Merge remote-tracking branch 'origin/main' into size-limit

This commit is contained in:
cupcakearmy 2021-12-20 17:44:53 +01:00
commit 048c5198a2
No known key found for this signature in database
GPG Key ID: 3235314B4D31232F
4 changed files with 112 additions and 5 deletions

View File

@ -36,10 +36,19 @@ each note has a 512bit generated <i>id</i> that is used to retrieve the note. da
![screenshot](./design/Screens.png)
## Environment Variables
| Variable | Default | Description |
| ------------ | ----------------- | --------------------------------------------------------------------------------------- |
| `MEMCACHE` | `memcached:11211` | Memcached URL to connect to. |
| `SIZE_LIMIT` | `1 KiB` | Max size for body. Accepted values according to [byte-unit](https://docs.rs/byte-unit/) |
## Deployment
`https` is required otherwise browsers will not support the cryptographic functions.
### Docker
Docker is the easiest way. There is the [official image here](https://hub.docker.com/r/cupcakearmy/cryptgeon).
```yaml
@ -60,12 +69,46 @@ services:
- 80:5000
```
### Environment Variables
### NGINX Proxy
| Variable | Default | Description |
| ------------ | ----------------- | --------------------------------------------------------------------------------------- |
| `MEMCACHE` | `memcached:11211` | Memcached URL to connect to. |
| `SIZE_LIMIT` | `1 KiB` | Max size for body. Accepted values according to [byte-unit](https://docs.rs/byte-unit/) |
See the [examples/nginx](https://github.com/cupcakearmy/cryptgeon/tree/main/examples/nginx) folder. There an example with a simple proxy, and one with https. You need to specify the server names and certificates.
### Traefik 2
Assumptions:
- External proxy docker network `proxy`
- A certificate resolver `le`
- A https entrypoint `secure`
- Domain name `example.org`
```yaml
version: '3.8'
networks:
proxy:
external: true
services:
memcached:
image: memcached:1-alpine
restart: unless-stopped
entrypoint: memcached -m 128 # Limit to 128 MB Ram, customize at free will.
app:
image: cupcakearmy/cryptgeon:latest
restart: unless-stopped
depends_on:
- memcached
networks:
- default
- proxy
labels:
- traefik.enable=true
- traefik.http.routers.cryptgeon.rule=Host(`example.org`)
- traefik.http.routers.cryptgeon.entrypoints=secure
- traefik.http.routers.cryptgeon.tls.certresolver=le
```
## Development

View File

@ -0,0 +1,22 @@
version: '3.8'
services:
memcached:
image: memcached:1-alpine
entrypoint: memcached -m 128 # Limit to 128 MB Ram, customize at free will.
app:
image: cupcakearmy/cryptgeon:latest
depends_on:
- memcached
proxy:
image: nginx:alpine
depends_on:
- app
volumes:
- ./nginx-plain.conf:/etc/nginx/conf.d/default.conf
# Or with tls
# - ./nginx-tls.conf:/etc/nginx/conf.d/default.conf
ports:
- 80:80

View File

@ -0,0 +1,13 @@
server {
listen 80;
listen [::]:80;
server_name _;
location / {
proxy_pass http://app:5000/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

View File

@ -0,0 +1,29 @@
# You should change the server_name to something sensible.
# Also you need to specify the path to the ssl certificates.
server {
listen 80;
listen [::]:80;
server_name _;
# Enforce HTTPS
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name _;
ssl_certificate /path/to/fullchain.pem;
ssl_certificate_key /path/to/privkey.pem;
ssl_trusted_certificate /path/to/fullchain.pem;
location / {
proxy_pass http://app:5000/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}