diff --git a/cmd/proxy-client/main.go b/cmd/proxy-client/main.go index 04d2f05..24ffd94 100644 --- a/cmd/proxy-client/main.go +++ b/cmd/proxy-client/main.go @@ -15,47 +15,56 @@ import ( var flags []cli.Flag = []cli.Flag{ &cli.StringFlag{ - Name: "listen-addr", - Value: "127.0.0.1:8080", - Usage: "address to listen on", + Name: "listen-addr", + EnvVars: []string{"LISTEN_ADDR"}, + Value: "127.0.0.1:8080", + Usage: "address to listen on", }, &cli.StringFlag{ - Name: "target-addr", - Value: "https://localhost:80", - Usage: "address to proxy requests to", + Name: "target-addr", + EnvVars: []string{"TARGET_ADDR"}, + Value: "https://localhost:80", + Usage: "address to proxy requests to", }, &cli.StringFlag{ - Name: "server-attestation-type", - Value: string(proxy.AttestationAzureTDX), - Usage: "type of attestation to expect and verify (" + proxy.AvailableAttestationTypes + ")", + Name: "server-attestation-type", + EnvVars: []string{"SERVER_ATTESTATION_TYPE"}, + Value: string(proxy.AttestationAzureTDX), + Usage: "type of attestation to present (" + proxy.AvailableAttestationTypes + ")", }, &cli.StringFlag{ - Name: "server-measurements", - Usage: "optional path to JSON measurements enforced on the server", + Name: "server-measurements", + EnvVars: []string{"SERVER_MEASUREMENTS"}, + Usage: "optional path to JSON measurements enforced on the server", }, &cli.BoolFlag{ - Name: "verify-tls", - Value: false, - Usage: "verify server's TLS certificate instead of server's attestation. Only valid for server-attestation-type=none.", + Name: "verify-tls", + EnvVars: []string{"VERIFY_TLS"}, + Value: false, + Usage: "verify server's TLS certificate instead of server's attestation. Only valid for server-attestation-type=none.", }, &cli.StringFlag{ - Name: "tls-ca-certificate", - Usage: "additional CA certificate to verify against (PEM) [default=no additional TLS certs]. Only valid with --verify-tls.", + Name: "tls-ca-certificate", + EnvVars: []string{"TLS_CA_CERTIFICATE"}, + Usage: "additional CA certificate to verify against (PEM) [default=no additional TLS certs]. Only valid with --verify-tls.", }, &cli.StringFlag{ - Name: "client-attestation-type", - Value: string(proxy.AttestationNone), - Usage: "type of attestation to present (" + proxy.AvailableAttestationTypes + ")", + Name: "client-attestation-type", + EnvVars: []string{"CLIENT_ATTESTATION_TYPE"}, + Value: string(proxy.AttestationNone), + Usage: "type of attestation to expect and verify (" + proxy.AvailableAttestationTypes + ")", }, &cli.BoolFlag{ - Name: "log-json", - Value: false, - Usage: "log in JSON format", + Name: "log-json", + EnvVars: []string{"LOG_JSON"}, + Value: false, + Usage: "log in JSON format", }, &cli.BoolFlag{ - Name: "log-debug", - Value: false, - Usage: "log debug messages", + Name: "log-debug", + EnvVars: []string{"LOG_DEBUG"}, + Value: false, + Usage: "log debug messages", }, } diff --git a/proxy-client.dockerfile b/proxy-client.dockerfile new file mode 100644 index 0000000..e3b5335 --- /dev/null +++ b/proxy-client.dockerfile @@ -0,0 +1,23 @@ +# syntax=docker/dockerfile:1 +FROM golang:1.23 AS builder +ARG VERSION +WORKDIR /build +ADD go.mod /build/ +RUN --mount=type=cache,target=/root/.cache/go-build CGO_ENABLED=0 GOOS=linux \ + go mod download +ADD . /build/ +RUN --mount=type=cache,target=/root/.cache/go-build CGO_ENABLED=0 GOOS=linux \ + go build \ + -trimpath \ + -ldflags "-s -X github.com/flashbots/cvm-reverse-proxy/common.Version=${VERSION}" \ + -v \ + -o proxy-client \ + cmd/proxy-client/main.go + +FROM alpine:latest +WORKDIR /app +COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ +COPY --from=builder /build/proxy-client /app/proxy-client +ENV LISTEN_ADDR=":8080" +EXPOSE 8080 +CMD ["/app/proxy-client"]