Merge pull request #42 from seknox/dev

README.md

@@ -1,4 +1,3 @@
-
 <!-- PROJECT LOGO -->
 <br />
 <div align="center">
@@ -14,75 +13,71 @@
     <a href="https://www.trasa.io/docs"><strong>Explore the docs »</strong></a>
     <br />
     <br />
-    <a href="https://console.trasa.io">Quick Demo</a>
+    <!-- <a href="https://console.trasa.io">Quick Demo</a> -->
     ·
     <a href="https://github.com/seknox/trasa/issue">Report Bug</a>
     ·
     <a href="https://github.com/seknox/trasa/issue">Request Feature</a>
-  </h2>
-</div>
+  </h2> <br />
 
 [![Go Report Card](https://goreportcard.com/badge/github.com/seknox/trasa)](https://goreportcard.com/report/github.com/seknox/trasa)
 [![License: MPL 2.0](https://img.shields.io/badge/License-MPL%202.0-brightgreen.svg)](https://github.com/seknox/trasa/blob/master/LICENSE)
 [![Actions Status](https://github.com/seknox/trasa/workflows/Build/badge.svg?branch=master)](https://github.com/seknox/trasa/actions)
 [![Actions Status](https://github.com/seknox/trasa/workflows/Test/badge.svg?branch=master)](https://github.com/seknox/trasa/actions)
 
+</div>
 
 <!-- TABLE OF CONTENTS -->
+
 ## Table of Contents
 
 - [Table of Contents](#table-of-contents)
 - [About The Project](#about-the-project)
   - [Immediate use cases and benefits](#immediate-use-cases-and-benefits)
 - [Getting Started](#getting-started)
-- [Contributing](#contributing)
 - [License](#license)
 - [Contact](#contact)
 
+<!-- ABOUT THE PROJECT -->
 
+## About The Project
 
+TRASA is a unified access control platform with three access control features built into a single platform:
 
-<!-- ABOUT THE PROJECT -->
-## About The Project
-TRASA is unified access control platform with three access control features bundled in one platform:
-1. Two factor authentication
-2. Privilege access management
-3. User device hygiene based access policies
+1. Two factor authentication (implemented with native agents)
+2. Privilege access management (implemented with identity aware access proxy)
+3. User device hygiene based access policies (implemented with user device security hygiene scanning agent)
 
-These features cumulatively enables zero trust access control security model to every remote access endpoints.
+These features cumulatively enables **zero trust access control** (we have a fancy word for it, zTAC) security model to every remote access endpoints.
 
 ### Immediate use cases and benefits
-- Remote access to internal infrastructure.
-- Manage remote access for 3rd party vendors.
-- Follow best practice for remote access.
 
+- Secure remote access to internal infrastructure by internal team.
+- Secure remote access to internal infrastructure for 3rd party vendors.
+- Follow best practice security for remote access.
 
 <!-- GETTING STARTED -->
+
 ## Getting Started
 
-We encourage to checkout  <a href="https://www.trasa.io/docs"><strong>TRASA website »</strong></a> for latest information on getting started with TRASA.
+We encourage to checkout <a href="https://www.trasa.io/docs"><strong>TRASA website »</strong></a> for latest information on getting started with TRASA.
 
-- Concepts : <a href="https://www.trasa.io/docs"><strong>Basic Cocnepts »</strong></a>
+- Concepts : <a href="https://www.trasa.io/docs/getting-started/concepts"><strong>Basic Cocnepts »</strong></a>
 - Getting Started : <a href="https://www.trasa.io/docs"><strong>Getting Started »</strong></a>
-- Installtion: <a href="https://www.trasa.io/docs"><strong>Installation »</strong></a>
+- Installtion: <a href="https://www.trasa.io/docs/install/installation"><strong>Installation »</strong></a>
 - Admin Manual: <a href="https://www.trasa.io/docs"><strong>Admin Docs »</strong></a>
-- User Guides: <a href="https://www.trasa.io/docs"><strong>User Guides »</strong></a>
-
-
+- User Guides: <a href="https://www.trasa.io/docs/guides/getting-started"><strong>User Guides »</strong></a>
 
 <!-- CONTRIBUTING -->
-## Contributing
-
-
 
+<!-- ## Contributing -->
 
 <!-- LICENSE -->
+
 ## License
 
 Distributed under the Mozilla Public License v2 License. See `LICENSE` for more information.
 
