Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Sablier Traefik plugin. #401

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

Add Sablier Traefik plugin. #401

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 13 additions & 1 deletion traefik/.env-dist
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ TRAEFIK_CONFIG_VERBOSE=false
## Or use a sidecar service like a VPN client: TRAEFIK_NETWORK_MODE=service:wireguard-client
TRAEFIK_NETWORK_MODE=host

## Enable optional docker-compose profiles: default,error_pages,geoip_update,wireguard,wireguard-client
## Enable optional docker-compose profiles: default,error_pages,geoip_sablier,update,wireguard,wireguard-client
DOCKER_COMPOSE_PROFILES=default,error_pages

## DOCKER_CONTEXT is used to render context specific config from config/context-template
Expand Down Expand Up @@ -137,6 +137,18 @@ TRAEFIK_CERT_AUTH_MODULE=github.com/enigmacurry/traefik-certauthz
## mTLS Header
TRAEFIK_PLUGIN_MTLS_HEADER=true
TRAEFIK_MTLS_HEADER_MODULE=github.com/enigmacurry/traefik-plugin-mtls-header
# Sablier
TRAEFIK_PLUGIN_SABLIER=false
TRAEFIK_SABLIER_MODULE=github.com/mcmikemn/sablier
TRAEFIK_SABLIER_LOGGING_LEVEL=info
TRAEFIK_SABLIER_SESSION_DURATION=5m
TRAEFIK_SABLIER_SESSION_EXPIRATION_INTERVAL=20s
TRAEFIK_SABLIER_STRATEGY=blocking
TRAEFIK_SABLIER_DYNAMIC_CUSTOM_THEMES_PATH=
TRAEFIK_SABLIER_DYNAMIC_SHOW_DETAILS=false
TRAEFIK_SABLIER_DYNAMIC_DEFAUT_THEME=hacker-terminal
TRAEFIK_SABLIER_DYNAMIC_REFRESH_FREQUENCY=5s
TRAEFIK_SABLIER_BLOCKING_TIMEOUT=1m

## Entrypoints:
## Traefik web entrypoint (only used for redirecting to websecure entrypoint)
Expand Down
5 changes: 5 additions & 0 deletions traefik/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,9 @@ ARG CERT_AUTH_MODULE
ARG CERT_AUTH_GIT_BRANCH
ARG MTLS_HEADER_MODULE
ARG MTLS_HEADER_GIT_BRANCH
ARG SABLIER_MODULE
ARG SABLIER_GIT_BRANCH

RUN apk add --update git && \
git clone https://${BLOCKPATH_MODULE}.git /plugins-local/src/github.com/traefik/plugin-blockpath \
--depth 1 --single-branch --branch ${BLOCKPATH_GIT_BRANCH}
Expand All @@ -28,6 +31,8 @@ RUN git clone https://${CERT_AUTH_MODULE}.git /plugins-local/src/github.com/fame
--depth 1 --single-branch --branch ${CERT_AUTH_GIT_BRANCH}
RUN git clone https://${MTLS_HEADER_MODULE}.git /plugins-local/src/github.com/pnxs/traefik-plugin-mtls-header \
--depth 1 --single-branch --branch ${MTLS_HEADER_GIT_BRANCH}
RUN git clone https://${SABLIER_MODULE}.git /plugins-local/src/github.com/sablierapp/sablier \
--depth 1 --single-branch --branch ${SABLIER_GIT_BRANCH}

FROM ${TRAEFIK_IMAGE}
ARG TRAEFIK_UID TRAEFIK_GID TRAEFIK_DOCKER_GID
Expand Down
2 changes: 1 addition & 1 deletion traefik/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ show-wireguard-peers-qr:

.PHONY: compose-profiles
compose-profiles:
@${BIN}/reconfigure_compose_profiles ${ENV_FILE} TRAEFIK_PLUGIN_MAXMIND_GEOIP=geoip_update TRAEFIK_VPN_ENABLED=wireguard TRAEFIK_VPN_CLIENT_ENABLED=wireguard-client TRAEFIK_ERROR_PAGES_ENABLED=error-pages
@${BIN}/reconfigure_compose_profiles ${ENV_FILE} TRAEFIK_PLUGIN_MAXMIND_GEOIP=geoip_update TRAEFIK_VPN_ENABLED=wireguard TRAEFIK_VPN_CLIENT_ENABLED=wireguard-client TRAEFIK_ERROR_PAGES_ENABLED=error-pages TRAEFIK_PLUGIN_SABLIER=sablier

