andreas/ente-cloudron
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add share/embed/payments frontends and hosts

Browse Source
This commit is contained in:
Andreas Dueren
2025-11-20 23:15:37 -06:00
parent 95758de781
commit 58e40897a5
3 changed files with 125 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
CloudronManifest.json
View File

@@ -7,7 +7,7 @@
"contactEmail": "contact@ente.io", "contactEmail": "contact@ente.io",
"website": "https://ente.io", "website": "https://ente.io",
"tagline": "Open source, end-to-end encrypted photo backup", "tagline": "Open source, end-to-end encrypted photo backup",
"version": "0.5.7", "version": "0.5.6",
"upstreamVersion": "git-main", "upstreamVersion": "git-main",
"healthCheckPath": "/health", "healthCheckPath": "/health",
"httpPort": 3080, "httpPort": 3080,
@@ -40,6 +40,27 @@
"defaultValue": "albums", "defaultValue": "albums",
"aliasableDomain": true "aliasableDomain": true
}, },
"SHARE_DOMAIN": {
"title": "Public locker hostname",
"description": "Hostname for the Ente share/collaboration frontend (e.g. share)",
"containerPort": 3080,
"defaultValue": "share",
"aliasableDomain": true
},
"EMBED_DOMAIN": {
"title": "Embed hostname",
"description": "Hostname for the Ente embed frontend (e.g. embed)",
"containerPort": 3080,
"defaultValue": "embed",
"aliasableDomain": true
},
"PAYMENTS_DOMAIN": {
"title": "Payments hostname",
"description": "Hostname for the Ente payments frontend (e.g. payments)",
"containerPort": 3080,
"defaultValue": "payments",
"aliasableDomain": true
},
"FAMILY_DOMAIN": { "FAMILY_DOMAIN": {
"title": "Family hostname", "title": "Family hostname",
"description": "Hostname for the Ente family web app (e.g. family)", "description": "Hostname for the Ente family web app (e.g. family)",

12
Dockerfile
View File

@@ -57,14 +57,17 @@ RUN apt-get update && \
rm -rf /var/lib/apt/lists/* rm -rf /var/lib/apt/lists/*
RUN corepack enable RUN corepack enable
RUN yarn install --network-timeout 1000000 RUN yarn install --network-timeout 1000000
RUN mkdir -p /build/web/photos /build/web/accounts /build/web/auth /build/web/cast /build/web/albums /build/web/family RUN mkdir -p /build/web/photos /build/web/accounts /build/web/auth /build/web/cast /build/web/albums /build/web/family /build/web/share /build/web/embed /build/web/payments
RUN set -e; \ RUN set -e; \
yarn build:photos; \ yarn build:photos; \
yarn build:accounts; \ yarn build:accounts; \
yarn build:auth; \ yarn build:auth; \
yarn build:cast yarn build:cast; \
yarn build:share; \
yarn build:embed; \
yarn build:payments
RUN if [ -d "apps" ]; then \ RUN if [ -d "apps" ]; then \
for app in photos accounts auth cast; do \ for app in photos accounts auth cast share embed payments; do \
if [ -d "apps/${app}/out" ]; then \ if [ -d "apps/${app}/out" ]; then \
rm -rf "/build/web/${app}"; \ rm -rf "/build/web/${app}"; \
mkdir -p "/build/web/${app}"; \ mkdir -p "/build/web/${app}"; \
@@ -132,6 +135,9 @@ COPY --from=web-builder /build/web/accounts /app/web/accounts
COPY --from=web-builder /build/web/auth /app/web/auth COPY --from=web-builder /build/web/auth /app/web/auth
COPY --from=web-builder /build/web/cast /app/web/cast COPY --from=web-builder /build/web/cast /app/web/cast
COPY --from=web-builder /build/web/albums /app/web/albums COPY --from=web-builder /build/web/albums /app/web/albums
COPY --from=web-builder /build/web/share /app/web/share
COPY --from=web-builder /build/web/embed /app/web/embed
COPY --from=web-builder /build/web/payments /app/web/payments
