Mirrors/dokku
1
0
Fork 0
mirror of https://github.com/dokku/dokku.git synced 2025-12-16 12:07:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

refactor: drop web installer in favor of setup via cli

Browse Source 
This makes the installation a bit more secure by ensuring a user does not accidentally expose a way for unauthorized users to add new ssh keys to the system.

Additionally, this removes the extra HOSTNAME file to make the initial install process easier (that file was not modifiable by any dokku commands.

Closes #2247
This commit is contained in:
Jose Diaz-Gonzalez
2021-08-06 17:48:39 -04:00
parent 857850b4c6
commit a1c768b9b3
42 changed files with 154 additions and 702 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.dockerignore
View File

@@ -8,7 +8,6 @@ docs
tests
!build/dokku.deb
!tests/dhparam.pem
!contrib/dokku-installer.py
!contrib/bash-completion
!contrib/docker
vendor

65
Dockerfile
View File

@@ -11,7 +11,7 @@ ARG DOKKU_VHOST_ENABLE=false
ARG DOKKU_WEB_CONFIG=false
RUN addgroup --gid $DOKKU_GID dokku \
&& adduser --uid $DOKKU_UID --gid $DOKKU_GID --disabled-password --gecos "" "dokku"
&& adduser --uid $DOKKU_UID --gid $DOKKU_GID --disabled-password --gecos "" "dokku"
COPY ./tests/dhparam.pem /tmp/dhparam.pem
COPY ./build/dokku.deb /tmp/dokku.deb
@@ -19,41 +19,40 @@ COPY ./build/dokku.deb /tmp/dokku.deb
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
# hadolint ignore=DL3005,DL3008
RUN echo "dokku dokku/hostname string $DOKKU_HOSTNAME" | debconf-set-selections \
&& echo "dokku dokku/skip_key_file boolean $DOKKU_SKIP_KEY_FILE" | debconf-set-selections \
&& echo "dokku dokku/vhost_enable boolean $DOKKU_VHOST_ENABLE" | debconf-set-selections \
&& echo "dokku dokku/web_config boolean $DOKKU_WEB_CONFIG" | debconf-set-selections \
&& curl -sSL https://packagecloud.io/dokku/dokku/gpgkey | apt-key add - \
&& echo "deb https://packagecloud.io/dokku/dokku/ubuntu/ bionic main" | tee /etc/apt/sources.list.d/dokku.list \
&& mkdir -p /etc/nginx/ \
&& cp /tmp/dhparam.pem /etc/nginx/dhparam.pem \
&& apt-get update -qq \
&& apt-get upgrade -qq -y \
&& apt-get -qq -y --no-install-recommends --only-upgrade install openssl openssh-server \
&& apt-get -qq -y --no-install-recommends install rsync /tmp/dokku.deb \
&& apt-get purge -qq -y syslog-ng-core \
&& apt-get autoremove -qq -y \
&& apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
&& echo "dokku dokku/skip_key_file boolean $DOKKU_SKIP_KEY_FILE" | debconf-set-selections \
&& echo "dokku dokku/vhost_enable boolean $DOKKU_VHOST_ENABLE" | debconf-set-selections \
&& curl -sSL https://packagecloud.io/dokku/dokku/gpgkey | apt-key add - \
&& echo "deb https://packagecloud.io/dokku/dokku/ubuntu/ bionic main" | tee /etc/apt/sources.list.d/dokku.list \
&& mkdir -p /etc/nginx/ \
&& cp /tmp/dhparam.pem /etc/nginx/dhparam.pem \
&& apt-get update -qq \
&& apt-get upgrade -qq -y \
&& apt-get -qq -y --no-install-recommends --only-upgrade install openssl openssh-server \
&& apt-get -qq -y --no-install-recommends install rsync /tmp/dokku.deb \
&& apt-get purge -qq -y syslog-ng-core \
&& apt-get autoremove -qq -y \
&& apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
WORKDIR /tmp
COPY ./docker .
RUN \
rsync -a /tmp/ / \
&& rm -rf /tmp/* \
&& rm /etc/runit/runsvdir/default/sshd/down \
&& chown -R dokku:dokku /home/dokku/ \
&& mkdir -p /skel/etc /skel/home /skel/var/lib/dokku /var/log/services \
&& mv /etc/ssh /skel/etc/ssh \
&& mv /home/dokku /skel/home/dokku \
&& mv /var/lib/dokku/config /skel/var/lib/dokku/config \
&& mv /var/lib/dokku/data /skel/var/lib/dokku/data \
&& ln -sf /mnt/dokku/etc/ssh /etc/ssh \
&& ln -sf /mnt/dokku/home/dokku /home/dokku \
&& ln -sf /mnt/dokku/var/lib/dokku/config /var/lib/dokku/config \
&& ln -sf /mnt/dokku/var/lib/dokku/data /var/lib/dokku/data \
&& mv /etc/my_init.d/00_regen_ssh_host_keys.sh /etc/my_init.d/15_regen_ssh_host_keys \
&& rm -f /etc/nginx/sites-enabled/default /usr/share/nginx/html/index.html /etc/my_init.d/10_syslog-ng.init \
&& rm -f /usr/local/openresty/nginx/conf/sites-enabled/default /usr/share/openresty/html/index.html \
&& sed -i '/imklog/d' /etc/rsyslog.conf \
&& rm -f /var/log/btmp /var/log/wtmp /var/log/*log /var/log/apt/* /var/log/dokku/*.log /var/log/nginx/* /var/log/openresty/*
rsync -a /tmp/ / \
&& rm -rf /tmp/* \
&& rm /etc/runit/runsvdir/default/sshd/down \
&& chown -R dokku:dokku /home/dokku/ \
&& mkdir -p /skel/etc /skel/home /skel/var/lib/dokku /var/log/services \
&& mv /etc/ssh /skel/etc/ssh \
&& mv /home/dokku /skel/home/dokku \
&& mv /var/lib/dokku/config /skel/var/lib/dokku/config \
&& mv /var/lib/dokku/data /skel/var/lib/dokku/data \
&& ln -sf /mnt/dokku/etc/ssh /etc/ssh \
&& ln -sf /mnt/dokku/home/dokku /home/dokku \
&& ln -sf /mnt/dokku/var/lib/dokku/config /var/lib/dokku/config \
&& ln -sf /mnt/dokku/var/lib/dokku/data /var/lib/dokku/data \
&& mv /etc/my_init.d/00_regen_ssh_host_keys.sh /etc/my_init.d/15_regen_ssh_host_keys \
&& rm -f /etc/nginx/sites-enabled/default /usr/share/nginx/html/index.html /etc/my_init.d/10_syslog-ng.init \
&& rm -f /usr/local/openresty/nginx/conf/sites-enabled/default /usr/share/openresty/html/index.html \
&& sed -i '/imklog/d' /etc/rsyslog.conf \
&& rm -f /var/log/btmp /var/log/wtmp /var/log/*log /var/log/apt/* /var/log/dokku/*.log /var/log/nginx/* /var/log/openresty/*

8
Makefile
View File

@@ -36,7 +36,7 @@ endif
include common.mk
.PHONY: all apt-update install version copyfiles copyplugin man-db plugins dependencies docker-image-labeler netrc sshcommand procfile-util plugn docker aufs stack count dokku-installer vagrant-acl-add vagrant-dokku go-build
.PHONY: all apt-update install version copyfiles copyplugin man-db plugins dependencies docker-image-labeler netrc sshcommand procfile-util plugn docker aufs stack count vagrant-acl-add vagrant-dokku go-build
include tests.mk
include package.mk
@@ -206,12 +206,6 @@ count:
@echo "Test lines:"
@find tests -type f -not -name .DS_Store | xargs cat | sed 's/^$$//g' | wc -l
dokku-installer:
test -f /var/lib/dokku/.dokku-installer-created || python contrib/dokku-installer.py onboot
test -f /var/lib/dokku/.dokku-installer-created || service dokku-installer start
test -f /var/lib/dokku/.dokku-installer-created || service nginx reload
test -f /var/lib/dokku/.dokku-installer-created || touch /var/lib/dokku/.dokku-installer-created
vagrant-acl-add:
vagrant ssh -- sudo sshcommand acl-add dokku $(USER)

