Skip to content

Commit

Permalink
Merge remote-tracking branch 'origin/develop' for release 0.2.1
Browse files Browse the repository at this point in the history
  • Loading branch information
davidalger committed Jan 30, 2020
2 parents 3d10d77 + 338c2e1 commit 48db02c
Show file tree
Hide file tree
Showing 13 changed files with 77 additions and 42 deletions.
15 changes: 14 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,20 @@
# Change Log

## UNRELEASED [x.y.z](https://github.com/davidalger/warden/tree/x.y.z) (yyyy-mm-dd)
[All Commits](https://github.com/davidalger/warden/compare/0.2.0..develop)
[All Commits](https://github.com/davidalger/warden/compare/0.2.1..develop)

## Version [0.2.1](https://github.com/davidalger/warden/tree/0.2.1) (2020-01-30)
[All Commits](https://github.com/davidalger/warden/compare/0.2.0..0.2.1)

**Upgrade Notes:**

If you're upgrading from version 0.1.x to 0.2.x for the first time, please reference upgrade notes for [Warden 0.2.0](https://docs.warden.dev/changelog.html#version-0-2-0-2020-01-27) and plan accordingly.

**Enhancements:**

* Added support for using `~/.warden/.env` to configure aspects of Global Services ([see docs for details](https://docs.warden.dev/services.html)) (issue [#13](https://github.com/davidalger/warden/issues/13))
* Updated `sync start` to no longer call `mutagen daemon start` as Mutagen now does this automatically.
* Updated `warden install` to include short hostname in the common name used when signing the Root CA used by Warden allowing easier identification and interoperability when a single user is running Warden across multiple workstations.

## Version [0.2.0](https://github.com/davidalger/warden/tree/0.2.0) (2020-01-27)
[All Commits](https://github.com/davidalger/warden/compare/0.1.12..0.2.0)
Expand Down
4 changes: 2 additions & 2 deletions commands/down.cmd
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#!/usr/bin/env bash
[[ ! ${WARDEN_COMMAND} ]] && >&2 echo -e "\033[31mThis script is not intended to be run directly!" && exit 1

pushd "${WARDEN_DIR}" >/dev/null
docker-compose -p warden -f docker/docker-compose.yml down "${WARDEN_PARAMS[@]}" "$@"
pushd "${WARDEN_HOME_DIR}" >/dev/null
docker-compose -p warden -f "${WARDEN_DIR}/docker/docker-compose.yml" down "${WARDEN_PARAMS[@]}" "$@"
11 changes: 3 additions & 8 deletions commands/install.cmd
Original file line number Diff line number Diff line change
Expand Up @@ -26,12 +26,12 @@ if [[ ! -f "${WARDEN_SSL_DIR}/rootca/private/ca.key.pem" ]]; then
fi

if [[ ! -f "${WARDEN_SSL_DIR}/rootca/certs/ca.cert.pem" ]]; then
echo "==> Signing root certificate (Warden Proxy Local CA)"
echo "==> Signing root certificate 'Warden Proxy Local CA ($(hostname -s))'"
openssl req -new -x509 -days 7300 -sha256 -extensions v3_ca \
-config "${WARDEN_DIR}/config/openssl/rootca.conf" \
-key "${WARDEN_SSL_DIR}/rootca/private/ca.key.pem" \
-out "${WARDEN_SSL_DIR}/rootca/certs/ca.cert.pem" \
-subj "/C=US/O=Warden Proxy Local CA"
-subj "/C=US/O=Warden Proxy Local CA ($(hostname -s))"
fi

## trust root ca differently on Fedora, Ubuntu and macOS
Expand All @@ -49,7 +49,7 @@ elif [[ "$OSTYPE" == "linux-gnu" ]] \
&& [[ ! -f /usr/local/share/ca-certificates/warden-proxy-local-ca.crt ]] \
## Ubuntu/Debian
then
echo "==> Trusting root certificate (requires sudo privileges)"
echo "==> Trusting root certificate (requires sudo privileges)"
sudo cp "${WARDEN_SSL_DIR}/rootca/certs/ca.cert.pem" /usr/local/share/ca-certificates/warden-proxy-local-ca.crt
sudo update-ca-certificates
elif [[ "$OSTYPE" == "darwin"* ]] \
Expand All @@ -61,11 +61,6 @@ then
-k /Library/Keychains/System.keychain "${WARDEN_SSL_DIR}/rootca/certs/ca.cert.pem"
fi

## sign certificate used by services run on warden.test sub-domains
if [[ ! -f "${WARDEN_SSL_DIR}/certs/warden.test.crt.pem" ]]; then
"${WARDEN_DIR}/bin/warden" sign-certificate warden.test
fi

