feat(agent): packaging Windows + téléchargement HTTPS
- Téléchargement des binaires Tailscale Windows via download-tailscale-bins.sh - Build Windows/Linux via build.sh avec génération d’archive zip - Caddyfile : serve les agents en HTTPS sous /studioE5-agent* - .gitignore : ignore agent/tailscale-bin/ - Documentation du téléchargement dans SUIVI_VPN_ONDEMAND.md
This commit is contained in:
@@ -25,3 +25,4 @@ headscale/*.sqlite*
|
|||||||
headscale/*.key
|
headscale/*.key
|
||||||
headscale/*.state
|
headscale/*.state
|
||||||
agent/resolv.conf
|
agent/resolv.conf
|
||||||
|
agent/tailscale-bin/
|
||||||
|
|||||||
@@ -27,6 +27,11 @@ headscale.studioe5.edudeploy.com:443 {
|
|||||||
}
|
}
|
||||||
|
|
||||||
studioe5.edudeploy.com:443 {
|
studioe5.edudeploy.com:443 {
|
||||||
|
route /studioE5-agent* {
|
||||||
|
file_server {
|
||||||
|
root /usr/share/caddy/agent
|
||||||
|
}
|
||||||
|
}
|
||||||
reverse_proxy /api/websocket* server:3001
|
reverse_proxy /api/websocket* server:3001
|
||||||
reverse_proxy server:3000
|
reverse_proxy server:3000
|
||||||
}
|
}
|
||||||
@@ -35,6 +40,11 @@ studioe5.edudeploy.com:443 {
|
|||||||
tls {
|
tls {
|
||||||
on_demand
|
on_demand
|
||||||
}
|
}
|
||||||
|
route /studioE5-agent* {
|
||||||
|
file_server {
|
||||||
|
root /usr/share/caddy/agent
|
||||||
|
}
|
||||||
|
}
|
||||||
@instance {
|
@instance {
|
||||||
not host studioe5.edudeploy.com
|
not host studioe5.edudeploy.com
|
||||||
not host headscale.studioe5.edudeploy.com
|
not host headscale.studioe5.edudeploy.com
|
||||||
|
|||||||
+48
-1
@@ -155,6 +155,53 @@ Test réalisé le 2026-06-23 en utilisant le compte superadmin :
|
|||||||
|
|
||||||
Le flux `UI → API → WebSocket → agent → Docker → VPN → Caddy → HTTPS public` est fonctionnel.
|
Le flux `UI → API → WebSocket → agent → Docker → VPN → Caddy → HTTPS public` est fonctionnel.
|
||||||
|
|
||||||
|
## 💻 Téléchargement de l’agent
|
||||||
|
|
||||||
|
L’agent est servi par Caddy depuis le dossier `agent/` monté dans le conteneur Caddy (`./agent:/usr/share/caddy/agent`).
|
||||||
|
|
||||||
|
### Binaires disponibles
|
||||||
|
|
||||||
|
- **Windows (archive complète)** : `https://studioe5.edudeploy.com/studioE5-agent-v0.3.0-windows.zip`
|
||||||
|
- Contient `studioE5-agent.exe` + `tailscale-bin/windows/` (`tailscale.exe`, `tailscaled.exe`, `wintun.dll`) + `README-Windows.txt`.
|
||||||
|
- **Windows (exécutable seul)** : `https://studioe5.edudeploy.com/studioE5-agent-v0.3.0.exe`
|
||||||
|
- Nécessite d’avoir installé Tailscale Windows séparément ou d’avoir les binaires dans `tailscale-bin/windows/`.
|
||||||
|
- **Linux** : `https://studioe5.edudeploy.com/studioE5-agent-v0.3.0`
|
||||||
|
|
||||||
|
### Builder / préparer les binaires
|
||||||
|
|
||||||
|
```bash
|
||||||
|
cd /opt/studioe5-client-a/agent
|
||||||
|
|
||||||
|
# 1. Télécharger les binaires Tailscale Windows (nécessite msitools)
|
||||||
|
./download-tailscale-bins.sh 1.98.4
|
||||||
|
|
||||||
|
# 2. Builder l’agent pour Windows et Linux (macOS nécessite CGO)
|
||||||
|
./build.sh
|
||||||
|
```
|
||||||
|
|
||||||
|
Le `build.sh` génère automatiquement `studioE5-agent-v0.3.0-windows.zip` et copie les binaires versionnés dans `server/public/`.
