mackuba.eu / pds-gatekeeper
forked from baileytownsend.dev/pds-gatekeeper
Microservice to bring 2FA to self hosted PDSes
fork atom

docker and setup

authored by baileytownsend.dev and committed by Tangled 5b1ada5e 94e8ca84

options
unified split
Changed files
+351 -181
Cargo.lock
Cargo.toml
Dockerfile
README.md
examples
Caddyfile
compose.yml
justfile
src
main.rs
+183 -151
Cargo.lock
··· 112 112 checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8" 113 113 114 114 [[package]] 115 + name = "aws-lc-rs" 116 + version = "1.13.3" 117 + source = "registry+https://github.com/rust-lang/crates.io-index" 118 + checksum = "5c953fe1ba023e6b7730c0d4b031d06f267f23a46167dcbd40316644b10a17ba" 119 + dependencies = [ 120 + "aws-lc-sys", 121 + "untrusted 0.7.1", 122 + "zeroize", 123 + ] 124 + 125 + [[package]] 126 + name = "aws-lc-sys" 127 + version = "0.30.0" 128 + source = "registry+https://github.com/rust-lang/crates.io-index" 129 + checksum = "dbfd150b5dbdb988bcc8fb1fe787eb6b7ee6180ca24da683b61ea5405f3d43ff" 130 + dependencies = [ 131 + "bindgen", 132 + "cc", 133 + "cmake", 134 + "dunce", 135 + "fs_extra", 136 + ] 137 + 138 + [[package]] 115 139 name = "axum" 116 140 version = "0.8.4" 117 141 source = "registry+https://github.com/rust-lang/crates.io-index" ··· 217 241 checksum = "55248b47b0caf0546f7988906588779981c43bb1bc9d0c44087278f80cdb44ba" 218 242 219 243 [[package]] 244 + name = "bindgen" 245 + version = "0.69.5" 246 + source = "registry+https://github.com/rust-lang/crates.io-index" 247 + checksum = "271383c67ccabffb7381723dea0672a673f292304fcb45c01cc648c7a8d58088" 248 + dependencies = [ 249 + "bitflags", 250 + "cexpr", 251 + "clang-sys", 252 + "itertools", 253 + "lazy_static", 254 + "lazycell", 255 + "log", 256 + "prettyplease", 257 + "proc-macro2", 258 + "quote", 259 + "regex", 260 + "rustc-hash", 261 + "shlex", 262 + "syn", 263 + "which", 264 + ] 265 + 266 + [[package]] 220 267 name = "bitflags" 221 268 version = "2.9.1" 222 269 source = "registry+https://github.com/rust-lang/crates.io-index" ··· 274 321 ] 275 322 276 323 [[package]] 324 + name = "cexpr" 325 + version = "0.6.0" 326 + source = "registry+https://github.com/rust-lang/crates.io-index" 327 + checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766" 328 + dependencies = [ 329 + "nom 7.1.3", 330 + ] 331 + 332 + [[package]] 277 333 name = "cfg-if" 278 334 version = "1.0.1" 279 335 source = "registry+https://github.com/rust-lang/crates.io-index" ··· 341 397 ] 342 398 343 399 [[package]] 400 + name = "clang-sys" 401 + version = "1.8.1" 402 + source = "registry+https://github.com/rust-lang/crates.io-index" 403 + checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4" 404 + dependencies = [ 405 + "glob", 406 + "libc", 407 + "libloading", 408 + ] 409 + 410 + [[package]] 411 + name = "cmake" 412 + version = "0.1.54" 413 + source = "registry+https://github.com/rust-lang/crates.io-index" 414 + checksum = "e7caa3f9de89ddbe2c607f4101924c5abec803763ae9534e4f4d7d8f84aa81f0" 415 + dependencies = [ 416 + "cc", 417 + ] 418 + 419 + [[package]] 344 420 name = "concurrent-queue" 345 421 version = "2.5.0" 346 422 source = "registry+https://github.com/rust-lang/crates.io-index" ··· 356 432 checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" 