.PHONY: wireguard-reset
wireguard-reset:
Expand Down
1 change: 1 addition & 0 deletions traefik/config/setup.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ ytt_template() {
-v plugin_cert_auth="${TRAEFIK_PLUGIN_CERT_AUTH}" \
-v plugin_referer="${TRAEFIK_PLUGIN_REFERER}" \
-v plugin_mtls_header="${TRAEFIK_PLUGIN_MTLS_HEADER}" \
-v plugin_sablier="${TRAEFIK_PLUGIN_SABLIER}" \
-v web_entrypoint_enabled="${TRAEFIK_WEB_ENTRYPOINT_ENABLED}" \
-v web_entrypoint_host="${TRAEFIK_WEB_ENTRYPOINT_HOST}" \
-v web_entrypoint_port="${TRAEFIK_WEB_ENTRYPOINT_PORT}" \
Expand Down
31 changes: 31 additions & 0 deletions traefik/docker-compose.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
volumes:
traefik:
geoip_database:
sablier_config:
wireguard:
wireguard-client:

Expand Down Expand Up @@ -41,6 +42,7 @@ services:
- TRAEFIK_PLUGIN_MAXMIND_GEOIP=${TRAEFIK_PLUGIN_MAXMIND_GEOIP:-false}
- TRAEFIK_PLUGIN_REFERER=${TRAEFIK_PLUGIN_REFERER:-true}
- TRAEFIK_PLUGIN_HEADER_AUTHORIZATION=${TRAEFIK_PLUGIN_HEADER_AUTHORIZATION:-true}
- TRAEFIK_PLUGIN_SABLIER=${TRAEFIK_PLUGIN_SABLIER:-false}
- TRAEFIK_WEB_ENTRYPOINT_ENABLED=${TRAEFIK_WEB_ENTRYPOINT_ENABLED:-false}
- TRAEFIK_WEB_ENTRYPOINT_HOST=${TRAEFIK_WEB_ENTRYPOINT_HOST:-0.0.0.0}
- TRAEFIK_WEB_ENTRYPOINT_PORT=${TRAEFIK_WEB_ENTRYPOINT_PORT:-80}
Expand Down Expand Up @@ -135,6 +137,8 @@ services:
CERT_AUTH_GIT_BRANCH: main
MTLS_HEADER_MODULE: ${TRAEFIK_MTLS_HEADER_MODULE}
MTLS_HEADER_GIT_BRANCH: main
SABLIER_MODULE: ${TRAEFIK_SABLIER_MODULE}
SABLIER_GIT_BRANCH: main
TRAEFIK_UID: ${TRAEFIK_UID}
TRAEFIK_GID: ${TRAEFIK_GID}
TRAEFIK_DOCKER_GID: ${TRAEFIK_DOCKER_GID}
Expand Down Expand Up @@ -176,6 +180,33 @@ services:
volumes:
- "geoip_database:/usr/share/GeoIP"

sablier:
profiles:
- sablier
image: sablierapp/sablier:1.8.5
restart: on-failure:3
security_opt:
- no-new-privileges:true
#cap_drop:
# - ALL
# sysctls:
# - net.ipv4.conf.all.src_valid_mark=1
environment:
- LOGGING_LEVEL=${TRAEFIK_SABLIER_LOGGING_LEVEL}
- SESSIONS_DEFAULT_DURATION=${TRAEFIK_SABLIER_SESSION_DURATION}
- SESSIONS_EXPIRATION_INTERVAL=${TRAEFIK_SABLIER_SESSION_EXPIRATION_INTERVAL}
# We may need to use an override yaml file with templating so if TRAEFIK_SABLIER_STRATEGY=dynamic we add the 4 "DYNAMIC" env vars or if TRAEFIK_SABLIER_STRATEGY=blocking we add the 1 "BLOCKING" env var, because I'm not sure how Sablier will handle having them both set
- STRATEGY_DYNAMIC_CUSTOM_THEMES_PATH=${TRAEFIK_SABLIER_DYNAMIC_CUSTOM_THEMES_PATH}
- STRATEGY_DYNAMIC_SHOW_DETAILS_BY_DEFAULT=${TRAEFIK_SABLIER_DYNAMIC_SHOW_DETAILS}
- STRATEGY_DYNAMIC_DEFAUT_THEME=${TRAEFIK_SABLIER_DYNAMIC_DEFAUT_THEME}
- STRATEGY_DYNAMIC_DEFAULT_REFRESH_FREQUENCY=${TRAEFIK_SABLIER_DYNAMIC_REFRESH_FREQUENCY}
- STRATEGY_BLOCKING_DEFAULT_TIMEOUT=${TRAEFIK_SABLIER_BLOCKING_TIMEOUT}
command:
- start
- --provider.name=docker
volumes:
- '/var/run/docker.sock:/var/run/docker.sock'

