From 7420abf175a91a7e448e83dae92c6cfe3724fbf9 Mon Sep 17 00:00:00 2001 From: yusing Date: Fri, 28 Mar 2025 03:28:17 +0800 Subject: [PATCH] misc: update gitignore and trunk, remove next-release.md --- .gitignore | 7 +++- .trunk/trunk.yaml | 1 - next-release.md | 84 ----------------------------------------------- 3 files changed, 6 insertions(+), 86 deletions(-) delete mode 100644 next-release.md diff --git a/.gitignore b/.gitignore index 18745f6..e78c180 100755 --- a/.gitignore +++ b/.gitignore @@ -9,6 +9,8 @@ certs*/ bin/ error_pages/ !examples/error_pages/ +profiles/ +data/ logs/ log/ @@ -29,4 +31,7 @@ mtrace.json test.Dockerfile node_modules/ -tsconfig.tsbuildinfo \ No newline at end of file +tsconfig.tsbuildinfo + +!agent.compose.yml +!agent/pkg/** \ No newline at end of file diff --git a/.trunk/trunk.yaml b/.trunk/trunk.yaml index 3508123..dc2db00 100644 --- a/.trunk/trunk.yaml +++ b/.trunk/trunk.yaml @@ -23,7 +23,6 @@ lint: enabled: - hadolint@2.12.1-beta - actionlint@1.7.7 - - checkov@3.2.370 - git-diff-check - gofmt@1.20.4 - golangci-lint@1.64.5 diff --git a/next-release.md b/next-release.md deleted file mode 100644 index 4c8569e..0000000 --- a/next-release.md +++ /dev/null @@ -1,84 +0,0 @@ -## GoDoxy v0.10.0 - -### GoDoxy Agent - -Maintain secure connection between main server and agent server by authenticating and encrypting connection with mTLS. - -Main benefits: - -- No more exposing docker socket: drops the need of `docker-socket-proxy` -- No more exposing app ports: fewer attack surface - ```yaml - services: - app: - ... - # ports: # this part is not needed on agent server - # - 6789 - ``` -- Secure: no one can connect to it except GoDoxy main server because of mTLS, plus connection is encrypted -- Fetch info from agent server, e.g. CPU usage, Memory usage, container list, container logs, etc... (to be ready for beszel and dockge like features in WebUI) - -#### How to setup - -Prerequisites: - -- GoDoxy main server must be running - -1. Create a directory for agent server, cd into it -2. Copy `agent.compose.yml` into the directory -3. Modify `agent.compose.yml` to set `REGISTRATION_ALLOWED_HOSTS` -4. Run `docker-compose up -d` to start agent -5. Follow instructions on screen to run command on GoDoxy main server -6. Add config output to GoDoxy main server in `config.yml` under `providers.agents` - ```yaml - providers: - agents: - - 12.34.5.6:8889 - ``` - -### How does it work - -Setup flow: - -```mermaid -flowchart TD - subgraph Agent Server - A[Create a directory] --> - B[Setup agent.compose.yml] --> - C[Set REGISTRATION_ALLOWED_HOSTS] --> - D[Run agent] --> - E[Wait for main server to register] - - F[Respond to main server] - G[Agent now run in agent mode] - end - subgraph Main Server - E --> - H[Run register command] --> - I[Send registration request] --> F --> - J[Store client certs] --> - K[Send done request] --> G --> - L[Add agent to config.yml] - end -``` - -Run flow: - -```mermaid -flowchart TD - subgraph Agent HTTPS Server - aa[Load CA and SSL certs] --> - ab[Start HTTPS server] --> - - ac[Receive request] --> - ad[Verify client cert] --> - ae[Handle request] --> ac - end - subgraph Main Server - ma[Load client certs] --> - mb[Query agent version] --> ac - mb --> mc[Check if agent version matches] --> - md[Query agent info] --> ac - md --> ae --> me[Store agent info] - end -```