akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 16 Packages Projects Releases Wiki Activity
Files
8e09efe548cf82a9343cbedd017941a25d37b2a3
Charon/docker-entrypoint.sh
GitHub Actions 8294d6ee49 Add QA test outputs, build scripts, and Dockerfile validation 
- Created `qa-test-output-after-fix.txt` and `qa-test-output.txt` to log results of certificate page authentication tests.
- Added `build.sh` for deterministic backend builds in CI, utilizing `go list` for efficiency.
- Introduced `codeql_scan.sh` for CodeQL database creation and analysis for Go and JavaScript/TypeScript.
- Implemented `dockerfile_check.sh` to validate Dockerfiles for base image and package manager mismatches.
- Added `sourcery_precommit_wrapper.sh` to facilitate Sourcery CLI usage in pre-commit hooks.
2025-12-11 18:26:24 +00:00

133 lines
4.3 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
set -e
# Entrypoint script to run both Caddy and Charon in a single container
# This simplifies deployment for home users
echo "Starting Charon with integrated Caddy..."
# Optional: Install and start CrowdSec (Local Mode)
CROWDSEC_PID=""
SECURITY_CROWDSEC_MODE=${CERBERUS_SECURITY_CROWDSEC_MODE:-${CHARON_SECURITY_CROWDSEC_MODE:-$CPM_SECURITY_CROWDSEC_MODE}}
# Always initialize CrowdSec configuration if missing and cscli is present
# This ensures cscli commands work even if the agent isn't running in background
if command -v cscli >/dev/null && [ ! -f "/etc/crowdsec/config.yaml" ]; then
echo "Initializing CrowdSec configuration..."
mkdir -p /etc/crowdsec
if [ -d "/etc/crowdsec.dist" ]; then
cp -r /etc/crowdsec.dist/* /etc/crowdsec/
fi
# Ensure data directories exist
mkdir -p /var/lib/crowdsec/data
mkdir -p /etc/crowdsec/hub
# Perform variable substitution if needed (standard CrowdSec config uses $CFG, $DATA, etc.)
# We set standard paths for Alpine/Docker
export CFG=/etc/crowdsec
export DATA=/var/lib/crowdsec/data
export PID=/var/run/crowdsec.pid
export LOG=/var/log/crowdsec.log
# Process config.yaml and user.yaml with envsubst
# We use a temp file to avoid issues with reading/writing same file
for file in /etc/crowdsec/config.yaml /etc/crowdsec/user.yaml; do
if [ -f "$file" ]; then
envsubst < "$file" > "$file.tmp" && mv "$file.tmp" "$file"
fi
done
# Update hub index to ensure CrowdSec can start
if [ ! -f "/etc/crowdsec/hub/.index.json" ]; then
echo "Updating CrowdSec hub index..."
cscli hub update || echo "Failed to update hub index (network issue?)"
fi
# Ensure local machine is registered (auto-heal for volume/config mismatch)
# We force registration because we just restored configuration (and likely credentials)
echo "Registering local machine..."
cscli machines add -a --force || echo "Failed to register local machine"
fi
if [ "$SECURITY_CROWDSEC_MODE" = "local" ]; then
echo "CrowdSec Local Mode enabled."
if command -v crowdsec >/dev/null; then
echo "Starting CrowdSec agent..."
crowdsec &
CROWDSEC_PID=$!
echo "CrowdSec started (PID: $CROWDSEC_PID)"
else
echo "CrowdSec binary not found."
fi
fi
# Start Caddy in the background with initial empty config
echo '{"apps":{}}' > /config/caddy.json
# Use JSON config directly; no adapter needed
caddy run --config /config/caddy.json &
CADDY_PID=$!
echo "Caddy started (PID: $CADDY_PID)"
# Wait for Caddy to be ready
echo "Waiting for Caddy admin API..."
i=1
while [ "$i" -le 30 ]; do
if wget -q -O- http://127.0.0.1:2019/config/ > /dev/null 2>&1; then
echo "Caddy is ready!"
break
fi
i=$((i+1))
sleep 1
done
# Start Charon management application
echo "Starting Charon management application..."
DEBUG_FLAG=${CHARON_DEBUG:-$CPMP_DEBUG}
DEBUG_PORT=${CHARON_DEBUG_PORT:-$CPMP_DEBUG_PORT}
if [ "$DEBUG_FLAG" = "1" ]; then
echo "Running Charon under Delve (port $DEBUG_PORT)"
bin_path=/app/charon
if [ ! -f "$bin_path" ]; then
bin_path=/app/cpmp
fi
/usr/local/bin/dlv exec "$bin_path" --headless --listen=":$DEBUG_PORT" --api-version=2 --accept-multiclient --continue --log -- &
else
bin_path=/app/charon
if [ ! -f "$bin_path" ]; then
bin_path=/app/cpmp
fi
"$bin_path" &
fi
APP_PID=$!
echo "Charon started (PID: $APP_PID)"
shutdown() {
echo "Shutting down..."
kill -TERM "$APP_PID" 2>/dev/null || true
kill -TERM "$CADDY_PID" 2>/dev/null || true
if [ -n "$CROWDSEC_PID" ]; then
echo "Stopping CrowdSec..."
kill -TERM "$CROWDSEC_PID" 2>/dev/null || true
wait "$CROWDSEC_PID" 2>/dev/null || true
fi
wait "$APP_PID" 2>/dev/null || true
wait "$CADDY_PID" 2>/dev/null || true
exit 0
}
# Trap signals for graceful shutdown
trap 'shutdown' TERM INT
echo "Charon is running!"
echo " - Management UI: http://localhost:8080"
echo " - Caddy Proxy: http://localhost:80, https://localhost:443"
echo " - Caddy Admin API: http://localhost:2019"
# Wait loop: exit when either process dies, then shutdown the other
while kill -0 "$APP_PID" 2>/dev/null && kill -0 "$CADDY_PID" 2>/dev/null; do
sleep 1
done
echo "A process exited, initiating shutdown..."
shutdown
Reference in New Issue View Git Blame Copy Permalink