Improve Dockerfile, docker build CI, Readme

This commit is contained in:
Thomas Miceli 2023-04-10 22:52:52 +02:00
parent 611d677404
commit 7452617aa7
No known key found for this signature in database
GPG key ID: D86C6F6390AF050F
3 changed files with 251 additions and 22 deletions

52
.github/workflows/docker.yml vendored Normal file
View file

@ -0,0 +1,52 @@
name: Docker
on:
release:
types: [published]
workflow_dispatch:
jobs:
docker:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Docker meta
id: meta
uses: docker/metadata-action@v4
with:
images: |
ghcr.io/thomiceli/opengist
tags: |
type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }}
type=semver,pattern={{major}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{version}}
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push
uses: docker/build-push-action@v4
with:
context: .
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max

View file

@ -1,6 +1,28 @@
FROM alpine:3.17 AS build
RUN apk update && \
apk add --no-cache \
make \
gcc \
musl-dev \
libstdc++
COPY --from=golang:1.19-alpine /usr/local/go/ /usr/local/go/
ENV PATH="/usr/local/go/bin:${PATH}"
COPY --from=node:18-alpine /usr/local/ /usr/local/
ENV NODE_PATH="/usr/local/lib/node_modules"
ENV PATH="/usr/local/bin:${PATH}"
WORKDIR /opengist
COPY . .
RUN make
FROM alpine:3.17 FROM alpine:3.17
# Install required dependencies
RUN apk update && \ RUN apk update && \
apk add --no-cache \ apk add --no-cache \
openssl \ openssl \
@ -9,35 +31,15 @@ RUN apk update && \
wget \ wget \
git \ git \
gnupg \ gnupg \
make \
xz \ xz \
gcc \ gcc \
musl-dev \ musl-dev \
libstdc++ libstdc++
# Install Golang
COPY --from=golang:1.19-alpine /usr/local/go/ /usr/local/go/
ENV PATH="/usr/local/go/bin:${PATH}"
# Install Node.js
COPY --from=node:18-alpine /usr/local/ /usr/local/
ENV NODE_PATH="/usr/local/lib/node_modules"
ENV PATH="/usr/local/bin:${PATH}"
# Set the working directory
WORKDIR /opengist WORKDIR /opengist
# Copy all source files COPY --from=build /opengist/opengist .
COPY . .
# Build the application
RUN make
# Expose the ports
EXPOSE 6157 2222 EXPOSE 6157 2222
# Mount the .opengist volume
VOLUME /root/.opengist VOLUME /root/.opengist
# Run the webserver
CMD ["./opengist"] CMD ["./opengist"]

175
README.md Normal file
View file

@ -0,0 +1,175 @@
# Opengist
![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/thomiceli/opengist?sort=semver)
![License](https://img.shields.io/github/license/thomiceli/opengist?color=blue)
A self-hosted pastebin **powered by Git**. [Try it here](https://opengist.thomice.li).
* [Features](#features)
* [Install](#install)
* [With Docker](#with-docker)
* [From source](#from-source)
* [Configuration](#configuration)
* [Administration](#administration)
* [Use Nginx as a reverse proxy](#use-nginx-as-a-reverse-proxy)
* [Use Fail2ban](#use-fail2ban)
* [License](#license)
## Features
* Create public or unlisted snippets
* Clone / Pull / Push snippets **via Git** over HTTP or SSH
* Revisions history
* Syntax highlighting ; markdown & CSV support
* Like / Fork snippets
* Search for all snippets or for certain users snippets
* Editor with indentation mode & size ; drag and drop files
* Download raw files or as a ZIP archive
* Avatars
* Responsive UI
* Enable or disable signups
* Admin panel : delete users/gists; clean database/filesystem by syncing gists
* SQLite database
* Logging
* Docker support
#### Todo
- [ ] Light mode
- [ ] Tests
- [ ] Search for snippets
- [ ] Embed snippets
- [ ] Filesystem/Redis support for user sessions
- [ ] Have a cool logo
## Install
### With Docker
A Docker [image](https://github.com/users/thomiceli/packages/container/package/opengist), available for each release, can be pulled
```
docker pull ghcr.io/thomiceli/opengist:1
```
It can be used in a `docker-compose.yml` file :
1. Create a `docker-compose.yml` file with the following content
2. Run `docker-compose up -d`
3. Opengist is now running on port 6157, you can browse http://localhost:6157
```yml
version: "3"
services:
opengist:
image: ghcr.io/thomiceli/opengist:1
container_name: opengist
restart: unless-stopped
ports:
- "6157:6157" # HTTP port
- "2222:2222" # SSH port, can be removed if you don't use SSH
volumes:
- "$HOME/.opengist:/root/.opengist"
environment:
CONFIG: |
log-level: info
```
### From source
Requirements : [Git](https://git-scm.com/downloads) (2.20+), [Go](https://go.dev/doc/install) (1.19+), [Node.js](https://nodejs.org/en/download/) (16+)
```shell
git clone https://github.com/thomiceli/opengist
cd opengist
make
./opengist
```
Opengist is now running on port 6157, you can browse http://localhost:6157
## Configuration
Opengist can be configured using YAML. The full configuration file is [config.yml](config.yml), each default key/value
pair can be overridden.
### With docker
Add a `CONFIG` environment variable in the `docker-compose.yml` file to the `opengist` service :
```diff
environment:
CONFIG: |
log-level: info
ssh.git-enabled: false
disable-signup: true
# ...
```
### With binary
Create a `config.yml` file (you can reuse this [one](config.yml)) and run Opengist binary with the `--config` flag :
```shell
./opengist --config /path/to/config.yml
```
## Administration
### Use Nginx as a reverse proxy
Configure Nginx to proxy requests to Opengist. Here is an example configuration file :
```
server {
listen 80;
server_name opengist.example.com;
location / {
proxy_pass http://127.0.0.1:6157;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
```
Then run :
```shell
service nginx restart
```
### Use Fail2ban
Fail2ban can be used to ban IPs that try to bruteforce the login page.
Log level must be set at least to `warn`.
Add this filter in `etc/fail2ban/filter.d/opengist.conf` :
```ini
[Definition]
failregex = Invalid .* authentication attempt from <HOST>
ignoreregex =
```
Add this jail in `etc/fail2ban/jail.d/opengist.conf` :
```ini
[opengist]
enabled = true
filter = opengist
logpath = /home/*/.opengist/log/opengist.log
maxretry = 10
findtime = 3600
bantime = 600
banaction = iptables-allports
port = anyport
```
Then run
```shell
service fail2ban restart
```
## License
Opengist is licensed under the [AGPL-3.0 license](LICENSE).