357 433 358 434 [[package]] 359 - name = "core-foundation" 360 - version = "0.9.4" 361 - source = "registry+https://github.com/rust-lang/crates.io-index" 362 - checksum = "91e195e091a93c46f7102ec7818a2aa394e1e1771c3ab4825963fa03e45afb8f" 363 - dependencies = [ 364 - "core-foundation-sys", 365 - "libc", 366 - ] 367 - 368 - [[package]] 369 435 name = "core-foundation-sys" 370 436 version = "0.8.7" 371 437 source = "registry+https://github.com/rust-lang/crates.io-index" ··· 547 613 checksum = "1aaf95b3e5c8f23aa320147307562d361db0ae0d51242340f558153b4eb2439b" 548 614 549 615 [[package]] 616 + name = "dunce" 617 + version = "1.0.5" 618 + source = "registry+https://github.com/rust-lang/crates.io-index" 619 + checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813" 620 + 621 + [[package]] 550 622 name = "either" 551 623 version = "1.15.0" 552 624 source = "registry+https://github.com/rust-lang/crates.io-index" ··· 639 711 checksum = "d9c4f5dac5e15c24eb999c26181a6ca40b39fe946cbe4c263c7209467bc83af2" 640 712 641 713 [[package]] 642 - name = "foreign-types" 643 - version = "0.3.2" 644 - source = "registry+https://github.com/rust-lang/crates.io-index" 645 - checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1" 646 - dependencies = [ 647 - "foreign-types-shared", 648 - ] 649 - 650 - [[package]] 651 - name = "foreign-types-shared" 652 - version = "0.1.1" 653 - source = "registry+https://github.com/rust-lang/crates.io-index" 654 - checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" 655 - 656 - [[package]] 657 714 name = "form_urlencoded" 658 715 version = "1.2.1" 659 716 source = "registry+https://github.com/rust-lang/crates.io-index" ··· 671 728 "nonempty", 672 729 "thiserror 1.0.69", 673 730 ] 731 + 732 + [[package]] 733 + name = "fs_extra" 734 + version = "1.3.0" 735 + source = "registry+https://github.com/rust-lang/crates.io-index" 736 + checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c" 674 737 675 738 [[package]] 676 739 name = "futures-channel" ··· 790 853 version = "0.31.1" 791 854 source = "registry+https://github.com/rust-lang/crates.io-index" 792 855 checksum = "07e28edb80900c19c28f1072f2e8aeca7fa06b23cd4169cefe1af5aa3260783f" 856 + 857 + [[package]] 858 + name = "glob" 859 + version = "0.3.3" 860 + source = "registry+https://github.com/rust-lang/crates.io-index" 861 + checksum = "0cc23270f6e1808e30a928bdc84dea0b9b4136a8bc82338574f23baf47bbd280" 793 862 794 863 [[package]] 795 864 name = "globset" ··· 943 1012 ] 944 1013 945 1014 [[package]] 946 - name = "hostname" 947 - version = "0.4.1" 948 - source = "registry+https://github.com/rust-lang/crates.io-index" 949 - checksum = "a56f203cd1c76362b69e3863fd987520ac36cf70a8c92627449b2f64a8cf7d65" 950 - dependencies = [ 951 - "cfg-if", 952 - "libc", 953 - "windows-link", 954 - ] 955 - 956 - [[package]] 957 1015 name = "http" 958 1016 version = "1.3.1" 959 1017 source = "registry+https://github.com/rust-lang/crates.io-index" ··· 1222 1280 ] 1223 1281 1224 1282 [[package]] 1283 + name = "itertools" 1284 + version = "0.12.1" 1285 + source = "registry+https://github.com/rust-lang/crates.io-index" 1286 + checksum = "ba291022dbbd398a455acf126c1e341954079855bc60dfdda641363bd6922569" 1287 + dependencies = [ 