diff --git a/.github/workflows/pr-build.yml b/.github/workflows/pr-build.yml index 502ae5c2..732f3620 100644 --- a/.github/workflows/pr-build.yml +++ b/.github/workflows/pr-build.yml @@ -152,7 +152,9 @@ jobs: run: docker compose -f deploy/docker/docker-compose.yml down --volumes --remove-orphans - name: Run crAPI using built images - run: VERSION=${{ env.TAG_NAME }} docker compose -f deploy/docker/docker-compose.yml --compatibility up -d + run: | + cd deploy/docker + VERSION=${{ env.TAG_NAME }} docker compose -f docker-compose.yml --compatibility up -d - name: Install Node uses: actions/setup-node@v3 diff --git a/README.md b/README.md index 0d19c34e..87899ed2 100644 --- a/README.md +++ b/README.md @@ -10,9 +10,9 @@ know more about crAPI, please check [crAPI's overview][overview]. ## QuickStart Guide -### Docker and docker-compose +### Docker and docker compose -You'll need to have Docker and docker-compose installed and running on your host system. Also, the version of docker-compose should be `1.27.0` or above. Check your docker-compose version using: +You'll need to have Docker and docker compose installed and running on your host system. Also, the version of docker compose should be `1.27.0` or above. Check your docker compose version using: ``` docker compose version ``` @@ -22,38 +22,52 @@ docker compose version ```ERROR: Invalid interpolation format for ...``` #### Using prebuilt images -You can use prebuilt images generated by our CI workflow by downloading the docker-compose and .env files. +You can use prebuilt images generated by our CI workflow by downloading the docker compose and **.env** files. - To use the latest stable version. - Linux Machine ``` - curl -o docker-compose.yml https://raw.githubusercontent.com/OWASP/crAPI/main/deploy/docker/docker-compose.yml + curl -o /tmp/crapi.zip https://github.com/OWASP/crAPI/archive/refs/heads/main.zip - curl -o .env https://raw.githubusercontent.com/OWASP/crAPI/main/deploy/docker/.env + unzip /tmp/crapi.zip + + cd crAPI-main/deploy/docker + + docker compose pull + + docker compose -f docker compose.yml --compatibility up -d + ``` + + To override server configurations, change the values of the variables present in the **.env** file or add the respective variables to the start of the docker compose command. - docker-compose pull + For example to expose the system to all network interfaces. - docker-compose -f docker-compose.yml --compatibility up -d + ``` + LISTEN_IP="0.0.0.0" docker compose -f docker compose.yml --compatibility up -d ``` - Windows Machine ``` - curl.exe -o docker-compose.yml https://raw.githubusercontent.com/OWASP/crAPI/main/deploy/docker/docker-compose.yml + curl.exe -o crapi.zip https://github.com/OWASP/crAPI/archive/refs/heads/main.zip - curl.exe -o .env https://raw.githubusercontent.com/OWASP/crAPI/main/deploy/docker/.env + tar -xf .\crapi.zip + + cd crAPI-main/deploy/docker docker compose pull - docker compose -f docker-compose.yml --compatibility up -d + docker compose -f docker compose.yml --compatibility up -d ``` + + To override server configurations, change the values of the variables present in the **.env** file or add the respective variables to the start of the docker compose command. - To override server configurations, change the values of the variables present in the .env file or add the respective variables to the start of the docker-compose command. + For example to expose the system to all network interfaces. ``` - LISTEN_IP="127.0.0.1" docker-compose -f docker-compose.yml --compatibility up -d + LISTEN_IP="0.0.0.0" docker compose -f docker compose.yml --compatibility up -d ``` - To use the latest development version @@ -61,35 +75,48 @@ You can use prebuilt images generated by our CI workflow by downloading the dock - Linux Machine ``` - curl -o docker-compose.yml https://raw.githubusercontent.com/OWASP/crAPI/develop/deploy/docker/docker-compose.yml + curl -o /tmp/crapi.zip https://github.com/OWASP/crAPI/archive/refs/heads/develop.zip + + unzip /tmp/crapi.zip + + cd crAPI-develop/deploy/docker + + docker compose pull - curl -o .env https://raw.githubusercontent.com/OWASP/crAPI/main/deploy/docker/.env + docker compose -f