8
Vagrantfile vendored
View File

@@ -56,7 +56,6 @@ Vagrant::configure("2") do |config|
end
vm.vm.provision :shell, :inline => "export DEBIAN_FRONTEND=noninteractive && apt-get update -qq >/dev/null && apt-get -qq -y --no-install-recommends install git build-essential >/dev/null && cd /root/dokku && #{make_cmd}"
vm.vm.provision :shell, :inline => "cd /root/dokku && make dokku-installer"
vm.vm.provision :shell do |s|
s.inline = <<-EOT
echo '"\e[5~": history-search-backward' > /root/.inputrc
@@ -65,6 +64,10 @@ Vagrant::configure("2") do |config|
echo 'set completion-ignore-case on' >> /root/.inputrc
EOT
end
if Pathname.new(PUBLIC_KEY_PATH).exist?
vm.vm.provision :shell, :inline => "echo 'Importing ssh key into dokku' && cat /root/.ssh/authorized_keys | dokku ssh-keys:add admin"
end
end
# For windows users. Sharing folder from windows creates problem with sym links and so, sync the repo instead from GOS.
@@ -74,7 +77,6 @@ Vagrant::configure("2") do |config|
vm.vm.network :private_network, ip: DOKKU_IP
vm.vm.provision :shell, :inline => "export DEBIAN_FRONTEND=noninteractive && apt-get update -qq >/dev/null && apt-get -qq -y --no-install-recommends install git dos2unix >/dev/null"
vm.vm.provision :shell, :inline => "cd /vagrant/ && export DOKKU_BRANCH=`git symbolic-ref -q --short HEAD 2>/dev/null` && export DOKKU_TAG=`git describe --tags --exact-match 2>/dev/null` && cd /root/ && cp /vagrant/bootstrap.sh ./ && dos2unix bootstrap.sh && bash bootstrap.sh"
vm.vm.provision :shell, :inline => "cd /root/dokku && make dokku-installer"
end
config.vm.define "dokku-deb", autostart: false do |vm|
@@ -117,6 +119,6 @@ Vagrant::configure("2") do |config|
if Pathname.new(PUBLIC_KEY_PATH).exist?
config.vm.provision :file, source: PUBLIC_KEY_PATH, destination: '/tmp/id_rsa.pub'
config.vm.provision :shell, :inline => "rm -f /root/.ssh/authorized_keys && mkdir -p /root/.ssh && sudo cp /tmp/id_rsa.pub /root/.ssh/authorized_keys"
config.vm.provision :shell, :inline => "echo 'Copying ssh key into vm' && rm -f /root/.ssh/authorized_keys && mkdir -p /root/.ssh && sudo cp /tmp/id_rsa.pub /root/.ssh/authorized_keys"
end
end

1
bootstrap.sh
View File

@@ -212,7 +212,6 @@ install-dokku-from-deb-package() {
apt-get update -qq >/dev/null
[[ -n $DOKKU_VHOST_ENABLE ]] && echo "dokku dokku/vhost_enable boolean $DOKKU_VHOST_ENABLE" | sudo debconf-set-selections
[[ -n $DOKKU_WEB_CONFIG ]] && echo "dokku dokku/web_config boolean $DOKKU_WEB_CONFIG" | sudo debconf-set-selections
[[ -n $DOKKU_HOSTNAME ]] && echo "dokku dokku/hostname string $DOKKU_HOSTNAME" | sudo debconf-set-selections
[[ -n $DOKKU_SKIP_KEY_FILE ]] && echo "dokku dokku/skip_key_file boolean $DOKKU_SKIP_KEY_FILE" | sudo debconf-set-selections
[[ -n $DOKKU_KEY_FILE ]] && echo "dokku dokku/key_file string $DOKKU_KEY_FILE" | sudo debconf-set-selections

