root: more code merging
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
ce49d7ea5b
commit
ff42663d3c
|
@ -1,7 +1,6 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"net/url"
|
||||
"os"
|
||||
|
@ -40,48 +39,67 @@ func main() {
|
|||
|
||||
u, _ := url.Parse("http://localhost:8000")
|
||||
|
||||
g := gounicorn.NewGoUnicorn()
|
||||
ws := web.NewWebServer()
|
||||
defer g.Kill()
|
||||
defer ws.Shutdown()
|
||||
for {
|
||||
g := gounicorn.NewGoUnicorn()
|
||||
go attemptStartBackend(g)
|
||||
go attemptStartBackend(g, ex)
|
||||
ws.Start()
|
||||
go attemptProxyStart(u, ex)
|
||||
|
||||
ws := web.NewWebServer()
|
||||
ws.Run()
|
||||
|
||||
proxy :=
|
||||
|
||||
<-ex
|
||||
ws.Stop()
|
||||
<-ex
|
||||
log.WithField("logger", "authentik").Debug("shutting down webserver")
|
||||
ws.Shutdown()
|
||||
log.WithField("logger", "authentik").Debug("killing gunicorn")
|
||||
g.Kill()
|
||||
}
|
||||
go func() {
|
||||
|
||||
maxTries := 100
|
||||
attempt := 0
|
||||
for {
|
||||
err := attemptProxyStart(u, ex)
|
||||
if err != nil {
|
||||
attempt += 1
|
||||
time.Sleep(5 * time.Second)
|
||||
if attempt > maxTries {
|
||||
break
|
||||
}
|
||||
}
|
||||
}
|
||||
}()
|
||||
}
|
||||
|
||||
func attemptStartBackend(g *gounicorn.GoUnicorn) error {
|
||||
func attemptStartBackend(g *gounicorn.GoUnicorn, exitSignal chan os.Signal) error {
|
||||
for {
|
||||
err := g.Start()
|
||||
log.WithField("logger", "authentik.g").WithError(err).Warning("gunicorn process died, restarting")
|
||||
select {
|
||||
case <-exitSignal:
|
||||
return nil
|
||||
default:
|
||||
log.WithField("logger", "authentik.g").WithError(err).Warning("gunicorn process died, restarting")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func attemptProxyStart(u *url.URL, exitSignal chan os.Signal) (*ak.APIController, error) {
|
||||
ac := ak.NewAPIController(*u, config.G.SecretKey)
|
||||
if ac == nil {
|
||||
return nil, errors.New("failed to start")
|
||||
func attemptProxyStart(u *url.URL, exitSignal chan os.Signal) error {
|
||||
maxTries := 100
|
||||
attempt := 0
|
||||
for {
|
||||
log.WithField("logger", "authentik").Debug("attempting to init outpost")
|
||||
ac := ak.NewAPIController(*u, config.G.SecretKey)
|
||||
if ac == nil {
|
||||
attempt += 1
|
||||
time.Sleep(1 * time.Second)
|
||||
if attempt > maxTries {
|
||||
break
|
||||
}
|
||||
continue
|
||||
}
|
||||
ac.Server = proxy.NewServer(ac)
|
||||
err := ac.Start()
|
||||
log.WithField("logger", "authentik").Debug("attempting to start outpost")
|
||||
if err != nil {
|
||||
attempt += 1
|
||||
time.Sleep(5 * time.Second)
|
||||
if attempt > maxTries {
|
||||
break
|
||||
}
|
||||
continue
|
||||
}
|
||||
select {
|
||||
case <-exitSignal:
|
||||
ac.Shutdown()
|
||||
return nil
|
||||
default:
|
||||
break
|
||||
}
|
||||
}
|
||||
ac.Server = proxy.NewServer(ac)
|
||||
return ac, nil
|
||||
return nil
|
||||
}
|
||||
|
|
|
@ -13,7 +13,7 @@ import (
|
|||
"github.com/pkg/errors"
|
||||
"github.com/recws-org/recws"
|
||||
"goauthentik.io/internal/constants"
|
||||
"goauthentik.io/outpost/api"
|
||||
"goauthentik.io/api"
|
||||
|
||||
log "github.com/sirupsen/logrus"
|
||||
)
|
||||
|
|
|
@ -3,7 +3,7 @@ package ak
|
|||
import (
|
||||
"context"
|
||||
|
||||
"goauthentik.io/outpost/api"
|
||||
"goauthentik.io/api"
|
||||
)
|
||||
|
||||
func (a *APIController) Update() ([]api.ProxyOutpostConfig, error) {
|
||||
|
|
|
@ -13,9 +13,9 @@ import (
|
|||
|
||||
goldap "github.com/go-ldap/ldap/v3"
|
||||
"github.com/nmcclain/ldap"
|
||||
"goauthentik.io/api"
|
||||
"goauthentik.io/internal/constants"
|
||||
"goauthentik.io/internal/outpost/ak"
|
||||
"goauthentik.io/outpost/api"
|
||||
)
|
||||
|
||||
const ContextUserKey = "ak_user"
|
||||
|
|
|
@ -8,7 +8,7 @@ import (
|
|||
"strings"
|
||||
|
||||
"github.com/nmcclain/ldap"
|
||||
"goauthentik.io/outpost/api"
|
||||
"goauthentik.io/api"
|
||||
)
|
||||
|
||||
