412 2086 - [[package]] 2087 2413 2088 2414 2089 2415 ··· 2340 2666 2341 2667 2342 2668 2669 + "syn", 2670 + ] 2343 2671 2672 + [[package]] 2673 + name = "thiserror" 2674 + version = "1.0.69" 2344 2675 2345 2676 2346 2677 ··· 2440 2771 2441 2772 2442 2773 2774 + ] 2443 2775 2776 + [[package]] 2777 + name = "tokio-rustls" 2778 + version = "0.26.2" 2779 + source = "registry+https://github.com/rust-lang/crates.io-index" 2780 + checksum = "8e727b36a1a0e8b74c376ac2211e40c2c8af09fb4013c60d910495810f008e9b" 2781 + dependencies = [ 2782 + "rustls", 2783 + "tokio", 2784 + ] 2444 2785 2445 2786 2446 2787 ··· 2649 2990 2650 2991 2651 2992 2652 - "getrandom 0.3.3", 2993 + 2994 + 2995 + 2996 + 2997 + 2998 + 2999 + 3000 + 3001 + 3002 + 3003 + 3004 + 3005 + 3006 + 3007 + 3008 + 3009 + 3010 + source = "registry+https://github.com/rust-lang/crates.io-index" 3011 + checksum = "e70f2a8b45122e719eb623c01822704c4e0907e7e426a05927e1a1cfff5b75d0" 3012 + 3013 + [[package]] 3014 + name = "untrusted" 3015 + version = "0.7.1" 3016 + source = "registry+https://github.com/rust-lang/crates.io-index" 3017 + checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" 3018 + 3019 + [[package]] 3020 + name = "untrusted" 3021 + version = "0.9.0" 3022 + 3023 + 3024 + 3025 + 3026 + 3027 + 3028 + 3029 + 3030 + 3031 + 3032 + 3033 + 3034 + 3035 + 3036 + 3037 + 3038 + 3039 + 3040 + 3041 + 3042 + 3043 + 3044 + 3045 + 3046 + 3047 + 3048 + 3049 + 3050 + 3051 + 3052 + 3053 + 3054 + 3055 + 3056 + 3057 + 3058 + 3059 + 3060 + 3061 + 3062 + 3063 + 3064 + 3065 + 3066 + 3067 + 3068 + 3069 + 3070 + 3071 + 3072 + 3073 + 3074 + 3075 + 3076 + 3077 + 3078 + 3079 + 3080 + 3081 + 3082 + 3083 + 3084 + 3085 + 3086 + 3087 + 3088 + 3089 + 3090 + 3091 + 3092 + 3093 + 3094 + 3095 + 3096 + 3097 + 3098 + 3099 + 3100 + 3101 + 3102 + 3103 + 3104 + 3105 + 3106 + 3107 + 3108 + 3109 + 3110 + 3111 + 3112 + 3113 + 3114 + 3115 + 3116 + 3117 + 3118 + 3119 + 3120 + 3121 + 3122 + 3123 + 3124 + 3125 + 3126 + 3127 + 3128 + 3129 + 3130 + 3131 + 3132 + 3133 + 3134 + 3135 + 3136 + 3137 + 3138 + 3139 + 3140 + 3141 + 3142 + 3143 + 3144 + 3145 + 3146 + 3147 + 3148 + 3149 + 3150 + 3151 + 3152 + 3153 + 3154 + 3155 + 3156 + 3157 + 3158 + 3159 + 3160 + 3161 + 3162 + 3163 + 3164 + 3165 + 3166 + 3167 + 3168 + 3169 + 3170 + 3171 + 3172 + 3173 + 3174 + 3175 + 3176 + 3177 + 3178 + 3179 + 3180 + 3181 + 3182 + 3183 + 3184 + 3185 + 3186 + 3187 + 3188 + 3189 + 3190 + 3191 + 3192 + 3193 + "rustls-pki-types", 3194 + ] 3195 + 3196 + [[package]] 3197 + name = "which" 3198 + version = "4.4.2" 3199 + source = "registry+https://github.com/rust-lang/crates.io-index" 3200 + checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7" 3201 + dependencies = [ 3202 + "either", 3203 + "home", 2653 3204 "once_cell", 2654 3205 "rustix", 2655 - "windows-sys 0.59.0", 2656 3206 ] 2657 3207 2658 3208 [[package]] 3209 + name = "whoami" 3210 + version = "1.6.1"
+10
Dockerfile
··· 1 + FROM rust:1.89.0-bookworm AS builder 2 + WORKDIR /app 3 + COPY ../ /app 4 + RUN cargo build --release 5 + # 6 + FROM rust:1.89-slim-bookworm AS api 7 + RUN apt-get update 8 + RUN apt-get install -y ca-certificates 9 + COPY --from=builder /app/target/release/pds_gatekeeper /usr/local/bin/pds_gatekeeper 10 + CMD ["pds_gatekeeper"]
+6
justfile
··· 1 + release: 2 + docker buildx build \ 3 + --platform linux/arm64,linux/amd64 \ 4 + --tag fatfingers23/pds_gatekeeper:latest \ 5 + --tag fatfingers23/pds_gatekeeper:0.1 \ 6 + --push .
