Compare commits
14 Commits
62586de020
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| a1df4dcfdf | |||
| af3d1fd3cb | |||
| 0989f51a55 | |||
| 827ed9f83b | |||
| 6d5dbee874 | |||
| 63f67c7188 | |||
| bfebad5e5d | |||
| bc946e62e2 | |||
| 14d90d34aa | |||
| d77801788f | |||
| f77ade44d5 | |||
| c5d6916fa6 | |||
| 1b2bb83eeb | |||
| 2884cd91a8 |
4
.gitignore
vendored
4
.gitignore
vendored
@@ -1,2 +1,4 @@
|
||||
.env
|
||||
**/.venv
|
||||
**/.env
|
||||
**/__pycache__
|
||||
**/*.pem
|
||||
|
||||
13
Dockerfile
13
Dockerfile
@@ -1,13 +0,0 @@
|
||||
FROM alpine:3.23
|
||||
|
||||
RUN apk add --no-cache python3 py3-pip
|
||||
RUN pip3 install --break-system-packages flask flask-httpauth gunicorn requests jmespath
|
||||
# Clean up apk cache
|
||||
RUN rm -rf /var/cache/apk/*
|
||||
|
||||
WORKDIR /app
|
||||
COPY app.py /app/app.py
|
||||
|
||||
EXPOSE 8080
|
||||
|
||||
CMD ["gunicorn", "--bind", "0.0.0.0:8080", "app:app"]
|
||||
40
README.md
40
README.md
@@ -20,7 +20,7 @@ The repository contains a Flask-based API proxy that allows Omada controller to
|
||||
On an Ubuntu/Debian system, you can install the required packages using apt:
|
||||
|
||||
```bash
|
||||
sudo apt install -y python3 python3-dotenv python3-flask python3-flask-httpauth python3-requests
|
||||
sudo apt install -y python3 python3-dotenv python3-flask python3-flask-httpauth python3-requests gunicorn
|
||||
```
|
||||
|
||||
Copy the `app.py` file to your desired location, and run it using Python:
|
||||
@@ -28,3 +28,41 @@ Copy the `app.py` file to your desired location, and run it using Python:
|
||||
```bash
|
||||
flask run app.py
|
||||
```
|
||||
|
||||
or use Gunicorn for production:
|
||||
|
||||
```bash
|
||||
gunicorn --bind 0.0.0.0:8080 app:app
|
||||
```
|
||||
|
||||
## Self-Signed SSL Certificate (Optional)
|
||||
|
||||
To run the Flask app with HTTPS, you can create a self-signed SSL certificate:
|
||||
|
||||
```bash
|
||||
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes -subj "/CN=localhost" -addext "subjectAltName=DNS:localhost"
|
||||
```
|
||||
|
||||
Then run the Flask app with SSL context:
|
||||
|
||||
```bash
|
||||
flask run --cert=cert.pem --key=key.pem
|
||||
```
|
||||
|
||||
To use the Mail In A Box server's SSL certificate, use the following files:
|
||||
|
||||
- certificate: `/miab-data/ssl/ssl_certificate.pem`
|
||||
- private key: `/miab-data/ssl/ssl_private_key.pem`
|
||||
|
||||
> **Note:** You have to run the web server as root to access the private key file.
