coderofsalvation/xrforge
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

added SSL to httpserver

Browse source
This commit is contained in:
Leon van Kammen 2025-08-06 09:45:55 +02:00
parent ed8756cc90
commit a965a5632a
3 changed files with 43 additions and 74 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

109
manyfold/README.md
View file

@ -17,6 +17,7 @@ $ docker load < $(nix-build nix/docker.nix)
|-----------------------|--------------|------------------------|
| `APPNAME` | `manyfold` | manyfold instance name |
| `THEME` | `default` | bootstrap theme |
| `RUNTESTS` | `0` | set to `1` to run XRForge related [/test](test) scripts |
| `NO_OVERLAYFS` | `` | disable the filesystem overlay mechanism |
| `NO_DEFAULTDB` | `` | disable the default db (activates manyfold installer) |
| `NO_DELETEBIGFILES` | `` | disable deleting big files which are older than 5 days and bigger than ($currentyear-2020) MB's |
@ -28,6 +29,10 @@ $ docker load < $(nix-build nix/docker.nix)
| `FEDERATE_DRIVE_USER` | `` | specify HTTP AUTH credentials (`user` e.g.) for restricted sharing |
| `FEDERATE_DRIVE_PW` | `` | specify HTTP AUTH credentials (`pass` e.g.) for restricted sharing |
| `FEDERATE_DRIVE_CACHE`| `1m0s` | specify interval to re-check all models/directories |
| `FEDERATE_DRIVE_KEY` | `` | specify path to TLS PEM private key file (`-v ./key.pem:/key.pem -e FEDERATE_DRIVE_KEY=/key.pem` dockerflag e.g.) |
| `FEDERATE_DRIVE_CERT` | `` | specify path to TLS PEM public key certificate/CA/intermediate file (`-v ./cert.pem:/cert.pem -e FEDERATE_DRIVE_KEY=/cert.pem` dockerflag e.g.) |
> NOTE: if you have nix installed, you can easily try out environment-flags by running: `docker load < $(nix-build nix/docker.nix) && manyfold/cli/manyfold run -e RUNTESTS=1` e.g.
# Default database / admin login
@ -44,88 +49,46 @@ When found, it uses the files in there instead (`/manyfold/usr/src/app/public/40
# Federated drives
> Thanks to [rclone](https://rclone.org) network-drives automatically show up as manyfold libraries.
Besides ActivitPub, XRForge allows federating manyfold libraries too, allowing manyfold libraries to scale horizontally across instances:
```
┌────────────────────────┐ ┌────────────────────────┐
│ │ │ │
│ server instance A │ │ server instance B │
│ │ │ │
│ ┌──────────────────┐ │ rclone │ ┌─────────────────┐ │
│ │ library │ │ │ │ library │ │
│ │ ┼───┼──────────────┼─┤ │ │
│ │ │ │ http-drive │ │ │ │
│ │ │ │ │ │ │ │
│ └──────────────────┘ │ │ └─────────────────┘ │
│ │ │ │
└────────────────────────┘ └────────────────────────┘
READ / WRITE READ-ONLY
```
It does this by automatically mapping [rclone](https://rclone.org) network-drives as manyfold libraries.
![](https://i.imgur.com/4VMF3CQ.png)
To enable rclone to mount **readonly** network drives, the container must be run with FUSE-device support.
To enable rclone to mount **readonly** network drives (=remotes), the container must be run with FUSE-device support.
The quickest way is:
* add `-v ./manyfold/root/.config:/root/.config --cap-add SYS_ADMIN --security-opt apparmor:unconfined --device /dev/fuse` to the docker cmd
* add network drives by running `docker exec -it rclone config` in a running container (see example below)
* profit!
1. create directory `./manyfold/root/.config` outside of the container
2. add `-v ./manyfold/root/.config:/root/.config --cap-add SYS_ADMIN --security-opt apparmor:unconfined --device /dev/fuse` to the docker cmd
3. now federate XRForge libraries by running `docker exec -it xrforge rclone config create myhttp http url=https://xrforgeinstanceB.com user=myuser pass=$(rclone obscure mypassword)` in a running container
