diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..54ce296 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,33 @@ +name: Release + +on: + push: + tags: + - 'v*.*.*' + +jobs: + + build: + name: Build + runs-on: ubuntu-latest + steps: + + - name: Set up Go + uses: actions/setup-go@v2 + with: + go-version: ^1.15 + id: go + + - name: Check out code into the Go module directory + uses: actions/checkout@v2 + + - name: Build + run: make all + + - name: Release + uses: softprops/action-gh-release@v1 + if: startsWith(github.ref, 'refs/tags/') + with: + files: dist/* + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/Makefile b/Makefile index 62f1f3d..599deed 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,15 @@ +BINARY=dist/rmake-proxy +INSTALLER=dist/installer.sh .PHONY: clean -build: version.go - go build +all: $(INSTALLER) + +$(BINARY): version.go + GOARCH=arm go build -ldflags="-w -s" -trimpath -o $(BINARY) version.go: go generate + +$(INSTALLER): $(BINARY) scripts/installer.sh + cp scripts/install.sh $@ + gzip -c $(BINARY) >> $@ clean: - rm secure + rm -fr dist diff --git a/README.md b/README.md index ce00d79..4653e81 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,8 @@ -# secure +# rmfakecloud-proxy Single-minded HTTPS reverse proxy -## Overview -TODO +(forked from https://github.com/yi-jiayu/secure) -## Motivation -I wanted HTTPS for `godoc -http :6060`. ## Usage ``` @@ -25,33 +22,3 @@ usage: secure [-addr host:port] -cert certfile -key keyfile upstream secure -cert cert.pem -key key.pem http://localhost:6060 ``` -## Demo -*nix: -``` -# generate self-signed certificate and private key -openssl req -newkey rsa:4096 -nodes -keyout key.pem -x509 -days 365 -out cert.pem -subj "/CN=localhost" - -# start godoc -godoc -http localhost:6060 & - -# secure it -secure -key key.pem -cert cert.pem http://localhost:6060 -``` - -Windows (PowerShell) -``` -# somehow obtain key.pem and cert.pem - -# start godoc -# Command Prompt: start godoc -http localhost:6060 -Start-Process godoc "-http localhost:6060" - -# secure it -secure -key key.pem -cert cert.pem http://localhost:6060 -``` - -## Features -- [x] TLS termination proxy -- [ ] Redirect HTTP to HTTPS -- [ ] Config file support -- [ ] Rudimentary logging diff --git a/scripts/installer.sh b/scripts/installer.sh new file mode 100755 index 0000000..1f82f21 --- /dev/null +++ b/scripts/installer.sh @@ -0,0 +1,217 @@ +#!/bin/bash +SERVICE_NAME=proxy +DESTINATION="/home/root/rmfakecloud" + +echo "" +echo "rmfakecloud proxy installer" +echo "" + + + +# Create destination folder + +function unpack(){ + mkdir -p ${DESTINATION} + systemctl stop proxy || true + # Find __ARCHIVE__ maker, read archive content and decompress it + ARCHIVE=$(awk '/^__ARCHIVE__/ {print NR + 1; exit 0; }' "${0}") + tail -n+${ARCHIVE} "${0}" | gunzip > ${DESTINATION}/${SERVICE_NAME} +} + +# marks all as unsynced so that they are not deleted +function fixsync(){ + grep sync ~/.local/share/remarkable/xochitl/*.metadata -l | xargs sed -i 's/synced\": true/synced\": false/' +} + +function install_proxyservice(){ +cloudurl=$1 +echo "Setting cloud sync to: ${cloudurl}" +workdir=$DESTINATION +cat > $workdir/proxy.cfg < /etc/systemd/system/proxy.service < csr.conf +[ req ] +default_bits = 2048 +default_keyfile = proxy.key +encrypt_key = no +default_md = sha256 +prompt = no +utf8 = yes +distinguished_name = dn +req_extensions = ext +x509_extensions = caext + +[ dn ] +C = AA +ST = QQ +L = JJ +O = the culture +CN = *.appspot.com + +[ ext ] +subjectAltName=@san +basicConstraints=CA:FALSE +subjectKeyIdentifier = hash + + +[ caext ] +subjectAltName=@san + +[ san ] +DNS.1 = *.appspot.com +DNS.2 = my.remarkable.com +# DNS.3 = any additional hosts +EOF + +# ca +if [ ! -f ca.crt ]; then + echo "Generating ca..." + openssl genrsa -out ca.key 2048 + openssl req -new -sha256 -x509 -key ca.key -out ca.crt -days 3650 -subj /CN=rmfakecloud + rm proxy.key || true + rm proxy.pubkey || true +else + echo "CA exists" +fi + +if [ ! -f proxy.key ]; then + echo "Generating proxy keys..." + openssl genrsa -out proxy.key 2048 + rm proxy.pubkey || true +else + echo "Private key exists" +fi + +if [ ! -f proxy.pubkey ]; then + openssl rsa -in proxy.key -pubout -out proxy.pubkey + rm proxy.crt || true +else + echo "Pub key exists" +fi + +if [ ! -f proxy.crt ]; then + openssl req -new -config ./csr.conf -key proxy.key -out proxy.csr + + # Signing + openssl x509 -req -in proxy.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out proxy.crt -days 3650 -extfile csr.conf -extensions caext + #cat proxy.crt ca.crt > proxy.bundle.crt + + echo "showing result" + #openssl x509 -in proxy.bundle.crt -text -noout + + echo "Generation complete" +else + echo "crt exists" +fi +} +# Put your logic here (if you need) +function install_certificates(){ + certdir="/usr/local/share/ca-certificates" + certname=$certdir/ca.crt + if [ -f $certname ]; then + echo "The cert has been already installed, it will be removed and reinstalled!!!" + rm $certname + update-ca-certificates --fresh + fi + mkdir -p $certdir + cp ca.crt $certdir/ + update-ca-certificates --fresh +} + +function patch_hosts(){ + if ! grep rmfake_start /etc/hosts ; then + cat <> /etc/hosts +# rmfake_start +127.0.0.1 hwr-production-dot-remarkable-production.appspot.com +127.0.0.1 service-manager-production-dot-remarkable-production.appspot.com +127.0.0.1 local.appspot.com +127.0.0.1 my.remarkable.com +# rmfake_end +EOF + fi + +} + +function doinstall(){ + unpack + generate_certificates + install_certificates + # install proxy + url=getproxy + installproxy.sh $url + patch_hosts + systemctl stop xochitl + fixsync + systemctl start xochitl +} + +function getproxy(){ + read -p "Enter your own cloud url: " url + echo $url +} + +case $1 in + "uninstall" ) + uninstall + ;; + + "install" ) + doinstall + ;; + + "setproxy" ) + shift 1 + url=$1 + if [ $# -lt 1 ]; then + url=$(getproxy) + fi + echo $url + ;; + + * ) + echo "params" + ;; + +esac + +# Exit from the script with success (0) +exit 0 + +__ARCHIVE__