|
||||
|
||||
## Service Installation
|
||||
|
||||
```
|
||||
sudo mkdir -p /opt/dns-updater
|
||||
sudo cp app.py /opt/dns-updater/
|
||||
sudo cp dns-updater.service /etc/systemd/system/
|
||||
sudo systemctl daemon-reload
|
||||
sudo systemctl enable --now dns-updater.service
|
||||
sudo systemctl status dns-updater.service
|
||||
```
|
||||
|
||||
22
app/Dockerfile
Normal file
22
app/Dockerfile
Normal file
@@ -0,0 +1,22 @@
|
||||
FROM alpine:3.23
|
||||
|
||||
RUN apk add --no-cache python3 py3-pip
|
||||
|
||||
# Copy requirements and install Python packages
|
||||
COPY requirements.txt /tmp/requirements.txt
|
||||
RUN pip3 install --break-system-packages -r /tmp/requirements.txt
|
||||
|
||||
# Clean up apk cache
|
||||
RUN rm -rf /var/cache/apk/*
|
||||
|
||||
WORKDIR /app
|
||||
COPY app.py /app/app.py
|
||||
COPY entrypoint.sh /entrypoint.sh
|
||||
RUN chmod +x /entrypoint.sh
|
||||
|
||||
ENV LISTEN_ADDRESS=0.0.0.0
|
||||
ENV LISTEN_PORT=8080
|
||||
|
||||
EXPOSE 8080
|
||||
|
||||
ENTRYPOINT [ "/entrypoint.sh" ]
|
||||
14
app/dns-updater.service
Normal file
14
app/dns-updater.service
Normal file
@@ -0,0 +1,14 @@
|
||||
[Unit]
|
||||
Description=dns-updater
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
User=root
|
||||
Group=root
|
||||
WorkingDirectory=/opt/dns-updater
|
||||
Environment="MIAB_HOST=box.koszewscy.waw.pl"
|
||||
ExecStart=/usr/bin/gunicorn --workers 4 --bind 0.0.0.0:8443 --certfile="/miab-data/ssl/ssl_certificate.pem" --keyfile="/miab-data/ssl/ssl_private_key.pem" app:app
|
||||
Restart=always
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
14
app/entrypoint.sh
Normal file
14
app/entrypoint.sh
Normal file
@@ -0,0 +1,14 @@
|
||||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
LISTEN_ADDRESS="${LISTEN_ADDRESS:-0.0.0.0}"
|
||||
LISTEN_PORT="${LISTEN_PORT:-8080}"
|
||||
|
||||
cd /app
|
||||
|
||||
if [ -z "$CERT_FILE" ] || [ -z "$KEY_FILE" ]; then
|
||||
exec gunicorn --bind ${LISTEN_ADDRESS}:${LISTEN_PORT} app:app
|
||||
else
|
||||
exec gunicorn --bind ${LISTEN_ADDRESS}:${LISTEN_PORT} --certfile=${CERT_FILE} --keyfile=${KEY_FILE} app:app
|
||||
fi
|
||||
13
app/install
Executable file
13
app/install
Executable file
@@ -0,0 +1,13 @@
|
||||
#!/usr/bin/bash
|
||||
|
||||
if [[ $(id -u) -ne 0 ]]; then
|
||||
echo "This script must be run as root" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
mkdir -p /opt/dns-updater
|
||||
cp app.py /opt/dns-updater/
|
||||
cp dns-updater.service /etc/systemd/system/
|
||||
systemctl daemon-reload
|
||||
systemctl enable --now dns-updater.service
|
||||
systemctl status dns-updater.service
|
||||
5
app/requirements.txt
Normal file
5
app/requirements.txt
Normal file
@@ -0,0 +1,5 @@
|
||||
flask
|
||||
flask-httpauth
|
||||
gunicorn
|
||||
requests
|
||||
jmespath
|
||||
4
build
Executable file
4
build
Executable file
@@ -0,0 +1,4 @@
|
||||
#!/usr/bin/bash
|
||||
|
||||
# Build the Docker image
|
||||
docker build -t skoszewski/omada-dyndns-miab-proxy app
|
||||
@@ -1,14 +0,0 @@
|
||||
[Unit]
|
||||
Description=dns-updater
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
User=www-data
|
||||
Group=www-data
|
||||
WorkingDirectory=/home/slawek/src/dns-updater
|
||||
Environment="MIAB_HOST=box.koszewscy.waw.pl"
|
||||
ExecStart=/usr/bin/gunicorn --workers 4 --bind 0.0.0.0:8080 app:app
|
||||
Restart=always
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Reference in New Issue
Block a user