|
||||||
|
|
||||||
|
### Configuration minimale Windows
|
||||||
|
|
||||||
|
1. Extraire `studioE5-agent-v0.3.0-windows.zip` dans `C:\studioE5-agent`.
|
||||||
|
2. Créer le dossier `C:\studioE5-agent\data`.
|
||||||
|
3. Créer `C:\studioE5-agent\data\studioE5-config.json` :
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"server": "wss://studioe5.edudeploy.com/api/websocket",
|
||||||
|
"headscale_url": "https://headscale.studioe5.edudeploy.com",
|
||||||
|
"headscale_auth_key": "CLE_PREAUTH_ICI",
|
||||||
|
"node_id": "IDENTIFIANT_DU_POSTE",
|
||||||
|
"data_dir": "C:\\studioE5-agent\\data"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
4. Lancer l’agent en mode console :
|
||||||
|
```powershell
|
||||||
|
.\studioE5-agent.exe -no-tray -data-dir C:\studioE5-agent\data
|
||||||
|
```
|
||||||
|
|
||||||
|
> ⚠️ `headscale_auth_key` doit être une clé pré-auth réutilisable valide pour le tailnet studioe5. Ne jamais commiter cette clé.
|
||||||
|
|
||||||
## 📋 Prochaines étapes à faire
|
## 📋 Prochaines étapes à faire
|
||||||
|
|
||||||
- [x] ~~Attendre la fin du rate limit Let’s Encrypt~~ (levé le 2026-06-23).
|
- [x] ~~Attendre la fin du rate limit Let’s Encrypt~~ (levé le 2026-06-23).
|
||||||
@@ -163,7 +210,7 @@ Le flux `UI → API → WebSocket → agent → Docker → VPN → Caddy → HTT
|
|||||||
- [x] ~~Tester le flux complet depuis l’interface web~~ → **OK** via l’API authentifiée (`POST /api/instances`), instance `cmqqgrur20001lw67t2bdgzkg` accessible en HTTPS public.
|
- [x] ~~Tester le flux complet depuis l’interface web~~ → **OK** via l’API authentifiée (`POST /api/instances`), instance `cmqqgrur20001lw67t2bdgzkg` accessible en HTTPS public.
|
||||||
- [ ] **Obtenir un certificat wildcard** pour `*.studioe5.edudeploy.com` (voir étude ci-dessous).
|
- [ ] **Obtenir un certificat wildcard** pour `*.studioe5.edudeploy.com` (voir étude ci-dessous).
|
||||||
- [ ] **Nettoyer les instances/agent de test** une fois le wildcard en place et le push effectué.
|
- [ ] **Nettoyer les instances/agent de test** une fois le wildcard en place et le push effectué.
|
||||||
- [ ] **Packager les binaires Tailscale pour Windows** dans `agent/tailscale-bin/windows/`.
|
- [x] ~~Packager les binaires Tailscale pour Windows~~ → **OK**, `download-tailscale-bins.sh` + `studioE5-agent-v0.3.0-windows.zip` prêt.
|
||||||
- [ ] **Nettoyer les anciens nodes/volumes Headscale** créés pendant les tests.
|
- [ ] **Nettoyer les anciens nodes/volumes Headscale** créés pendant les tests.
|
||||||
- [ ] **Documenter la procédure de mise en production** pour le client A (config agent, clés Headscale, ports, etc.).
|
- [ ] **Documenter la procédure de mise en production** pour le client A (config agent, clés Headscale, ports, etc.).
|
||||||
|
|
||||||
|
|||||||
@@ -34,6 +34,40 @@ else
|
|||||||
MAC_BUILT=0
|
MAC_BUILT=0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Build Windows distribution zip (agent + Tailscale binaries)
|
||||||
|
ZIP_NAME="${BIN_NAME}-v${VERSION}-windows.zip"
|
||||||
|
if [ -d "tailscale-bin/windows" ]; then
|
||||||
|
python3 - <<PY
|
||||||
|
import zipfile, os
|
||||||
|
with zipfile.ZipFile("${ZIP_NAME}", 'w', zipfile.ZIP_DEFLATED) as zf:
|
||||||
|
zf.write("${BIN_NAME}.exe", "${BIN_NAME}.exe")
|
||||||
|
for f in ["tailscale.exe", "tailscaled.exe", "wintun.dll"]:
|
||||||
|
zf.write(f"tailscale-bin/windows/{f}", f"tailscale-bin/windows/{f}")
|
||||||
|
readme = """${APP_NAME} Agent - Windows
|
||||||
|
=======================
|
||||||
|
1. Extract this archive to a folder (e.g. C:\\${APP_NAME}-agent).
|
||||||
|
2. Create a data folder (e.g. C:\\${APP_NAME}-agent\\data).
|
||||||
|
3. Create the config file data\\${BIN_NAME}-config.json:
|
||||||
|
{
|
||||||
|
"server": "wss://studioe5.edudeploy.com/api/websocket",
|
||||||
|
"headscale_url": "https://headscale.studioe5.edudeploy.com",
|
||||||
|
"headscale_auth_key": "YOUR_PREAUTH_KEY",
|
||||||
|
"node_id": "YOUR_NODE_ID",
|
||||||
|
"data_dir": "C:\\\\\\\\${APP_NAME}-agent\\\\\\\\data"
|
||||||
|
}
|
||||||
|
4. Run the agent:
|
||||||
|
${BIN_NAME}.exe -no-tray -data-dir C:\\${APP_NAME}-agent\\data
|
||||||
|
|
||||||
|
Tailscale binaries (tailscale.exe, tailscaled.exe, wintun.dll) are bundled
|
||||||
|
in tailscale-bin\\windows\\ and used automatically by the agent.