+5 -2
src/main.rs
··· 88 88 #[tokio::main] 89 89 async fn main() -> Result<(), Box<dyn std::error::Error>> { 90 90 setup_tracing(); 91 - //TODO may need to change where this reads from? Like an env variable for it's location? Or arg? 92 - dotenvy::from_path(Path::new("./pds.env"))?; 91 + let pds_env_location = 92 + env::var("PDS_ENV_LOCATION").unwrap_or_else(|_| "/pds/pds.env".to_string()); 93 + 94 + dotenvy::from_path(Path::new(&pds_env_location))?; 93 95 let pds_root = env::var("PDS_DATA_DIRECTORY")?; 94 96 let account_db_url = format!("{pds_root}/account.sqlite"); 95 97 ··· 129 131 env::var("PDS_EMAIL_SMTP_URL").expect("PDS_EMAIL_SMTP_URL is not set in your pds.env file"); 130 132 let sent_from = env::var("PDS_EMAIL_FROM_ADDRESS") 131 133 .expect("PDS_EMAIL_FROM_ADDRESS is not set in your pds.env file"); 134 + 132 135 let mailer: AsyncSmtpTransport<Tokio1Executor> = 133 136 AsyncSmtpTransport::<Tokio1Executor>::from_url(smtp_url.as_str())?.build(); 134 137 //Email templates setup
+1 -4
src/oauth_provider.rs
··· 36 36 "Invalid identifier or password", 37 37 ), 38 38 AuthResult::TwoFactorRequired(masked_email) => { 39 - // Email sending step can be handled here if needed in the future. 40 - 41 - // {"error":"second_authentication_factor_required","error_description":"emailOtp authentication factor required (hint: 2***0@p***m)","type":"emailOtp","hint":"2***0@p***m"} 42 39 let body_str = match serde_json::to_string(&serde_json::json!({ 43 40 "error": "second_authentication_factor_required", 44 41 "error_description": format!("emailOtp authentication factor required (hint: {})", masked_email), ··· 97 94 }, 98 95 Err(err) => { 99 96 log::error!( 100 - "Error during pre-auth check. This happens on the create_session endpoint when trying to decide if the user has access:\n {err}" 97 + "Error during pre-auth check. This happens on the oauth signin endpoint when trying to decide if the user has access:\n {err}" 101 98 ); 102 99 oauth_json_error_response( 103 100 StatusCode::BAD_REQUEST,
+5 -1
Cargo.toml
··· 18 18 hex = "0.4" 19 19 jwt-compact = { version = "0.8.0", features = ["es256k"] } 20 20 scrypt = "0.11" 21 - lettre = { version = "0.11.18", features = ["tokio1", "pool", "tokio1-native-tls"] } 21 + #lettre = { version = "0.11.18", default-features = false, features = ["pool", "tokio1-rustls", "smtp-transport", "hostname", "builder"] } 22 + #lettre = { version = "0.11", default-features = false, features = ["builder", "webpki-roots", "rustls", "aws-lc-rs", "smtp-transport", "tokio1", "tokio1-rustls"] } 23 + aws-lc-rs = "1.13.0" 24 + lettre = { version = "0.11", default-features = false, features = ["builder", "webpki-roots", "rustls", "aws-lc-rs", "smtp-transport", "tokio1", "tokio1-rustls"] } 25 + rustls = { version = "0.23", default-features = false, features = ["tls12", "std", "logging", "aws_lc_rs"] } 22 26 handlebars = { version = "6.3.2", features = ["rust-embed"] } 23 27 rust-embed = "8.7.2" 24 28 axum-template = { version = "3.0.0", features = ["handlebars"] }
+79 -15
README.md
