Merge pull request #111 from fosrl/dev

major changes for 1.0.0-beta.9

.github/workflows/cicd.yml

@@ -0,0 +1,82 @@
+name: CI/CD Pipeline
+
+on:
+    push:
+        tags:
+            - "*"
+
+jobs:
+    release:
+        name: Build and Release
+        runs-on: ubuntu-latest
+
+        steps:
+            - name: Checkout code
+              uses: actions/checkout@v3
+
+            - name: Set up Docker Buildx
+              uses: docker/setup-buildx-action@v2
+
+            - name: Log in to Docker Hub
+              uses: docker/login-action@v2
+              with:
+                  username: ${{ secrets.DOCKER_HUB_USERNAME }}
+                  password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
+
+            - name: Extract tag name
+              id: get-tag
+              run: echo "TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
+
+            - name: Install Go
+              uses: actions/setup-go@v4
+              with:
+                  go-version: 1.23.0
+
+            - name: Update version in package.json
+              run: |
+                  TAG=${{ env.TAG }}
+                  if [ -f package.json ]; then
+                    jq --arg version "$TAG" '.version = $version' package.json > package.tmp.json && mv package.tmp.json package.json
+                    echo "Updated package.json with version $TAG"
+                  else
+                    echo "package.json not found"
+                  fi
+                  cat package.json
+
+            - name: Pull latest Gerbil version
+              id: get-gerbil-tag
+              run: |
+                  LATEST_TAG=$(curl -s https://api.github.com/repos/fosrl/gerbil/tags | jq -r '.[0].name')
+                  echo "LATEST_GERBIL_TAG=$LATEST_TAG" >> $GITHUB_ENV
+
+            - name: Pull latest Badger version
+              id: get-badger-tag
+              run: |
+                  LATEST_TAG=$(curl -s https://api.github.com/repos/fosrl/badger/tags | jq -r '.[0].name')
+                  echo "LATEST_BADGER_TAG=$LATEST_TAG" >> $GITHUB_ENV
+
+            - name: Update install/main.go
+              run: |
+                  PANGOLIN_VERSION=${{ env.TAG }}
+                  GERBIL_VERSION=${{ env.LATEST_GERBIL_TAG }}
+                  sed -i "s/config.PangolinVersion = \".*\"/config.PangolinVersion = \"$PANGOLIN_VERSION\"/" install/main.go
+                  sed -i "s/config.GerbilVersion = \".*\"/config.GerbilVersion = \"$GERBIL_VERSION\"/" install/main.go
+                  sed -i "s/config.BadgerVersion = \".*\"/config.BadgerVersion = \"$BADGER_VERSION\"/" install/main.go
+                  echo "Updated install/main.go with Pangolin version $PANGOLIN_VERSION, Gerbil version $GERBIL_VERSION, and Badger version $BADGER_VERSION"
+                  cat install/main.go
+
+            - name: Build installer
+              working-directory: install
+              run: |
+                  make release
+
+            - name: Upload artifacts from /install/bin
+              uses: actions/upload-artifact@v4
+              with:
+                  name: install-bin
+                  path: install/bin/
+
+            - name: Build and push Docker images
+              run: |
+                  TAG=${{ env.TAG }}
+                  make build-release tag=$TAG

.gitignore

@@ -31,3 +31,5 @@ dist
 installer
 *.tar
 bin
+.secrets
+test_event.json

README.md

@@ -32,6 +32,7 @@ _Sites page of Pangolin dashboard (dark mode) showing multiple tunnels connected
 -   Secure and easy to configure site-to-site connectivity via a custom **user space WireGuard client**, [Newt](https://github.com/fosrl/newt).
 -   Built-in support for any WireGuard client.
 -   Automated **SSL certificates** (https) via [LetsEncrypt](https://letsencrypt.org/).
+-   Support for HTTP/HTTPS and **raw TCP/UDP services**.
 
 ### Identity & Access Management
 

config/config.example.yml

@@ -1,27 +1,27 @@
 app:
-    dashboard_url: http://localhost:3002
-    base_domain: localhost
-    log_level: info
+    dashboard_url: "http://localhost:3002"
+    base_domain: "localhost"
+    log_level: "info"
     save_logs: false
 
 server:
     external_port: 3000
     internal_port: 3001
     next_port: 3002
-    internal_hostname: pangolin
+    internal_hostname: "pangolin"
     secure_cookies: true
-    session_cookie_name: p_session
-    resource_session_cookie_name: p_resource_session
-    resource_access_token_param: p_token
+    session_cookie_name: "p_session_token"
+    resource_access_token_param: "p_token"
+    resource_session_request_param: "p_session_request"
 
 traefik:
-    cert_resolver: letsencrypt
-    http_entrypoint: web
-    https_entrypoint: websecure
+    cert_resolver: "letsencrypt"
+    http_entrypoint: "web"
+    https_entrypoint: "websecure"
 
 gerbil:
     start_port: 51820
-    base_endpoint: localhost
+    base_endpoint: "localhost"
     block_size: 24
     site_block_size: 30
     subnet_group: 100.89.137.0/20
@@ -34,10 +34,11 @@ rate_limits:
 
 users:
     server_admin:
-        email: [email protected]
-        password: Password123!
+        email: "[email protected]"
+        password: "Password123!"
 
