feat(agent): packaging Windows + téléchargement HTTPS
- Téléchargement des binaires Tailscale Windows via download-tailscale-bins.sh - Build Windows/Linux via build.sh avec génération d’archive zip - Caddyfile : serve les agents en HTTPS sous /studioE5-agent* - .gitignore : ignore agent/tailscale-bin/ - Documentation du téléchargement dans SUIVI_VPN_ONDEMAND.md
This commit is contained in:
@@ -25,3 +25,4 @@ headscale/*.sqlite*
|
||||
headscale/*.key
|
||||
headscale/*.state
|
||||
agent/resolv.conf
|
||||
agent/tailscale-bin/
|
||||
|
||||
@@ -27,6 +27,11 @@ headscale.studioe5.edudeploy.com:443 {
|
||||
}
|
||||
|
||||
studioe5.edudeploy.com:443 {
|
||||
route /studioE5-agent* {
|
||||
file_server {
|
||||
root /usr/share/caddy/agent
|
||||
}
|
||||
}
|
||||
reverse_proxy /api/websocket* server:3001
|
||||
reverse_proxy server:3000
|
||||
}
|
||||
@@ -35,6 +40,11 @@ studioe5.edudeploy.com:443 {
|
||||
tls {
|
||||
on_demand
|
||||
}
|
||||
route /studioE5-agent* {
|
||||
file_server {
|
||||
root /usr/share/caddy/agent
|
||||
}
|
||||
}
|
||||
@instance {
|
||||
not host studioe5.edudeploy.com
|
||||
not host headscale.studioe5.edudeploy.com
|
||||
|
||||
+48
-1
@@ -155,6 +155,53 @@ Test réalisé le 2026-06-23 en utilisant le compte superadmin :
|
||||
|
||||
Le flux `UI → API → WebSocket → agent → Docker → VPN → Caddy → HTTPS public` est fonctionnel.
|
||||
|
||||
## 💻 Téléchargement de l’agent
|
||||
|
||||
L’agent est servi par Caddy depuis le dossier `agent/` monté dans le conteneur Caddy (`./agent:/usr/share/caddy/agent`).
|
||||
|
||||
### Binaires disponibles
|
||||
|
||||
- **Windows (archive complète)** : `https://studioe5.edudeploy.com/studioE5-agent-v0.3.0-windows.zip`
|
||||
- Contient `studioE5-agent.exe` + `tailscale-bin/windows/` (`tailscale.exe`, `tailscaled.exe`, `wintun.dll`) + `README-Windows.txt`.
|
||||
- **Windows (exécutable seul)** : `https://studioe5.edudeploy.com/studioE5-agent-v0.3.0.exe`
|
||||
- Nécessite d’avoir installé Tailscale Windows séparément ou d’avoir les binaires dans `tailscale-bin/windows/`.
|
||||
- **Linux** : `https://studioe5.edudeploy.com/studioE5-agent-v0.3.0`
|
||||
|
||||
### Builder / préparer les binaires
|
||||
|
||||
```bash
|
||||
cd /opt/studioe5-client-a/agent
|
||||
|
||||
# 1. Télécharger les binaires Tailscale Windows (nécessite msitools)
|
||||
./download-tailscale-bins.sh 1.98.4
|
||||
|
||||
# 2. Builder l’agent pour Windows et Linux (macOS nécessite CGO)
|
||||
./build.sh
|
||||
```
|
||||
|
||||
Le `build.sh` génère automatiquement `studioE5-agent-v0.3.0-windows.zip` et copie les binaires versionnés dans `server/public/`.
|
||||
|
||||
### Configuration minimale Windows
|
||||
|
||||
1. Extraire `studioE5-agent-v0.3.0-windows.zip` dans `C:\studioE5-agent`.
|
||||
2. Créer le dossier `C:\studioE5-agent\data`.
|
||||
3. Créer `C:\studioE5-agent\data\studioE5-config.json` :
|
||||
```json
|
||||
{
|
||||
"server": "wss://studioe5.edudeploy.com/api/websocket",
|
||||
"headscale_url": "https://headscale.studioe5.edudeploy.com",
|
||||
"headscale_auth_key": "CLE_PREAUTH_ICI",
|
||||
"node_id": "IDENTIFIANT_DU_POSTE",
|
||||
"data_dir": "C:\\studioE5-agent\\data"
|
||||
}
|
||||
```
|
||||
4. Lancer l’agent en mode console :
|
||||
```powershell
|
||||
.\studioE5-agent.exe -no-tray -data-dir C:\studioE5-agent\data
|
||||
```
|
||||
|
||||
> ⚠️ `headscale_auth_key` doit être une clé pré-auth réutilisable valide pour le tailnet studioe5. Ne jamais commiter cette clé.
|
||||
|
||||
## 📋 Prochaines étapes à faire
|
||||
|
||||
- [x] ~~Attendre la fin du rate limit Let’s Encrypt~~ (levé le 2026-06-23).
