docker
This commit is contained in:
Face
@@ -24,7 +24,8 @@ FROM alpine:3.19
|
||||
|
||||
RUN apk add --no-cache \
|
||||
ca-certificates \
|
||||
postgresql-client
|
||||
postgresql-client \
|
||||
wget
|
||||
|
||||
RUN addgroup -g 1001 -S appgroup && \
|
||||
adduser -u 1001 -S appuser -G appgroup
|
||||
@@ -32,11 +33,13 @@ RUN addgroup -g 1001 -S appgroup && \
|
||||
WORKDIR /app
|
||||
|
||||
COPY --from=builder /app/target/release/webx_dns /app/webx_dns
|
||||
|
||||
COPY --from=builder /app/migrations ./migrations
|
||||
|
||||
RUN mkdir -p /app/config /app/data && \
|
||||
chown -R appuser:appgroup /app
|
||||
RUN mkdir -p /app/config /app/data /home/matt/gurted/dns/certs && \
|
||||
chown -R appuser:appgroup /app && \
|
||||
chown -R appuser:appgroup /home/matt && \
|
||||
ls -la /home/matt/gurted/dns/ && \
|
||||
echo "Directory structure created successfully"
|
||||
|
||||
USER appuser
|
||||
|
||||
@@ -46,4 +49,4 @@ HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
|
||||
CMD wget --no-verbose --tries=1 --spider http://localhost:8080/health || exit 1
|
||||
|
||||
# Default command
|
||||
CMD ["./webx_dns", "--config", "/app/config/config.toml", "start"]
|
||||
CMD ["sh", "-c", "ls -la /home/matt/gurted/dns/certs/ && ./webx_dns --config /app/config/config.toml start"]
|
||||
|
||||
@@ -10,7 +10,5 @@ services:
|
||||
volumes:
|
||||
- ./config.toml:/app/config/config.toml:ro
|
||||
- ./data:/app/data
|
||||
- ./certs:/app/certs:ro
|
||||
- ./localhost+2.pem:/app/config/tls.pem:ro
|
||||
- ./localhost+2-key.pem:/app/config/tls-key.pem:ro
|
||||
- ./certs:/home/matt/gurted/dns/certs:ro
|
||||
restart: unless-stopped
|
||||
|
||||
32
protocol/cli/gurty.service
Normal file
32
protocol/cli/gurty.service
Normal file
@@ -0,0 +1,32 @@
|
||||
[Unit]
|
||||
Description=Gurty GURT Protocol Server
|
||||
Documentation=https://github.com/outpoot/gurted
|
||||
After=network.target
|
||||
Wants=network.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=gurty
|
||||
Group=gurty
|
||||
WorkingDirectory=/opt/gurty
|
||||
ExecStart=/opt/gurty/gurty --config /opt/gurty/gurty.toml
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
Restart=always
|
||||
RestartSec=5
|
||||
StandardOutput=journal
|
||||
StandardError=journal
|
||||
SyslogIdentifier=gurty
|
||||
|
||||
NoNewPrivileges=true
|
||||
PrivateTmp=true
|
||||
ProtectSystem=strict
|
||||
ProtectHome=true
|
||||
ReadWritePaths=/opt/gurty/logs /var/log/gurty
|
||||
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
||||
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||
|
||||
LimitNOFILE=65536
|
||||
LimitNPROC=4096
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
72
protocol/cli/install.sh
Normal file
72
protocol/cli/install.sh
Normal file
@@ -0,0 +1,72 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
# Configuration
|
||||
SERVICE_NAME="gurty"
|
||||
SERVICE_USER="gurty"
|
||||
SERVICE_GROUP="gurty"
|
||||
INSTALL_DIR="/opt/gurty"
|
||||
LOG_DIR="/var/log/gurty"
|
||||
CONFIG_FILE="gurty.toml"
|
||||
SERVICE_FILE="gurty.service"
|
||||
|
||||
echo "🚀 Installing Gurty GURT Protocol Server..."
|
||||
|
||||
if [[ $EUID -ne 0 ]]; then
|
||||
echo "❌ This script must be run as root (use sudo)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "👤 Creating service user and group..."
|
||||
if ! getent group "$SERVICE_GROUP" > /dev/null 2>&1; then
|
||||
groupadd --system "$SERVICE_GROUP"
|
||||
fi
|
||||
|
||||
if ! getent passwd "$SERVICE_USER" > /dev/null 2>&1; then
|
||||
useradd --system --gid "$SERVICE_GROUP" --create-home --home-dir "$INSTALL_DIR" --shell /usr/sbin/nologin --comment "Gurty GURT Protocol Server" "$SERVICE_USER"
|
||||
fi
|
||||
|
||||
echo "📁 Creating directories..."
|
||||
mkdir -p "$INSTALL_DIR"
|
||||
mkdir -p "$LOG_DIR"
|
||||
|
||||
echo "🔨 Building gurty binary..."
|
||||
cargo build --release
|
||||
|
||||
echo "📋 Installing files..."
|
||||
cp target/release/gurty "$INSTALL_DIR/"
|
||||
cp "$CONFIG_FILE" "$INSTALL_DIR/"
|
||||
cp localhost+2.pem "$INSTALL_DIR/" 2>/dev/null || echo "⚠️ TLS certificate not found, you may need to generate one"
|
||||
cp localhost+2-key.pem "$INSTALL_DIR/" 2>/dev/null || echo "⚠️ TLS private key not found, you may need to generate one"
|
||||
|
||||
echo "🔒 Setting permissions..."
|
||||
chown -R "$SERVICE_USER:$SERVICE_GROUP" "$INSTALL_DIR"
|
||||
chown -R "$SERVICE_USER:$SERVICE_GROUP" "$LOG_DIR"
|
||||
chmod +x "$INSTALL_DIR/gurty"
|
||||
chmod 600 "$INSTALL_DIR"/*.pem 2>/dev/null || true
|
||||
chmod 644 "$INSTALL_DIR/$CONFIG_FILE"
|
||||
|
||||
echo "⚙️ Installing systemd service..."
|
||||
cp "$SERVICE_FILE" /etc/systemd/system/
|
||||
systemctl daemon-reload
|
||||
|
||||
echo "🎯 Enabling and starting service..."
|
||||
systemctl enable "$SERVICE_NAME"
|
||||
systemctl start "$SERVICE_NAME"
|
||||
|
||||
echo "✅ Installation complete!"
|
||||
echo ""
|
||||
echo "Service commands:"
|
||||
echo " sudo systemctl start gurty # Start the service"
|
||||
echo " sudo systemctl stop gurty # Stop the service"
|
||||
echo " sudo systemctl restart gurty # Restart the service"
|
||||
echo " sudo systemctl status gurty # Check service status"
|
||||
echo " sudo systemctl reload gurty # Reload configuration"
|
||||
echo " sudo journalctl -u gurty -f # View logs"
|
||||
echo ""
|
||||
echo "Configuration file: $INSTALL_DIR/$CONFIG_FILE"
|
||||
echo "Log directory: $LOG_DIR"
|
||||
echo ""
|
||||
|
||||
systemctl status "$SERVICE_NAME" --no-pager
|
||||
Reference in New Issue
Block a user