|
||||||
|
"""
|
||||||
|
zf.writestr("README-Windows.txt", readme)
|
||||||
|
print(f" ${ZIP_NAME}")
|
||||||
|
PY
|
||||||
|
else
|
||||||
|
echo " Warning: tailscale-bin/windows not found, run ./download-tailscale-bins.sh first"
|
||||||
|
fi
|
||||||
|
|
||||||
# Copy versioned binaries to server/public so the dashboard can serve them
|
# Copy versioned binaries to server/public so the dashboard can serve them
|
||||||
SERVER_PUBLIC="../server/public"
|
SERVER_PUBLIC="../server/public"
|
||||||
if [ -d "${SERVER_PUBLIC}" ]; then
|
if [ -d "${SERVER_PUBLIC}" ]; then
|
||||||
@@ -42,7 +76,14 @@ if [ -d "${SERVER_PUBLIC}" ]; then
|
|||||||
if [ "$MAC_BUILT" = "1" ]; then
|
if [ "$MAC_BUILT" = "1" ]; then
|
||||||
cp "${BIN_NAME}-v${VERSION}-mac" "${SERVER_PUBLIC}/${BIN_NAME}-v${VERSION}-mac"
|
cp "${BIN_NAME}-v${VERSION}-mac" "${SERVER_PUBLIC}/${BIN_NAME}-v${VERSION}-mac"
|
||||||
fi
|
fi
|
||||||
|
if [ -f "${ZIP_NAME}" ]; then
|
||||||
|
cp "${ZIP_NAME}" "${SERVER_PUBLIC}/${ZIP_NAME}"
|
||||||
|
fi
|
||||||
echo " Copied versioned binaries to ${SERVER_PUBLIC}"
|
echo " Copied versioned binaries to ${SERVER_PUBLIC}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
echo ""
|
||||||
|
echo "Download URLs (once served by Caddy):"
|
||||||
|
echo " https://studioe5.edudeploy.com/${BIN_NAME}-v${VERSION}.exe"
|
||||||
|
echo " https://studioe5.edudeploy.com/${ZIP_NAME}"
|
||||||
echo "Done."
|
echo "Done."
|
||||||
|
|||||||
Executable
+32
@@ -0,0 +1,32 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -e
|
||||||
|
|
||||||
|
# Télécharge les binaires Tailscale Windows depuis l'installateur MSI officiel.
|
||||||
|
# Nécessite: curl, msitools (msiextract)
|
||||||
|
|
||||||
|
VERSION="${1:-1.98.4}"
|
||||||
|
ARCH="amd64"
|
||||||
|
OUTDIR="$(dirname "$0")/tailscale-bin/windows"
|
||||||
|
MSI_URL="https://pkgs.tailscale.com/stable/tailscale-setup-${VERSION}-${ARCH}.msi"
|
||||||
|
TMPDIR="$(mktemp -d)"
|
||||||
|
|
||||||
|
cleanup() {
|
||||||
|
rm -rf "$TMPDIR"
|
||||||
|
}
|
||||||
|
trap cleanup EXIT
|
||||||
|
|
||||||
|
echo "Downloading Tailscale ${VERSION} Windows installer..."
|
||||||
|
curl -L -o "$TMPDIR/tailscale-setup.msi" "$MSI_URL"
|
||||||
|
|
||||||
|
echo "Extracting binaries..."
|
||||||
|
mkdir -p "$TMPDIR/extract"
|
||||||
|
msiextract -C "$TMPDIR/extract" "$TMPDIR/tailscale-setup.msi" >/dev/null
|
||||||
|
|
||||||
|
echo "Installing to ${OUTDIR}..."
|
||||||
|
mkdir -p "$OUTDIR"
|
||||||
|
cp "$TMPDIR/extract/PFiles64/Tailscale/tailscale.exe" "$OUTDIR/"
|
||||||
|
cp "$TMPDIR/extract/PFiles64/Tailscale/tailscaled.exe" "$OUTDIR/"
|
||||||
|
cp "$TMPDIR/extract/PFiles64/Tailscale/wintun.dll" "$OUTDIR/"
|
||||||
|
|
||||||
|
echo "Done. Installed:"
|
||||||
|
ls -lh "$OUTDIR"
|
||||||
Reference in New Issue
Block a user