## configure resolver for .test domains; allow linux machines to prevent warden
## from touching dns configuration if need be since unlike macOS there is not
## support for resolving only *.test domains via /etc/resolver/test settings
Expand Down
4 changes: 2 additions & 2 deletions commands/restart.cmd
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,5 @@
source "${WARDEN_DIR}/utils/install.sh"
assertWardenInstall

pushd "${WARDEN_DIR}" >/dev/null
docker-compose -p warden -f docker/docker-compose.yml restart "${WARDEN_PARAMS[@]}" "$@"
pushd "${WARDEN_HOME_DIR}" >/dev/null
docker-compose -p warden -f "${WARDEN_DIR}/docker/docker-compose.yml" restart "${WARDEN_PARAMS[@]}" "$@"
3 changes: 2 additions & 1 deletion commands/sign-certificate.cmd
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,8 @@ openssl x509 -req -days 365 -sha256 -extensions v3_req \
-in "${WARDEN_SSL_DIR}/certs/${CERTIFICATE_NAME}.csr.pem" \
-out "${WARDEN_SSL_DIR}/certs/${CERTIFICATE_NAME}.crt.pem"

if [[ "$(cd "${WARDEN_DIR}" && docker-compose -p warden -f docker/docker-compose.yml ps -q traefik)" ]]; then
if [[ "$(cd "${WARDEN_HOME_DIR}" && docker-compose -p warden -f "${WARDEN_DIR}/docker/docker-compose.yml" ps -q traefik)" ]]
then
echo "==> Updating traefik"
"${WARDEN_DIR}/bin/warden" up traefik
"${WARDEN_DIR}/bin/warden" restart traefik
Expand Down
4 changes: 2 additions & 2 deletions commands/start.cmd
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,5 @@
source "${WARDEN_DIR}/utils/install.sh"
assertWardenInstall

pushd "${WARDEN_DIR}" >/dev/null
docker-compose -p warden -f docker/docker-compose.yml start "${WARDEN_PARAMS[@]}" "$@"
pushd "${WARDEN_HOME_DIR}" >/dev/null
docker-compose -p warden -f "${WARDEN_DIR}/docker/docker-compose.yml" start "${WARDEN_PARAMS[@]}" "$@"
4 changes: 2 additions & 2 deletions commands/stop.cmd
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#!/usr/bin/env bash
[[ ! ${WARDEN_COMMAND} ]] && >&2 echo -e "\033[31mThis script is not intended to be run directly!" && exit 1

pushd "${WARDEN_DIR}" >/dev/null
docker-compose -p warden -f docker/docker-compose.yml stop "${WARDEN_PARAMS[@]}" "$@"
pushd "${WARDEN_HOME_DIR}" >/dev/null
docker-compose -p warden -f "${WARDEN_DIR}/docker/docker-compose.yml" stop "${WARDEN_PARAMS[@]}" "$@"
3 changes: 0 additions & 3 deletions commands/sync.cmd
Original file line number Diff line number Diff line change
Expand Up @@ -43,9 +43,6 @@ fi
## sub-command execution
case "${WARDEN_PARAMS[0]}" in
start)
## start mutagen daemon if not already running
mutagen daemon start

## terminate any existing sessions with matching env label
mutagen sync terminate --label-selector "warden-sync=${WARDEN_ENV_NAME}"

Expand Down
24 changes: 20 additions & 4 deletions commands/up.cmd
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,29 @@
source "${WARDEN_DIR}/utils/install.sh"
assertWardenInstall

## sign certificate used by global services (by default warden.test)
if [[ -f "${WARDEN_HOME_DIR}/.env" ]]; then
eval "$(grep "^WARDEN_SERVICE_DOMAIN" "${WARDEN_HOME_DIR}/.env")"
fi

WARDEN_SERVICE_DOMAIN="${WARDEN_SERVICE_DOMAIN:-warden.test}"
if [[ ! -f "${WARDEN_SSL_DIR}/certs/${WARDEN_SERVICE_DOMAIN}.crt.pem" ]]; then
"${WARDEN_DIR}/bin/warden" sign-certificate "${WARDEN_SERVICE_DOMAIN}"
fi

## copy configuration files into location where they'll be mounted into containers from
mkdir -p "${WARDEN_HOME_DIR}/etc/traefik"
cp "${WARDEN_DIR}/config/traefik/traefik.yml" "${WARDEN_HOME_DIR}/etc/traefik/traefik.yml"
cp "${WARDEN_DIR}/config/traefik/dynamic.yml" "${WARDEN_HOME_DIR}/etc/traefik/dynamic.yml"
cp "${WARDEN_DIR}/config/dnsmasq.conf" "${WARDEN_HOME_DIR}/etc/dnsmasq.conf"

cat >> "${WARDEN_HOME_DIR}/etc/traefik/dynamic.yml" <<-EOF
## generate dynamic traefik ssl termination configuration
cat > "${WARDEN_HOME_DIR}/etc/traefik/dynamic.yml" <<-EOF
tls:
stores:
default:
defaultCertificate:
certFile: /etc/ssl/certs/${WARDEN_SERVICE_DOMAIN}.crt.pem
keyFile: /etc/ssl/certs/${WARDEN_SERVICE_DOMAIN}.key.pem
certificates:
EOF

Expand All @@ -21,5 +37,5 @@ for cert in $(find "${WARDEN_SSL_DIR}/certs" -type f -name "*.crt.pem" | sed -E
EOF
done

pushd "${WARDEN_DIR}" >/dev/null
docker-compose -p warden -f docker/docker-compose.yml up -d "${WARDEN_PARAMS[@]}" "$@"
pushd "${WARDEN_HOME_DIR}" >/dev/null
docker-compose -p warden -f "${WARDEN_DIR}/docker/docker-compose.yml" up -d "${WARDEN_PARAMS[@]}" "$@"
7 changes: 0 additions & 7 deletions config/traefik/dynamic.yml

This file was deleted.