1288 + "either", 1289 + ] 1290 + 1291 + [[package]] 1225 1292 name = "itoa" 1226 1293 version = "1.0.15" 1227 1294 source = "registry+https://github.com/rust-lang/crates.io-index" ··· 1279 1346 ] 1280 1347 1281 1348 [[package]] 1349 + name = "lazycell" 1350 + version = "1.3.0" 1351 + source = "registry+https://github.com/rust-lang/crates.io-index" 1352 + checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" 1353 + 1354 + [[package]] 1282 1355 name = "lettre" 1283 1356 version = "0.11.18" 1284 1357 source = "registry+https://github.com/rust-lang/crates.io-index" ··· 1292 1365 "fastrand", 1293 1366 "futures-io", 1294 1367 "futures-util", 1295 - "hostname", 1296 1368 "httpdate", 1297 1369 "idna", 1298 1370 "mime", 1299 - "native-tls", 1300 - "nom", 1371 + "nom 8.0.0", 1301 1372 "percent-encoding", 1302 1373 "quoted_printable", 1374 + "rustls", 1303 1375 "socket2", 1304 1376 "tokio", 1305 - "tokio-native-tls", 1377 + "tokio-rustls", 1306 1378 "url", 1379 + "webpki-roots 1.0.2", 1307 1380 ] 1308 1381 1309 1382 [[package]] ··· 1311 1384 version = "0.2.175" 1312 1385 source = "registry+https://github.com/rust-lang/crates.io-index" 1313 1386 checksum = "6a82ae493e598baaea5209805c49bbf2ea7de956d50d7da0da1164f9c6d28543" 1387 + 1388 + [[package]] 1389 + name = "libloading" 1390 + version = "0.8.8" 1391 + source = "registry+https://github.com/rust-lang/crates.io-index" 1392 + checksum = "07033963ba89ebaf1584d767badaa2e8fcec21aedea6b8c0346d487d49c28667" 1393 + dependencies = [ 1394 + "cfg-if", 1395 + "windows-targets 0.48.5", 1396 + ] 1314 1397 1315 1398 [[package]] 1316 1399 name = "libm" ··· 1342 1425 1343 1426 [[package]] 1344 1427 name = "linux-raw-sys" 1345 - version = "0.9.4" 1428 + version = "0.4.15" 1346 1429 source = "registry+https://github.com/rust-lang/crates.io-index" 1347 - checksum = "cd945864f07fe9f5371a27ad7b52a172b4b499999f1d97574c9fa68373937e12" 1430 + checksum = "d26c52dbd32dccf2d10cac7725f8eae5296885fb5703b261f7d0a0739ec807ab" 1348 1431 1349 1432 [[package]] 1350 1433 name = "litemap" ··· 1406 1489 checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a" 1407 1490 1408 1491 [[package]] 1492 + name = "minimal-lexical" 1493 + version = "0.2.1" 1494 + source = "registry+https://github.com/rust-lang/crates.io-index" 1495 + checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" 1496 + 1497 + [[package]] 1409 1498 name = "miniz_oxide" 1410 1499 version = "0.8.9" 1411 1500 source = "registry+https://github.com/rust-lang/crates.io-index" ··· 1426 1515 ] 1427 1516 1428 1517 [[package]] 1429 - name = "native-tls" 1430 - version = "0.2.14" 1518 + name = "nom" 1519 + version = "7.1.3" 1431 1520 source = "registry+https://github.com/rust-lang/crates.io-index" 1432 - checksum = "87de3442987e9dbec73158d5c715e7ad9072fda936bb03d19d7fa10e00520f0e" 1521 + checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a" 1433 1522 dependencies = [ 1434 - "libc", 1435 - "log", 1436 - "openssl", 1437 - "openssl-probe", 1438 - "openssl-sys", 1439 - "schannel", 1440 - "security-framework", 1441 - "security-framework-sys", 1442 - "tempfile", 1523 + "memchr", 1524 + "minimal-lexical", 1443 1525 ] 1444 1526 1445 1527 [[package]] ··· 1551 1633 checksum = "42f5e15c9953c5e4ccceeb2e7382a716482c34515315f7b03532b8b4e8393d2d" 