search

aschzero / hera

Automated secure tunnels for containers using Cloudflare Argo
MIT License
127 stars 18 forks source link

Create Docker armhf variant for Raspberry Pi and mobile users #12

Closed pirate closed 8 months ago

pirate commented 4 years ago

Not sure if there's a better way to do multi-arch support, so I just created a separate Dockerfile.armhf.

Usage:

docker build --file Dockerfile.armhf --tag hera:armhf
docker run \
  --name=hera \
  --network=hera \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v /path/to/certs:/certs \
  hera:armhf

or with docker-compose:

services:
    hera:
        build:
            context: .
            dockerfile: Dockerfile.armhf
        image: hera:armhf
        ...

I also took the liberty of bumping a few of the dependency versions in the process (go, cloudflared, alpine, overlay).

Testing on a Raspberry Pi 4 with raspian:

image image

root@unifipi /o/ubuntu.hera# docker-compose build
Building hera
Step 1/16 : FROM arm32v7/golang:1.14-alpine AS builder
 ---> e480d1e4bcd0
Step 2/16 : RUN apk add --no-cache ca-certificates git
 ---> Using cache
 ---> d6317c6ed7e5
Step 3/16 : WORKDIR /src
 ---> Using cache
 ---> 4311b67a5a43
Step 4/16 : COPY go.mod .
 ---> Using cache
 ---> 23d9b04c888b
Step 5/16 : COPY go.sum .
 ---> Using cache
 ---> fc1680583234
Step 6/16 : RUN go mod download
 ---> Using cache
 ---> b98fb52b443f
Step 7/16 : COPY . .
 ---> c7959559b009
Step 8/16 : RUN CGO_ENABLED=0 go build -o /dist/hera
 ---> Running in 8e7ce0866b06
Removing intermediate container 8e7ce0866b06
 ---> 09b51519e08a
Step 9/16 : FROM arm32v7/alpine:3.11
 ---> 0d8bd234c4c8
Step 10/16 : RUN apk add --no-cache ca-certificates curl gcompat
 ---> Using cache
 ---> 61a3b95558e4
Step 11/16 : RUN curl -L -s https://github.com/just-containers/s6-overlay/releases/download/v1.22.1.0/s6-overlay-armhf.tar.gz   | tar xvzf - -C /
 ---> Using cache
 ---> e5e6fab09960
Step 12/16 : RUN curl -L -s https://bin.equinox.io/c/VdrWdbjqyF/cloudflared-stable-linux-arm.tgz   | tar xvzf - -C /bin
 ---> Using cache
 ---> e95a4d93adad
Step 13/16 : RUN apk del --no-cache curl
 ---> Using cache
 ---> ce6807792338
Step 14/16 : COPY --from=builder /dist/hera /bin/
 ---> Using cache
 ---> e1a566a193fa
Step 15/16 : COPY rootfs /
 ---> 93e26e1ceecc
Step 16/16 : ENTRYPOINT ["/init"]
 ---> Running in b3fdaedd6389
Removing intermediate container b3fdaedd6389
 ---> b07ec77267d3
Successfully built b07ec77267d3
Successfully tagged hera:armhf
root@unifipi /o/ubuntu.hera# docker-compose up
Recreating hera ... done
Attaching to hera
hera    | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
hera    | [s6-init] ensuring user provided files have correct perms...exited 0.
hera    | [fix-attrs.d] applying ownership & permissions fixes...
hera    | [fix-attrs.d] 01-log-permissions: applying...
hera    | [fix-attrs.d] 01-log-permissions: exited 0.
hera    | [fix-attrs.d] done.
hera    | [cont-init.d] executing container initialization scripts...
hera    | [cont-init.d] 01-setup-logs: executing...
hera    | [cont-init.d] 01-setup-logs: exited 0.
hera    | [cont-init.d] 02-symlink-certs: executing...
hera    | [cont-init.d] 02-symlink-certs: exited 0.
hera    | [cont-init.d] done.
hera    | [services.d] starting services
hera    | [services.d] done.
hera    | [INFO] Hera v0.2.5 has started
hera    | [INFO] Found certificate: zervice.io.pem
hera    | [INFO] Hera is listening
hera    | [INFO] Container found, connecting to fe6e88256c13...
hera    | [INFO] Registering tunnel unifi.zervice.io
pirate commented 4 years ago

hmm it seems like cloudflared is actually segfauling inside the container right after it prints Registering tunnel .... I tried building it from source but there are some broken dependency issues, might require some most investigation.

Edit: as of 2020-06-24 I never did manage to figure this out. If anyone got it working on a Raspi let me know!

Viranchee commented 4 years ago

Hey @pirate same for me, stuck on the step Registering tunnel subdomain.domain.com I modified the Dockerfile

I cloned the repo, made some cosmetic changes to Dockerfile.armhf, I ran into the tar not extracting and stuck in Download indefinitely. So I provided already downloaded cloudflared file as a volume mount 😂

pirate commented 8 months ago

closing as I no longer use hera and can't verify that this approach works either way