summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorclsr <clsr@clsr.net>2019-11-24 03:14:32 +0100
committerclsr <clsr@clsr.net>2019-11-24 03:14:32 +0100
commite4f689ff8d10764d807f334fc59e54c244d88e54 (patch)
treeafa664d2b5d3cd7e011c28eeac369f5362a877af
downloadgomf-docker-e4f689ff8d10764d807f334fc59e54c244d88e54.tar.gz
gomf-docker-e4f689ff8d10764d807f334fc59e54c244d88e54.zip
Initial commit
-rw-r--r--COPYING3
-rw-r--r--docker-compose.yaml26
-rw-r--r--gomf-modpanel.conf26
-rw-r--r--gomf-modpanel/Dockerfile31
-rw-r--r--gomf-modpanel/run-gomf-modpanel.bash64
-rw-r--r--gomf.conf131
-rw-r--r--gomf/Dockerfile31
-rw-r--r--gomf/run-gomf.bash90
8 files changed, 402 insertions, 0 deletions
diff --git a/COPYING b/COPYING
new file mode 100644
index 0000000..fd08ffe
--- /dev/null
+++ b/COPYING
@@ -0,0 +1,3 @@
+This software is released into the public domain.
+It is provided "as is", without warranties or conditions of any kind.
+Anyone is free to use, modify, redistribute and do anything with this software.
diff --git a/docker-compose.yaml b/docker-compose.yaml
new file mode 100644
index 0000000..4bb1536
--- /dev/null
+++ b/docker-compose.yaml
@@ -0,0 +1,26 @@
+version: '3.7'
+
+services:
+ gomf:
+ container_name: gomf
+ restart: always
+ build:
+ context: ./gomf
+ volumes:
+ - ./gomf.conf:/gomf.conf:ro
+ - gomf-storage:/gomf/upload:rw
+ - gomf-log:/gomf/log:rw
+
+ gomf-modpanel:
+ container_name: gomf-modpanel
+ restart: always
+ build:
+ context: ./gomf-modpanel
+ volumes:
+ - ./gomf-modpanel.conf:/gomf-modpanel.conf:ro
+ - gomf-storage:/gomf/upload:rw
+ - gomf-log:/gomf/log:rw
+
+volumes:
+ gomf-storage:
+ gomf-log:
diff --git a/gomf-modpanel.conf b/gomf-modpanel.conf
new file mode 100644
index 0000000..57b5827
--- /dev/null
+++ b/gomf-modpanel.conf
@@ -0,0 +1,26 @@
+# vim: set ft=sh:
+
+#shellcheck disable=SC2034
+
+# Simple startup/configuration script for gomf-modpanel
+# Leave options blank ("OPTION=", "OPTION=''") or comment them out to use
+# gomf-modpanel defaults (see `gomf-modpanel --help`)
+
+#
+# URL path prefix to serve modpanel under
+#URL_PREFIX=/mod/
+
+# URL path to deletion log
+#DELETION_LOG=/deleted
+
+# The URL that Gomf serves uploaded files on
+#
+# Defaults to /u/
+#UPLOAD_URL=https://u.example.com/
+
+# List of usernames and passwords that can access the mod panel
+#
+# Entries should be in the form "user:password"
+ACCESS=(
+ test:test
+)
diff --git a/gomf-modpanel/Dockerfile b/gomf-modpanel/Dockerfile
new file mode 100644
index 0000000..8601629
--- /dev/null
+++ b/gomf-modpanel/Dockerfile
@@ -0,0 +1,31 @@
+FROM golang:alpine AS builder
+
+RUN set -x \
+ && apk add --no-cache git build-base file-dev \
+ && git clone https://git.clsr.net/gomf/gomf-modpanel-web /gomf-modpanel-web \
+ && rm -rf /gomf-modpanel-web/.git \
+ && go get -v git.clsr.net/gomf/gomf-modpanel
+
+
+FROM alpine
+
+RUN set -x \
+ && apk add --no-cache libmagic bash
+
+COPY --from=builder /go/bin/gomf-modpanel /app/
+COPY --from=builder /gomf-modpanel-web /gomf-modpanel
+
+COPY run-gomf-modpanel.bash /app/
+
+ARG UID=1000
