diff --git a/cmd/server/main.go b/cmd/server/main.go index 9e42d4df9..df2c73eb9 100644 --- a/cmd/server/main.go +++ b/cmd/server/main.go @@ -1,7 +1,6 @@ package main import ( - "errors" "fmt" "net/url" "os" @@ -40,48 +39,67 @@ func main() { u, _ := url.Parse("http://localhost:8000") + g := gounicorn.NewGoUnicorn() + ws := web.NewWebServer() + defer g.Kill() + defer ws.Shutdown() for { - g := gounicorn.NewGoUnicorn() - go attemptStartBackend(g) + go attemptStartBackend(g, ex) + ws.Start() + go attemptProxyStart(u, ex) - ws := web.NewWebServer() - ws.Run() - - proxy := - - <-ex - ws.Stop() + <-ex + log.WithField("logger", "authentik").Debug("shutting down webserver") + ws.Shutdown() + log.WithField("logger", "authentik").Debug("killing gunicorn") g.Kill() } - go func() { - - maxTries := 100 - attempt := 0 - for { - err := attemptProxyStart(u, ex) - if err != nil { - attempt += 1 - time.Sleep(5 * time.Second) - if attempt > maxTries { - break - } - } - } - }() } -func attemptStartBackend(g *gounicorn.GoUnicorn) error { +func attemptStartBackend(g *gounicorn.GoUnicorn, exitSignal chan os.Signal) error { for { err := g.Start() - log.WithField("logger", "authentik.g").WithError(err).Warning("gunicorn process died, restarting") + select { + case <-exitSignal: + return nil + default: + log.WithField("logger", "authentik.g").WithError(err).Warning("gunicorn process died, restarting") + } } } -func attemptProxyStart(u *url.URL, exitSignal chan os.Signal) (*ak.APIController, error) { - ac := ak.NewAPIController(*u, config.G.SecretKey) - if ac == nil { - return nil, errors.New("failed to start") +func attemptProxyStart(u *url.URL, exitSignal chan os.Signal) error { + maxTries := 100 + attempt := 0 + for { + log.WithField("logger", "authentik").Debug("attempting to init outpost") + ac := ak.NewAPIController(*u, config.G.SecretKey) + if ac == nil { + attempt += 1 + time.Sleep(1 * time.Second) + if attempt > maxTries { + break + } + continue + } + ac.Server = proxy.NewServer(ac) + err := ac.Start() + log.WithField("logger", "authentik").Debug("attempting to start outpost") + if err != nil { + attempt += 1 + time.Sleep(5 * time.Second) + if attempt > maxTries { + break + } + continue + } + select { + case <-exitSignal: + ac.Shutdown() + return nil + default: + break + } } - ac.Server = proxy.NewServer(ac) - return ac, nil + return nil } diff --git a/internal/outpost/ak/api.go b/internal/outpost/ak/api.go index 3ceab548a..5f8c806ac 100644 --- a/internal/outpost/ak/api.go +++ b/internal/outpost/ak/api.go @@ -13,7 +13,7 @@ import ( "github.com/pkg/errors" "github.com/recws-org/recws" "goauthentik.io/internal/constants" - "goauthentik.io/outpost/api" + "goauthentik.io/api" log "github.com/sirupsen/logrus" ) diff --git a/internal/outpost/ak/api_update.go b/internal/outpost/ak/api_update.go index d2fea76ab..d88998cab 100644 --- a/internal/outpost/ak/api_update.go +++ b/internal/outpost/ak/api_update.go @@ -3,7 +3,7 @@ package ak import ( "context" - "goauthentik.io/outpost/api" + "goauthentik.io/api" ) func (a *APIController) Update() ([]api.ProxyOutpostConfig, error) { diff --git a/internal/outpost/ldap/instance_bind.go b/internal/outpost/ldap/instance_bind.go index 435bb8ae5..edb857976 100644 --- a/internal/outpost/ldap/instance_bind.go +++ b/internal/outpost/ldap/instance_bind.go @@ -13,9 +13,9 @@ import ( goldap "github.com/go-ldap/ldap/v3" "github.com/nmcclain/ldap" + "goauthentik.io/api" "goauthentik.io/internal/constants" "goauthentik.io/internal/outpost/ak" - "goauthentik.io/outpost/api" ) const ContextUserKey = "ak_user" diff --git a/internal/outpost/ldap/instance_search.go b/internal/outpost/ldap/instance_search.go index 0e459e03e..54d4ab1d3 100644 --- a/internal/outpost/ldap/instance_search.go +++ b/internal/outpost/ldap/instance_search.go @@ -8,7 +8,7 @@ import ( "strings" "github.com/nmcclain/ldap" - "goauthentik.io/outpost/api" + "goauthentik.io/api" ) func (pi *ProviderInstance) SearchMe(user api.User, searchReq ldap.SearchRequest, conn net.Conn) (ldap.ServerSearchResult, error) { diff --git a/internal/outpost/ldap/ldap.go b/internal/outpost/ldap/ldap.go index c7f72e972..4e9ff08b1 100644 --- a/internal/outpost/ldap/ldap.go +++ b/internal/outpost/ldap/ldap.go @@ -5,7 +5,7 @@ import ( "github.com/go-openapi/strfmt" log "github.com/sirupsen/logrus" - "goauthentik.io/outpost/api" + "goauthentik.io/api" "goauthentik.io/internal/outpost/ak" "github.com/nmcclain/ldap" diff --git a/internal/outpost/ldap/utils.go b/internal/outpost/ldap/utils.go index b32c20783..1155426db 100644 --- a/internal/outpost/ldap/utils.go +++ b/internal/outpost/ldap/utils.go @@ -4,7 +4,7 @@ import ( "fmt" "github.com/nmcclain/ldap" - "goauthentik.io/outpost/api" + "goauthentik.io/api" ) func AKAttrsToLDAP(attrs interface{}) []*ldap.EntryAttribute { diff --git a/internal/outpost/proxy/api.go b/internal/outpost/proxy/api.go index e9526e3db..c97814b86 100644 --- a/internal/outpost/proxy/api.go +++ b/internal/outpost/proxy/api.go @@ -4,7 +4,7 @@ import ( "net/url" log "github.com/sirupsen/logrus" - "goauthentik.io/outpost/api" + "goauthentik.io/api" ) func (s *Server) Refresh() error { diff --git a/internal/outpost/proxy/api_bundle.go b/internal/outpost/proxy/api_bundle.go index 463072522..f604249bf 100644 --- a/internal/outpost/proxy/api_bundle.go +++ b/internal/outpost/proxy/api_bundle.go @@ -15,7 +15,7 @@ import ( "github.com/oauth2-proxy/oauth2-proxy/pkg/middleware" "github.com/oauth2-proxy/oauth2-proxy/pkg/validation" log "github.com/sirupsen/logrus" - "goauthentik.io/outpost/api" + "goauthentik.io/api" ) type providerBundle struct { diff --git a/internal/outpost/proxy/proxy.go b/internal/outpost/proxy/proxy.go index ec0aae395..3848baf53 100644 --- a/internal/outpost/proxy/proxy.go +++ b/internal/outpost/proxy/proxy.go @@ -21,7 +21,7 @@ import ( "github.com/oauth2-proxy/oauth2-proxy/pkg/sessions" "github.com/oauth2-proxy/oauth2-proxy/pkg/upstream" "github.com/oauth2-proxy/oauth2-proxy/providers" - "goauthentik.io/outpost/api" + "goauthentik.io/api" log "github.com/sirupsen/logrus" ) diff --git a/internal/web/web.go b/internal/web/web.go index bcf5f4f17..a7c425ee0 100644 --- a/internal/web/web.go +++ b/internal/web/web.go @@ -47,12 +47,12 @@ func NewWebServer() *WebServer { return ws } -func (ws *WebServer) Run() { - ws.listenPlain() - ws.listenTLS() +func (ws *WebServer) Start() { + go ws.listenPlain() + go ws.listenTLS() } -func (ws *WebServer) Stop() { +func (ws *WebServer) Shutdown() { ws.stop <- struct{}{} } diff --git a/outpost/.dockerignore b/outpost/.dockerignore deleted file mode 100644 index 21c374849..000000000 --- a/outpost/.dockerignore +++ /dev/null @@ -1,2 +0,0 @@ -Dockerfile.* -.git diff --git a/outpost/Makefile b/outpost/Makefile deleted file mode 100644 index c6c6caa6b..000000000 --- a/outpost/Makefile +++ /dev/null @@ -1,5 +0,0 @@ -all: clean - -clean: - go mod tidy - go clean . diff --git a/outpost/README.md b/outpost/README.md deleted file mode 100644 index 45971c9c5..000000000 --- a/outpost/README.md +++ /dev/null @@ -1,27 +0,0 @@ -# authentik outpost - -[![CI Build status](https://img.shields.io/azure-devops/build/beryjuorg/authentik/8?style=flat-square)](https://dev.azure.com/beryjuorg/authentik/_build?definitionId=8) -![Docker pulls (proxy)](https://img.shields.io/docker/pulls/beryju/authentik-proxy.svg?style=flat-square) -![Docker pulls (ldap)](https://img.shields.io/docker/pulls/beryju/authentik-ldap.svg?style=flat-square) - -Reverse Proxy based on [oauth2_proxy](https://github.com/oauth2-proxy/oauth2-proxy), completely managed and monitored by authentik. - -LDAP Server using [ldap](https://github.com/nmcclain/ldap), completely managed and monitored by authentik. - -## Usage - -authentik Outpost is built to be configured by authentik itself, hence the only options you can directly give it are connection params. - -The following environment variable are implemented: - -`AUTHENTIK_HOST`: Full URL to the authentik instance with protocol, i.e. "https://authentik.company.tld" - -`AUTHENTIK_TOKEN`: Token used to authenticate against authentik. This is generated after an Outpost instance is created. - -`AUTHENTIK_INSECURE`: This environment variable can optionally be set to ignore the SSL Certificate of the authentik instance. Applies to both HTTP and WS connections. - -## Development - -authentik outpost uses an auto-generated API Client to communicate with authentik. This client is not kept in git. To generate the client locally, run `make gen-outpost` in the root directory of the repo. - -Afterwards you can build the outpost like any other Go project, using `go build ./cmd/proxy/server.go` or `go build ./cmd/ldap/server.go`.