··· 21 21 22 22 # Setup 23 23 24 - We are getting close! Testing now 25 - 26 - Nothing here yet! If you are brave enough to try before full release, let me know and I'll help you set it up. 27 - But I want to run it locally on my own PDS first to test run it a bit. 28 - 29 - Example Caddyfile (mostly so I don't lose it for now. Will have a better one in the future) 24 + PDS Gatekeeper has 2 parts to its setup, docker compose file and a reverse proxy (Caddy in this case). I will be 25 + assuming you setup the PDS following the directions 26 + found [here](https://atproto.com/guides/self-hosting), but if yours is different, or you have questions, feel free to 27 + let 28 + me know, and we can figure it out. 29 + 30 + ## Docker compose 31 + 32 + The pds gatekeeper container can be found on docker hub under the name `fatfingers23/pds_gatekeeper`. The container does 33 + need access to the `/pds` root folder to access the same db's as your PDS. The part you need to add would look a bit 34 + like below. You can find a full example of what I use for my pds at [./examples/compose.yml](./examples/compose.yml). 35 + This is usually found at `/pds/compose.yaml`on your PDS> 36 + 37 + ```yml 38 + gatekeeper: 39 + container_name: gatekeeper 40 + image: fatfingers23/pds_gatekeeper:arm-latest 41 + network_mode: host 42 + restart: unless-stopped 43 + #This gives the container to the access to the PDS folder. Source is the location on your server of that directory 44 + volumes: 45 + - type: bind 46 + source: /pds 47 + target: /pds 48 + depends_on: 49 + - pds 50 + ``` 51 + 52 + ## Caddy setup 53 + 54 + For the reverse proxy I use caddy. This part is what overwrites the endpoints and proxies them to PDS gatekeeper to add 55 + in extra functionality. The main part is below, for a full example see [./examples/Caddyfile](./examples/Caddyfile). 56 + This is usually found at `/pds/caddy/etc/caddy/Caddyfile` on your PDS. 30 57 31 58 ```caddyfile 32 - http://localhost { 33 - 34 59 @gatekeeper { 35 - path /xrpc/com.atproto.server.getSession 36 - path /xrpc/com.atproto.server.updateEmail 37 - path /xrpc/com.atproto.server.createSession 38 - path /@atproto/oauth-provider/~api/sign-in 60 + path /xrpc/com.atproto.server.getSession 61 + path /xrpc/com.atproto.server.updateEmail 62 + path /xrpc/com.atproto.server.createSession 63 + path /@atproto/oauth-provider/~api/sign-in 39 64 } 40 65 41 66 handle @gatekeeper { 42 - reverse_proxy http://localhost:8080 67 + reverse_proxy http://localhost:8080 43 68 } 44 69 45 - reverse_proxy /* http://localhost:3000 70 + reverse_proxy http://localhost:3000 71 + ``` 72 + 73 + If you use a cloudflare tunnel then your caddyfile would look a bit more like below with your tunnel proxying to 74 + `localhost:8081` (or w/e port you want). 75 + 76 + ```caddyfile 77 + http://*.localhost:8082, http://localhost:8082 { 78 + @gatekeeper { 79 + path /xrpc/com.atproto.server.getSession 80 + path /xrpc/com.atproto.server.updateEmail 81 + path /xrpc/com.atproto.server.createSession 82 + path /@atproto/oauth-provider/~api/sign-in 83 + } 84 + 85 + handle @gatekeeper { 86 + reverse_proxy http://localhost:8080 87 + } 88 + 89 + reverse_proxy http://localhost:3000 46 90 } 47 91 48 - ``` 92 + ``` 93 + 94 + # Environment variables and bonuses 95 + 96 + Every environment variable can be set in the `pds.env` and shared between PDS and gatekeeper and the PDS, with the 97 + exception of `PDS_ENV_LOCATION`. This can be set to load the pds.env, by default it checks `/pds/pds.env` and is 98 + recommended to mount the `/pds` folder on the server to `/pds` in the pds gatekeeper container. 