1552 1634 1553 1635 [[package]] 1554 - name = "openssl" 1555 - version = "0.10.73" 1556 - source = "registry+https://github.com/rust-lang/crates.io-index" 1557 - checksum = "8505734d46c8ab1e19a1dce3aef597ad87dcb4c37e7188231769bd6bd51cebf8" 1558 - dependencies = [ 1559 - "bitflags", 1560 - "cfg-if", 1561 - "foreign-types", 1562 - "libc", 1563 - "once_cell", 1564 - "openssl-macros", 1565 - "openssl-sys", 1566 - ] 1567 - 1568 - [[package]] 1569 - name = "openssl-macros" 1570 - version = "0.1.1" 1571 - source = "registry+https://github.com/rust-lang/crates.io-index" 1572 - checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" 1573 - dependencies = [ 1574 - "proc-macro2", 1575 - "quote", 1576 - "syn", 1577 - ] 1578 - 1579 - [[package]] 1580 - name = "openssl-probe" 1581 - version = "0.1.6" 1582 - source = "registry+https://github.com/rust-lang/crates.io-index" 1583 - checksum = "d05e27ee213611ffe7d6348b942e8f942b37114c00cc03cec254295a4a17852e" 1584 - 1585 - [[package]] 1586 - name = "openssl-sys" 1587 - version = "0.9.109" 1588 - source = "registry+https://github.com/rust-lang/crates.io-index" 1589 - checksum = "90096e2e47630d78b7d1c20952dc621f957103f8bc2c8359ec81290d75238571" 1590 - dependencies = [ 1591 - "cc", 1592 - "libc", 1593 - "pkg-config", 1594 - "vcpkg", 1595 - ] 1596 - 1597 - [[package]] 1598 1636 name = "overload" 1599 1637 version = "0.1.1" 1600 1638 source = "registry+https://github.com/rust-lang/crates.io-index" ··· 1655 1693 version = "0.1.0" 1656 1694 dependencies = [ 1657 1695 "anyhow", 1696 + "aws-lc-rs", 1658 1697 "axum", 1659 1698 "axum-template", 1660 1699 "chrono", ··· 1666 1705 "lettre", 1667 1706 "rand 0.9.2", 1668 1707 "rust-embed", 1708 + "rustls", 1669 1709 "scrypt", 1670 1710 "serde", 1671 1711 "serde_json", ··· 1821 1861 ] 1822 1862 1823 1863 [[package]] 1864 + name = "prettyplease" 1865 + version = "0.2.35" 1866 + source = "registry+https://github.com/rust-lang/crates.io-index" 1867 + checksum = "061c1221631e079b26479d25bbf2275bfe5917ae8419cd7e34f13bfc2aa7539a" 1868 + dependencies = [ 1869 + "proc-macro2", 1870 + "syn", 1871 + ] 1872 + 1873 + [[package]] 1824 1874 name = "proc-macro2" 1825 1875 version = "1.0.97" 1826 1876 source = "registry+https://github.com/rust-lang/crates.io-index" ··· 2005 2055 "cfg-if", 2006 2056 "getrandom 0.2.16", 2007 2057 "libc", 2008 - "untrusted", 2058 + "untrusted 0.9.0", 2009 2059 "windows-sys 0.52.0", 2010 2060 ] 2011 2061 ··· 2071 2121 checksum = "56f7d92ca342cea22a06f2121d944b4fd82af56988c270852495420f961d4ace" 2072 2122 2073 2123 [[package]] 2124 + name = "rustc-hash" 2125 + version = "1.1.0" 2126 + source = "registry+https://github.com/rust-lang/crates.io-index" 2127 + checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" 2128 + 2129 + [[package]] 2074 2130 name = "rustix" 2075 - version = "1.0.8" 2131 + version = "0.38.44" 2076 2132 source = "registry+https://github.com/rust-lang/crates.io-index" 2077 - checksum = "11181fbabf243db407ef8df94a6ce0b2f9a733bd8be4ad02b4eda9602296cac8" 2133 + checksum = "fdb5bc1ae2baa591800df16c9ca78619bf65c0488b41b96ccec5d11220d8c154" 2078 2134 dependencies = [ 2079 2135 "bitflags", 2080 2136 "errno", ··· 2089 2145 source = "registry+https://github.com/rust-lang/crates.io-index" 