20 changes: 10 additions & 10 deletions docker/docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@ version: "3.5"
services:
traefik:
container_name: traefik
image: traefik:2.1
image: traefik:${TRAEFIK_VERSION:-2.1}
ports:
- "127.0.0.1:80:80" # The HTTP port
- "127.0.0.1:443:443" # The HTTPS port
- "${TRAEFIK_LISTEN:-127.0.0.1}:80:80" # The HTTP port
- "${TRAEFIK_LISTEN:-127.0.0.1}:443:443" # The HTTPS port
volumes:
- ~/.warden/etc/traefik/traefik.yml:/etc/traefik/traefik.yml
- ~/.warden/etc/traefik/dynamic.yml:/etc/traefik/dynamic.yml
Expand All @@ -18,9 +18,9 @@ services:
- traefik.http.routers.http-redirect.priority=1
- traefik.http.middlewares.http-redirect.redirectscheme.scheme=https
- traefik.http.routers.traefik.tls=true
- traefik.http.routers.traefik.rule=Host(`traefik.warden.test`)
- traefik.http.routers.traefik.rule=Host(`traefik.${WARDEN_SERVICE_DOMAIN:-warden.test}`)
- traefik.http.routers.traefik.service=api@internal
restart: always
restart: ${WARDEN_RESTART_POLICY:-always}

portainer:
container_name: portainer
Expand All @@ -31,9 +31,9 @@ services:
labels:
- traefik.enable=true
- traefik.http.routers.portainer.tls=true
- traefik.http.routers.portainer.rule=Host(`portainer.warden.test`)
- traefik.http.routers.portainer.rule=Host(`portainer.${WARDEN_SERVICE_DOMAIN:-warden.test}`)
- traefik.http.services.portainer.loadbalancer.server.port=9000
restart: always
restart: ${WARDEN_RESTART_POLICY:-always}

dnsmasq:
container_name: dnsmasq
Expand All @@ -45,9 +45,9 @@ services:
labels:
- traefik.enable=true
- traefik.http.routers.dnsmasq.tls=true
- traefik.http.routers.dnsmasq.rule=Host(`dnsmasq.warden.test`)
- traefik.http.routers.dnsmasq.rule=Host(`dnsmasq.${WARDEN_SERVICE_DOMAIN:-warden.test}`)
- traefik.http.services.dnsmasq.loadbalancer.server.port=8080
restart: always
restart: ${WARDEN_RESTART_POLICY:-always}

tunnel:
container_name: tunnel
Expand All @@ -67,7 +67,7 @@ services:
- SSH_USERS=user:2000:2000
- TCP_FORWARDING=true
restart: always
restart: ${WARDEN_RESTART_POLICY:-always}

volumes:
portainer:
Expand Down
4 changes: 4 additions & 0 deletions docs/netlify.toml
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
## As docs reference files outside build root; disable Netlify attempting to determine need for build.
## https://docs.netlify.com/configure-builds/file-based-configuration/#ignore-builds
[build]
ignore = "false"
16 changes: 16 additions & 0 deletions docs/services.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,3 +5,19 @@ After running `warden up` for the first time following installation, the followi
* [https://traefik.warden.test/](https://traefik.warden.test/)
* [https://portainer.warden.test/](https://portainer.warden.test/)
* [https://dnsmasq.warden.test/](https://dnsmasq.warden.test/)

### Customizable Settings

When spinning up global services via `docker-compose` Warden uses `~/.warden` as the project directory allowing a `.env` placed at `~/.warden/.env` to function for overriding variables in the `docker-compose` configuration used to deploy these services.

The following options are available (with default values indicated):

* `TRAEFIK_LISTEN=127.0.0.1` may be set to `0.0.0.0` for example to have Traefik accept connections from other devices on the local network.
* `WARDEN_RESTART_POLICY=always` may be set to `no` to prevent Docker from restarting these service containers or any other valid [restart policy](https://docs.docker.com/config/containers/start-containers-automatically/#use-a-restart-policy) value.
* `WARDEN_SERVICE_DOMAIN=warden.test` may be set to a domain of your choosing if so desired. Please note that this will not currently change network settings or alter `dnsmasq` configuration. Any TLD other than `test` will require DNS resolution be manually configured.

``` warning::
Setting ``TRAEFIK_LISTEN=0.0.0.0`` can be quite useful in some cases, but be aware that causing Traefik to listen for requests publicly poses a security risk when on public WiFi or networks otherwise outside of your control.
```

After changing settings in `~/.warden/.env`, please run `warden up` to apply.

0 comments on commit 48db02c

Please sign in to comment.