-
-
 <!-- CONTACT -->
-## Contact
 
+## Contact

build/docker/Dockerfile → build/docker/dev/Dockerfile

@@ -36,5 +36,5 @@ RUN update-ca-certificates
 COPY --from=gobuilder /go/src/seknox/trasa/server/server .
 COPY --from=dashbuilder /trasa/build /var/trasa/dashboard
 COPY build/etc/trasa /etc/trasa
-COPY build/test/wait-for-it.sh .
+COPY build/docker/wait-for-it.sh .
 CMD ["/trasa/wait-for-it.sh","db:5432", "--","/trasa/server"]

build/docker/docker-compose.yml → build/docker/dev/docker-compose.yml

@@ -2,7 +2,7 @@ version: '3.8'
 services:
   trasa-server:
     build:
-      context: ../..
+      context: ../../..
       dockerfile: Dockerfile
     ports:
       - "80:80"

build/docker/prod/Dockerfile

@@ -0,0 +1,41 @@
+FROM golang:1.14 as gobuilder
+
+WORKDIR /go/src/seknox/trasa
+
+COPY go.mod .
+COPY go.sum .
+
+RUN go mod download
+
+COPY server server
+WORKDIR /go/src/seknox/trasa/server
+
+RUN go build
+
+
+FROM node:13.12.0-alpine as dashbuilder
+
+WORKDIR /trasa
+ENV PATH /trasa/node_modules/.bin:$PATH
+
+# install app dependencies
+COPY dashboard/package.json ./
+RUN yarn install --silent
+
+COPY dashboard ./
+
+
+RUN yarn run build
+
+FROM ubuntu:xenial-20200706
+
+WORKDIR /trasa
+RUN apt-get update
+RUN apt-get install -y --no-install-recommends ca-certificates
+RUN update-ca-certificates
+COPY --from=gobuilder /go/src/seknox/trasa/server/server .
+COPY --from=dashbuilder /trasa/build /var/trasa/dashboard
+COPY build/etc/trasa /etc/trasa
+COPY build/docker/wait-for-it.sh .
+RUN  chmod +x wait-for-it.sh
+CMD ["bash","/trasa/wait-for-it.sh","db:5432", "--","/trasa/server"]

build/etc/trasa/config/config.toml

@@ -6,6 +6,7 @@
   cacert = "/etc/trasa/certs/ca.crt"
   dbname = "trasadb"
   dbuser = "trasauser"
+  dbpass = "trasauser"
   port = "5432"
   server = "db"
   sslenabled = false
@@ -23,25 +24,26 @@
 [redis]
   server = "redis:6379"
 
-[timezone]
-  location = "Asia/Kathmandu"
 
 [security]
   insecureSkipVerify=false
 
 
 
 [trasa]
-  cloudServer = "https://u2fproxy.trasa.io"
-  listenAddr = "app.trasa"
+  proxyDashboard = false
+  cloudserver = "https://sg.cpxy.trasa.io"
+  dashboard = "http://app.trasa"
+  listenaddr = "app.trasa"
+  orgID = ""
 
 
 [proxy]
- sshListenAddr="0.0.0.0:8022"
- guacdPath=""
+  sshlistenAddr = "127.0.0.1:8022"
+  dbListenAddr = "127.0.0.1:3333"
+  guacdEnabled = false
+  guacdAddr = "127.0.0.1:4822"
 
-[dbproxy]
-  listenAddr="127.0.0.1:8023"
 
 [vault]
   tsxvault = true

build/native/config.toml

@@ -0,0 +1,49 @@
+
+[backup]
+  backupdir = "$HOME/trasa/backup"
+
+[database]
+  cacert = "/etc/trasa/certs/app.trasa.io/ca.crt"
+  dbname = "trasadb"
+  dbtype = "postgres"
+  dbuser = "trasauser"
+  port = "5432"
+  server = "localhost"
+  usercert = "/etc/trasa/certs/app.trasa.io/client.trasauser.crt"
+  userkey = "/etc/trasa/certs/app.trasa.io/client.trasauser.key"
+
+
+
+[logging]
+  level = "TRACE"
+
+[minio]
+  status = false
+  key = "minioadmin"
+  secret = "minioadmin"
+  server = "127.0.0.1:9000"
+  usessl = false
+
+[platform]
+  base = "private"
+
+[redis]
+  server = "localhost:6379"
+
+[security]
+  insecureSkipVerify = true
+
+[proxy]
+  sshlistenAddr = "127.0.0.1:8022"
+  dbListenAddr = "127.0.0.1:3333"
+  guacdEnabled = false
+  guacdAddr = "127.0.0.1:4822"
+
+
+[trasa]
+  proxyDashboard = false
+  cloudserver = "https://sg.cpxy.trasa.io"
+  dashboard = "http://app.trasa"
+  listenaddr = "app.trasa"
+  orgID = ""
+

build/native/install.sh

@@ -1,14 +1,15 @@
 #!/usr/bin/env sh
 
+TRASA_VERSION=0.0.1
 
 #Install postgres
 sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
 wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
-sudo apt-get update
-sudo apt-get install postgresql
+sudo apt-get -y update
+sudo apt-get -y install postgresql
 