2090 2146 checksum = "c0ebcbd2f03de0fc1122ad9bb24b127a5a6cd51d72604a3f3c50ac459762b6cc" 2091 2147 dependencies = [ 2148 + "aws-lc-rs", 2149 + "log", 2092 2150 "once_cell", 2093 2151 "ring", 2094 2152 "rustls-pki-types", ··· 2112 2170 source = "registry+https://github.com/rust-lang/crates.io-index" 2113 2171 checksum = "0a17884ae0c1b773f1ccd2bd4a8c72f16da897310a98b0e84bf349ad5ead92fc" 2114 2172 dependencies = [ 2173 + "aws-lc-rs", 2115 2174 "ring", 2116 2175 "rustls-pki-types", 2117 - "untrusted", 2176 + "untrusted 0.9.0", 2118 2177 ] 2119 2178 2120 2179 [[package]] ··· 2145 2204 checksum = "93fc1dc3aaa9bfed95e02e6eadabb4baf7e3078b0bd1b4d7b6b0b68378900502" 2146 2205 dependencies = [ 2147 2206 "winapi-util", 2148 - ] 2149 - 2150 - [[package]] 2151 - name = "schannel" 2152 - version = "0.1.27" 2153 - source = "registry+https://github.com/rust-lang/crates.io-index" 2154 - checksum = "1f29ebaa345f945cec9fbbc532eb307f0fdad8161f281b6369539c8d84876b3d" 2155 - dependencies = [ 2156 - "windows-sys 0.59.0", 2157 2207 ] 2158 2208 2159 2209 [[package]] ··· 2193 2243 ] 2194 2244 2195 2245 [[package]] 2196 - name = "security-framework" 2197 - version = "2.11.1" 2198 - source = "registry+https://github.com/rust-lang/crates.io-index" 2199 - checksum = "897b2245f0b511c87893af39b033e5ca9cce68824c4d7e7630b5a1d339658d02" 2200 - dependencies = [ 2201 - "bitflags", 2202 - "core-foundation", 2203 - "core-foundation-sys", 2204 - "libc", 2205 - "security-framework-sys", 2206 - ] 2207 - 2208 - [[package]] 2209 - name = "security-framework-sys" 2210 - version = "2.14.0" 2211 - source = "registry+https://github.com/rust-lang/crates.io-index" 2212 - checksum = "49db231d56a190491cb4aeda9527f1ad45345af50b0851622a7adb8c03b01c32" 2213 - dependencies = [ 2214 - "core-foundation-sys", 2215 - "libc", 2216 - ] 2217 - 2218 - [[package]] 2219 2246 name = "serde" 2220 2247 version = "1.0.219" 2221 2248 source = "registry+https://github.com/rust-lang/crates.io-index" ··· 2643 2670 ] 2644 2671 2645 2672 [[package]] 2646 - name = "tempfile" 2647 - version = "3.21.0" 2648 - source = "registry+https://github.com/rust-lang/crates.io-index" 2649 - checksum = "15b61f8f20e3a6f7e0649d825294eaf317edce30f82cf6026e7e4cb9222a7d1e" 2650 - dependencies = [ 2651 - "fastrand", 2652 - "getrandom 0.3.3", 2653 - "once_cell", 2654 - "rustix", 2655 - "windows-sys 0.52.0", 2656 - ] 2657 - 2658 - [[package]] 2659 2673 name = "thiserror" 2660 2674 version = "1.0.69" 2661 2675 source = "registry+https://github.com/rust-lang/crates.io-index" ··· 2760 2774 ] 2761 2775 2762 2776 [[package]] 2763 - name = "tokio-native-tls" 2764 - version = "0.3.1" 2777 + name = "tokio-rustls" 2778 + version = "0.26.2" 2765 2779 source = "registry+https://github.com/rust-lang/crates.io-index" 2766 - checksum = "bbae76ab933c85776efabc971569dd6119c580d8f5d448769dec1764bf796ef2" 2780 + checksum = "8e727b36a1a0e8b74c376ac2211e40c2c8af09fb4013c60d910495810f008e9b" 2767 2781 dependencies = [ 2768 - "native-tls", 2782 + "rustls", 2769 2783 "tokio", 2770 2784 ] 2771 2785 ··· 2998 3012 2999 3013 [[package]] 3000 3014 name = "untrusted" 3015 + version = "0.7.1" 3016 + source = "registry+https://github.com/rust-lang/crates.io-index" 3017 + checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" 3018 + 3019 + [[package]] 3020 + name = "untrusted" 3001 3021 version = "0.9.0" 3002 3022 source = "registry+https://github.com/rust-lang/crates.io-index" 3003 3023 checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" ··· 3171 3191 checksum = "7e8983c3ab33d6fb807cfcdad2491c4ea8cbc8ed839181c7dfd9c67c83e261b2" 3172 3192 dependencies = [ 3173 3193 "rustls-pki-types", 3194 + ] 3195 + 3196 + [[package]] 3197 + name = "which" 3198 + version = "4.4.2" 3199 + source = "registry+https://github.com/rust-lang/crates.io-index" 3200 + checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7" 3201 + dependencies = [ 3202 + "either", 3203 + "home", 3204 + "once_cell", 3205 + "rustix", 3174 3206 ] 3175 3207 3176 3208 [[package]]
+5 -1
Cargo.toml
··· 18 18 hex = "0.4" 19 19 jwt-compact = { version = "0.8.0", features = ["es256k"] } 20 20 scrypt = "0.11" 21 - lettre = { version = "0.11.18", features = ["tokio1", "pool", "tokio1-native-tls"] } 21 + #lettre = { version = "0.11.18", default-features = false, features = ["pool", "tokio1-rustls", "smtp-transport", "hostname", "builder"] } 22 + #lettre = { version = "0.11", default-features = false, features = ["builder", "webpki-roots", "rustls", "aws-lc-rs", "smtp-transport", "tokio1", "tokio1-rustls"] } 23 + aws-lc-rs = "1.13.0" 24 + lettre = { version = "0.11", default-features = false, features = ["builder", "webpki-roots", "rustls", "aws-lc-rs", "smtp-transport", "tokio1", "tokio1-rustls"] } 25 + rustls = { version = "0.23", default-features = false, features = ["tls12", "std", "logging", "aws_lc_rs"] } 22 26 handlebars = { version = "6.3.2", features = ["rust-embed"] } 23 27 rust-embed = "8.7.2" 24 28 axum-template = { version = "3.0.0", features = ["handlebars"] }
+2 -6
Dockerfile
··· 1 1 FROM rust:1.89.0-bookworm AS builder 2 - RUN apt-get update 3 - RUN apt-get install -y pkg-config \ 4 - libssl-dev 5 2 WORKDIR /app 6 3 COPY ../ /app 7 4 RUN cargo build --release 8 5 # 9 - FROM rust:1.89-bookworm AS api 6 + FROM rust:1.89-slim-bookworm AS api 10 7 RUN apt-get update 11 - RUN apt-get install -y libssl3 \ 12 - ca-certificates 8 + RUN apt-get install -y ca-certificates 13 9 COPY --from=builder /app/target/release/pds_gatekeeper /usr/local/bin/pds_gatekeeper 14 10 CMD ["pds_gatekeeper"]
+77 -13
README.md
··· 21 21 22 22 # Setup 23 23 24 - We are getting close! Testing now 24 + PDS Gatekeeper has 2 parts to its setup, docker compose file and a reverse proxy (Caddy in this case). I will be 25 + assuming you setup the PDS following the directions 26 + found [here](https://atproto.com/guides/self-hosting), but if yours is different, or you have questions, feel free to 27 + let 28 + me know, and we can figure it out. 29 + 30 + ## Docker compose 31 + 32 + The pds gatekeeper container can be found on docker hub under the name `fatfingers23/pds_gatekeeper`. The container does 33 + need access to the `/pds` root folder to access the same db's as your PDS. The part you need to add would look a bit 34 + like below. You can find a full example of what I use for my pds at [./examples/compose.yml](./examples/compose.yml). 