438
contrib/dokku-installer.py
View File

@@ -1,438 +0,0 @@
#!/usr/bin/env python3
import cgi
import json
import os
import re
import shutil
try:
import SimpleHTTPServer
import SocketServer
except ImportError:
import http.server as SimpleHTTPServer
import socketserver as SocketServer
import subprocess
import sys
import threading
VERSION = 'v0.24.10'
def bytes_to_string(b):
if type(b) == bytes:
encoding = sys.stdout.encoding
if encoding is None:
encoding = 'utf-8'
b = b.decode(encoding)
b = b.strip()
return b
def string_to_bytes(s):
if type(s) == str:
encoding = sys.stdout.encoding
if encoding is None:
encoding = 'utf-8'
s = s.encode(encoding)
return s
hostname = ''
try:
command = "bash -c '[[ $(dig +short $HOSTNAME) ]] && echo $HOSTNAME || wget -q -O - icanhazip.com'"
hostname = bytes_to_string(subprocess.check_output(command, shell=True))
except subprocess.CalledProcessError:
pass
key_file = os.getenv('KEY_FILE', None)
if os.path.isfile('/home/ec2-user/.ssh/authorized_keys'):
key_file = '/home/ec2-user/.ssh/authorized_keys'
elif os.path.isfile('/home/ubuntu/.ssh/authorized_keys'):
key_file = '/home/ubuntu/.ssh/authorized_keys'
else:
key_file = '/root/.ssh/authorized_keys'
admin_keys = []
if os.path.isfile(key_file):
try:
command = "cat {0}".format(key_file)
admin_keys = bytes_to_string(subprocess.check_output(command, shell=True)).strip().split("\n")
except subprocess.CalledProcessError:
pass
ufw_display = 'block'
try:
command = "sudo ufw status"
ufw_output = bytes_to_string(subprocess.check_output(command, shell=True, stderr=subprocess.DEVNULL).strip())
if "inactive" in ufw_output:
ufw_display = 'none'
except subprocess.CalledProcessError:
ufw_display = 'none'
nginx_dir = '/etc/nginx'
nginx_init = '/etc/init.d/nginx'
try:
command = "test -x /usr/bin/openresty"
subprocess.check_output(command, shell=True)
nginx_dir = '/usr/local/openresty/nginx/conf'
nginx_init = '/etc/init.d/openresty'
except subprocess.CalledProcessError:
pass
def check_boot():
if 'onboot' not in sys.argv:
return
init_dir = os.getenv('INIT_DIR', '/etc/init')
systemd_dir = os.getenv('SYSTEMD_DIR', '/etc/systemd/system')
nginx_conf_dir = os.getenv('NGINX_CONF_DIR', '{0}/conf.d'.format(nginx_dir))
if os.path.exists(init_dir):
with open('{0}/dokku-installer.conf'.format(init_dir), 'w') as f:
f.write("start on runlevel [2345]\n")
f.write("exec {0} selfdestruct\n".format(os.path.abspath(__file__)))
if os.path.exists(systemd_dir):
with open('{0}/dokku-installer.service'.format(systemd_dir), 'w') as f:
f.write("[Unit]\n")
f.write("Description=Dokku web-installer\n")
f.write("\n")
f.write("[Service]\n")
f.write("ExecStart={0} selfdestruct\n".format(os.path.abspath(__file__)))
f.write("\n")
f.write("[Install]\n")
f.write("WantedBy=multi-user.target\n")
f.write("WantedBy=graphical.target\n")
if os.path.exists(nginx_conf_dir):
with open('{0}/dokku-installer.conf'.format(nginx_conf_dir), 'w') as f:
f.write("upstream dokku-installer { server 127.0.0.1:2000; }\n")
f.write("server {\n")
f.write(" listen 80;\n")
f.write(" location / {\n")
f.write(" proxy_pass http://dokku-installer;\n")
f.write(" }\n")
f.write("}\n")
subprocess.call('rm -f {0}/sites-enabled/*'.format(nginx_dir), shell=True)
sys.exit(0)
class GetHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
def write_content(self, content):
try:
self.wfile.write(content)
except TypeError:
self.wfile.write(string_to_bytes(content))
def do_GET(self):
content = PAGE.replace('{VERSION}', VERSION)
content = content.replace('{UFW_DISPLAY}', ufw_display)
content = content.replace('{HOSTNAME}', hostname)
content = content.replace('{AUTHORIZED_KEYS_LOCATION}', key_file)
content = content.replace('{ADMIN_KEYS}', "\n".join(admin_keys))
self.send_response(200)
self.end_headers()
self.write_content(content)
def do_POST(self):
if self.path not in ['/setup', '/setup/']:
return
params = cgi.FieldStorage(fp=self.rfile,
headers=self.headers,
environ={
'REQUEST_METHOD': 'POST',
'CONTENT_TYPE': self.headers['Content-Type']})
dokku_root = os.getenv('DOKKU_ROOT', '/home/dokku')
dokku_user = os.getenv('DOKKU_SYSTEM_GROUP', 'dokku')
dokku_group = os.getenv('DOKKU_SYSTEM_USER', 'dokku')
vhost_enable = 'false'
vhost_filename = '{0}/VHOST'.format(dokku_root)
if 'vhost' in params and params['vhost'].value == 'true':
vhost_enable = 'true'
with open(vhost_filename, 'w') as f:
f.write(params['hostname'].value.strip("/"))
shutil.chown(vhost_filename, dokku_user, dokku_group)
else:
try:
os.remove(vhost_filename)
except OSError:
pass
hostname_filename = '{0}/HOSTNAME'.format(dokku_root)
with open(hostname_filename, 'w') as f:
f.write(params['hostname'].value.strip("/"))
shutil.chown(hostname_filename, dokku_user, dokku_group)
for (index, key) in enumerate(params['keys'].value.splitlines(), 1):
user = 'admin'
if self.admin_user_exists() is not None:
user = 'web-admin'
if self.web_admin_user_exists() is not None:
index = int(self.web_admin_user_exists()) + 1
elif self.web_admin_user_exists() is None:
index = 1
elif self.admin_user_exists() is None:
pass
else:
index = int(self.admin_user_exists()) + 1
user = user + str(index)
command = ['sshcommand', 'acl-add', 'dokku', user]
proc = subprocess.Popen(command, stdin=subprocess.PIPE)
try:
proc.stdin.write(key)
except TypeError:
proc.stdin.write(string_to_bytes(key))
proc.stdin.close()
proc.wait()
set_debconf_selection('boolean', 'nginx_enable', 'true')
set_debconf_selection('boolean', 'skip_key_file', 'true')
set_debconf_selection('boolean', 'vhost_enable', vhost_enable)
set_debconf_selection('boolean', 'web_config', 'false')
set_debconf_selection('string', 'hostname', params['hostname'].value)
if 'selfdestruct' in sys.argv:
DeleteInstallerThread()
content = json.dumps({'status': 'ok'})
self.send_response(200)
self.end_headers()
self.write_content(content)
def web_admin_user_exists(self):
return self.user_exists('web-admin(\d+)')
def admin_user_exists(self):
return self.user_exists('admin(\d+)')
def user_exists(self, name):
command = 'dokku ssh-keys:list'
pattern = re.compile(r'NAME="' + name + '"')
proc = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE)
max_num = 0
exists = False
for line in proc.stdout:
m = pattern.search(bytes_to_string(line))
if m:
# User of the form `user` or `user#` exists
exists = True
max_num = max(max_num, int(m.group(1)))
if exists:
return max_num
else:
return None
def set_debconf_selection(debconf_type, key, value):
found = False
with open('/etc/os-release', 'r') as f:
for line in f:
if 'debian' in line:
found = True
if not found:
return
ps = subprocess.Popen(['echo', 'dokku dokku/{0} {1} {2}'.format(
key, debconf_type, value
)], stdout=subprocess.PIPE)
try:
subprocess.check_output(['debconf-set-selections'], stdin=ps.stdout)
except subprocess.CalledProcessError:
pass
ps.wait()
class DeleteInstallerThread(object):
def __init__(self, interval=1):
thread = threading.Thread(target=self.run, args=())
thread.daemon = True
thread.start()
def run(self):
command = "rm {0}/conf.d/dokku-installer.conf && {1} stop && {1} start".format(nginx_dir, nginx_init)
try:
subprocess.call(command, shell=True)
except:
pass
command = "rm -f /etc/init/dokku-installer.conf /etc/systemd/system/dokku-installer.service && (stop dokku-installer || systemctl stop dokku-installer.service)"
try:
subprocess.call(command, shell=True)
except:
pass
def main():
check_boot()
port = int(os.getenv('PORT', 2000))
httpd = SocketServer.TCPServer(("", port), GetHandler)
print("Listening on 0.0.0.0:{0}, CTRL+C to stop".format(port))
httpd.serve_forever()
PAGE = """
<html>
<head>
<meta charset="utf-8" />
<title>Dokku Setup</title>
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css" integrity="sha384-MCw98/SFnGE8fJT3GXwEOngsV7Zt27NXFoaoApmYm81iuXoPkFOJwJ8ERdknLPMO" crossorigin="anonymous">
<style>
.bd-callout {
padding: 1.25rem;
margin-top: 1.25rem;
margin-bottom: 1.25rem;
border: 1px solid #eee;
border-left-width: .25rem;
border-radius: .25rem;
}
.bd-callout p:last-child {
margin-bottom: 0;
}
.bd-callout-info {
border-left-color: #5bc0de;
}
pre {
font-size: 80%;
margin-bottom: 0;
}
h1 small {
font-size: 50%;
}
h5 {
font-size: 1rem;
}
.container {
width: 640px;
}
.result {
padding-left: 20px;
}
input.form-control, textarea.form-control {
background-color: #fafbfc;
font-size: 14px;
}
input.form-control::placeholder, textarea.form-control::placeholder {
color: #adb2b8
}
</style>
</head>
<body>
<div class="container">
<form id="form" role="form">
<h1 class="pt-3">Dokku Setup <small class="text-muted">{VERSION}</small></h1>
<div class="alert alert-warning small" role="alert">
<strong>Warning:</strong> The SSH key filled out here can grant root access to the server. Please complete the setup as soon as possible.
</div>
<div class="row">
<div class="col">
<h3>Admin Access</h3>
<div class="form-group">
<label for="key">Public SSH Keys</label><br />
<textarea class="form-control" name="keys" rows="5" id="key" placeholder="Begins with 'ssh-rsa', 'ssh-dss', 'ssh-ed25519', 'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', or 'ecdsa-sha2-nistp521'">{ADMIN_KEYS}</textarea>
<small class="form-text text-muted">Public keys allow users to ssh onto the server as the <code>dokku</code> user, as well as remotely execute Dokku commands. They are currently auto-populated from: <code>{AUTHORIZED_KEYS_LOCATION}</code>, and can be changed later via the <a href="https://dokku.com/docs/deployment/user-management/" target="_blank"><code>dokku ssh-keys</code></a> plugin.</small>
</div>
</div>
</div>
<div class="row">
<div class="col">
<h3>Hostname Configuration</h3>
<div class="form-group">
<label for="hostname">Hostname</label>
<input class="form-control" type="text" id="hostname" name="hostname" value="{HOSTNAME}" placeholder="A hostname or ip address such as {HOSTNAME}" />
<small class="form-text text-muted">This will be used as the default host for all applications, and can be changed later via the <a href="https://dokku.com/docs/configuration/domains/" target="_blank"><code>dokku domains:set-global</code></a> command.</small>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" id="vhost" name="vhost" value="true">
<label class="form-check-label" for="vhost">Use virtualhost naming for apps</label>
<small class="form-text text-muted">When enabled, Nginx will be run on port 80 and proxy requests to apps based on hostname.</small>
<small class="form-text text-muted">When disabled, a specific port will be setup for each application on first deploy, and requests to that port will be proxied to the relevant app.</small>
</div>
<div class="alert alert-warning small mt-3 d-{UFW_DISPLAY}" role="alert">
<strong>Warning:</strong> UFW is active. To allow traffic to specific ports, run <code>sudo ufw allow PORT</code> for the port in question.
</div>
<div class="bd-callout bd-callout-info">
<h5>What will app URLs look like?</h5>
<pre><code id="example">http://hostname:port</code></pre>
</div>
</div>
</div>
<button type="button" onclick="setup()" class="btn btn-primary">Finish Setup</button> <span class="result"></span>
</form>
</div>
<div id="error-output"></div>
<script>
var $ = document.querySelector.bind(document)
function setup() {
if ($("#key").value.trim() == "") {
alert("Your admin public key cannot be blank.")
return
}
if ($("#hostname").value.trim() == "") {
alert("Your hostname cannot be blank.")
return
}
var data = new FormData($("#form"))
var inputs = [].slice.call(document.querySelectorAll("input, textarea, button"))
inputs.forEach(function (input) {
input.disabled = true
})
var result = $(".result")
fetch("/setup", {method: "POST", body: data})
.then(function(response) {
if (response.ok) {
return response.json()
} else {
throw new Error('Server returned error')
}
})
.then(function(response) {
result.classList.add("text-success");
result.textContent = "Success! Redirecting in 3 seconds. .."
setTimeout(function() {
window.location.href = "https://dokku.com/docs~{VERSION}/deployment/application-deployment/";
}, 3000);
})
.catch(function (error) {
result.classList.add("text-danger");
result.textContent = "Could not send the request"
})
}
function update() {
if ($("#vhost").matches(":checked") && $("#hostname").value.match(/^(\d{1,3}\.){3}\d{1,3}$/)) {
alert("In order to use virtualhost naming, the hostname must not be an IP but a valid domain name.")
$("#vhost").checked = false;
}
if ($("#vhost").matches(':checked')) {
$("#example").textContent = "http://<app-name>."+$("#hostname").value
} else {
$("#example").textContent = "http://"+$("#hostname").value+":<app-port>"
}
}
$("#vhost").addEventListener("change", update);
$("#hostname").addEventListener("input", update);
update();
</script>
</body>
</html>
"""
if __name__ == "__main__":
main()

1
contrib/release-dokku
View File

@@ -204,7 +204,6 @@ fn-repo-update() {
return
fi
fn-replace-version "$CURRENT_VERSION" "$NEXT_VERSION" contrib/dokku-installer.py
fn-replace-version "$CURRENT_VERSION" "$NEXT_VERSION" debian/control
fn-replace-version "$CURRENT_VERSION" "$NEXT_VERSION" Dockerfile
fn-replace-version "$CURRENT_VERSION" "$NEXT_VERSION" docs/advanced-usage/plugin-management.md