COPY --from=families-builder /build/family /app/web/family COPY --from=families-builder /build/family /app/web/family
COPY start.sh /app/pkg/start.sh COPY start.sh /app/pkg/start.sh

103
start.sh
View File

@@ -107,6 +107,9 @@ AUTH_HOST="$(resolve_http_hostname "AUTH_DOMAIN" "auth.${APP_FQDN}")"
CAST_HOST="$(resolve_http_hostname "CAST_DOMAIN" "cast.${APP_FQDN}")" CAST_HOST="$(resolve_http_hostname "CAST_DOMAIN" "cast.${APP_FQDN}")"
ALBUMS_HOST="$(resolve_http_hostname "ALBUMS_DOMAIN" "albums.${APP_FQDN}")" ALBUMS_HOST="$(resolve_http_hostname "ALBUMS_DOMAIN" "albums.${APP_FQDN}")"
FAMILY_HOST="$(resolve_http_hostname "FAMILY_DOMAIN" "family.${APP_FQDN}")" FAMILY_HOST="$(resolve_http_hostname "FAMILY_DOMAIN" "family.${APP_FQDN}")"
SHARE_HOST="$(resolve_http_hostname "SHARE_DOMAIN" "share.${APP_FQDN}")"
EMBED_HOST="$(resolve_http_hostname "EMBED_DOMAIN" "embed.${APP_FQDN}")"
PAYMENTS_HOST="$(resolve_http_hostname "PAYMENTS_DOMAIN" "payments.${APP_FQDN}")"
normalize_host() { normalize_host() {
local host="$1" local host="$1"
@@ -126,10 +129,13 @@ AUTH_HOST="$(normalize_host "$AUTH_HOST")"
CAST_HOST="$(normalize_host "$CAST_HOST")" CAST_HOST="$(normalize_host "$CAST_HOST")"
ALBUMS_HOST="$(normalize_host "$ALBUMS_HOST")" ALBUMS_HOST="$(normalize_host "$ALBUMS_HOST")"
FAMILY_HOST="$(normalize_host "$FAMILY_HOST")" FAMILY_HOST="$(normalize_host "$FAMILY_HOST")"
SHARE_HOST="$(normalize_host "$SHARE_HOST")"
EMBED_HOST="$(normalize_host "$EMBED_HOST")"
PAYMENTS_HOST="$(normalize_host "$PAYMENTS_HOST")"
USE_SUBDOMAIN_ROUTING=false USE_SUBDOMAIN_ROUTING=false
if [ "$APP_FQDN" != "localhost" ]; then if [ "$APP_FQDN" != "localhost" ]; then
if [ "$PHOTOS_HOST" != "$APP_FQDN" ] || [ "$ACCOUNTS_HOST" != "$APP_FQDN" ] || [ "$AUTH_HOST" != "$APP_FQDN" ] || [ "$CAST_HOST" != "$APP_FQDN" ] || [ "$ALBUMS_HOST" != "$APP_FQDN" ] || [ "$FAMILY_HOST" != "$APP_FQDN" ]; then if [ "$PHOTOS_HOST" != "$APP_FQDN" ] || [ "$ACCOUNTS_HOST" != "$APP_FQDN" ] || [ "$AUTH_HOST" != "$APP_FQDN" ] || [ "$CAST_HOST" != "$APP_FQDN" ] || [ "$ALBUMS_HOST" != "$APP_FQDN" ] || [ "$FAMILY_HOST" != "$APP_FQDN" ] || [ "$SHARE_HOST" != "$APP_FQDN" ] || [ "$EMBED_HOST" != "$APP_FQDN" ] || [ "$PAYMENTS_HOST" != "$APP_FQDN" ]; then
USE_SUBDOMAIN_ROUTING=true USE_SUBDOMAIN_ROUTING=true
fi fi
fi fi
@@ -141,12 +147,18 @@ if [ "$USE_SUBDOMAIN_ROUTING" = true ]; then
CAST_URL="https://${CAST_HOST}" CAST_URL="https://${CAST_HOST}"
FAMILY_URL="https://${FAMILY_HOST}" FAMILY_URL="https://${FAMILY_HOST}"
ALBUMS_URL="https://${ALBUMS_HOST}" ALBUMS_URL="https://${ALBUMS_HOST}"
SHARE_URL="https://${SHARE_HOST}"
EMBED_URL="https://${EMBED_HOST}"
PAYMENTS_URL="https://${PAYMENTS_HOST}"
else else
ACCOUNTS_URL="${BASE_URL}/accounts" ACCOUNTS_URL="${BASE_URL}/accounts"
AUTH_URL="${BASE_URL}/auth" AUTH_URL="${BASE_URL}/auth"
CAST_URL="${BASE_URL}/cast" CAST_URL="${BASE_URL}/cast"
FAMILY_URL="${BASE_URL}/family" FAMILY_URL="${BASE_URL}/family"
ALBUMS_URL="${BASE_URL}/albums" ALBUMS_URL="${BASE_URL}/albums"
SHARE_URL="${BASE_URL}/share"
EMBED_URL="${BASE_URL}/embed"
PAYMENTS_URL="${BASE_URL}/payments"
fi fi
if [ "$APP_FQDN" != "localhost" ]; then if [ "$APP_FQDN" != "localhost" ]; then
@@ -155,13 +167,17 @@ else
API_BASE="$BASE_URL" API_BASE="$BASE_URL"
fi fi
API_ORIGIN="${API_BASE}/api" API_ORIGIN="${API_BASE}/api"
RP_ID="$PHOTOS_HOST" if [[ "$PHOTOS_HOST" == *.*.* ]]; then
RP_ID="${PHOTOS_HOST#*.}"
else
RP_ID="$PHOTOS_HOST"
fi
log INFO "Application base URL: $BASE_URL" log INFO "Application base URL: $BASE_URL"
log INFO "Relying party ID: $RP_ID" log INFO "Relying party ID: $RP_ID"