35 + This is usually found at `/pds/compose.yaml`on your PDS> 36 + 37 + ```yml 38 + gatekeeper: 39 + container_name: gatekeeper 40 + image: fatfingers23/pds_gatekeeper:arm-latest 41 + network_mode: host 42 + restart: unless-stopped 43 + #This gives the container to the access to the PDS folder. Source is the location on your server of that directory 44 + volumes: 45 + - type: bind 46 + source: /pds 47 + target: /pds 48 + depends_on: 49 + - pds 50 + ``` 25 51 26 - Nothing here yet! If you are brave enough to try before full release, let me know and I'll help you set it up. 27 - But I want to run it locally on my own PDS first to test run it a bit. 52 + ## Caddy setup 28 53 29 - Example Caddyfile (mostly so I don't lose it for now. Will have a better one in the future) 54 + For the reverse proxy I use caddy. This part is what overwrites the endpoints and proxies them to PDS gatekeeper to add 55 + in extra functionality. The main part is below, for a full example see [./examples/Caddyfile](./examples/Caddyfile). 56 + This is usually found at `/pds/caddy/etc/caddy/Caddyfile` on your PDS. 30 57 31 58 ```caddyfile 32 - http://localhost { 33 - 34 59 @gatekeeper { 35 - path /xrpc/com.atproto.server.getSession 36 - path /xrpc/com.atproto.server.updateEmail 37 - path /xrpc/com.atproto.server.createSession 38 - path /@atproto/oauth-provider/~api/sign-in 60 + path /xrpc/com.atproto.server.getSession 61 + path /xrpc/com.atproto.server.updateEmail 62 + path /xrpc/com.atproto.server.createSession 63 + path /@atproto/oauth-provider/~api/sign-in 39 64 } 40 65 41 66 handle @gatekeeper { 42 - reverse_proxy http://localhost:8080 67 + reverse_proxy http://localhost:8080 43 68 } 44 69 45 - reverse_proxy /* http://localhost:3000 70 + reverse_proxy http://localhost:3000 71 + ``` 72 + 73 + If you use a cloudflare tunnel then your caddyfile would look a bit more like below with your tunnel proxying to 74 + `localhost:8081` (or w/e port you want). 75 + 76 + ```caddyfile 77 + http://*.localhost:8082, http://localhost:8082 { 78 + @gatekeeper { 79 + path /xrpc/com.atproto.server.getSession 80 + path /xrpc/com.atproto.server.updateEmail 81 + path /xrpc/com.atproto.server.createSession 82 + path /@atproto/oauth-provider/~api/sign-in 83 + } 84 + 85 + handle @gatekeeper { 86 + reverse_proxy http://localhost:8080 87 + } 88 + 89 + reverse_proxy http://localhost:3000 46 90 } 47 91 48 - ``` 92 + ``` 93 + 94 + # Environment variables and bonuses 95 + 96 + Every environment variable can be set in the `pds.env` and shared between PDS and gatekeeper and the PDS, with the 97 + exception of `PDS_ENV_LOCATION`. This can be set to load the pds.env, by default it checks `/pds/pds.env` and is 98 + recommended to mount the `/pds` folder on the server to `/pds` in the pds gatekeeper container. 99 + 100 + `PDS_DATA_DIRECTORY` - Root directory of the PDS. Same as the one found in `pds.env` this is how pds gatekeeper knows 101 + knows the rest of the environment variables. 102 + 103 + `GATEKEEPER_EMAIL_TEMPLATES_DIRECTORY` - The folder for templates of the emails PDS gatekeeper sends. You can find them 104 + in [./email_templates](./email_templates). You are free to edit them as you please and set this variable to a location 105 + in the pds gateekeper container and it will use them in place of the default ones. Just make sure ot keep the names the 106 + same. 107 + 108 + `PDS_BASE_URL` - Base url of the PDS. You most likely want `https://localhost:3000` which is also the default 109 + 110 + `GATEKEEPER_HOST` - Host for pds gatekeeper. Defaults to `127.0.0.1` 111 + 112 + `GATEKEEPER_PORT` - Port for pds gatekeeper. Defaults to `8080`
