Add origin

.devcontainer/Dockerfile.node

@@ -1,3 +1,5 @@
+FROM golang:1.21-alpine AS go
+
 FROM debian:bookworm
 
 ENV TZ="Europe/London"
@@ -39,4 +41,14 @@ USER $USERNAME
 COPY --chown=$USERNAME bashrc /home/$USERNAME/.bashrc
 COPY --chown=$USERNAME vimrc /home/$USERNAME/.vimrc
 
+# Setup go
+RUN mkdir -p /home/$USERNAME/.local/gopath
+COPY --from=go /usr/local/go /home/$USERNAME/.local/go
+
+ENV GOROOT /home/$USERNAME/.local/go
+ENV GOPATH /home/$USERNAME/.local/gopath
+ENV PATH $PATH:$GOPATH/bin:$GOROOT/bin
+
+RUN go install github.com/bloom42/stdx/tools/watchgod@latest
+
 WORKDIR /

.devcontainer/devcontainer.json

@@ -2,7 +2,8 @@
     "dockerFile": "Dockerfile.node",
     "extensions": [
       // "rust-lang.rust-analyzer"
-      "Vue.volar"
+      "Vue.volar",
+      "golang.Go"
     ],
     "forwardPorts": [
     ]

.github/workflows/deploy.yml → .github/workflows/ci.yml

@@ -1,4 +1,4 @@
-name: deploy
+name: ci
 
 # You need to setup the following secrets:
 # CLOUDFLARE_ACCOUNT_ID: Your Cloudflare account ID
@@ -32,3 +32,26 @@ jobs:
           CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
         run: |
           make deploy
+
+  origin:
+    runs-on: ubuntu-latest
+    # important to be able to push to ghcr.io
+    permissions:
+      contents: read
+      packages: write
+    working-directory: ./origin
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Build Docker images
+        run: |
+          make docker_build
+
+        # secrets.GITHUB_TOKEN is automatically injected
+      - name: Login to container registry
+        run: |
+          echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin
+
+      - name: Push Docker images
+        run: |
+          make docker_push

origin/Dockerfile

@@ -0,0 +1,81 @@
+####################################################################################################
+## Build origin
+####################################################################################################
+FROM golang:1.21-alpine AS builder_go
+
+# Install git + SSL ca certificates.
+# Git is required for fetching the dependencies.
+# Ca-certificates is required to call HTTPS endpoints.
+RUN apk update && \
+    apk upgrade --no-cache && \
+    apk add --no-cache ca-certificates git make
+RUN update-ca-certificates
+
+WORKDIR /origin
+COPY . ./
+
+RUN make clean
+
+RUN make download_deps
+RUN make verify_deps
+
+RUN make origin
+
+####################################################################################################
+## To get the correct files in the final image
+####################################################################################################
+FROM alpine:latest AS builder_files
+
+ENV TZ="Europe/London"
+ENV LC_ALL="en_US.UTF-8"
+ENV LANG="en_US.UTF-8"
+ENV LANGUAGE="en_US:en"
+
+ENV USER=origin
+ENV UID=10001
+
+# mailcap is used for content type (MIME type) detection
+RUN apk update && \
+    apk upgrade --no-cache && \
+    apk add --no-cache ca-certificates mailcap tzdata
+
+RUN update-ca-certificates
+RUN echo "${TZ}" > /etc/timezone
+
+RUN adduser \
+    --disabled-password \
+    --gecos "" \
+    --home "/nonexistent" \
+    --shell "/sbin/nologin" \
+    --no-create-home \
+    --uid "${UID}" \
+    "${USER}"
+
+
+####################################################################################################
+## Final image
+####################################################################################################
+FROM scratch
+
+ENV TZ="Europe/London"
+ENV LC_ALL="en_US.UTF-8"
+ENV LANG="en_US.UTF-8"
+ENV LANGUAGE="en_US:en"
+
+# Copy files and build
+COPY --from=builder_files /etc/passwd /etc/passwd
+COPY --from=builder_files /etc/group /etc/group
+COPY --from=builder_files /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+COPY --from=builder_files /etc/mime.types /etc/mime.types
+COPY --from=builder_files /etc/timezone /etc/timezone
+
+COPY --from=builder_go /origin/dist/origin /usr/local/bin/origin
+
+# Use an unprivileged user.
+USER origin:origin
+
+WORKDIR /origin
+
+CMD ["origin"]
+
+EXPOSE 8080 8443