4. profit!
Your drives will/should get automagically mounted **readonly** and added to the database automagically (by [manyfold.sh](cli/manyfold.sh) `rclone_automount`-cmd) during container boot.
**Default behaviour**: your drives will/should get automagically mounted **readonly** and added as a library automagically (by [manyfold.sh](cli/manyfold.sh) `rclone_automount`-cmd) during container boot.
> NOTE: by default all rclone remotes automagically show up as separate manyfold libraries, however use `RCLONE_REMOTE` this to specify a [combined](https://rclone.org/combine/) or [union](https://rclone.org/union/) rclone remote.
* TIP1: use **alphanumeric** names for rclone remotes (manyfold libraries choke on dot- or other special-characters)
* TIP2: share the URL+port of the automatic RCLONE webserver (`FEDERATE_DRIVE_PATH`-envvar), to share experiences **readonly**
* TIP2: use env-var `RCLONE_REMOTE` to mount only one specific remote (in case of a [combined](https://rclone.org/combine/) or [union](https://rclone.org/union/) rclone remote e.g.).
* TIP2: use **alphanumeric** names for rclone remotes (manyfold libraries choke on dot- or other special-characters)
By default environment-flag `FEDERATE_DRIVE_PATH` will share path `/mnt/models` as an open web directory.
This means it can be added as remote by other instances.
See the environment-flags for more options.
<details>
<summary><h3>Example connect to other XRForge instance</h3></summary>
<br>
<pre><code>
$ rclone config
Current remotes:
Name Type
==== ====
e) Edit existing remote
n) New remote
d) Delete remote
r) Rename remote
c) Copy remote
s) Set configuration password
q) Quit config
e/n/d/r/c/s/q> n
Enter name for new remote.
name> xrforge_instanceC
Option Storage.
Type of storage to configure.
Choose a number from below, or type in your own value.
...
22 / HTTP
...
Storage> 22
Option url.
URL of HTTP host to connect to.
E.g. "https://example.com", or "https://user:pass@example.com" to use a username and password.
Enter a value.
url> http://url-to-another-xrforge-instance.com
Option no_escape.
Do not escape URL metacharacters in path names.
Enter a boolean value (true or false). Press Enter for the default (false).
no_escape>
Edit advanced config?
y) Yes
n) No (default)
y/n> n
Configuration complete.
Options:
- type: http
- url: http://localhost:8791
Keep this "test" remote?
y) Yes this is OK (default)
e) Edit this remote
d) Delete this remote
y/e/d> y
</pre></code>
</details>
Make sure that the URL (and credentials if configure) of step 3 are setup properly, so it matches your reverse proxy/ or SSL configuration (via `FEDERATE_DRIVE_CERT` and `FEDERATE_DRIVE_KEY` flags)
# Unixy event hooks

1
manyfold/cli/manyfold.sh
View file

@ -156,6 +156,7 @@ rename_app(){
}
start_syslog(){
touch /var/log/messages
syslogd -n & # start syslogd
echocolor started syslog | logger
tail -f /var/log/messages &

7
manyfold/root/hook.d/boot/httpserver.sh
View file

@ -9,7 +9,12 @@ test -n "$FEDERATE_DRIVE_USER" && test -m "$FEDERATE_DRIVE_PW" && {
AUTH="--user $FEDERATE_DRIVE_USER --pass $FEDERATE_DRIVE_PW"
}
test -n "$FEDERATE_DRIVE_CERT" && test -m "$FEDERATE_DRIVE_KEY" && {
SSL="--cert $FEDERATE_DRIVE_CERT --key $FEDERATE_DRIVE_KEY"
}
set -x
rclone serve http \
--poll-interval $FEDERATE_DRIVE_CACHE \
--addr 0.0.0.0:$FEDERATE_DRIVE_PORT ${AUTH} $FEDERATE_DRIVE_PATH &> /var/log/rclone.log &
--addr 0.0.0.0:$FEDERATE_DRIVE_PORT ${AUTH} ${SSL} $FEDERATE_DRIVE_PATH &> /var/log/rclone.log &