8
debian/config vendored
View File

@@ -10,14 +10,6 @@ fi
readonly ACTION="${1:-configure}"
readonly VERSION="${2:-dev}"
db_input "high" "dokku/web_config" || true
db_go || true
db_get "dokku/web_config"
if [ $RET = "true" ]; then
exit 0
fi
db_input "high" "dokku/nginx_enable" || true
db_input "high" "dokku/hostname" || true
db_input "high" "dokku/vhost_enable" || true

3
debian/lintian-overrides vendored
View File

@@ -10,6 +10,3 @@ dokku: hardening-no-relro
# Built golang binaries link to libc
dokku: missing-dependency-on-libc
# Temporary python dependency until #2247 is resolved
dokku: python-script-but-no-python-dep usr/share/dokku/contrib/dokku-installer.py

37
debian/postinst vendored
View File

@@ -102,40 +102,7 @@ setup-sshcommand() {
fi
}
setup-dokku-installer() {
NGINX_ROOT="/etc/nginx"
[[ -x /usr/bin/openresty ]] && NGINX_ROOT="/usr/local/openresty/nginx/conf"
if command -v "python3" &>/dev/null; then
sed -i '1 s/^.*$/#!\/usr\/bin\/env python3/' /usr/share/dokku/contrib/dokku-installer.py
elif command -v "python2.7" &>/dev/null; then
sed -i '1 s/^.*$/#!\/usr\/bin\/env python2.7/' /usr/share/dokku/contrib/dokku-installer.py
fi
if [[ -f "$NGINX_ROOT/conf.d/dokku-installer.conf" ]]; then
echo "Setting up dokku-installer"
/usr/share/dokku/contrib/dokku-installer.py onboot
if command -v systemctl &>/dev/null; then
echo "Enabling dokku-installer"
systemctl enable dokku-installer
fi
installer_status="$(service dokku-installer status 2>/dev/null || true)"
if echo $installer_status | grep -Eq "(inactive|waiting)" >/dev/null; then
echo "Starting dokku-installer"
service dokku-installer start || echo "Unable to start dokku-installer"
fi
fi
}
dpkg-handling() {
db_get "dokku/web_config"
if [ "$RET" = "true" ]; then
db_stop
exit 0
fi
if [ -f "${DOKKU_ROOT}/VHOST" ]; then
echo "VHOST file detected, skipping modification"
else
@@ -147,9 +114,6 @@ dpkg-handling() {
fi
fi
db_get "dokku/hostname"
echo "$RET" >"${DOKKU_ROOT}/HOSTNAME"
if [ -z "${DEBCONF_RECONFIGURE}" ]; then
db_get "dokku/key_file"
if [ -f "$RET" ]; then
@@ -173,7 +137,6 @@ case "$1" in
setup-storage
setup-plugins
setup-sshcommand
setup-dokku-installer
dpkg-handling
;;

47
debian/preinst vendored
View File

@@ -7,55 +7,8 @@ if [[ -e /usr/share/debconf/confmodule ]]; then
. /usr/share/debconf/confmodule
fi
setup_dokku_installer() {
NGINX_BASE_PATH="$1"
NGINX_INIT_NAME="$2"
NGINX_CONF="${NGINX_BASE_PATH}/conf.d/dokku-installer.conf"
rm -f $NGINX_CONF
touch $NGINX_CONF
{
echo 'upstream dokku-installer { server 127.0.0.1:2000; }'
echo 'server {'
echo ' listen 80;'
echo ' location / {'
echo ' proxy_pass http://dokku-installer;'
echo ' }'
echo '}'
} >>$NGINX_CONF
rm -f $NGINX_BASE_PATH/sites-enabled/*
DOKKU_DISTRO="$(
. /etc/os-release >/dev/null 2>&1 || true
echo "$ID"
)"
case "$DOKKU_DISTRO" in
debian)
/usr/sbin/invoke-rc.d "$NGINX_INIT_NAME" reload || /usr/sbin/invoke-rc.d "$NGINX_INIT_NAME" start
;;
ubuntu)
if [[ -x /usr/bin/sv ]]; then
/usr/bin/sv reload "$NGINX_INIT_NAME" || /usr/bin/sv start "$NGINX_INIT_NAME"
else
"/etc/init.d/$NGINX_INIT_NAME" reload || "/etc/init.d/$NGINX_INIT_NAME" start
fi
;;
esac
}
case "$1" in
install)
db_get "dokku/web_config"
if [ "$RET" = "true" ]; then
if [[ -x /usr/bin/openresty ]]; then
setup_dokku_installer "/usr/local/openresty/nginx/conf" "openresty"
else
setup_dokku_installer "/etc/nginx" "nginx"
fi
fi
db_get "dokku/skip_key_file"
if [ -z "${DEBCONF_RECONFIGURE}" ] && [ "$RET" != "true" ]; then
db_get "dokku/key_file"

5
debian/templates vendored
View File

@@ -1,8 +1,3 @@
Template: dokku/web_config
Description: Enable the web-based config page?
Type: boolean
Default: true
Template: dokku/vhost_enable
Description: Enable vhost-based deployments?
Type: boolean

1
docs/appendices/0.25.0-migration-guide.md
View File

@@ -30,3 +30,4 @@ The [dokku-registry](https://github.com/dokku/dokku-registry) plugin is now buil
## Removals
- As of April 2021, Ubuntu 16.04 is no longer an LTS release, and support has been removed. Packages may still install on older versions of Ubuntu, but are no longer tested, and therefore no support will be provided.
- The web installer has been removed. Users are now required to setup Dokku via cli commands. This change was made to combat potential security issues where users ignored the web installer, allowing unauthorized users to add their keys to the host.

