mirror of
https://gitlab.archlinux.org/archlinux/aurweb.git
synced 2025-02-03 10:43:03 +01:00
2a3df086d3
Now, we have a full collection of services used to run
aurweb over HTTPS using a self-signed CA.
New Docker services:
- `ca` - Certificate authority services
- When the `ca` service is run, it will (if needed) generate
a CA certificate and leaf certificate for localhost AUR
access. This ca is then shared with things like nginx to
use the leaf certificate. Users can import
`./cache/ca.root.pem` into their browser or ca-certificates
as a root CA who issued aurweb's certificate.
- `git` - Start sshd and set it up for aur git access
- `cgit` - Serve cgit with uwsgi on port 3000
- `fastapi` - Serve our FastAPI app with `hypercorn` on port 8000
- `php-fpm` - Serve our PHP-wise aurweb
- `nginx` - Serve FastAPI, PHP and CGit with an HTTPS certificate.
- PHP: https://localhost:8443
- PHP CGit: https://localhost:8443/cgit
- FastAPI: https://localhost:8444
- FastAPI CGit: https://localhost:8444/cgit
Short of it: Run the following in a shell to run PHP and FastAPI
servers on port **8443** and **8444**, respectively.
$ docker-compose up nginx
This will host the PHP, FastAPI, CGit and Git ecosystems.
Git SSH can be knocked at `aur@localhost:2222` as long as you have a
valid public key in the aurweb database.
Signed-off-by: Kevin Morris <kevr@0cost.org>
45 lines
1 KiB
Bash
Executable file
45 lines
1 KiB
Bash
Executable file
#!/bin/bash
|
|
set -eou pipefail
|
|
|
|
SSHD_CONFIG=/etc/ssh/sshd_config
|
|
|
|
GIT_REPO=aur.git
|
|
GIT_KEY=/cache/git.key
|
|
|
|
# Setup SSH Keys.
|
|
ssh-keygen -A
|
|
|
|
# Add AUR SSH config.
|
|
cat >> $SSHD_CONFIG << EOF
|
|
Match User aur
|
|
PasswordAuthentication no
|
|
AuthorizedKeysCommand /usr/local/bin/aurweb-git-auth "%t" "%k"
|
|
AuthorizedKeysCommandUser aur
|
|
AcceptEnv AUR_OVERWRITE
|
|
SetEnv AUR_CONFIG=/aurweb/config/config
|
|
EOF
|
|
|
|
# Taken from INSTALL.
|
|
mkdir -pv $GIT_REPO
|
|
|
|
# Initialize git repository.
|
|
if [ ! -f $GIT_REPO/config ]; then
|
|
cd $GIT_REPO
|
|
git init --bare
|
|
git config --local transfer.hideRefs '^refs/'
|
|
git config --local --add transfer.hideRefs '!refs/'
|
|
git config --local --add transfer.hideRefs '!HEAD'
|
|
ln -sf /usr/local/bin/aurweb-git-update hooks/update
|
|
chown -R aur .
|
|
cd ..
|
|
fi
|
|
|
|
if [ ! -f $GIT_KEY ]; then
|
|
# Create a DSA ssh private/pubkey at /cache/git.key{.pub,}.
|
|
ssh-keygen -f $GIT_KEY -t dsa -N '' -C 'AUR Git Key'
|
|
fi
|
|
|
|
# Users should modify these permissions on their local machines.
|
|
chmod 666 ${GIT_KEY}{.pub,}
|
|
|
|
exec "$@"
|