search

Luzifer / nginx-sso

SSO authentication provider for the auth_request nginx module
Apache License 2.0
286 stars 41 forks source link

Add ARM support #65

Closed napalmz closed 2 years ago

napalmz commented 3 years ago

I have used this program for 2 years on x86 but now, for reasons of reliability, I have to migrate it to an ARM (Rpi). Since the NGINX part works on ARM (SWAG image by Linuxserver.io), I was hoping to be able to keep the SSO part as well (instead of splitting it on another x86 machine). Thank you

Luzifer commented 3 years ago

This is already the case: If you have a look at the releases there is already a nginx-sso_linux_arm.tar.gz download included. That one should run perfectly fine on a Raspi…

napalmz commented 3 years ago

Thank you for your quick answer. Is there also a docker image available? I can't find the right tag...

Luzifer commented 3 years ago

Hm no, currently there is only an amd64 Docker image available…

Will have a look how to do this the best way and whether my Jenkins (running amd64) can properly provide one… 🤔

Luzifer commented 3 years ago

Had a look into this: I'm not able to provide an arm64v8 image as I don't have a build-system for that architecture. If you have a look at the Dockerfile, it must install bash and ca-certificates but I don't see a chance to install those packages without apk being able to run inside the container.

I could write a Dockerfile on a theoretical base (I cannot test it) to build an arm64v8 container but you would need to run that build yourself.

napalmz commented 3 years ago

I tried by myself yesterday but the generated image couldn’t run properly. If you can provide a proper Dockerfile I can build it on my Rpi and test it. Thank you

Luzifer commented 3 years ago

Please have a look at #66 - That Dockerfile should give you a running image for arm64v8 architecture.

napalmz commented 2 years ago

Having an armv7l (therefore 32bit) I created my own specific dockerfile starting from yours. I was able to get an usable image. Unfortunately I changed the dumb-init installation and therefore I also had to change the docker-start.sh, because now the path is no longer /usr/local/bin/dumb-init but /usr/bin/dumb-init. Perhaps with a simple cp command it could be solved without modifying the file.

Here's the code:

FROM golang:alpine as builder

ADD . /go/src/github.com/Luzifer/nginx-sso
WORKDIR /go/src/github.com/Luzifer/nginx-sso

ENV CGO_ENABLED=0 \
    GOOS=linux \
    GOARCH=arm

RUN set -ex \
 && apk add --update \
      git \
 && go install \
      -ldflags "-X main.version=$(git describe --tags || git rev-parse --short HEAD || echo dev)" \
      -mod=readonly

FROM alpine:latest

LABEL maintainer "Knut Ahlers <knut@ahlers.me>"

RUN set -ex \
 && apk --no-cache add \
      bash \
      ca-certificates \
      curl \
      dumb-init \
 && apk --no-cache del --purge \
      curl

COPY --from=builder /go/bin/nginx-sso                                     /usr/local/bin/
COPY --from=builder /go/src/github.com/Luzifer/nginx-sso/config.yaml      /usr/local/share/nginx-sso/
COPY --from=builder /go/src/github.com/Luzifer/nginx-sso/docker-start.sh  /usr/local/bin/
COPY --from=builder /go/src/github.com/Luzifer/nginx-sso/frontend/*       /usr/local/share/nginx-sso/frontend/

EXPOSE 8082
VOLUME ["/data"]

ENTRYPOINT ["/usr/local/bin/docker-start.sh"]
CMD ["--"]

# vim: set ft=Dockerfile:
Luzifer commented 2 years ago

Hmmh that's very interesting… Then a minor change to the original Dockerfile should already be enough to have it running on ARM architecture… Normally alpine and golang:alpine should be amd64 images but it seems they are running fine on ARM too so I'm gonna update the PR with some minor fixes to make the image compatible to both architectures…

Luzifer commented 2 years ago

Please have a look at updated #66 - Now the normal Dockerfile should build for you too but still build for amd64 arch…

napalmz commented 2 years ago

To create the image I had to edit this section:

#ENV CGO_ENABLED=1
ENV CGO_ENABLED=0 \
    GOOS=linux \
    GOARCH=arm

otherwise I got this compile error: /usr/local/go/pkg/tool/linux_arm/link: running gcc failed: exec: "gcc": executable file not found in $PATH

Luzifer commented 2 years ago

That should not happen as build-base is installed. Please use the whole Dockerfile from #66, not just adjustments: https://raw.githubusercontent.com/Luzifer/nginx-sso/65-provide-dockerfile-for-arm64v8-architecture/Dockerfile

napalmz commented 2 years ago

That's what I did but couldn't compile without my modification. This is the log of the first round, with the version you edited and published.