2
docs/deployment/user-management.md
View File

@@ -18,7 +18,7 @@ Users in Dokku are managed via the `~/dokku/.ssh/authorized_keys` file. It is *h
### Listing SSH keys
You can use the `ssh-keys:list` command to show all configured SSH keys. Any key added via the `dokku-installer` will be associated with the `admin` key name.
You can use the `ssh-keys:list` command to show all configured SSH keys.
```shell
dokku ssh-keys:list

6
docs/development/plugin-triggers.md
View File

@@ -799,8 +799,8 @@ set -eo pipefail; [[ $DOKKU_TRACE ]] && set -x
set -eo pipefail; [[ $DOKKU_TRACE ]] && set -x
if [[ ! -f "$DOKKU_ROOT/HOSTNAME" ]]; then
hostname -f > $DOKKU_ROOT/HOSTNAME
if [[ ! -f "$DOKKU_ROOT/VHOST" ]]; then
hostname -f > $DOKKU_ROOT/VHOST
fi
```
@@ -2375,7 +2375,7 @@ Note that the trigger should exit as follows:
The `SSH_USER` is the original ssh user. If you are running remote commands, this user will typically be `dokku`, and as such should not be trusted when checking permissions. If you are connected via ssh as a different user who then invokes `dokku`, the value of this variable will be that user's name (`root`, `myuser`, etc.).
The `SSH_NAME` is the `NAME` variable set via the `sshcommand acl-add` command. If you have set a user via the `dokku-installer`, this value will be set to `admin`. For installs via debian package, this value _may_ be `default`. For reference, the following command can be run as the root user to specify a specific `NAME` for a given ssh key:
The `SSH_NAME` is the `NAME` variable set via the `sshcommand acl-add` command. For reference, the following command can be run as the root user to specify a specific `NAME` for a given ssh key:
```shell
sshcommand acl-add dokku NAME < $PATH_TO_SSH_KEY

4
docs/getting-started/advanced-installation.md
View File

@@ -50,12 +50,10 @@ The Herokuish package is recommended but not required if not using Heroku buildp
## Configuring an unattended installation
Once Dokku is installed, if you are not using the web-installer, you'll want to configure the virtualhost setup as well as the push user. If you do not, your installation will be considered incomplete and you will not be able to deploy applications.
Once Dokku is installed, you'll want to configure the virtualhost setup as well as the push user. If you do not, your installation will be considered incomplete and you will not be able to deploy applications.
For Debian, unattended installation is described [Debian installation guide](/docs/getting-started/install/debian.md).
> Warning: You should also stop and disable the `dokku-installer` service to remove public access to adding SSH keys.
Set up a domain using your preferred vendor and a wildcard domain pointing to the host running Dokku. You can manage this global domain using the [domains plugin](/docs/configuration/domains.md).
Follow the [user management documentation](/docs/deployment/user-management.md) in order to add SSH keys for users to Dokku, or to give other Unix accounts access to Dokku.

1
docs/getting-started/install/debian.md
View File

@@ -36,7 +36,6 @@ After setting the desired options, proceed with the installation as described ab
| Name | Type | Default | Description |
| ------------------ | ------- | --------------------- | ------------------------------------------------------------------------ |
| dokku/web_config | boolean | true | Use web-based config for below options |
| dokku/vhost_enable | boolean | false | Use vhost-based deployments (e.g. `[yourapp].dokku.me`) |
| dokku/hostname | string | dokku.me | Hostname, used as vhost domain and for showing app URL after deploy |
| dokku/skip_key_file| boolean | false | Don't check for the existence of the dokku/key_file. Warning: Setting this to true, will require you to manually add an SSH key later on. |

1
docs/getting-started/install/docker.md
View File

@@ -29,7 +29,6 @@ Dokku is run in the following configuration:
- Container HTTPS port 443 is exposed on the host as 8443.
- Data within the container is stored on the host within the `/var/lib/dokku` directory.
- The docker socket is mounted into container
- The "web installer" is not supported.
Application repositories, plugin config, as well as plugin data are persisted to disk within the specified host directory for `/var/lib/dokku`.

1
docs/getting-started/install/dreamhost.md
View File

@@ -180,7 +180,6 @@ apt:
-----END PGP PUBLIC KEY BLOCK-----
debconf_selections:
web: dokku dokku/web_config boolean false
vhost: dokku dokku/vhost_enable boolean true
# set the domain name of the new Dokku server
hostname: dokku dokku/hostname string $YOUR_FULL_QUALIFIED_DOMAIN

12
docs/getting-started/install/vagrant.md
View File

@@ -38,8 +38,16 @@
> For users that have customized the IP address of their VM - either in a custom `Vagrantfile` or via the `DOKKU_IP` environment variable - and are not using `10.0.0.2` for the Vagrant IP, you'll need to instead use the output of `vagrant ssh-config dokku` for your `~/.ssh/config` entry.
6. Copy your SSH key via `cat ~/.ssh/id_rsa.pub | pbcopy` and paste it into the dokku-installer at http://dokku.me . Change the `Hostname` field on the Dokku Setup screen to your domain and then check the box that says **Use virtualhost naming**. Then click **Finish Setup** to install your key. You'll be directed to application deployment instructions from here.
6. Connect to the server and add your ssh key to the install. Additionally, set the global domain name to `dokku.me`.
Please note, the `dokku.me` domain is setup to point to `10.0.0.2` along with all subdomains (i.e. `yourapp.dokku.me`). If you change the `DOKKU_IP` in your Vagrant setup you'll need to update your `/etc/hosts` file to point your reconfigured IP address.
```shell
# usually your key is already available under the current user's `~/.ssh/authorized_keys` file
cat ~/.ssh/authorized_keys | dokku ssh-keys:add admin
# you can use any domain you already have access to
dokku domains:set-global dokku.me
```
> Please note, the `dokku.me` domain is setup to point to `10.0.0.2` along with all subdomains (i.e. `yourapp.dokku.me`). If you change the `DOKKU_IP` in your Vagrant setup you'll need to update your `/etc/hosts` file to point your reconfigured IP address.
You are now ready to deploy an app or install plugins.

16
docs/getting-started/installation.md
View File

@@ -35,17 +35,23 @@ When connecting a domain, either a single domain or a wildcard may be associated
#### 3. Setup SSH key and Virtualhost Settings
Once the installation is complete, you can open a browser to setup your SSH key and virtualhost settings. Open your browser of choice and navigate to the host's IP address - or the domain you assigned to that IP previously - and configure Dokku via the web admin.