 #Install docker
-sudo apt-get -y remove docker docker-engine docker.io containerd runc && \
+sudo apt-get -y remove docker docker-engine docker.io containerd runc
 sudo apt-get -y update && \
 sudo apt-get -y install  \
     apt-transport-https \
@@ -25,44 +26,66 @@ sudo add-apt-repository -y \
 sudo apt-get -y update && \
 sudo apt-get -y install docker-ce docker-ce-cli containerd.io && \
 
-
+sudo apt-get install make
 sudo apt-get -y install ffmpeg && \
 
 
-sudo mkdir -p /etc/trasa && \
+
+wget http://download.redis.io/releases/redis-6.0.8.tar.gz
+tar xzf redis-6.0.8.tar.gz
+cd redis-6.0.8 && make && cp src/redis-server /usr/local/bin/ && cd ..
+
+
+sudo mkdir -p /etc/trasa/config && \
 sudo mkdir -p /etc/trasa/certs && \
+sudo mkdir -p /etc/trasa/static && \
 
 #chown $USER /etc/trasa && \
 sudo mkdir -p /var/trasa && \
-
 sudo mkdir -p /var/trasa/crdb
-
 sudo mkdir -p /var/trasa/minio && \
 
 
 
-#generate rsa keys for trasagw
-sudo ssh-keygen -t rsa -b 4096 -f /etc/trasa/certs/id_rsa -q -N ""
+
+mkdir bins
+
+wget https://storage.googleapis.com/trasa-public-download-assets/release/v$TRASA_VERSION/trasa-server -O bins/trasa-server
+wget https://storage.googleapis.com/trasa-public-download-assets/release/v$TRASA_VERSION/dashboard.tar -O dashboard.tar
+
+tar xzf dashboard.tar
 
 
 #copy binaries to binchow
 chmod +x bins/* && \
 sudo cp bins/* /usr/local/bin/ && \
-sudo cp -r  dashboard /var/trasa/dashboard
+sudo cp -r  dashboard/dashboard /var/trasa/dashboard
+
+wget https://raw.githubusercontent.com/seknox/trasa/master/build/etc/trasa/config/config.toml
+
+sudo mv config.toml /etc/trasa/config/config.toml
+
+wget https://storage.googleapis.com/trasa-public-download-assets/GeoLite2-City.mmdb
+sudo mv GeoLite2-City.mmdb /etc/trasa/static/GeoLite2-City.mmdb
 
 
-sudo cp -r config /etc/trasa/config && \
-sudo cp -r static /etc/trasa/static && \
 
+mkdir service-files
+wget https://raw.githubusercontent.com/seknox/trasa/master/build/native/trasa.service -O service-files/trasa.service
+wget https://raw.githubusercontent.com/seknox/trasa/master/build/native/trasa.service -O service-files/redis.service
 
-sudo cp service-files-single-binary/* /etc/systemd/system && \
+sudo cp service-files/* /etc/systemd/system
 sudo systemctl daemon-reload && \
 
 
+psql <<- EOSQL
+    CREATE USER docker;
+    CREATE DATABASE docker;
+    GRANT ALL PRIVILEGES ON DATABASE docker TO docker;
+EOSQL
 
 #Start services
-sudo systemctl start cockroach && \
-sudo systemctl start minio && \
+sudo systemctl start postgresql && \
 sudo systemctl start redis && \
 sudo systemctl start guacd && \
 

build/service-files/cockroach.service

@@ -0,0 +1,23 @@
+[Unit]
+Description=Cockroach Database
+Requires=network.target
+
+
+[Service]
+Type=notify
+WorkingDirectory=/var/trasa/crdb
+ExecStart=/usr/local/bin/cockroach start --store=/var/trasa/crdb --insecure --http-addr=127.0.0.1:8081 --listen-addr=127.0.0.1:26257
+#ExecStart=/usr/local/bin/cockroach start --store=/var/trasa/crdb --http-addr=127.0.0.1:8081 --listen-addr=127.0.0.1:26257 --insecure
+ExecStop=/usr/local/bin/cockroach quit --insecure
+#--certs-dir=/etc/trasa/certs
+TimeoutStopSec=60
+Restart=always
+RestartSec=10
+StandardOutput=syslog
+StandardError=syslog
+SyslogIdentifier=cockroach
+#User=cockroach
+
+
+[Install]
+WantedBy=default.target

build/service-files/guacd.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=Guacd
+Documentation=https://guacamole.apache.org/doc/gug/
+Requires=docker.service
+
+[Service]
+ExecStart=/usr/bin/docker run --rm --name guacd -p 127.0.0.1:4822:4822 -v /tmp/trasa/accessproxy/guac:/tmp/trasa/accessproxy/guac -v /tmp/trasa/accessproxy/guac/shared/:/tmp/trasa/accessproxy/guac/shared/  docker.pkg.github.com/seknox/guacamole-server/guacd:0.0.1
+ExecStop=/usr/bin/docker  container stop guacd
+Restart=always
+
+
+[Install]
+WantedBy=multi-user.target