+RUN set -x \
+ && adduser -S -u $UID gomf \
+ && mkdir -p /gomf/upload/ids /gomf/log \
+ && chown -R gomf /gomf
+
+USER gomf
+WORKDIR /gomf-modpanel
+VOLUME /gomf/upload
+VOLUME /gomf/log
+EXPOSE 9001
+ENTRYPOINT ["bash", "/app/run-gomf-modpanel.bash"]
diff --git a/gomf-modpanel/run-gomf-modpanel.bash b/gomf-modpanel/run-gomf-modpanel.bash
new file mode 100644
index 0000000..bfa4385
--- /dev/null
+++ b/gomf-modpanel/run-gomf-modpanel.bash
@@ -0,0 +1,64 @@
+#!/bin/bash
+
+set -eu
+
+###############################################################################
+
+# The gomf-modpanel binary
+GOMF_MODPANEL_BIN=/app/gomf-modpanel
+
+# Root folder for Gomf containing gomf-modpanel-web files
+#
+# Defaults to current directory if not set.
+GOMF_MODPANEL_ROOT=/gomf-modpanel
+
+# Root folder for Gomf containing gomf-web files
+#
+# Defaults to current directory if not set.
+GOMF_ROOT=/gomf
+
+# The host to listen on for HTTP and/or HTTPS
+#
+# Use 'localhost' if using local reverse proxy, 0.0.0.0 to listen to any host
+# or a specific hostname to only allow connections to that address.
+LISTEN_HOST=0.0.0.0
+
+# The port to listen on for HTTP
+#
+# 80 for a standard HTTP server, probably a higher port (e.g. 9000) if
+# reverse-proxied.
+HTTP_PORT=9001
+
+# The port to listen on for HTTPS
+#
+# 443 for a standard HTTPS server. Requires TLS_CERT and TLS_KEY
+#HTTPS_PORT=8443
+
+# SSL certificate for HTTPS
+#TLS_CERT=cert.pem
+
+# SSL certificate key for HTTPS
+#TLS_KEY=key.pem
+
+source /gomf-modpanel.conf
+
+###############################################################################
+
+flags=()
+[ -n "${GOMF_MODPANEL_ROOT:-}" ] && cd "$GOMF_MODPANEL_ROOT"
+[ -n "${GOMF_ROOT:-}" ] && flags+=(--gomf-root "$GOMF_ROOT")
+[ -n "${URL_PREFIX:-}" ] && flags+=(--prefix "$URL_PREFIX")
+[ -n "${DELETION_LOG:-}" ] && flags+=(--deletion-log "$DELETION_LOG")
+[ -n "${UPLOAD_URL:-}" ] && flags+=(--upload-url "$UPLOAD_URL")
+[ -n "${HTTP_PORT:-}" ] && flags+=(--http "${LISTEN_HOST:-localhost}:$HTTP_PORT")
+[ -n "${HTTPS_PORT:-}" ] && [ -n "${TLS_CERT:-}" ] && [ -n "${TLS_KEY:-}" ] && flags+=(
+ --https "${LISTEN_HOST:-localhost}:$HTTPS_PORT"
+ --cert "$TLS_CERT" --key "$TLS_KEY")
+oldifs="$IFS" IFS=,
+[ -n "${ACCESS[*]:-}" ] && flags+=(--access "${ACCESS[*]}")
+IFS="$oldifs"
+
+printf "%s" "${GOMF_MODPANEL_BIN:-gomf-modpanel}"
+[ "${#flags}" -gt 0 ] && printf " \"%s\"" "${flags[@]}"
+printf "\n"
+exec "${GOMF_MODPANEL_BIN:-gomf-modpanel}" "${flags[@]}"
diff --git a/gomf.conf b/gomf.conf
new file mode 100644
index 0000000..9a0dc47
--- /dev/null
+++ b/gomf.conf
@@ -0,0 +1,131 @@
+# vim: set ft=sh:
+
+#shellcheck disable=SC2034
+
+# Simple startup/configuration script for Gomf
+# Leave options blank ("OPTION=", "OPTION=''") or comment them out to use Gomf
+# defaults (see `gomf --help`)
+
+
+# The website name, appearing on web pages
+#NAME='Gomf'
+
+# The hostname to serve uploaded files on
+#
+# By default, any connection can serve files on path /u/$file, but, if enabled,
+# this host will serve them directly on /$file.
