Compare commits

...

2 Commits

Author SHA1 Message Date
c5cd522a22 Enhance README 2023-08-31 19:09:17 +02:00
30fe61c9c0 Add support for SSH git URLs 2023-08-31 19:03:16 +02:00
4 changed files with 34 additions and 4 deletions

View File

@ -1,7 +1,8 @@
FROM nginx:mainline-alpine
# Install hugo
RUN apk add hugo git
RUN apk add hugo git openssh bash
# Copy over auxiliary scripts
COPY aux/* /docker-entrypoint.d/
COPY aux /aux
COPY init/* /docker-entrypoint.d/

View File

@ -4,13 +4,32 @@ A nginx-powered container hosting a hugo-built blog regularly pulled off git.
## Run
There are multiple options to get your Hugo blog into blogker:
- by specifying a git URL where it gets pulled from regularly
- by passing in the required files via a bind or volume mount
### Auto-Pull Git
If you store your blog data in a git repository, run the container with env `REPO_URL` set to a Git repo:
`docker run -e REPO_URL=https://git.maride.cc/maride/sec.maride.cc.git -p 80:80 -d blogker`
The repository will be pulled and built every 10 minutes.
#### Pull frequency
The repository will be pulled and built every 10 minutes by default.
Other values can be specified by the `BUILDFREQ` environment variable.
For example, if you want to have the blog updated every minute:
`docker run -e REPO_URL=https://... -e BUILDFREQ=1 -p 80:80 -d blogker`
Lowering this value may risk running into rate limits on some git servers.
#### SSH URLs
If you specify a SSH URL (`ssh:// ...`) for your repository, the host key will be automatically pulled and added as trusted host. Make sure to double-check those host keys with your git server - although a [MITM](https://www.rapid7.com/fundamentals/man-in-the-middle-attacks/) scenario is unlikely and won't pose a big risk in the case of blogker. [YMMV](https://www.urbandictionary.com/define.php?term=ymmv), but still, this may be a security risk in some cases.
If you want to pull private repositories, you may need to generate a SSH key for this purpose, and hand in the private key file, e.g. via `-v ./id_rsa:/root/.ssh/id_rsa`.
### Passthrough via Bind

10
init/check-ssh.sh Executable file
View File

@ -0,0 +1,10 @@
#!/bin/bash
SSH_GIT_URL_REGEX="^ssh:\/\/([^@]+@)?([a-z0-9\-\.]+)[:/].*$"
if [[ "$REPO_URL" =~ $SSH_GIT_URL_REGEX ]]; then
echo "Detected SSH repo URL, importing host key"
ssh-keyscan ${BASH_REMATCH[2]} >> /root/.ssh/known_hosts || exit 1
fi
/aux/pull-n-build.sh || exit 1

View File

@ -9,7 +9,7 @@ if [ "$BUILDFREQ" == "" ]; then
fi
# Run the pull script regularly
echo "$BUILDFREQ * * * * /docker-entrypoint.d/pull-n-build.sh" >> /var/spool/cron/crontabs/root
echo "$BUILDFREQ * * * * /aux/pull-n-build.sh" >> /var/spool/cron/crontabs/root
# start cron daemon (goes into background)
crond