log INFO "API origin: $API_ORIGIN" log INFO "API origin: $API_ORIGIN"
if [ "$USE_SUBDOMAIN_ROUTING" = true ]; then if [ "$USE_SUBDOMAIN_ROUTING" = true ]; then
log INFO "Serving frontend hosts: photos=${PHOTOS_HOST}, accounts=${ACCOUNTS_HOST}, auth=${AUTH_HOST}, cast=${CAST_HOST}" log INFO "Serving frontend hosts: photos=${PHOTOS_HOST}, accounts=${ACCOUNTS_HOST}, auth=${AUTH_HOST}, cast=${CAST_HOST}, share=${SHARE_HOST}, embed=${EMBED_HOST}, payments=${PAYMENTS_HOST}"
fi fi
S3_CONFIG_FILE="$CONFIG_DIR/s3.env" S3_CONFIG_FILE="$CONFIG_DIR/s3.env"
@@ -687,7 +703,8 @@ http:
apps: apps:
public-albums: "$ALBUMS_URL" public-albums: "$ALBUMS_URL"
public-locker: "$PHOTOS_URL" embed-albums: "$EMBED_URL"
public-locker: "$SHARE_URL"
accounts: "$ACCOUNTS_URL" accounts: "$ACCOUNTS_URL"
cast: "$CAST_URL" cast: "$CAST_URL"
family: "$FAMILY_URL" family: "$FAMILY_URL"
@@ -802,7 +819,7 @@ chmod 600 "$MUSEUM_CONFIG"
log INFO "Preparing frontend assets" log INFO "Preparing frontend assets"
if [ -d "$WEB_SOURCE_DIR" ]; then if [ -d "$WEB_SOURCE_DIR" ]; then
for app in photos accounts auth cast albums family; do for app in photos accounts auth cast albums family share embed payments; do
if [ -d "$WEB_SOURCE_DIR/$app" ]; then if [ -d "$WEB_SOURCE_DIR/$app" ]; then
log INFO "Updating $app frontend assets" log INFO "Updating $app frontend assets"
rm -rf "$WEB_RUNTIME_DIR/$app" rm -rf "$WEB_RUNTIME_DIR/$app"
@@ -904,6 +921,9 @@ if [ -d "$WEB_RUNTIME_DIR" ]; then
"https://web.ente.io|$PHOTOS_URL" "https://web.ente.io|$PHOTOS_URL"
"https://albums.ente.io|$ALBUMS_URL" "https://albums.ente.io|$ALBUMS_URL"
"https://family.ente.io|$FAMILY_URL" "https://family.ente.io|$FAMILY_URL"
"https://share.ente.io|$SHARE_URL"
"https://embed.ente.io|$EMBED_URL"
"https://payments.ente.io|$PAYMENTS_URL"
"https://ente.io|$PHOTOS_URL" "https://ente.io|$PHOTOS_URL"
) )
OLD_IFS="$IFS" OLD_IFS="$IFS"
@@ -954,6 +974,10 @@ chmod 700 "$DATA_DIR/home"
log INFO "Rendering Caddy configuration" log INFO "Rendering Caddy configuration"
if [ "$USE_SUBDOMAIN_ROUTING" = true ]; then if [ "$USE_SUBDOMAIN_ROUTING" = true ]; then
PHOTOS_HOST_MATCHERS="$PHOTOS_HOST"
if [ "$APP_FQDN" != "$PHOTOS_HOST" ]; then
PHOTOS_HOST_MATCHERS="$PHOTOS_HOST_MATCHERS $APP_FQDN"
fi
cat > "$CADDY_CONFIG" <<EOF_CADDY cat > "$CADDY_CONFIG" <<EOF_CADDY
{ {
admin off admin off
@@ -1011,6 +1035,7 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
handle /health { handle /health {
rewrite * /ping rewrite * /ping
reverse_proxy localhost:8080 { reverse_proxy localhost:8080 {
trusted_proxies private_ranges
header_up Host {http.request.host} header_up Host {http.request.host}
header_up X-Real-IP {http.request.header.X-Forwarded-For} header_up X-Real-IP {http.request.header.X-Forwarded-For}
header_up X-Forwarded-For {http.request.header.X-Forwarded-For} header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
@@ -1020,6 +1045,7 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
handle /ping { handle /ping {
reverse_proxy localhost:8080 { reverse_proxy localhost:8080 {
trusted_proxies private_ranges
header_up Host {http.request.host} header_up Host {http.request.host}
header_up X-Real-IP {http.request.header.X-Forwarded-For} header_up X-Real-IP {http.request.header.X-Forwarded-For}
header_up X-Forwarded-For {http.request.header.X-Forwarded-For} header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
@@ -1028,12 +1054,19 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
} }
handle /public/* { handle /public/* {