+#UPLOAD_HOST=u.example.com
+
+# The URL to serve uploaded files on
+#
+# Generated URLs will be $UPLOAD_URL/$file.$ext.
+# If not specified, it is generated depending on which variables are set:
+# - $UPLOAD_HOST and $LISTEN_HTTPS: https://$UPLOAD_HOST/
+# - $UPLOAD_HOST and $LISTEN_HTTP: http://$UPLOAD_HOST/
+# - $LISTEN_HTTPS: https://$LISTEN_HTTPS/u/
+# - $LISTEN_HTTP: http://$LISTEN_HTTP/u/
+#UPLOAD_URL=https://u.example.com/
+
+# The contact email address, appearing on web pages
+#CONTACT_EMAIL=contact@example.com
+
+# The abuse contact email address, appearing on web pages
+#ABUSE_EMAIL=abuse@example.com
+
+# Adds the HSTS header to responses
+#HSTS=0
+
+# Sets the Content-Security-Policy header
+#
+# Useful for disallowing script execution in XML-based formats (e.g. SVG).
+# Gomf default is "default-src 'none'; media-src 'self'", which blocks all
+# scripts but allows inline video playback.
+# Set to "0" to disable the CSP header.
+#CSP="default-src 'none'; media-src 'self'"
+
+# Allows serving HTML/XHTML files with their actual MIME types
+#
+# If disabled, text/html and application/xhtml+xml will be served as types
+# text/plain to prevent rendering thme in browser and to keep services such as
+# CloudFlare from modifying them to insert its tracking JavaScript.
+#ALLOW_HTML=0
+
+# Sets Access-Control-Allow-Origin header to "*"
+#
+# This enables CORS and allows other sites' JavaScript applications to upload
+# files using XMLHttpRequest.
+#CORS=1
+
+# Enables grills
+#
+# With this enabled, the path /grill.php will serve a redirect to a random file
+# from the static/grill/ directory. This is used as a background-image in the
+# bottom right corner in the default gomf-web style.
+#GRILL=1
+
+# The charset used to generate file IDs
+#
+# Should only contain URL-safe characters. Must not contain / and _.
+#ID_CHARSET='abcdefghijklmnopqrstuvwxyz'
+
+# The length of generated file IDs
+#ID_LENGTH=6
+
+# Maximum allowed size in MiB
+#
+# When blank/commented, no maximum upload size is enforced.
+#MAX_SIZE_MIB=50
+
+# Enable whitelist mode instead of blacklist for filters
+#
+# When enabled, only the file extensions/types specified in filters are allowed
+# and all others are blocked. When disabled, the extensions/types in filters
+# are blocked and all others are allowed.
+#WHITELIST=0
+
+# The file extensions (without leading dot) to filter
+#
+# Set to an empty array to disable.
+#FILTER_EXT=(exe dll msi scr com pif)
+
+# The file MIME types to filter
+#
+# Set to an empty array to disable.
+#FILTER_MIME=(
+# application/x-dosexec
+# application/x-msdos-program
+#)
+
+# Enable logging
+#
+# When set to 1, all uploads are logged to $GOMF_ROOT/log/.