+29
examples/Caddyfile
··· 1 + { 2 + email youremail@myemail.com 3 + on_demand_tls { 4 + ask http://localhost:3000/tls-check 5 + } 6 + } 7 + 8 + *.yourpds.com, yourpds.com { 9 + tls { 10 + on_demand 11 + } 12 + # You'll most likely just want from here to.... 13 + @gatekeeper { 14 + path /xrpc/com.atproto.server.getSession 15 + path /xrpc/com.atproto.server.updateEmail 16 + path /xrpc/com.atproto.server.createSession 17 + path /@atproto/oauth-provider/~api/sign-in 18 + } 19 + 20 + handle @gatekeeper { 21 + #This is the address for PDS gatekeeper, default is 8080 22 + reverse_proxy http://localhost:8080 23 + } 24 + 25 + reverse_proxy http://localhost:3000 26 + #..here. Copy and paste this replacing the reverse_proxy http://localhost:3000 line 27 + } 28 + 29 +
+51
examples/compose.yml
··· 1 + version: '3.9' 2 + services: 3 + caddy: 4 + container_name: caddy 5 + image: caddy:2 6 + network_mode: host 7 + depends_on: 8 + - pds 9 + restart: unless-stopped 10 + volumes: 11 + - type: bind 12 + source: /pds/caddy/data 13 + target: /data 14 + - type: bind 15 + source: /pds/caddy/etc/caddy 16 + target: /etc/caddy 17 + pds: 18 + container_name: pds 19 + image: ghcr.io/bluesky-social/pds:0.4 20 + network_mode: host 21 + restart: unless-stopped 22 + volumes: 23 + - type: bind 24 + source: /pds 25 + target: /pds 26 + env_file: 27 + - /pds/pds.env 28 + watchtower: 29 + container_name: watchtower 30 + image: containrrr/watchtower:latest 31 + network_mode: host 32 + volumes: 33 + - type: bind 34 + source: /var/run/docker.sock 35 + target: /var/run/docker.sock 36 + restart: unless-stopped 37 + environment: 38 + WATCHTOWER_CLEANUP: true 39 + WATCHTOWER_SCHEDULE: "@midnight" 40 + gatekeeper: 41 + container_name: gatekeeper 42 + image: fatfingers23/pds_gatekeeper:arm-latest 43 + network_mode: host 44 + restart: unless-stopped 45 + #This gives the container to the access to the PDS folder. Source is the location on your server of that directory 46 + volumes: 47 + - type: bind 48 + source: /pds 49 + target: /pds 50 + depends_on: 51 + - pds
+4 -7
justfile
··· 1 1 release: 2 2 docker buildx build \ 3 - --platform linux/arm64 \ 4 - --tag fatfingers23/pds_gatekeeper:arm-latest \ 5 - --push . 6 - # docker buildx build \ 7 - # --platform linux/amd64 \ 8 - # --tag fatfingers23/pds_gatekeeper:latest \ 9 - # --push . 3 + --platform linux/arm64,linux/amd64 \ 4 + --tag fatfingers23/pds_gatekeeper:latest \ 5 + --tag fatfingers23/pds_gatekeeper:0.1 \ 6 + --push .
-3
src/main.rs
··· 132 132 let sent_from = env::var("PDS_EMAIL_FROM_ADDRESS") 133 133 .expect("PDS_EMAIL_FROM_ADDRESS is not set in your pds.env file"); 134 134 135 - //TODO current bug running in docker 136 - // https://github.com/lettre/lettre/issues/349#issuecomment-510155500 137 - 138 135 let mailer: AsyncSmtpTransport<Tokio1Executor> = 139 136 AsyncSmtpTransport::<Tokio1Executor>::from_url(smtp_url.as_str())?.build(); 140 137 //Email templates setup