CherryPy

.github/workflows/merge.yml

@@ -11,16 +11,19 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Build the Docker image
-        run: |
-          echo "Building container..."
-          docker build -f Dockerfile -t ghcr.io/route1337/cloudflare-mnet-server:latest .
-          echo "Pushing container to Docker Hub..."
-          docker push ghcr.io/route1337/cloudflare-mnet-server:latest
-          echo "Done!"
+      - name: Build and push the container to GitHub Container Registry using the latest tag
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: Dockerfile
+          platforms: linux/amd64,linux/arm64
+          tags: ghcr.io/route1337/cloudflare-mnet-server:latest
+          push: true

.github/workflows/pr.yml

@@ -19,8 +19,13 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
       - name: Build the Docker image
-        run: |
-          echo "Building container..."
-          docker build -f Dockerfile -t ghcr.io/route1337/cloudflare-mnet-server:test-build .
-          echo "Done!"
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: Dockerfile
+          platforms: linux/amd64,linux/arm64
+          tags: test-build/docker-debugging:latest
+          push: false

.github/workflows/tag.yml

@@ -11,16 +11,22 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
+      - name: Extract tag name
+        id: extract_tag
+        run: echo "::set-output name=tag::${GITHUB_REF/refs\/tags\//}"
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Build the Docker image
-        run: |
-          echo "Building container..."
-          docker build -f Dockerfile -t ghcr.io/route1337/cloudflare-mnet-server:${GITHUB_REF/refs\/tags\//} .
-          echo "Pushing container to Docker Hub..."
-          docker push ghcr.io/route1337/cloudflare-mnet-server:${GITHUB_REF/refs\/tags\//}
-          echo "Done!"
+      - name: Build and push the container to GitHub Container Registry using the repo tag
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: Dockerfile
+          platforms: linux/amd64,linux/arm64
+          tags: ghcr.io/route1337/cloudflare-mnet-server:${{ steps.extract_tag.outputs.tag }}
+          push: true

CHANGELOG.md

@@ -2,6 +2,13 @@ Cloudflare Zero Trust Access Managed Network Server: Changelog
 ==============================================================
 A list of all the changes made to this repo, and the container service it contains
 
+Version 1.1.0
+-------------
+
+1. Updating Python to 3.11
+2. Moving from Flash to CherryPy for Webserver
+3. ARM Container support
+
 Version 1.0.0
 -------------
 

Dockerfile

@@ -7,18 +7,16 @@
 # See LICENSE
 #
 
-FROM python:3.10
+FROM python:3.11
 LABEL maintainer = "Route 1337 LLC <@route1337>"
 
-# Copy the source code and poetry config to /app
-COPY ./SourceCode/ /app
-COPY pyproject.toml /app/
-
 # Install some required packages
 RUN apt-get update && apt-get install -y openssl
 RUN mkdir /cert
 
 # Configure the Python environment using poetry
+COPY pyproject.toml /app/
+COPY poetry.lock /app/
 WORKDIR /app
 ENV PYTHONPATH=${PYTHONPATH}:${PWD}
 RUN pip3 install poetry
@@ -28,5 +26,8 @@ RUN poetry install --no-dev --no-root
 # Make sure logging to stdout works
 ENV PYTHONUNBUFFERED=0
 
+# Deploy the app
+COPY ./SourceCode/* /app/
+
 # Run the Flask server
 CMD ["python", "-u", "/app/server.py"]

SourceCode/server.py

@@ -15,10 +15,10 @@
 
 import logging
 import os
-import ssl
 import OpenSSL.crypto
 from flask import Flask
-from OpenSSL import SSL
+from cheroot.wsgi import Server as WSGIServer
+from cheroot.ssl.builtin import BuiltinSSLAdapter
 import generate
 
 
@@ -61,12 +61,14 @@ def main(use_existing_cert: bool):
                         " it's possible the generated cert will be lost!")
         generate.generate_cert(os.uname()[1])
 
-    # Configure Flask to use OpenSSL with TLS 1.2 on 0.0.0.0:443
-    flask_context = SSL.Context(ssl.PROTOCOL_TLSv1_2)
-    flask_context.use_privatekey_file('/cert/server.key')
-    flask_context.use_certificate_file('/cert/server.crt')
-    flask_app.run(host='0.0.0.0', port=8443,
-                  debug=False, ssl_context=('/cert/server.crt', '/cert/server.key'))
+    # Configure CherryPy on 0.0.0.0:8443
+    server = WSGIServer(
+        ('0.0.0.0', 8443), flask_app,
+        server_name=os.getenv("NETWORK_NAME", default="ZTA-" + os.uname()[1]))
+    # Configure CherryPy to use OpenSSL with TLS 1.2
+    server.ssl_adapter =  BuiltinSSLAdapter('/cert/server.crt', '/cert/server.key', None)
+    logging.info("Starting the server")
+    server.start()
 
 
 if __name__ == '__main__':

docker-compose.yml

@@ -16,5 +16,5 @@ services:
     volumes:
       - ./data/cert:/cert
     ports:
-      - 8443:8443
+      - "8443:8443"
     restart: always