docker compose.yml --compatibility up -d + ``` + + To override server configurations, change the values of the variables present in the **.env** file or add the respective variables to the start of the docker compose command. - VERSION=develop docker-compose pull + For example to expose the system to all network interfaces. - VERSION=develop docker compose -f docker-compose.yml --compatibility up -d + ``` + LISTEN_IP="0.0.0.0" docker compose -f docker compose.yml --compatibility up -d ``` - Windows Machine ``` - curl.exe -o docker-compose.yml https://raw.githubusercontent.com/OWASP/crAPI/develop/deploy/docker/docker-compose.yml + curl.exe -o crapi.zip https://github.com/OWASP/crAPI/archive/refs/heads/develop.zip - curl.exe -o .env https://raw.githubusercontent.com/OWASP/crAPI/main/deploy/docker/.env - - set "VERSION=develop" + tar -xf .\crapi.zip + + cd crAPI-develop/deploy/docker docker compose pull - docker compose -f docker-compose.yml --compatibility up -d + docker compose -f docker compose.yml --compatibility up -d ``` + + To override server configurations, change the values of the variables present in the **.env** file or add the respective variables to the start of the docker compose command. - - To Stop and Cleanup crAPI + For example to expose the system to all network interfaces. ``` - docker compose -f docker-compose.yml --compatibility down --volumes + LISTEN_IP="0.0.0.0" docker compose -f docker compose.yml --compatibility up -d ``` + Visit [http://localhost:8888](http://localhost:8888) **Note**: All emails are sent to mailhog service by default and can be checked on diff --git a/deploy/docker/docker-compose.yml b/deploy/docker/docker-compose.yml index 75fec095..0d8be746 100755 --- a/deploy/docker/docker-compose.yml +++ b/deploy/docker/docker-compose.yml @@ -18,7 +18,7 @@ services: #ports: # - "${LISTEN_IP:-127.0.0.1}:8080:8080" volumes: - - ./keys:/keys + - ./keys:/app/keys environment: - LOG_LEVEL=${LOG_LEVEL:-INFO} - DB_NAME=crapi @@ -254,7 +254,7 @@ services: #ports: # - "${LISTEN_IP:-127.0.0.1}:8443:443" # https healthcheck: - test: echo -n "GET / HTTP/1.1\n\n" > /dev/tcp/127.0.0.1/443 + test: bash -c 'echo -n "GET / HTTP/1.1\n\n" > /dev/tcp/127.0.0.1/443' interval: 15s timeout: 15s retries: 15 diff --git a/docs/setup.md b/docs/setup.md index e2ecf926..f1b53584 100644 --- a/docs/setup.md +++ b/docs/setup.md @@ -17,64 +17,99 @@ docker compose version You can use prebuilt images generated by our CI workflow by downloading the docker-compose and .env files. #### Start crAPI -- To use the latest stable version. - - Linux Machine + - To use the latest stable version. - ``` - curl -o docker-compose.yml https://raw.githubusercontent.com/OWASP/crAPI/main/deploy/docker/docker-compose.yml + - Linux Machine - curl -o .env https://raw.githubusercontent.com/OWASP/crAPI/main/deploy/docker/.env + ``` + curl -o /tmp/crapi.zip https://github.com/OWASP/crAPI/archive/refs/heads/main.zip + + unzip /tmp/crapi.zip + + cd crAPI-main/deploy/docker - docker compose pull + docker compose pull - docker compose -f docker-compose.yml --compatibility up -d - ``` + docker compose -f docker compose.yml --compatibility up -d + ``` + + To override server configurations, change the values of the variables present in the **.env** file or add the respective variables to the start of the docker compose command. - - Windows Machine + For example to expose the system to all network interfaces. - ``` - curl.exe -o docker-compose.yml https://raw.githubusercontent.com/OWASP/crAPI/main/deploy/docker/docker-compose.yml + ``` + LISTEN_IP="0.0.0.0" docker compose -f docker compose.yml --compatibility up -d + ``` - curl.exe -o .env https://raw.githubusercontent.com/OWASP/crAPI/main/deploy/docker/.env + - Windows Machine - docker compose pull + ``` + curl.exe -o crapi.zip https://github.com/OWASP/crAPI/archive/refs/heads/main.zip - docker compose -f docker-compose.yml --compatibility up -d - ``` - To override server configurations, change the values of the variables present in the .env file or add the respective variables to the start of the docker-compose command. + tar -xf .