func (pi *ProviderInstance) SearchMe(user api.User, searchReq ldap.SearchRequest, conn net.Conn) (ldap.ServerSearchResult, error) {
|
||||
|
|
|
@ -5,7 +5,7 @@ import (
|
|||
|
||||
"github.com/go-openapi/strfmt"
|
||||
log "github.com/sirupsen/logrus"
|
||||
"goauthentik.io/outpost/api"
|
||||
"goauthentik.io/api"
|
||||
"goauthentik.io/internal/outpost/ak"
|
||||
|
||||
"github.com/nmcclain/ldap"
|
||||
|
|
|
@ -4,7 +4,7 @@ import (
|
|||
"fmt"
|
||||
|
||||
"github.com/nmcclain/ldap"
|
||||
"goauthentik.io/outpost/api"
|
||||
"goauthentik.io/api"
|
||||
)
|
||||
|
||||
func AKAttrsToLDAP(attrs interface{}) []*ldap.EntryAttribute {
|
||||
|
|
|
@ -4,7 +4,7 @@ import (
|
|||
"net/url"
|
||||
|
||||
log "github.com/sirupsen/logrus"
|
||||
"goauthentik.io/outpost/api"
|
||||
"goauthentik.io/api"
|
||||
)
|
||||
|
||||
func (s *Server) Refresh() error {
|
||||
|
|
|
@ -15,7 +15,7 @@ import (
|
|||
"github.com/oauth2-proxy/oauth2-proxy/pkg/middleware"
|
||||
"github.com/oauth2-proxy/oauth2-proxy/pkg/validation"
|
||||
log "github.com/sirupsen/logrus"
|
||||
"goauthentik.io/outpost/api"
|
||||
"goauthentik.io/api"
|
||||
)
|
||||
|
||||
type providerBundle struct {
|
||||
|
|
|
@ -21,7 +21,7 @@ import (
|
|||
"github.com/oauth2-proxy/oauth2-proxy/pkg/sessions"
|
||||
"github.com/oauth2-proxy/oauth2-proxy/pkg/upstream"
|
||||
"github.com/oauth2-proxy/oauth2-proxy/providers"
|
||||
"goauthentik.io/outpost/api"
|
||||
"goauthentik.io/api"
|
||||
|
||||
log "github.com/sirupsen/logrus"
|
||||
)
|
||||
|
|
|
@ -47,12 +47,12 @@ func NewWebServer() *WebServer {
|
|||
return ws
|
||||
}
|
||||
|
||||
func (ws *WebServer) Run() {
|
||||
ws.listenPlain()
|
||||
ws.listenTLS()
|
||||
func (ws *WebServer) Start() {
|
||||
go ws.listenPlain()
|
||||
go ws.listenTLS()
|
||||
}
|
||||
|
||||
func (ws *WebServer) Stop() {
|
||||
func (ws *WebServer) Shutdown() {
|
||||
ws.stop <- struct{}{}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,2 +0,0 @@
|
|||
Dockerfile.*
|
||||
.git
|
|
@ -1,5 +0,0 @@
|
|||
all: clean
|
||||
|
||||
clean:
|
||||
go mod tidy
|
||||
go clean .
|
|
@ -1,27 +0,0 @@
|
|||
# authentik outpost
|
||||
|
||||
[![CI Build status](https://img.shields.io/azure-devops/build/beryjuorg/authentik/8?style=flat-square)](https://dev.azure.com/beryjuorg/authentik/_build?definitionId=8)
|
||||
![Docker pulls (proxy)](https://img.shields.io/docker/pulls/beryju/authentik-proxy.svg?style=flat-square)
|
||||
![Docker pulls (ldap)](https://img.shields.io/docker/pulls/beryju/authentik-ldap.svg?style=flat-square)
|
||||
|
||||
Reverse Proxy based on [oauth2_proxy](https://github.com/oauth2-proxy/oauth2-proxy), completely managed and monitored by authentik.
|
||||
|
||||
LDAP Server using [ldap](https://github.com/nmcclain/ldap), completely managed and monitored by authentik.
|
||||
|
||||
## Usage
|
||||
|
||||
authentik Outpost is built to be configured by authentik itself, hence the only options you can directly give it are connection params.
|
||||
|
||||
The following environment variable are implemented:
|
||||
|
||||
`AUTHENTIK_HOST`: Full URL to the authentik instance with protocol, i.e. "https://authentik.company.tld"
|
||||
|
||||
`AUTHENTIK_TOKEN`: Token used to authenticate against authentik. This is generated after an Outpost instance is created.
|
||||
|
||||
`AUTHENTIK_INSECURE`: This environment variable can optionally be set to ignore the SSL Certificate of the authentik instance. Applies to both HTTP and WS connections.
|
||||
|
||||
## Development
|
||||
|
||||
authentik outpost uses an auto-generated API Client to communicate with authentik. This client is not kept in git. To generate the client locally, run `make gen-outpost` in the root directory of the repo.
|
||||
|
||||
Afterwards you can build the outpost like any other Go project, using `go build ./cmd/proxy/server.go` or `go build ./cmd/ldap/server.go`.
|
Reference in a new issue