+LOG=1
+
+# Enable logging of IP addresses
+#LOG_IP=0
+
+# Enable logging of hashed IP addresses
+#LOG_IP_HASH=0
+
+# Enable logging of User-Agent headers
+#LOG_UA=0
+
+# Enable logging of hashed User-Agent headers
+#LOG_UA_HASH=0
+
+# Enable logging of Referer headers
+#LOG_REFERER=0
+
+# Enable logging of hashed Referer headers
+#LOG_REFERER_HASH=0
+
+# Salt for hashed log entries
+#
+# Used to obfuscate entries when LOG_*_HASH option is enabled for privacy.
+#LOG_HASH_SALT='put some unique string here'
+
+# Count of trusted reverse proxies
+#
+# Used to determine which, if any, X-Forwarded-For or X-Real-IP to trust when
+# logging or hashing the uploaders' IP addresses
+PROXY_COUNT=1
diff --git a/gomf/Dockerfile b/gomf/Dockerfile
new file mode 100644
index 0000000..4775fea
--- /dev/null
+++ b/gomf/Dockerfile
@@ -0,0 +1,31 @@
+FROM golang:alpine AS builder
+
+RUN set -x \
+ && apk add --no-cache git build-base file-dev \
+ && git clone https://git.clsr.net/gomf/gomf-web /gomf-web \
+ && rm -rf /gomf-web/.git \
+ && go get -v git.clsr.net/gomf/gomf
+
+
+FROM alpine
+
+RUN set -x \
+ && apk add --no-cache libmagic bash
+
+COPY --from=builder /go/bin/gomf /app/
+COPY --from=builder /gomf-web /gomf
+
+COPY run-gomf.bash /app/
+
+ARG UID=1000
+RUN set -x \
+ && adduser -S -u $UID gomf \
+ && mkdir -p /gomf/upload/ids /gomf/log \
+ && chown -R gomf /gomf
+
+USER gomf
+WORKDIR /gomf
+VOLUME /gomf/upload
+VOLUME /gomf/log
+EXPOSE 9000
+ENTRYPOINT ["bash", "/app/run-gomf.bash"]
diff --git a/gomf/run-gomf.bash b/gomf/run-gomf.bash
new file mode 100644
index 0000000..b4acd88
--- /dev/null
+++ b/gomf/run-gomf.bash
@@ -0,0 +1,90 @@
+#!/bin/bash
+
+set -eu
+
+###############################################################################
+
+# The Gomf binary
+GOMF_BIN=/app/gomf
+
+# Root folder for Gomf containing gomf-web files
+#
+# All paths in other options are relative to this.
+# Defaults to current directory if not set.
+GOMF_ROOT=/gomf
+
+# The host to listen on for HTTP and/or HTTPS
+#
+# Use 'localhost' if using local reverse proxy, 0.0.0.0 to listen to any host
+# or a specific hostname to only allow connections to that address.
+LISTEN_HOST=0.0.0.0
+
+# The port to listen on for HTTP
+#
+# 80 for a standard HTTP server, probably a higher port (e.g. 9000) if
+# reverse-proxied.
+HTTP_PORT=9000
+
+# The port to listen on for HTTPS
+#
+# 443 for a standard HTTPS server. Requires TLS_CERT and TLS_KEY
+#HTTPS_PORT=443
+
+# SSL certificate for HTTPS
+#TLS_CERT=cert.pem
+
+# SSL certificate key for HTTPS
+#TLS_KEY=key.pem
+
+# Redirect traffic accepted with the HTTP handler to HTTOS
+#
+# Uses the same host, path and query as the incomming request, just rewrites
+# the scheme to https://.
+# Only works when serving directly. If a reverse proxy is used, it should be
+# also used to set up this redirect instead.