\crapi.zip + + cd crAPI-main/deploy/docker - ``` - LISTEN_IP="127.0.0.1" docker-compose -f docker-compose.yml --compatibility up -d - ``` + docker compose pull -- To use the latest development version + docker compose -f docker compose.yml --compatibility up -d + ``` + + To override server configurations, change the values of the variables present in the **.env** file or add the respective variables to the start of the docker compose command. - - Linux Machine + For example to expose the system to all network interfaces. - ``` - curl -o docker-compose.yml https://raw.githubusercontent.com/OWASP/crAPI/develop/deploy/docker/docker-compose.yml + ``` + LISTEN_IP="0.0.0.0" docker compose -f docker compose.yml --compatibility up -d + ``` - curl -o .env https://raw.githubusercontent.com/OWASP/crAPI/main/deploy/docker/.env + - To use the latest development version - VERSION=develop docker compose pull + - Linux Machine - VERSION=develop docker compose -f docker-compose.yml --compatibility up -d - ``` + ``` + curl -o /tmp/crapi.zip https://github.com/OWASP/crAPI/archive/refs/heads/develop.zip + + unzip /tmp/crapi.zip + + cd crAPI-develop/deploy/docker - - Windows Machine + docker compose pull - ``` - curl.exe -o docker-compose.yml https://raw.githubusercontent.com/OWASP/crAPI/develop/deploy/docker/docker-compose.yml + docker compose -f docker compose.yml --compatibility up -d + ``` + + To override server configurations, change the values of the variables present in the **.env** file or add the respective variables to the start of the docker compose command. - curl.exe -o .env https://raw.githubusercontent.com/OWASP/crAPI/main/deploy/docker/.env + For example to expose the system to all network interfaces. - set "VERSION=develop" + ``` + LISTEN_IP="0.0.0.0" docker compose -f docker compose.yml --compatibility up -d + ``` - docker compose pull + - Windows Machine + + ``` + curl.exe -o crapi.zip https://github.com/OWASP/crAPI/archive/refs/heads/develop.zip + + tar -xf .\crapi.zip + + cd crAPI-develop/deploy/docker + + docker compose pull + + docker compose -f docker compose.yml --compatibility up -d + ``` + + To override server configurations, change the values of the variables present in the **.env** file or add the respective variables to the start of the docker compose command. + + For example to expose the system to all network interfaces. + + ``` + LISTEN_IP="0.0.0.0" docker compose -f docker compose.yml --compatibility up -d + ``` - docker compose -f docker-compose.yml --compatibility up -d - ``` #### Visit [http://localhost:8888](http://localhost:8888). @@ -103,7 +138,7 @@ You can change the smtp configuration if required however all emails with domain - Linux Machine ``` - $ deploy/docker/build-all.sh + $ cd deploy/docker; build-all.sh ``` - Windows Machine @@ -114,7 +149,10 @@ You can change the smtp configuration if required however all emails with domain 3. Start crAPI ``` - $ docker compose -f deploy/docker/docker-compose.yml --compatibility up -d + $ cd deploy/docker + + $ docker compose -f docker-compose.yml --compatibility up -d + ``` 4. Visit `http://localhost:8888` diff --git a/services/gateway-service/Dockerfile b/services/gateway-service/Dockerfile index 8adcdb27..780a23a5 100644 --- a/services/gateway-service/Dockerfile +++ b/services/gateway-service/Dockerfile @@ -1,5 +1,4 @@ -FROM golang:1.17-buster AS builder - +FROM golang:1.21-bookworm AS builder WORKDIR /app COPY go.* ./ @@ -16,7 +15,8 @@ RUN wget https://github.com/minio/certgen/releases/latest/download/certgen-linux RUN /tmp/certgen -host "127.0.0.1,gateway-service,api.mypremiumdealership.com,mypremiumdealership.com" RUN ls -la -FROM debian:buster-slim +FROM debian:bookworm-slim +SHELL ["/bin/bash", "-c"] WORKDIR /app RUN set -x && apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \ diff --git a/services/identity/entrypoint.sh b/services/identity/entrypoint.sh index eec10b9b..377082b8 100755 --- a/services/identity/entrypoint.sh +++ b/services/identity/entrypoint.sh @@ -1,7 +1,8 @@ #!/bin/sh set -e -if [ -f /keys/jwks.json ]; then +if [ -f /app/keys/jwks.json ]; then + echo "Loading JWKS key file /app/keys/jwks.json" JWKS=$(openssl base64 -in /app/keys/jwks.json -A) else echo "Loading default JWKS file."