Once the installation is complete, you should configure an ssh key and set your global domain:from-archive
Alternatively, instructions to skip the web installer with an unattended installation are available in the [advanced install guide](/docs/getting-started/advanced-installation.md#configuring).
```shell
# usually your key is already available under the current user's `~/.ssh/authorized_keys` file
cat ~/.ssh/authorized_keys | dokku ssh-keys:add admin
> **Warning:** If you don't complete setup via the web installer (even if you set up SSH keys and virtual hosts otherwise) your Dokku installation will remain vulnerable to anyone finding the setup page and inserting their key. You can check if it is still running via `ps auxf | grep dokku-installer`, and it may be stopped via your server's init system - usually either `service dokku-installer stop` or `stop dokku-installer`.
# you can use any domain you already have access to
dokku domains:set-global dokku.me
```
> **Warning:** Web installer is not available on CentOS and Arch Linux. You will need to configure [SSH keys](/docs/deployment/user-management.md#adding-ssh-keys) and [virtual hosts](/docs/configuration/domains.md#customizing-hostnames) using dokku command line interface - see unattended installation linked above.
See the [user management](/docs/deployment/user-management.md#adding-ssh-keys) and [domains documentation](/docs/configuration/domains.md#customizing-hostnames) for more information.
Alternatively, instructions for an unattended installation are available in the [advanced install guide](/docs/getting-started/advanced-installation.md#configuring).
#### 4. Deploy your first application
Once you save your settings, the web admin will self-terminate and you should be able to run or [deploy to the Dokku installation](/docs/deployment/application-deployment.md).
At this point, you should be able to run or [deploy to the Dokku installation](/docs/deployment/application-deployment.md).
### Installing via other methods

2
package.mk
View File

@@ -3,7 +3,6 @@
mkdir -p /tmp/build-dokku/usr/share/bash-completion/completions
mkdir -p /tmp/build-dokku/usr/bin
mkdir -p /tmp/build-dokku/usr/share/doc/dokku
mkdir -p /tmp/build-dokku/usr/share/dokku/contrib
mkdir -p /tmp/build-dokku/usr/share/lintian/overrides
mkdir -p /tmp/build-dokku/usr/share/man/man1
mkdir -p /tmp/build-dokku/var/lib/dokku/core-plugins/available
@@ -22,7 +21,6 @@
$(MAKE) addman
cp /usr/local/share/man/man1/dokku.1 /tmp/build-dokku/usr/share/man/man1/dokku.1
gzip -9 /tmp/build-dokku/usr/share/man/man1/dokku.1
cp contrib/dokku-installer.py /tmp/build-dokku/usr/share/dokku/contrib
ifeq ($(DOKKU_VERSION),master)
git describe --tags > /tmp/build-dokku/var/lib/dokku/VERSION
else

43
plugins/00_dokku-standard/install
View File

@@ -2,12 +2,8 @@
set -eo pipefail
[[ $DOKKU_TRACE ]] && set -x
if [[ ! -f "$DOKKU_ROOT/HOSTNAME" ]]; then
hostname -f >"$DOKKU_ROOT/HOSTNAME"
fi
if [[ ! -f "$DOKKU_ROOT/VHOST" ]]; then
[[ $(dig +short "$(<"$DOKKU_ROOT/HOSTNAME")") ]] && cp "$DOKKU_ROOT/HOSTNAME" "$DOKKU_ROOT/VHOST"
[[ $(dig +short "$(hostname -f)") ]] && hostname -f >"$DOKKU_ROOT/VHOST"
fi
dokku_path="$(which dokku)"
@@ -48,21 +44,34 @@ EOF
fi
mkdir -p /etc/update-motd.d
cat <<EOF >/etc/update-motd.d/99-dokku
cat <<DOKKU_EOF >/etc/update-motd.d/99-dokku
#!/bin/sh
if [ ! -f "/home/dokku/HOSTNAME" ]; then
echo "\nTo avoid cli-based dokku configuration, use the web installer"
echo "Debian-based installs should have this running and available"
echo "on port 80. You can also install it via the following commands:"
echo ""
echo " cd /root/dokku"
echo " sudo make dokku-installer\n"
fi
EOF
chmod +x /etc/update-motd.d/99-dokku
if [ ! -s "$DOKKU_ROOT/VHOST" ]; then
cat <<'EOF'
chown dokku:dokku "$DOKKU_ROOT/HOSTNAME"
! If using virtualhost routing is desired (eg. my-app => my-app.dokku.me), set a global domain for your server:
dokku domains:set-global dokku.me
EOF
fi
if [ ! -s "$DOKKU_ROOT/.ssh/authorized_keys" ]; then
cat <<'EOF'
! Setup a user's ssh key for deployment by passing in the public ssh key as shown:
echo 'CONTENTS_OF_ID_RSA_PUB_FILE' | dokku ssh-keys:add admin
EOF
fi
if [ ! -f "$DOKKU_ROOT/VHOST" ] || [ ! -s "$DOKKU_ROOT/.ssh/authorized_keys" ]; then
cat <<'EOF'
EOF
fi
DOKKU_EOF
chmod +x /etc/update-motd.d/99-dokku
if [[ -f "$DOKKU_ROOT/VHOST" ]]; then
chown dokku:dokku "$DOKKU_ROOT/VHOST"

77
plugins/common/functions
View File

@@ -933,7 +933,6 @@ internal_get_app_urls() {
source "$PLUGIN_AVAILABLE_PATH/config/functions"
local APP="$2"
local RAW_TCP_PORTS="$(get_app_raw_tcp_ports "$APP")"
local URLS_FILE="$DOKKU_ROOT/$APP/URLS"
local DOKKU_PROXY_PORT_MAP=$(config_get "$APP" DOKKU_PROXY_PORT_MAP || true)
@@ -969,42 +968,56 @@ internal_get_app_urls() {
;;
esac
else
local SCHEME="http"
local SSL="$DOKKU_ROOT/$APP/tls"
if [[ -e "$SSL/server.crt" && -e "$SSL/server.key" ]]; then
local SCHEME="https"
if [[ -s "$DOKKU_ROOT/VHOST" ]]; then
while read -r VHOST || [[ -n "$VHOST" ]]; do
internal_get_app_url_with_vhost "$APP" "$VHOST"
done <"$DOKKU_ROOT/VHOST"
else
internal_get_app_url_with_vhost "$APP" "$(hostname -f)"
fi
fi
}
if [[ "$(plugn trigger proxy-is-enabled "$APP")" == "false" ]]; then
if [[ -n "$RAW_TCP_PORTS" ]]; then
local APP_CONTAINER_PORTS="$(get_container_ports "$APP")"
local app_port
for app_port in $APP_CONTAINER_PORTS; do
echo "$(<"$DOKKU_ROOT/HOSTNAME"):$app_port (container)"
done
else
local DOKKU_APP_WEB_LISTENERS PORT
DOKKU_APP_WEB_LISTENERS="$(plugn trigger network-get-listeners "$APP" "web" | xargs)"
for DOKKU_APP_WEB_LISTENER in $DOKKU_APP_WEB_LISTENERS; do
PORT="$(echo "$DOKKU_APP_WEB_LISTENER" | cut -d ':' -f2)"
echo "$SCHEME://$(<"$DOKKU_ROOT/HOSTNAME"):$PORT (container)"
done
shopt -u nullglob
fi
elif [[ -n "$DOKKU_PROXY_PORT_MAP" ]]; then
local port_map
for port_map in $DOKKU_PROXY_PORT_MAP; do
local scheme="$(awk -F ':' '{ print $1 }' <<<"$port_map")"
local listen_port="$(awk -F ':' '{ print $2 }' <<<"$port_map")"
echo "$scheme://$(<"$DOKKU_ROOT/HOSTNAME"):$listen_port"
done
elif [[ -n "$RAW_TCP_PORTS" ]]; then
for p in $RAW_TCP_PORTS; do
echo "http://$(<"$DOKKU_ROOT/HOSTNAME"):$p"
internal_get_app_url_with_vhost() {
declare APP="$1" VHOST="$2"
local RAW_TCP_PORTS="$(get_app_raw_tcp_ports "$APP")"
local DOKKU_PROXY_PORT_MAP=$(config_get "$APP" DOKKU_PROXY_PORT_MAP || true)
local SCHEME="http"
local SSL="$DOKKU_ROOT/$APP/tls"
if [[ -e "$SSL/server.crt" && -e "$SSL/server.key" ]]; then
local SCHEME="https"
fi
if [[ "$(plugn trigger proxy-is-enabled "$APP")" == "false" ]]; then
if [[ -n "$RAW_TCP_PORTS" ]]; then
local APP_CONTAINER_PORTS="$(get_container_ports "$APP")"
local app_port
for app_port in $APP_CONTAINER_PORTS; do