 flags:
     require_email_verification: false
     disable_signup_without_invite: true
     disable_user_create_org: true
+    allow_raw_resources: true

config/traefik/dynamic_config.example.yml

@@ -3,7 +3,6 @@ http:
     redirect-to-https:
       redirectScheme:
         scheme: https
-        permanent: true
 
   routers:
     # HTTP to HTTPS redirect router

config/traefik/traefik_config.example.yml

@@ -4,7 +4,13 @@ api:
 
 providers:
   http:
-    endpoint: "http://pangolin:{{.INTERNAL_PORT}}/api/v1/traefik-config"
+    endpoint: "http://pangolin:3001/api/v1/traefik-config/http"
+    pollInterval: "5s"
+  udp:
+    endpoint: "http://pangolin:3001/api/v1/traefik-config/udp"
+    pollInterval: "5s"
+  tcp:
+    endpoint: "http://pangolin:3001/api/v1/traefik-config/tcp"
     pollInterval: "5s"
   file:
     filename: "/etc/traefik/dynamic_config.yml"
@@ -13,7 +19,7 @@ experimental:
   plugins:
     badger:
       moduleName: "github.com/fosrl/badger"
-      version: "v1.0.0-beta.2"
+      version: "v1.0.0-beta.3"
 
 log:
   level: "INFO"
@@ -33,6 +39,9 @@ entryPoints:
     address: ":80"
   websecure:
     address: ":443"
+    transport:
+      respondingTimeouts:
+        readTimeout: "30m"
     http:
       tls:
         certResolver: "letsencrypt"

install/Makefile

@@ -1,4 +1,3 @@
-
 all: build
 
 build:

install/fs/config.yml

@@ -1,33 +1,33 @@
 app:
-    dashboard_url: https://{{.DashboardDomain}}
-    base_domain: {{.BaseDomain}}
-    log_level: info
+    dashboard_url: "https://{{.DashboardDomain}}"
+    base_domain: "{{.BaseDomain}}"
+    log_level: "info"
     save_logs: false
 
 server:
     external_port: 3000
     internal_port: 3001
     next_port: 3002
-    internal_hostname: pangolin
+    internal_hostname: "pangolin"
     secure_cookies: true
-    session_cookie_name: p_session
-    resource_session_cookie_name: p_resource_session
-    resource_access_token_param: p_token
+    session_cookie_name: "p_session_token"
+    resource_access_token_param: "p_token"
+    resource_session_request_param: "p_session_request"
     cors:
         origins: ["https://{{.DashboardDomain}}"]
         methods: ["GET", "POST", "PUT", "DELETE", "PATCH"]
         headers: ["X-CSRF-Token", "Content-Type"]
         credentials: false
 
 traefik:
-    cert_resolver: letsencrypt
-    http_entrypoint: web
-    https_entrypoint: websecure
+    cert_resolver: "letsencrypt"
+    http_entrypoint: "web"
+    https_entrypoint: "websecure"
     prefer_wildcard_cert: false
 
 gerbil:
     start_port: 51820
-    base_endpoint: {{.DashboardDomain}}
+    base_endpoint: "{{.DashboardDomain}}"
     use_subdomain: false
     block_size: 24
     site_block_size: 30
@@ -39,18 +39,19 @@ rate_limits:
         max_requests: 100
 {{if .EnableEmail}}
 email:
-    smtp_host: {{.EmailSMTPHost}}
-    smtp_port: {{.EmailSMTPPort}}
-    smtp_user: {{.EmailSMTPUser}}
-    smtp_pass: {{.EmailSMTPPass}}
-    no_reply: {{.EmailNoReply}}
+    smtp_host: "{{.EmailSMTPHost}}"
+    smtp_port: "{{.EmailSMTPPort}}"
+    smtp_user: "{{.EmailSMTPUser}}"
+    smtp_pass: "{{.EmailSMTPPass}}"
+    no_reply: "{{.EmailNoReply}}"
 {{end}}
 users:
     server_admin:
-        email: {{.AdminUserEmail}}
-        password: {{.AdminUserPassword}}
+        email: "{{.AdminUserEmail}}"
+        password: "{{.AdminUserPassword}}"
 
 flags:
     require_email_verification: {{.EnableEmail}}
     disable_signup_without_invite: {{.DisableSignupWithoutInvite}}
     disable_user_create_org: {{.DisableUserCreateOrg}}
+    allow_raw_resources: true

install/fs/traefik/dynamic_config.yml

@@ -3,7 +3,6 @@ http:
     redirect-to-https:
       redirectScheme:
         scheme: https
-        permanent: true
 
   routers:
     # HTTP to HTTPS redirect router

install/fs/traefik/traefik_config.yml

@@ -4,7 +4,13 @@ api:
 
 providers:
   http:
-    endpoint: "http://pangolin:3001/api/v1/traefik-config"
+    endpoint: "http://pangolin:3001/api/v1/traefik-config/http"
+    pollInterval: "5s"
+  udp:
+    endpoint: "http://pangolin:3001/api/v1/traefik-config/udp"
+    pollInterval: "5s"
+  tcp:
+    endpoint: "http://pangolin:3001/api/v1/traefik-config/tcp"
     pollInterval: "5s"
   file:
     filename: "/etc/traefik/dynamic_config.yml"
@@ -13,7 +19,7 @@ experimental:
   plugins:
     badger:
       moduleName: "github.com/fosrl/badger"
-      version: "v1.0.0-beta.2"
+      version: "{{.BadgerVersion}}"
 
 log:
   level: "INFO"
@@ -33,6 +39,9 @@ entryPoints:
     address: ":80"
   websecure:
     address: ":443"
+    transport:
+      respondingTimeouts:
+        readTimeout: "30m"
     http:
       tls:
         certResolver: "letsencrypt"