99 + 100 + `PDS_DATA_DIRECTORY` - Root directory of the PDS. Same as the one found in `pds.env` this is how pds gatekeeper knows 101 + knows the rest of the environment variables. 102 + 103 + `GATEKEEPER_EMAIL_TEMPLATES_DIRECTORY` - The folder for templates of the emails PDS gatekeeper sends. You can find them 104 + in [./email_templates](./email_templates). You are free to edit them as you please and set this variable to a location 105 + in the pds gateekeper container and it will use them in place of the default ones. Just make sure ot keep the names the 106 + same. 107 + 108 + `PDS_BASE_URL` - Base url of the PDS. You most likely want `https://localhost:3000` which is also the default 109 + 110 + `GATEKEEPER_HOST` - Host for pds gatekeeper. Defaults to `127.0.0.1` 111 + 112 + `GATEKEEPER_PORT` - Port for pds gatekeeper. Defaults to `8080`
+29
examples/Caddyfile
··· 1 + { 2 + email youremail@myemail.com 3 + on_demand_tls { 4 + ask http://localhost:3000/tls-check 5 + } 6 + } 7 + 8 + *.yourpds.com, yourpds.com { 9 + tls { 10 + on_demand 11 + } 12 + # You'll most likely just want from here to.... 13 + @gatekeeper { 14 + path /xrpc/com.atproto.server.getSession 15 + path /xrpc/com.atproto.server.updateEmail 16 + path /xrpc/com.atproto.server.createSession 17 + path /@atproto/oauth-provider/~api/sign-in 18 + } 19 + 20 + handle @gatekeeper { 21 + #This is the address for PDS gatekeeper, default is 8080 22 + reverse_proxy http://localhost:8080 23 + } 24 + 25 + reverse_proxy http://localhost:3000 26 + #..here. Copy and paste this replacing the reverse_proxy http://localhost:3000 line 27 + } 28 + 29 +
+51
examples/compose.yml
··· 1 + version: '3.9' 2 + services: 3 + caddy: 4 + container_name: caddy 5 + image: caddy:2 6 + network_mode: host 7 + depends_on: 8 + - pds 9 + restart: unless-stopped 10 + volumes: 11 + - type: bind 12 + source: /pds/caddy/data 13 + target: /data 14 + - type: bind 15 + source: /pds/caddy/etc/caddy 16 + target: /etc/caddy 17 + pds: 18 + container_name: pds 19 + image: ghcr.io/bluesky-social/pds:0.4 20 + network_mode: host 21 + restart: unless-stopped 22 + volumes: 23 + - type: bind 24 + source: /pds 25 + target: /pds 26 + env_file: 27 + - /pds/pds.env 28 + watchtower: 29 + container_name: watchtower 30 + image: containrrr/watchtower:latest 31 + network_mode: host 32 + volumes: 33 + - type: bind 34 + source: /var/run/docker.sock 35 + target: /var/run/docker.sock 36 + restart: unless-stopped 37 + environment: 38 + WATCHTOWER_CLEANUP: true 39 + WATCHTOWER_SCHEDULE: "@midnight" 40 + gatekeeper: 41 + container_name: gatekeeper 42 + image: fatfingers23/pds_gatekeeper:arm-latest 43 + network_mode: host 44 + restart: unless-stopped 45 + #This gives the container to the access to the PDS folder. Source is the location on your server of that directory 46 + volumes: 47 + - type: bind 48 + source: /pds 49 + target: /pds 50 + depends_on: 51 + - pds

History

1 round 0 comments
sign up or login to add to the discussion
baileytownsend.dev submitted #0
2 commits
expand
0b2a1c96
WIP on feature/2faCodeGeneration
cbaa2f82
docker and setup
expand 0 comments
pull request successfully merged