echo "$VHOST:$app_port (container)"
done
else
echo "$SCHEME://$(<"$DOKKU_ROOT/HOSTNAME")"
local DOKKU_APP_WEB_LISTENERS PORT
DOKKU_APP_WEB_LISTENERS="$(plugn trigger network-get-listeners "$APP" "web" | xargs)"
for DOKKU_APP_WEB_LISTENER in $DOKKU_APP_WEB_LISTENERS; do
PORT="$(echo "$DOKKU_APP_WEB_LISTENER" | cut -d ':' -f2)"
echo "$SCHEME://$VHOST:$PORT (container)"
done
shopt -u nullglob
fi
elif [[ -n "$DOKKU_PROXY_PORT_MAP" ]]; then
local port_map
for port_map in $DOKKU_PROXY_PORT_MAP; do
local scheme="$(awk -F ':' '{ print $1 }' <<<"$port_map")"
local listen_port="$(awk -F ':' '{ print $2 }' <<<"$port_map")"
echo "$scheme://$VHOST:$listen_port"
done
elif [[ -n "$RAW_TCP_PORTS" ]]; then
for p in $RAW_TCP_PORTS; do
echo "http://$VHOST:$p"
done
else
echo "$SCHEME://$VHOST"
fi
}

9
plugins/domains/functions
View File

@@ -206,14 +206,9 @@ get_app_domains() {
declare desc="return app domains"
local APP=$1
local APP_VHOST_PATH="$DOKKU_ROOT/$APP/VHOST"
local GLOBAL_HOSTNAME_PATH="$DOKKU_ROOT/HOSTNAME"
if [[ "$(is_app_vhost_enabled "$APP")" == "true" ]]; then
if [[ -f "$APP_VHOST_PATH" ]]; then
cat "$APP_VHOST_PATH"
elif [[ -f "$GLOBAL_HOSTNAME_PATH" ]]; then
cat "$GLOBAL_HOSTNAME_PATH"
fi
if [[ "$(is_app_vhost_enabled "$APP")" == "true" ]] && [[ -f "$APP_VHOST_PATH" ]]; then
cat "$APP_VHOST_PATH"
fi
}

6
plugins/nginx-vhosts/functions
View File

@@ -160,7 +160,7 @@ configure_nginx_ports() {
local DOKKU_PROXY_PORT_MAP=$(config_get "$APP" DOKKU_PROXY_PORT_MAP)
local IS_APP_VHOST_ENABLED=true
local UPSTREAM_PORT="5000"
plugn trigger domains-vhost-enabled "$APP" || IS_APP_VHOST_ENABLED=false
plugn trigger domains-vhost-enabled "$APP" 2>/dev/null || IS_APP_VHOST_ENABLED=false
if [[ -z "$DOKKU_PROXY_PORT" ]] && [[ -z "$RAW_TCP_PORTS" ]]; then
if [[ "$IS_APP_VHOST_ENABLED" == "false" ]]; then
@@ -370,7 +370,7 @@ nginx_build_config() {
fi
local IS_APP_VHOST_ENABLED=true
plugn trigger domains-vhost-enabled "$APP" || IS_APP_VHOST_ENABLED=false
plugn trigger domains-vhost-enabled "$APP" 2>/dev/null || IS_APP_VHOST_ENABLED=false
if [[ "$(plugn trigger proxy-is-enabled "$APP")" == "true" ]]; then
if [[ -z "$DOKKU_APP_LISTEN_PORT" ]] && [[ -z "$DOKKU_APP_LISTEN_IP" ]]; then
@@ -407,7 +407,7 @@ nginx_build_config() {
if [[ "$IS_APP_VHOST_ENABLED" == "true" ]]; then
local SSL_VHOSTS=$(grep -E "^${SSL_HOSTNAME_REGEX}$" "$VHOST_PATH" || true)
else
local SSL_VHOSTS=$(<"$DOKKU_ROOT/HOSTNAME")
local SSL_VHOSTS=$(<"$DOKKU_ROOT/VHOST")
fi
local SSL_SERVER_NAME
local host

1
tests/ci/setup.sh
View File

@@ -90,7 +90,6 @@ dokku dokku/key_file string /root/.ssh/id_rsa.pub
dokku dokku/nginx_enable boolean true
dokku dokku/skip_key_file boolean true
dokku dokku/vhost_enable boolean true
dokku dokku/web_config boolean false
EOF
echo "-----> Start debconf selections"

2
tests/unit/domains.bats
View File

@@ -5,14 +5,12 @@ load test_helper
setup() {
global_setup
[[ -f "$DOKKU_ROOT/VHOST" ]] && cp -fp "$DOKKU_ROOT/VHOST" "$DOKKU_ROOT/VHOST.bak"
[[ -f "$DOKKU_ROOT/HOSTNAME" ]] && cp -fp "$DOKKU_ROOT/HOSTNAME" "$DOKKU_ROOT/HOSTNAME.bak"
create_app
}
teardown() {
destroy_app
[[ -f "$DOKKU_ROOT/VHOST.bak" ]] && mv "$DOKKU_ROOT/VHOST.bak" "$DOKKU_ROOT/VHOST" && chown dokku:dokku "$DOKKU_ROOT/VHOST"
[[ -f "$DOKKU_ROOT/HOSTNAME.bak" ]] && mv "$DOKKU_ROOT/HOSTNAME.bak" "$DOKKU_ROOT/HOSTNAME" && chown dokku:dokku "$DOKKU_ROOT/HOSTNAME"
global_teardown
}

2
tests/unit/network.bats
View File

@@ -5,14 +5,12 @@ load test_helper
setup() {
global_setup
[[ -f "$DOKKU_ROOT/VHOST" ]] && cp -fp "$DOKKU_ROOT/VHOST" "$DOKKU_ROOT/VHOST.bak"
[[ -f "$DOKKU_ROOT/HOSTNAME" ]] && cp -fp "$DOKKU_ROOT/HOSTNAME" "$DOKKU_ROOT/HOSTNAME.bak"
create_app
}
teardown() {
destroy_app 0 $TEST_APP
[[ -f "$DOKKU_ROOT/VHOST.bak" ]] && mv "$DOKKU_ROOT/VHOST.bak" "$DOKKU_ROOT/VHOST" && chown dokku:dokku "$DOKKU_ROOT/VHOST"
[[ -f "$DOKKU_ROOT/HOSTNAME.bak" ]] && mv "$DOKKU_ROOT/HOSTNAME.bak" "$DOKKU_ROOT/HOSTNAME" && chown dokku:dokku "$DOKKU_ROOT/HOSTNAME"
docker network rm create-network || true
docker network rm deploy-network || true
docker network rm initial-network || true

5
tests/unit/nginx-vhosts_1.bats
View File

@@ -6,14 +6,11 @@ source "$PLUGIN_CORE_AVAILABLE_PATH/config/functions"
setup() {
global_setup
[[ -f "$DOKKU_ROOT/VHOST" ]] && cp -fp "$DOKKU_ROOT/VHOST" "$DOKKU_ROOT/VHOST.bak"
[[ -f "$DOKKU_ROOT/HOSTNAME" ]] && cp -fp "$DOKKU_ROOT/HOSTNAME" "$DOKKU_ROOT/HOSTNAME.bak"
}
teardown() {
detach_delete_network
destroy_app
[[ -f "$DOKKU_ROOT/VHOST.bak" ]] && mv "$DOKKU_ROOT/VHOST.bak" "$DOKKU_ROOT/VHOST" && chown dokku:dokku "$DOKKU_ROOT/VHOST"
[[ -f "$DOKKU_ROOT/HOSTNAME.bak" ]] && mv "$DOKKU_ROOT/HOSTNAME.bak" "$DOKKU_ROOT/HOSTNAME" && chown dokku:dokku "$DOKKU_ROOT/HOSTNAME"
global_teardown
}
@@ -35,7 +32,7 @@ teardown() {
deploy_app
dokku domains:disable $TEST_APP
HOSTNAME=$(< "$DOKKU_ROOT/HOSTNAME")
HOSTNAME=$(< "$DOKKU_ROOT/VHOST")
check_urls http://${HOSTNAME}:[0-9]+
URLS=$(dokku --quiet urls "$TEST_APP")

2
tests/unit/nginx-vhosts_10.bats
View File

@@ -5,14 +5,12 @@ load test_helper
setup() {
global_setup
[[ -f "$DOKKU_ROOT/VHOST" ]] && cp -fp "$DOKKU_ROOT/VHOST" "$DOKKU_ROOT/VHOST.bak"
[[ -f "$DOKKU_ROOT/HOSTNAME" ]] && cp -fp "$DOKKU_ROOT/HOSTNAME" "$DOKKU_ROOT/HOSTNAME.bak"
create_app
}
teardown() {
destroy_app 0 $TEST_APP
[[ -f "$DOKKU_ROOT/VHOST.bak" ]] && mv "$DOKKU_ROOT/VHOST.bak" "$DOKKU_ROOT/VHOST" && chown dokku:dokku "$DOKKU_ROOT/VHOST"
[[ -f "$DOKKU_ROOT/HOSTNAME.bak" ]] && mv "$DOKKU_ROOT/HOSTNAME.bak" "$DOKKU_ROOT/HOSTNAME" && chown dokku:dokku "$DOKKU_ROOT/HOSTNAME"
global_teardown
}

2
tests/unit/nginx-vhosts_11.bats
View File

@@ -5,14 +5,12 @@ load test_helper
setup() {
global_setup
[[ -f "$DOKKU_ROOT/VHOST" ]] && cp -fp "$DOKKU_ROOT/VHOST" "$DOKKU_ROOT/VHOST.bak"
[[ -f "$DOKKU_ROOT/HOSTNAME" ]] && cp -fp "$DOKKU_ROOT/HOSTNAME" "$DOKKU_ROOT/HOSTNAME.bak"
create_app
}
teardown() {
destroy_app 0 $TEST_APP
[[ -f "$DOKKU_ROOT/VHOST.bak" ]] && mv "$DOKKU_ROOT/VHOST.bak" "$DOKKU_ROOT/VHOST" && chown dokku:dokku "$DOKKU_ROOT/VHOST"
[[ -f "$DOKKU_ROOT/HOSTNAME.bak" ]] && mv "$DOKKU_ROOT/HOSTNAME.bak" "$DOKKU_ROOT/HOSTNAME" && chown dokku:dokku "$DOKKU_ROOT/HOSTNAME"
global_teardown
}

2
tests/unit/nginx-vhosts_2.bats
View File

@@ -5,14 +5,12 @@ load test_helper
setup() {
global_setup
[[ -f "$DOKKU_ROOT/VHOST" ]] && cp -fp "$DOKKU_ROOT/VHOST" "$DOKKU_ROOT/VHOST.bak"
[[ -f "$DOKKU_ROOT/HOSTNAME" ]] && cp -fp "$DOKKU_ROOT/HOSTNAME" "$DOKKU_ROOT/HOSTNAME.bak"
create_app
}
teardown() {
destroy_app 0 $TEST_APP
[[ -f "$DOKKU_ROOT/VHOST.bak" ]] && mv "$DOKKU_ROOT/VHOST.bak" "$DOKKU_ROOT/VHOST" && chown dokku:dokku "$DOKKU_ROOT/VHOST"
[[ -f "$DOKKU_ROOT/HOSTNAME.bak" ]] && mv "$DOKKU_ROOT/HOSTNAME.bak" "$DOKKU_ROOT/HOSTNAME" && chown dokku:dokku "$DOKKU_ROOT/HOSTNAME"