reverse_proxy localhost:8080 reverse_proxy localhost:8080 {
trusted_proxies private_ranges
header_up Host {http.request.host}
header_up X-Real-IP {http.request.header.X-Forwarded-For}
header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
header_up X-Forwarded-Proto {http.request.header.X-Forwarded-Proto}
}
} }
@user_api path_regexp user_api ^/users($|/.*) @user_api path_regexp user_api ^/users($|/.*)
handle @user_api { handle @user_api {
reverse_proxy localhost:8080 { reverse_proxy localhost:8080 {
trusted_proxies private_ranges
header_up Host {http.request.host} header_up Host {http.request.host}
header_up X-Real-IP {http.request.header.X-Forwarded-For} header_up X-Real-IP {http.request.header.X-Forwarded-For}
header_up X-Forwarded-For {http.request.header.X-Forwarded-For} header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
@@ -1047,6 +1080,7 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
} }
handle @museum_api_get { handle @museum_api_get {
reverse_proxy localhost:8080 { reverse_proxy localhost:8080 {
trusted_proxies private_ranges
header_up Host {http.request.host} header_up Host {http.request.host}
header_up X-Real-IP {http.request.header.X-Forwarded-For} header_up X-Real-IP {http.request.header.X-Forwarded-For}
header_up X-Forwarded-For {http.request.header.X-Forwarded-For} header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
@@ -1060,6 +1094,7 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
} }
handle @write_methods { handle @write_methods {
reverse_proxy localhost:8080 { reverse_proxy localhost:8080 {
trusted_proxies private_ranges
header_up Host {http.request.host} header_up Host {http.request.host}
header_up X-Real-IP {http.request.header.X-Forwarded-For} header_up X-Real-IP {http.request.header.X-Forwarded-For}
header_up X-Forwarded-For {http.request.header.X-Forwarded-For} header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
@@ -1067,7 +1102,7 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
} }
} }
@photos_host host ${PHOTOS_HOST} @photos_host host ${PHOTOS_HOST_MATCHERS}
handle @photos_host { handle @photos_host {
root * $WEB_RUNTIME_DIR/photos root * $WEB_RUNTIME_DIR/photos
try_files {path} {path}/index.html {path}.html index.html try_files {path} {path}/index.html {path}.html index.html
@@ -1109,6 +1144,27 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
file_server file_server
} }
@share_host host ${SHARE_HOST}
handle @share_host {
root * $WEB_RUNTIME_DIR/share
try_files {path} {path}/index.html {path}.html index.html
file_server
}
@embed_host host ${EMBED_HOST}
handle @embed_host {
root * $WEB_RUNTIME_DIR/embed
try_files {path} {path}/index.html {path}.html index.html
file_server
}
@payments_host host ${PAYMENTS_HOST}
handle @payments_host {
root * $WEB_RUNTIME_DIR/payments
try_files {path} {path}/index.html {path}.html index.html
file_server
}
handle { handle {
respond "Not Found" 404 respond "Not Found" 404
} }
@@ -1172,6 +1228,7 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
handle /health { handle /health {
rewrite * /ping rewrite * /ping
reverse_proxy localhost:8080 { reverse_proxy localhost:8080 {
trusted_proxies private_ranges
header_up Host {http.request.host} header_up Host {http.request.host}
header_up X-Real-IP {http.request.header.X-Forwarded-For} header_up X-Real-IP {http.request.header.X-Forwarded-For}
header_up X-Forwarded-For {http.request.header.X-Forwarded-For} header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
@@ -1181,6 +1238,7 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