origin/Makefile

@@ -0,0 +1,71 @@
+VERSION := 0.1.0
+DIST_DIR = dist
+CMD = origin
+
+DOCKER_IMAGE = ghcr.io/skerkour/cloudflare-book-origin
+
+####################################################################################################
+# Dev
+####################################################################################################
+.PHONY: dev
+dev:
+	watchgod -log-prefix=false -build="make build_dev" -command="./dist/$(CMD)" -pattern ".+\\.go" -graceful-kill=true
+
+.PHONY: build_dev
+build_dev:
+	go build -o $(DIST_DIR)/$(CMD) ./main.go
+
+.PHONY: tidy
+tidy:
+	go mod tidy
+
+.PHONY: fmt
+fmt:
+	go fmt ./...
+
+.PHONY: test
+test:
+	CGO_ENABLED=0 go test ./...
+
+.PHONY: clean
+clean:
+	rm -rf $(DIST_DIR)
+
+.PHONY: update_deps
+update_deps:
+	go get -u ./cmd/...
+	go mod tidy
+	go mod tidy
+
+.PHONY: delete_ds_store
+delete_ds_store:
+	find . -type f -name .DS_Store -exec rm {} \;
+
+####################################################################################################
+# CI/CD
+####################################################################################################
+.PHONY: docker_build
+docker_build:
+	docker build -t $(DOCKER_IMAGE):latest . -f Dockerfile --pull --no-cache
+
+.PHONY: docker_push
+docker_push:
+	docker push $(DOCKER_IMAGE):latest
+
+.PHONY: verify_deps
+verify_deps:
+	go mod verify
+
+.PHONY: download_deps
+download_deps:
+	go mod download
+
+####################################################################################################
+# origin
+####################################################################################################
+BUILD_ORIGIN = go build -o $(DIST_DIR)/$(CMD) -a -ldflags "-extldflags -static -w -s" ./main.go
+
+.PHONY: origin
+origin:
+	mkdir -p $(DIST_DIR)
+	GOOS=linux CGO_ENABLED=0 $(BUILD_ORIGIN)

origin/README.md

@@ -0,0 +1,8 @@
+# cloudflare-book-origin
+
+
+## Deployment
+
+```bash
+docker run -d -v -p 80:8080 -p 443:8443 `pwd`/certs:/origin/certs -e HTTPS_DOMAIN="YOUR_DOMAIN" -e HTTPS_LETS_ENCRYPT_EMAIL="YOUR_EMAIL" ghcr.io/skerkour/cloudflare-book-origin
+```

origin/assets/404.html

@@ -0,0 +1,10 @@
+<!doctype html>
+<html lang="en">
+    <head>
+        <meta charset="utf-8">
+        <title>Not Found</title>
+    </head>
+    <body>
+        <p>404 page not found</p>
+    </body>
+</html>

origin/assets/index.html

@@ -0,0 +1,17 @@
+<!doctype html>
+<html lang="en">
+    <head>
+        <meta charset="utf-8">
+        <title>Hello World</title>
+    </head>
+    <body>
+        <p>This is a static page (not cached)</p>
+        <p>Cached files:</p>
+        <ul>
+            <li><a href="/100k.bin">/100k.bin</a></li>
+            <li><a href="/100k.css">/100k.css</a></li>
+            <li><a href="/100k.jpg">/100k.jpg</a></li>
+            <li><a href="/100k.js">/100k.js</a></li>
+        </ul>
+    </body>
+</html>

origin/go.mod

@@ -0,0 +1,13 @@
+module github.com/skerkour/cloudflare-for-speed-and-security/origin
+
+go 1.21.5
+
+require (
+	github.com/go-chi/chi/v5 v5.0.11
+	golang.org/x/crypto v0.17.0
+)
+
+require (
+	golang.org/x/net v0.19.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
+)

origin/go.sum

@@ -0,0 +1,8 @@
+github.com/go-chi/chi/v5 v5.0.11 h1:BnpYbFZ3T3S1WMpD79r7R5ThWX40TaFB7L31Y8xqSwA=
+github.com/go-chi/chi/v5 v5.0.11/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
+golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
+golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
+golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c=
+golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U=
+golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=