+#REDIRECT_HTTPS=0
+
+source /gomf.conf
+
+###############################################################################
+
+flags=()
+[ -n "${GOMF_ROOT:-}" ] && cd "$GOMF_ROOT"
+[ -n "${NAME:-}" ] && flags+=(--name "$NAME")
+[ -n "${UPLOAD_HOST:-}" ] && flags+=(--upload-host "$UPLOAD_HOST")
+[ -n "${UPLOAD_URL:-}" ] && flags+=(--upload-url "$UPLOAD_URL")
+[ -n "${CONTACT_EMAIL:-}" ] && flags+=(--contact "$CONTACT_EMAIL")
+[ -n "${ABUSE_EMAIL:-}" ] && flags+=(--abuse "$ABUSE_EMAIL")
+[ -n "${HTTP_PORT:-}" ] && flags+=(--http "${LISTEN_HOST:-localhost}:$HTTP_PORT")
+[ -n "${HTTPS_PORT:-}" ] && [ -n "${TLS_CERT:-}" ] && [ -n "${TLS_KEY:-}" ] && flags+=(
+ --https "${LISTEN_HOST:-localhost}:$HTTPS_PORT"
+ --cert "$TLS_CERT" --key "$TLS_KEY")
+[ "${REDIRECT_HTTPS:-0}" -ne 0 ] && flags+=(--redirect-https)
+[ "${HSTS:-0}" -ne 0 ] && flags+=(--hsts)
+[ -n "${ID_CHARSET:-}" ] && flags+=(--id-charset "$ID_CHARSET")
+[ -n "${ID_LENGTH:-}" ] && flags+=(--id-length "$ID_LENGTH")
+[ -n "${MAX_SIZE_MIB:-}" ] && flags+=(--max-size "$((MAX_SIZE_MIB*1024*1024))")
+[ "${WHITELIST:-0}" -ne 0 ] && flags+=(--whitelist)
+oldifs="$IFS" IFS=,
+[ -n "$(declare -p FILTER_EXT 2>/dev/null)" ] && flags+=(--filter-ext "${FILTER_EXT[*]}")
+[ -n "$(declare -p FILTER_MIME 2>/dev/null)" ] && flags+=(--filter-mime "${FILTER_MIME[*]}")
+IFS="$oldifs"
+[ "${ALLOW_HTML:-0}" -ne 0 ] && flags+=(--allow-html)
+[ "${CORS:-0}" -ne 0 ] && flags+=(--cors)
+[ "${GRILL:-0}" -ne 0 ] && flags+=(--grill)
+[ -n "${CSP:-}" ] && [ "$CSP" = 0 ] && flags+=(--csp '')
+[ -n "${CSP:-}" ] && ! [ "$CSP" = 0 ] && flags+=(--csp "$CSP")
+[ "${LOG:-0}" -ne 0 ] && flags+=(--log)
+[ "${LOG_IP:-0}" -ne 0 ] && flags+=(--log-ip)
+[ "${LOG_IP_HASH:-0}" -ne 0 ] && flags+=(--log-ip-hash)
+[ "${LOG_UA:-0}" -ne 0 ] && flags+=(--log-ua)
+[ "${LOG_UA_HASH:-0}" -ne 0 ] && flags+=(--log-ua-hash)
+[ "${LOG_REFERER:-0}" -ne 0 ] && flags+=(--log-referer)
+[ "${LOG_REFERER_HASH:-0}" -ne 0 ] && flags+=(--log-referer-hash)
+[ -n "${LOG_HASH_SALT:-}" ] && flags+=(--log-hash-salt "$LOG_HASH_SALT")
+[ -n "${PROXY_COUNT:-}" ] && flags+=(--proxy-count "$PROXY_COUNT")
+
+printf "%s" "${GOMF_BIN:-gomf}"
+[ "${#flags}" -gt 0 ] && printf " \"%s\"" "${flags[@]}"
+printf "\n"
+exec "${GOMF_BIN:-gomf}" "${flags[@]}"