wireguard:
profiles:
- wireguard
Expand Down
27 changes: 26 additions & 1 deletion traefik/setup.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -312,7 +312,8 @@ error_pages() {
middleware() {
wizard menu "Traefik middleware config:" \
"MaxMind geoIP locator = ./setup.sh maxmind_geoip" \
"OAuth2 sentry authorization (make sentry) = make sentry"
"OAuth2 sentry authorization (make sentry) = make sentry" \
"Sablier = ./setup.sh sablier"
}

maxmind_geoip() {
Expand All @@ -331,6 +332,30 @@ maxmind_geoip() {
fi
}

sablier() {
if ${BIN}/confirm $([[ $(${BIN}/dotenv -f ${ENV_FILE} get TRAEFIK_PLUGIN_SABLIER) == "true" ]] && echo "yes" || echo "no") "Do you want to enable the Sablier plugin" "?"; then
${BIN}/reconfigure ${ENV_FILE} TRAEFIK_PLUGIN_SABLIER=true
else
${BIN}/reconfigure ${ENV_FILE} TRAEFIK_PLUGIN_SABLIER=false
fi
if [[ $(${BIN}/dotenv -f ${ENV_FILE} get TRAEFIK_PLUGIN_SABLIER) == "true" ]]; then
echo "You may create a free MaxMind account: https://www.maxmind.com/en/geolite2/signup"
echo ""
${BIN}/reconfigure_ask ${ENV_FILE} TRAEFIK_SABLIER_LOGGING_LEVEL "Enter the logging level for Sablier"
${BIN}/reconfigure_ask ${ENV_FILE} TRAEFIK_SABLIER_SESSION_DURATION "Enter the default session duration (e.g., \"5m\")"
${BIN}/reconfigure_ask ${ENV_FILE} TRAEFIK_SABLIER_SESSION_EXPIRATION_INTERVAL "Enter the expiration checking interval. Higher duration gives less stress on CPU. If you only use sessions of 1h, setting this to 5m is a good trade-off"
${BIN}/reconfigure_ask ${ENV_FILE} TRAEFIK_SABLIER_STRATEGY "Enter the strategy Sablier should use (\"dynamic\" provides a waiting page for your session, \"blocking\" hangs the request until your session is ready)"
if [[ $(${BIN}/dotenv -f ${ENV_FILE} get TRAEFIK_SABLIER_STRATEGY) == "blocking" ]]; then
${BIN}/reconfigure_ask ${ENV_FILE} TRAEFIK_SABLIER_BLOCKING_TIMEOUT "Enter the default timeout used for the \"blocking\" strategy (e.g., \"1m\")"
else
ALLOW_BLANK=1 ${BIN}/reconfigure_ask ${ENV_FILE} TRAEFIK_SABLIER_DYNAMIC_CUSTOM_THEMES_PATH "Enter the path to custom themes (Sablier will load all .html files recursively) (leave blank to disable)"
${BIN}/reconfigure_ask ${ENV_FILE} TRAEFIK_SABLIER_DYNAMIC_SHOW_DETAILS "Enter \"true\" to show instances details by default in waiting UI, or \"false\" not to"
${BIN}/reconfigure_ask ${ENV_FILE} TRAEFIK_SABLIER_DYNAMIC_DEFAUT_THEME "Enter default theme used for the \"dynamic\" strategy (standard themes are \"ghost\", \"shuffle\", \"hacker-terminal\", and \"matrix\""
${BIN}/reconfigure_ask ${ENV_FILE} TRAEFIK_SABLIER_DYNAMIC_REFRESH_FREQUENCY "Enter the default refresh frequency in the HTML page for the \"dynamic\" strategy (e.g., \"5s\")"
fi
fi
}

layer_7_tls_proxy_get_routes() {
local ENABLED=$(${BIN}/dotenv -f ${ENV_FILE} get TRAEFIK_LAYER_7_TLS_PROXY_ENABLED)
local ROUTES=$(${BIN}/dotenv -f ${ENV_FILE} get TRAEFIK_LAYER_7_TLS_PROXY_ROUTES)
Expand Down