Migrace na louketo-proxy

090713be · Andrej Ramašeuski · e0ebd23e · 090713be · 090713be
Verified Commit 090713be authored 4 years ago by Andrej Ramašeuski
--- a/Dockerfile
+++ b/Dockerfile
-FROM alpine:3.11
+FROM alpine:3.12.0

-ENV NAME keycloak-gatekeeper
-ENV KEYCLOAK_VERSION 10.0.1
+ENV NAME louketo-proxy
+ENV LOUKETO_PROXY_VERSION 1.0.0
 ENV GOOS linux
 ENV GOARCH amd64

-LABEL Name=keycloak-gatekeeper \
-      Release=https://github.com/keycloak/keycloak-gatekeeper \
-      Url=https://github.com/keycloak/keycloak-gatekeeper \
-      Help=https://issues.jboss.org/projects/KEYCLOAK \
-      maintainer="andrej.ramaseuski@pirati.cz"
+LABEL Name=louketo-proxy \
+      Release=https://github.com/louketo/louketo-proxy/releases \
+      Url=https://github.com/louketo/louketo-proxy \
+      Help=https://github.com/louketo/louketo-proxy/blob/master/docs/user-guide.md

-RUN adduser -D -u 1000 gatekeeper && \
-    mkdir /etc/gatekeeper && \
-    chown gatekeeper /etc/gatekeeper
+RUN adduser -h /opt/louketo -D -u 1000 louketo

-RUN apk add --no-cache ca-certificates curl tar openssl
+RUN apk add --no-cache libc6-compat ca-certificates su-exec openssl curl tar

-WORKDIR "/opt"
+WORKDIR "/opt/louketo"

-RUN curl -fssL "https://downloads.jboss.org/keycloak/$KEYCLOAK_VERSION/gatekeeper/$NAME-$GOOS-$GOARCH.tar.gz" | tar -xz && chmod +x /opt/gatekeeper/$NAME
+RUN curl -fssL "https://github.com/louketo/louketo-proxy/releases/download/$LOUKETO_PROXY_VERSION/${NAME}_${LOUKETO_PROXY_VERSION}_${GOOS}_${GOARCH}.tar.gz" | tar -xz --strip-components=1

-COPY entrypoint.sh entrypoint.sh
+COPY entrypoint.sh /
+
+RUN chown -R louketo:louketo /opt/louketo
+RUN mkdir /etc/louketo;chown -R louketo:louketo /etc/louketo

 USER 1000
 EXPOSE 3000
-ENTRYPOINT [ "/opt/entrypoint.sh" ]
-CMD ["/opt/keycloak-gatekeeper"]
+ENTRYPOINT ["/entrypoint.sh"]
+CMD ["/opt/louketo/louketo-proxy"]
--- a/entrypoint.sh
+++ b/entrypoint.sh
 #!/bin/sh
 # Entrypoint for Docker Container

-export PROXY_CONFIG_FILE=${CONFIG:-'/etc/gatekeeper/gatekeeper.conf'}
+export PROXY_CONFIG_FILE=${CONFIG:-'/etc/louketo/louketo.conf'}

 CLIENT_ID=${CLIENT_ID}
 CLIENT_SECRET=${CLIENT_SECRET}
@@ -15,12 +15,13 @@ LISTEN=${LISTEN:-':3000'}

 CERTIFICATE_SUBJ=${CERTIFICATE_SUBJ:-'/C=CZ/ST=CZ/L=Praha/O=Pirati/OU=TO/CN=gatekeeper'}

-if [ -s /etc/gatekeeper/ssl.crt ] || [ -s /etc/gatekeeper/cert.pem ] || [ -s /etc/gatekeeper/key.pem ] || [ -n "${SKIP_SSL_GENERATE}" ]; then
+
+if [ -s /etc/louketo/ssl.crt ] || [ -s /etc/louketo/cert.pem ] || [ -s /etc/louketo/key.pem ] || [ -n "${SKIP_SSL_GENERATE}" ]; then
    echo "Skipping SSL certificate generation"
 else
    echo "Generating self-signed certificate"

-    cd /etc/gatekeeper
+    cd /etc/louketo

    # Generating signing SSL private key
    openssl genrsa -des3 -passout pass:xxxx -out key.pem 2048
@@ -33,20 +34,20 @@ else
    openssl x509 -req -days 3650 -in cert.csr -signkey key.pem -out cert.pem
 fi

-echo "# GATEKEEPER CONFIG 
+echo "# GATEKEEPER CONFIG
 client-id: ${CLIENT_ID}
 client-secret: ${CLIENT_SECRET}
 discovery-url: ${DISCOVERY_URL}
 redirection-url: ${REDIRECTION_URL}
-encryption-key: ${ENCRYPTION_KEY} 
+encryption-key: ${ENCRYPTION_KEY}
 listen: ${LISTEN}
-upstream-url: ${UPSTREAM_URL} 
-tls-cert: /etc/gatekeeper/cert.pem
-tls-private-key: /etc/gatekeeper/key.pem 
+upstream-url: ${UPSTREAM_URL}
+tls-cert: /etc/louketo/cert.pem
+tls-private-key: /etc/louketo/key.pem
 ${CUSTOM_CONFIG}

 resources:
 ${RESOURCES}
-" > /etc/gatekeeper/gatekeeper.conf
+" > /etc/louketo/louketo.conf

-exec "$@" 
+exec "$@"