global_teardown
}

2
tests/unit/nginx-vhosts_3.bats
View File

@@ -6,7 +6,6 @@ source "$PLUGIN_CORE_AVAILABLE_PATH/config/functions"
setup() {
global_setup
[[ -f "$DOKKU_ROOT/VHOST" ]] && cp -fp "$DOKKU_ROOT/VHOST" "$DOKKU_ROOT/VHOST.bak"
[[ -f "$DOKKU_ROOT/HOSTNAME" ]] && cp -fp "$DOKKU_ROOT/HOSTNAME" "$DOKKU_ROOT/HOSTNAME.bak"
create_app
docker build "${BATS_TEST_DIRNAME}/../../tests/apps/gogrpc" -t ${TEST_APP}-docker-image
}
@@ -14,7 +13,6 @@ setup() {
teardown() {
destroy_app 0 $TEST_APP
[[ -f "$DOKKU_ROOT/VHOST.bak" ]] && mv "$DOKKU_ROOT/VHOST.bak" "$DOKKU_ROOT/VHOST" && chown dokku:dokku "$DOKKU_ROOT/VHOST"
[[ -f "$DOKKU_ROOT/HOSTNAME.bak" ]] && mv "$DOKKU_ROOT/HOSTNAME.bak" "$DOKKU_ROOT/HOSTNAME" && chown dokku:dokku "$DOKKU_ROOT/HOSTNAME"
global_teardown
}

21
tests/unit/nginx-vhosts_4.bats
View File

@@ -6,23 +6,24 @@ source "$PLUGIN_CORE_AVAILABLE_PATH/config/functions"
setup() {
global_setup
[[ -f "$DOKKU_ROOT/VHOST" ]] && cp -fp "$DOKKU_ROOT/VHOST" "$DOKKU_ROOT/VHOST.bak"
[[ -f "$DOKKU_ROOT/HOSTNAME" ]] && cp -fp "$DOKKU_ROOT/HOSTNAME" "$DOKKU_ROOT/HOSTNAME.bak"
}
teardown() {
detach_delete_network
destroy_app
[[ -f "$DOKKU_ROOT/VHOST.bak" ]] && mv "$DOKKU_ROOT/VHOST.bak" "$DOKKU_ROOT/VHOST" && chown dokku:dokku "$DOKKU_ROOT/VHOST"
[[ -f "$DOKKU_ROOT/HOSTNAME.bak" ]] && mv "$DOKKU_ROOT/HOSTNAME.bak" "$DOKKU_ROOT/HOSTNAME" && chown dokku:dokku "$DOKKU_ROOT/HOSTNAME"
global_teardown
}
@test "(nginx-vhosts) nginx:build-config (without global VHOST but real HOSTNAME)" {
@test "(nginx-vhosts) nginx:build-config (without global VHOST)" {
rm "$DOKKU_ROOT/VHOST"
echo "${TEST_APP}.dokku.me" > "$DOKKU_ROOT/HOSTNAME"
deploy_app
HOSTNAME=$(< "$DOKKU_ROOT/HOSTNAME")
run /bin/bash -c "dokku --quiet urls $TEST_APP"
echo "output: $output"
echo "status: $status"
assert_success
HOSTNAME="$(hostname -f)"
check_urls http://${HOSTNAME}:[0-9]+
URLS=$(dokku --quiet urls "$TEST_APP")
@@ -33,10 +34,10 @@ teardown() {
@test "(nginx-vhosts) nginx:build-config (without global VHOST and IPv4 address set as HOSTNAME)" {
rm "$DOKKU_ROOT/VHOST"
echo "127.0.0.1" > "$DOKKU_ROOT/HOSTNAME"
echo "127.0.0.1" > "$DOKKU_ROOT/VHOST"
deploy_app
HOSTNAME=$(< "$DOKKU_ROOT/HOSTNAME")
HOSTNAME=$(< "$DOKKU_ROOT/VHOST")
check_urls http://${HOSTNAME}:[0-9]+
URLS=$(dokku --quiet urls "$TEST_APP")
@@ -47,10 +48,10 @@ teardown() {
@test "(nginx-vhosts) nginx:build-config (without global VHOST and IPv6 address set as HOSTNAME)" {
rm "$DOKKU_ROOT/VHOST"
echo "fda5:c7db:a520:bb6d::aabb:ccdd:eeff" > "$DOKKU_ROOT/HOSTNAME"
echo "fda5:c7db:a520:bb6d::aabb:ccdd:eeff" > "$DOKKU_ROOT/VHOST"
deploy_app
HOSTNAME=$(< "$DOKKU_ROOT/HOSTNAME")
HOSTNAME=$(< "$DOKKU_ROOT/VHOST")
check_urls http://${HOSTNAME}:[0-9]+
}

2
tests/unit/nginx-vhosts_5.bats
View File

@@ -6,14 +6,12 @@ source "$PLUGIN_CORE_AVAILABLE_PATH/config/functions"
setup() {
global_setup
[[ -f "$DOKKU_ROOT/VHOST" ]] && cp -fp "$DOKKU_ROOT/VHOST" "$DOKKU_ROOT/VHOST.bak"
[[ -f "$DOKKU_ROOT/HOSTNAME" ]] && cp -fp "$DOKKU_ROOT/HOSTNAME" "$DOKKU_ROOT/HOSTNAME.bak"
}
teardown() {
detach_delete_network
destroy_app
[[ -f "$DOKKU_ROOT/VHOST.bak" ]] && mv "$DOKKU_ROOT/VHOST.bak" "$DOKKU_ROOT/VHOST" && chown dokku:dokku "$DOKKU_ROOT/VHOST"
[[ -f "$DOKKU_ROOT/HOSTNAME.bak" ]] && mv "$DOKKU_ROOT/HOSTNAME.bak" "$DOKKU_ROOT/HOSTNAME" && chown dokku:dokku "$DOKKU_ROOT/HOSTNAME"
global_teardown
}

2
tests/unit/nginx-vhosts_6.bats
View File

@@ -5,14 +5,12 @@ load test_helper
setup() {
global_setup
[[ -f "$DOKKU_ROOT/VHOST" ]] && cp -fp "$DOKKU_ROOT/VHOST" "$DOKKU_ROOT/VHOST.bak"
[[ -f "$DOKKU_ROOT/HOSTNAME" ]] && cp -fp "$DOKKU_ROOT/HOSTNAME" "$DOKKU_ROOT/HOSTNAME.bak"
create_app
}
teardown() {
destroy_app 0 $TEST_APP
[[ -f "$DOKKU_ROOT/VHOST.bak" ]] && mv "$DOKKU_ROOT/VHOST.bak" "$DOKKU_ROOT/VHOST" && chown dokku:dokku "$DOKKU_ROOT/VHOST"
[[ -f "$DOKKU_ROOT/HOSTNAME.bak" ]] && mv "$DOKKU_ROOT/HOSTNAME.bak" "$DOKKU_ROOT/HOSTNAME" && chown dokku:dokku "$DOKKU_ROOT/HOSTNAME"
global_teardown
}

2
tests/unit/nginx-vhosts_7.bats
View File

@@ -5,14 +5,12 @@ load test_helper
setup() {
global_setup
[[ -f "$DOKKU_ROOT/VHOST" ]] && cp -fp "$DOKKU_ROOT/VHOST" "$DOKKU_ROOT/VHOST.bak"
[[ -f "$DOKKU_ROOT/HOSTNAME" ]] && cp -fp "$DOKKU_ROOT/HOSTNAME" "$DOKKU_ROOT/HOSTNAME.bak"
create_app
}
teardown() {
destroy_app 0 $TEST_APP
[[ -f "$DOKKU_ROOT/VHOST.bak" ]] && mv "$DOKKU_ROOT/VHOST.bak" "$DOKKU_ROOT/VHOST" && chown dokku:dokku "$DOKKU_ROOT/VHOST"
[[ -f "$DOKKU_ROOT/HOSTNAME.bak" ]] && mv "$DOKKU_ROOT/HOSTNAME.bak" "$DOKKU_ROOT/HOSTNAME" && chown dokku:dokku "$DOKKU_ROOT/HOSTNAME"
global_teardown
}

2
tests/unit/nginx-vhosts_8.bats
View File

@@ -5,14 +5,12 @@ load test_helper
setup() {
global_setup
[[ -f "$DOKKU_ROOT/VHOST" ]] && cp -fp "$DOKKU_ROOT/VHOST" "$DOKKU_ROOT/VHOST.bak"
[[ -f "$DOKKU_ROOT/HOSTNAME" ]] && cp -fp "$DOKKU_ROOT/HOSTNAME" "$DOKKU_ROOT/HOSTNAME.bak"
create_app
}
teardown() {
destroy_app 0 $TEST_APP
[[ -f "$DOKKU_ROOT/VHOST.bak" ]] && mv "$DOKKU_ROOT/VHOST.bak" "$DOKKU_ROOT/VHOST" && chown dokku:dokku "$DOKKU_ROOT/VHOST"
[[ -f "$DOKKU_ROOT/HOSTNAME.bak" ]] && mv "$DOKKU_ROOT/HOSTNAME.bak" "$DOKKU_ROOT/HOSTNAME" && chown dokku:dokku "$DOKKU_ROOT/HOSTNAME"
global_teardown
}

2
tests/unit/nginx-vhosts_9.bats
View File

@@ -5,14 +5,12 @@ load test_helper
setup() {
global_setup
[[ -f "$DOKKU_ROOT/VHOST" ]] && cp -fp "$DOKKU_ROOT/VHOST" "$DOKKU_ROOT/VHOST.bak"
[[ -f "$DOKKU_ROOT/HOSTNAME" ]] && cp -fp "$DOKKU_ROOT/HOSTNAME" "$DOKKU_ROOT/HOSTNAME.bak"
create_app
}
teardown() {
destroy_app 0 $TEST_APP
[[ -f "$DOKKU_ROOT/VHOST.bak" ]] && mv "$DOKKU_ROOT/VHOST.bak" "$DOKKU_ROOT/VHOST" && chown dokku:dokku "$DOKKU_ROOT/VHOST"
[[ -f "$DOKKU_ROOT/HOSTNAME.bak" ]] && mv "$DOKKU_ROOT/HOSTNAME.bak" "$DOKKU_ROOT/HOSTNAME" && chown dokku:dokku "$DOKKU_ROOT/HOSTNAME"
global_teardown
}

2
tests/unit/proxy.bats
View File

@@ -5,14 +5,12 @@ load test_helper
setup() {
global_setup
[[ -f "$DOKKU_ROOT/VHOST" ]] && cp -fp "$DOKKU_ROOT/VHOST" "$DOKKU_ROOT/VHOST.bak"
[[ -f "$DOKKU_ROOT/HOSTNAME" ]] && cp -fp "$DOKKU_ROOT/HOSTNAME" "$DOKKU_ROOT/HOSTNAME.bak"
create_app
}
teardown() {
destroy_app 0 $TEST_APP
[[ -f "$DOKKU_ROOT/VHOST.bak" ]] && mv "$DOKKU_ROOT/VHOST.bak" "$DOKKU_ROOT/VHOST" && chown dokku:dokku "$DOKKU_ROOT/VHOST"
[[ -f "$DOKKU_ROOT/HOSTNAME.bak" ]] && mv "$DOKKU_ROOT/HOSTNAME.bak" "$DOKKU_ROOT/HOSTNAME" && chown dokku:dokku "$DOKKU_ROOT/HOSTNAME"
global_teardown
}

2
tests/unit/test_helper.bash
View File

@@ -228,7 +228,7 @@ add_domain() {
# shellcheck disable=SC2119
check_urls() {
local PATTERN="$1"
run /bin/bash -c "dokku --quiet urls $TEST_APP | grep -E \"${PATTERN}\""
run /bin/bash -c "dokku urls $TEST_APP | grep -E \"${PATTERN}\""
echo "output: $output"
echo "status: $status"
assert_success