handle /ping { handle /ping {
reverse_proxy localhost:8080 { reverse_proxy localhost:8080 {
trusted_proxies private_ranges
header_up Host {http.request.host} header_up Host {http.request.host}
header_up X-Real-IP {http.request.header.X-Forwarded-For} header_up X-Real-IP {http.request.header.X-Forwarded-For}
header_up X-Forwarded-For {http.request.header.X-Forwarded-For} header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
@@ -1189,12 +1247,19 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
} }
handle /public/* { handle /public/* {
reverse_proxy localhost:8080 reverse_proxy localhost:8080 {
trusted_proxies private_ranges
header_up Host {http.request.host}
header_up X-Real-IP {http.request.header.X-Forwarded-For}
header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
header_up X-Forwarded-Proto {http.request.header.X-Forwarded-Proto}
}
} }
@user_api_path path_regexp user_api_path ^/users($|/.*) @user_api_path path_regexp user_api_path ^/users($|/.*)
handle @user_api_path { handle @user_api_path {
reverse_proxy localhost:8080 { reverse_proxy localhost:8080 {
trusted_proxies private_ranges
header_up Host {http.request.host} header_up Host {http.request.host}
header_up X-Real-IP {http.request.header.X-Forwarded-For} header_up X-Real-IP {http.request.header.X-Forwarded-For}
header_up X-Forwarded-For {http.request.header.X-Forwarded-For} header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
@@ -1208,6 +1273,7 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
} }
handle @museum_api_get_path { handle @museum_api_get_path {
reverse_proxy localhost:8080 { reverse_proxy localhost:8080 {
trusted_proxies private_ranges
header_up Host {http.request.host} header_up Host {http.request.host}
header_up X-Real-IP {http.request.header.X-Forwarded-For} header_up X-Real-IP {http.request.header.X-Forwarded-For}
header_up X-Forwarded-For {http.request.header.X-Forwarded-For} header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
@@ -1221,6 +1287,7 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
} }
handle @write_methods_path { handle @write_methods_path {
reverse_proxy localhost:8080 { reverse_proxy localhost:8080 {
trusted_proxies private_ranges
header_up Host {http.request.host} header_up Host {http.request.host}
header_up X-Real-IP {http.request.header.X-Forwarded-For} header_up X-Real-IP {http.request.header.X-Forwarded-For}
header_up X-Forwarded-For {http.request.header.X-Forwarded-For} header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
@@ -1230,7 +1297,7 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
handle /_next/* { handle /_next/* {
root * $WEB_RUNTIME_DIR root * $WEB_RUNTIME_DIR
try_files {path} auth{path} accounts{path} photos{path} cast{path} albums{path} family{path} try_files {path} auth{path} accounts{path} photos{path} cast{path} albums{path} family{path} share{path} embed{path} payments{path}
file_server file_server
} }
@@ -1269,6 +1336,24 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
file_server file_server
} }
handle /share/* {
root * $WEB_RUNTIME_DIR
try_files {path} {path}/index.html /share/index.html
file_server
}
handle /embed/* {
root * $WEB_RUNTIME_DIR
try_files {path} {path}/index.html /embed/index.html
file_server
}
handle /payments/* {
root * $WEB_RUNTIME_DIR
try_files {path} {path}/index.html /payments/index.html
file_server
}
handle /photos/* { handle /photos/* {
root * $WEB_RUNTIME_DIR root * $WEB_RUNTIME_DIR
try_files {path} {path}/index.html /photos/index.html try_files {path} {path}/index.html /photos/index.html