Sending build context to Docker daemon  29.28MB
Step 1/16 : FROM golang:alpine as builder
 ---> 3bd75cf4f5a9
Step 2/16 : ADD . /go/src/github.com/Luzifer/nginx-sso
 ---> 7d6a13a6479e
Step 3/16 : WORKDIR /go/src/github.com/Luzifer/nginx-sso
 ---> Running in caad76b4b1b4
Removing intermediate container caad76b4b1b4
 ---> f6fd5eb2faf4
Step 4/16 : ENV CGO_ENABLED=1
 ---> Running in 2234cfdbc6ac
Removing intermediate container 2234cfdbc6ac
 ---> 0364436550f5
Step 5/16 : RUN set -ex  && apk add --update       build-base       git  && go install       -ldflags "-X main.version=$(git describe --tags || git rev-parse --short HEAD || echo dev)"       -mod=readonly
 ---> Running in ef67ce66f536
+ apk add --update build-base git
fetch https://dl-cdn.alpinelinux.org/alpine/v3.14/main/armv7/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.14/community/armv7/APKINDEX.tar.gz
(1/26) Installing libgcc (10.3.1_git20210424-r2)
(2/26) Installing libstdc++ (10.3.1_git20210424-r2)
(3/26) Installing binutils (2.35.2-r2)
(4/26) Installing libmagic (5.40-r1)
(5/26) Installing file (5.40-r1)
(6/26) Installing libgomp (10.3.1_git20210424-r2)
(7/26) Installing libatomic (10.3.1_git20210424-r2)
(8/26) Installing libgphobos (10.3.1_git20210424-r2)
(9/26) Installing gmp (6.2.1-r0)
(10/26) Installing isl22 (0.22-r0)
(11/26) Installing mpfr4 (4.1.0-r0)
(12/26) Installing mpc1 (1.2.1-r0)
(13/26) Installing gcc (10.3.1_git20210424-r2)
(14/26) Installing musl-dev (1.2.2-r3)
(15/26) Installing libc-dev (0.7.2-r3)
(16/26) Installing g++ (10.3.1_git20210424-r2)
(17/26) Installing make (4.3-r0)
(18/26) Installing fortify-headers (1.1-r1)
(19/26) Installing patch (2.7.6-r7)
(20/26) Installing build-base (0.5-r2)
(21/26) Installing brotli-libs (1.0.9-r5)
(22/26) Installing nghttp2-libs (1.43.0-r0)
(23/26) Installing libcurl (7.79.1-r0)
(24/26) Installing expat (2.4.1-r0)
(25/26) Installing pcre2 (10.36-r0)
(26/26) Installing git (2.32.0-r0)
Executing busybox-1.33.1-r3.trigger
OK: 146 MiB in 41 packages
+ git describe --tags
+ go install -ldflags '-X main.version=v0.25.0-6-gb05e681' '-mod=readonly'
go: downloading github.com/Luzifer/go_helpers/v2 v2.9.1
go: downloading github.com/Luzifer/rconfig/v2 v2.2.1
go: downloading github.com/gorilla/context v1.1.1
go: downloading github.com/flosch/pongo2 v0.0.0-20190707114632-bbf5a6c351f4
go: downloading github.com/gorilla/sessions v1.2.0
go: downloading github.com/Luzifer/rconfig v1.2.0
go: downloading github.com/pkg/errors v0.8.1
go: downloading github.com/sirupsen/logrus v1.4.2
go: downloading gopkg.in/yaml.v2 v2.2.4
go: downloading github.com/jda/go-crowd v0.0.0-20180225080536-9c6f17811dc6
go: downloading golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45
go: downloading google.golang.org/api v0.13.0
go: downloading gopkg.in/ldap.v2 v2.5.1
go: downloading github.com/coreos/go-oidc v2.1.0+incompatible
go: downloading golang.org/x/crypto v0.0.0-20191029031824-8986dd9e96cf
go: downloading github.com/GeertJohan/yubigo v0.0.0-20190917122436-175bc097e60e
go: downloading github.com/duosecurity/duo_api_golang v0.0.0-20190308151101-6c680f768e74
go: downloading github.com/pquerna/otp v1.2.0
go: downloading github.com/gorilla/securecookie v1.1.1
go: downloading github.com/spf13/pflag v1.0.5
go: downloading gopkg.in/validator.v2 v2.0.0-20191029180049-30e574a82075
go: downloading github.com/juju/errors v0.0.0-20190930114154-d42613fe1ab9
go: downloading golang.org/x/sys v0.0.0-20191029155521-f43be2a4598c
go: downloading cloud.google.com/go v0.47.0
go: downloading gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d
go: downloading github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35
go: downloading gopkg.in/square/go-jose.v2 v2.4.0
go: downloading github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc
go: downloading golang.org/x/net v0.0.0-20191101175033-0deb6923b6d9
go: downloading google.golang.org/grpc v1.24.0
go: downloading go.opencensus.io v0.22.1
go: downloading github.com/googleapis/gax-go/v2 v2.0.5
go: downloading github.com/golang/groupcache v0.0.0-20191027212112-611e8accdfc9
go: downloading github.com/golang/protobuf v1.3.2
go: downloading google.golang.org/genproto v0.0.0-20191028173616-919d9bdd9fe6
go: downloading golang.org/x/text v0.3.2
# github.com/Luzifer/nginx-sso
/usr/local/go/pkg/tool/linux_arm/link: running gcc failed: exit status 1
collect2: fatal error: cannot find 'ld'
compilation terminated.

The command '/bin/sh -c set -ex  && apk add --update       build-base       git  && go install       -ldflags "-X main.version=$(git describe --tags || git rev-parse --short HEAD || echo dev)"       -mod=readonly' returned a non-zero code: 2
Luzifer commented 2 years ago

So they fricked up the build-base package… 🤦🏻

I've done another adjustment, disabling CGO. This should be sufficient without setting the architecture. The image looses plugin-support but that didn't work properly in the Docker version from the beginning as the plugin needs to be built with the same dependencies version as the main program so anyone wanting to use plugins needs to build their own image either way.

Luzifer commented 2 years ago

@napalmz did you have a chance to test the latest version of the Dockerfile with CGO disabled?

napalmz commented 2 years ago

Just compiled (without touching it this time) and it's all good. You can find it here: https://hub.docker.com/r/napalmzrpi/nginx-sso

Luzifer commented 2 years ago

Sounds great! Thanks for testing! - Will merge the PR.