go-http-tunnel icon indicating copy to clipboard operation
go-http-tunnel copied to clipboard

Published 20 hours ago verified publisher icon mmatczuk

Add docker image

Open osiloke opened this issue 8 years ago • 9 comments

  • Adds customizable docker image for running tunneld

osiloke avatar Oct 24 '17 19:10 osiloke

Thanks, I'll review it next week as I'm on a conference.

mmatczuk avatar Oct 24 '17 21:10 mmatczuk

Hi @osiloke,

I've built your image successfully with some changes:

In the builder:

RUN apk add --no-cache git ca-certificates \
	&& go get -v github.com/mmatczuk/go-http-tunnel/cmd/tunneld

In the final image:

RUN apk add --no-cache openssl ca-certificates

ENV COUNTY="US" \
  STATE="New Jersey" \
  LOCATION="Piscataway" \
  ORGANISATION="Ecample" \
  ROOT_CN="Root" \
  ISSUER_CN="Example Ltd" \
  PUBLIC_CN="example.com" \
  ROOT_NAME="root" \
  ISSUER_NAME="example" \
  PUBLIC_NAME="public" \
  RSA_KEY_NUMBITS="2048" \
  DAYS="365"

Also, are you sure the env key COUNTY shouln't be COUNTRY?

ubergesundheit avatar Nov 08 '17 11:11 ubergesundheit

Sorry for hijacking.. The .sh files should be executable (chmod +x )

ubergesundheit avatar Nov 08 '17 12:11 ubergesundheit

@osiloke I really like this but ran into some issues with creating and reading the certs... I mapped /etc/ssl/certs to a different volume than in the README.md.

Error sample:

[i] Start OpenSSL, cert file save path: /etc/ssl/certs
[i] Generate root.crt
Generating RSA private key, 2048 bit long modulus
....+++
.....................................+++
e is 65537 (0x10001)
Cannot modifiy certificate subject
cp: can't stat 'root.crt': No such file or directory

Also, like @ubergesundheit mentioned, I had to chmod +x the .sh files in the Dockerfile because I got a permission error on entrypoint.sh.

I tried to follow the README.md, but I feel it misses critical build steps that would make this addition even more friendly.

rheinardkorf avatar Nov 11 '17 09:11 rheinardkorf

It would make even more sense to use a docker volume to store the certificates or even use certificates obtained from lets encrypt.

Create docker image: docker volume create tunnel-certs And then docker run -v tunnel-certs:/etc/ssl/certs -p 4443:4443 tunneld/tunneld

ubergesundheit avatar Nov 11 '17 10:11 ubergesundheit

Is there a plan to get this published in Docker Hub?

thdxr avatar Nov 28 '17 17:11 thdxr

There is a plan to do that yet right now the focus is on streamlining the tunnel usage. Based on that there will be an official docker image.

mmatczuk avatar Nov 28 '17 20:11 mmatczuk

Some news for this official image?

MichelDiz avatar Feb 25 '18 20:02 MichelDiz

This is my draft of a very optimized image (4meg). You can remove 'tunnel' for server need (2meg)

FROM golang:alpine as builder EXPOSE 80 443 5223

RUN apk add --update bash git upx && rm -rf /var/cache/apk/* RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go get -u -ldflags="-s -w" -u github.com/mmatczuk/go-http-tunnel/cmd/... RUN upx -5 /go/bin/tunnel RUN upx -5 /go/bin/tunneld

FROM scratch COPY --from=builder /etc/passwd /etc/passwd EXPOSE 5223

COPY --from=builder /go/bin/tunneld /go/bin/tunneld

optional

COPY --from=builder /go/bin/tunnel /go/bin/tunnel

Run it: docker run -d -v pwd:/tunnel go-tunnel /go/bin/tunneld -tlsCrt /tunnel/server.crt -tlsKey /tunnel/server.key

gpatri avatar Sep 18 '18 16:09 gpatri