m724/proj4
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use slf4j

Browse source
This commit is contained in:
Minecon724 2025-02-28 18:17:42 +01:00
commit 2181410e0d
No known key found for this signature in database
GPG key ID: 3CCC4D267742C8E8
11 changed files with 309 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored
View file

@ -36,3 +36,5 @@ build/
### Mac OS ###
.DS_Store
logs/

0
Dockerfile Normal file
View file

5
README.md
View file

@ -1,3 +1,8 @@
### Setup
1. Replace IPs in `docker-compose.yml`
2. run like a compose project
### Supply chain
- `com.github.docker-java:docker-java:3.4.1` [GitHub](https://github.com/docker-java/docker-java) \
Warning: [Numerous CVEs.](https://mvnrepository.com/artifact/com.github.docker-java/docker-java/3.4.1) [Project seems dead](https://github.com/docker-java/docker-java/issues)

34
docker-compose.yml Normal file
View file

@ -0,0 +1,34 @@
services:
app:
build:
context: .
dockerfile: Dockerfile
restart: unless-stopped
networks:
- app
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- webroot:/var/www/html
nginx:
image: nginx:1.27
restart: unless-stopped
networks:
- nginx
volumes:
- ./nginx:/etc/nginx:ro
- webroot:/var/www/html:ro
- ssl-certs:/etc/ssl/nginx:ro
ports: # change IPs here
- "127.0.0.1:80:80"
- "127.0.0.1:443:443"
- "127.0.0.1:443:443/udp"
- "[::1]:80:80"
- "[::1]:443:443"
- "[::1]:443:443/udp"
depends_on:
- app
volumes:
webroot:
ssl-certs:

16
nginx/conf.d/server.conf Normal file
View file

@ -0,0 +1,16 @@
server {
listen 443 ssl;
listen 443 quic;
listen [::]:443 ssl;
listen [::]:443 quic;
ssl_certificate /etc/ssl/nginx/$hostname/fullchain.pem;
ssl_certificate_key /etc/ssl/nginx/$hostname/key.pem;
root /var/www/html/$hostname;
index index.html;
location /.well-known/acme-challenge {
root /var/www/acme-challenge/$hostname;
}
}

98
nginx/mime.types Normal file
View file

@ -0,0 +1,98 @@
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/avif avif;
image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
font/woff woff;
font/woff2 woff2;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.oasis.opendocument.graphics odg;
application/vnd.oasis.opendocument.presentation odp;
application/vnd.oasis.opendocument.spreadsheet ods;
application/vnd.oasis.opendocument.text odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
docx;
application/vnd.wap.wmlc wmlc;
application/wasm wasm;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}

85
nginx/nginx.conf Normal file
View file

@ -0,0 +1,85 @@
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_user [$time_local] "$request" '
'$status $body_bytes_sent bytes "$http_referer" '
'"$http_x_forwarded_for"';
# While I removed PII from the above log format, still better not logging
access_log /dev/null main; # /var/log/nginx/access.log main;
server_tokens off;
sendfile on;
tcp_nopush on;
quic_retry on;
quic_gso on;
ssl_early_data on; # READ https://blog.cloudflare.com/introducing-0-rtt/#whats-the-catch
keepalive_timeout 65;
gzip on;
gzip_types *;
gzip_min_length 1000;
gzip_proxied any;
http2 on;
add_header Alt-Svc 'h3=":443"; ma=86400';
# modern configuration
ssl_protocols TLSv1.3;
ssl_ecdh_curve X25519:prime256v1:secp384r1;
ssl_prefer_server_ciphers off;
# Make sure to generate it first
ssl_dhparam dhparam.pem;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
# replace with the IP address of your resolver;
# async 'resolver' is important for proper operation of OCSP stapling
resolver [2001:4860:4860::8888] [2001:4860:4860::8844] 8.8.8.8 8.8.4.4;
# If certificates are marked OCSP Must-Staple, consider managing the
# OCSP stapling cache with an external script, e.g. certbot-ocsp-fetcher
# HTTPS redirect
server {
listen 80 default_server;
listen [::]:80 default_server;
return 301 https://$host$request_uri;
}
# default HTTPS server
server {
listen 443 ssl default_server;
listen 443 quic reuseport default_server;
listen [::]:443 ssl default_server;
server_name _;
# Make sure to generate
ssl_certificate snakeoil.pem;
ssl_certificate_key snakeoil.key;
}
include /etc/nginx/conf.d/*.conf;
}

12
src/main/java/eu/m724/Main.java
View file

@ -42,7 +42,10 @@ public class Main {
}
}
if (containerInfo != null) {
LOGGER.info("{}", containerInfo.toString());
var mounts = containerInfo.getJSONArray("Mounts");
LOGGER.debug("Detected {} mounts:", mounts.length());
for (int i=0; i<mounts.length(); i++) {
@ -53,10 +56,19 @@ public class Main {
} else {
LOGGER.info("Creating it");
/*try {
var pull = engine.createImage("nginx", "1.27").get();
LOGGER.debug(pull.toString());
// TODO
} catch (ExecutionException e) {
throw new RuntimeException("Exception creating container", e);
}*/
var data = new JSONObject()
.put("Image", "nginx:1.27");
try {
containerInfo = engine.createContainer("dcdn_nginx", data).get();
LOGGER.debug("{}", containerInfo);
// TODO
} catch (ExecutionException e) {
throw new RuntimeException("Exception creating container", e);

45
src/main/java/eu/m724/Nginx.java Normal file
View file

@ -0,0 +1,45 @@
package eu.m724;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.IOException;
public class Nginx {
private static final Logger LOGGER = LoggerFactory.getLogger(Nginx.class);
public void prepareFiles() throws ProcessFailedException, IOException, InterruptedException {
LOGGER.info("Generating dhparam, this will take several minutes");
runCommand("openssl dhparam -out dhparam.pem 4096");
LOGGER.info("Generating cert");
runCommand("openssl req -new -x509 -days 365 -noenc -out snakeoil.pem -keyout snakeoil.key -subj /CN=snakeoil");
}
private void runCommand(String command) throws ProcessFailedException, IOException, InterruptedException {
var p = Runtime.getRuntime().exec(command);
var code = p.waitFor();
if (code != 0) {
throw new ProcessFailedException(command, code);
}
}
public static class ProcessFailedException extends Exception {
private final String command;
private final Integer code;
public ProcessFailedException(String command, int code) {
this.command = command;
this.code = code;
}
public String getCommand() {
return command;
}
public Integer getCode() {
return code;
}
}
}

4
src/main/java/eu/m724/docker/DockerEngine.java
View file

@ -36,4 +36,8 @@ public class DockerEngine {
public CompletableFuture<JSONObject> createContainer(String name, JSONObject data) {
return dao.requestJson("containers/create", Map.of("name", name), data);
}
public CompletableFuture<JSONObject> createImage(String image, String tag) {
return dao.requestJson("images/create", Map.of("fromImage", image, "tag", tag), new JSONObject());
}
}

6
src/main/java/eu/m724/docker/proxy/ConnectionThread.java
View file

@ -69,9 +69,13 @@ public class ConnectionThread extends Thread {
});
// Wait for both directions to complete
try {
clientToRemote.get();
remoteToClient.get();
} catch (InterruptedException | ExecutionException e) {
} catch (InterruptedException e) {
// TODO
}
} catch (ExecutionException e) {
throw new IOException("Transfer interrupted", e);
}
}