|
||||
@@ -163,7 +210,7 @@ Le flux `UI → API → WebSocket → agent → Docker → VPN → Caddy → HTT
|
||||
- [x] ~~Tester le flux complet depuis l’interface web~~ → **OK** via l’API authentifiée (`POST /api/instances`), instance `cmqqgrur20001lw67t2bdgzkg` accessible en HTTPS public.
|
||||
- [ ] **Obtenir un certificat wildcard** pour `*.studioe5.edudeploy.com` (voir étude ci-dessous).
|
||||
- [ ] **Nettoyer les instances/agent de test** une fois le wildcard en place et le push effectué.
|
||||
- [ ] **Packager les binaires Tailscale pour Windows** dans `agent/tailscale-bin/windows/`.
|
||||
- [x] ~~Packager les binaires Tailscale pour Windows~~ → **OK**, `download-tailscale-bins.sh` + `studioE5-agent-v0.3.0-windows.zip` prêt.
|
||||
- [ ] **Nettoyer les anciens nodes/volumes Headscale** créés pendant les tests.
|
||||
- [ ] **Documenter la procédure de mise en production** pour le client A (config agent, clés Headscale, ports, etc.).
|
||||
|
||||
|
||||
@@ -34,6 +34,40 @@ else
|
||||
MAC_BUILT=0
|
||||
fi
|
||||
|
||||
# Build Windows distribution zip (agent + Tailscale binaries)
|
||||
ZIP_NAME="${BIN_NAME}-v${VERSION}-windows.zip"
|
||||
if [ -d "tailscale-bin/windows" ]; then
|
||||
python3 - <<PY
|
||||
import zipfile, os
|
||||
with zipfile.ZipFile("${ZIP_NAME}", 'w', zipfile.ZIP_DEFLATED) as zf:
|
||||
zf.write("${BIN_NAME}.exe", "${BIN_NAME}.exe")
|
||||
for f in ["tailscale.exe", "tailscaled.exe", "wintun.dll"]:
|
||||
zf.write(f"tailscale-bin/windows/{f}", f"tailscale-bin/windows/{f}")
|
||||
readme = """${APP_NAME} Agent - Windows
|
||||
=======================
|
||||
1. Extract this archive to a folder (e.g. C:\\${APP_NAME}-agent).
|
||||
2. Create a data folder (e.g. C:\\${APP_NAME}-agent\\data).
|
||||
3. Create the config file data\\${BIN_NAME}-config.json:
|
||||
{
|
||||
"server": "wss://studioe5.edudeploy.com/api/websocket",
|
||||
"headscale_url": "https://headscale.studioe5.edudeploy.com",
|
||||
"headscale_auth_key": "YOUR_PREAUTH_KEY",
|
||||
"node_id": "YOUR_NODE_ID",
|
||||
"data_dir": "C:\\\\\\\\${APP_NAME}-agent\\\\\\\\data"
|
||||
}
|
||||
4. Run the agent:
|
||||
${BIN_NAME}.exe -no-tray -data-dir C:\\${APP_NAME}-agent\\data
|
||||
|
||||
Tailscale binaries (tailscale.exe, tailscaled.exe, wintun.dll) are bundled
|
||||
in tailscale-bin\\windows\\ and used automatically by the agent.
|
||||
"""
|
||||
zf.writestr("README-Windows.txt", readme)
|
||||
print(f" ${ZIP_NAME}")
|
||||
PY
|
||||
else
|
||||
echo " Warning: tailscale-bin/windows not found, run ./download-tailscale-bins.sh first"
|
||||
fi
|
||||
|
||||
# Copy versioned binaries to server/public so the dashboard can serve them
|
||||
SERVER_PUBLIC="../server/public"
|
||||
if [ -d "${SERVER_PUBLIC}" ]; then
|
||||
@@ -42,7 +76,14 @@ if [ -d "${SERVER_PUBLIC}" ]; then
|
||||
if [ "$MAC_BUILT" = "1" ]; then
|
||||
cp "${BIN_NAME}-v${VERSION}-mac" "${SERVER_PUBLIC}/${BIN_NAME}-v${VERSION}-mac"
|
||||
fi
|
||||
if [ -f "${ZIP_NAME}" ]; then
|
||||
cp "${ZIP_NAME}" "${SERVER_PUBLIC}/${ZIP_NAME}"
|
||||
fi
|
||||
echo " Copied versioned binaries to ${SERVER_PUBLIC}"
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "Download URLs (once served by Caddy):"
|
||||
echo " https://studioe5.edudeploy.com/${BIN_NAME}-v${VERSION}.exe"
|
||||
echo " https://studioe5.edudeploy.com/${ZIP_NAME}"
|
||||
echo "Done."
|
||||
|
||||
Executable
+32
@@ -0,0 +1,32 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
# Télécharge les binaires Tailscale Windows depuis l'installateur MSI officiel.
|
||||
# Nécessite: curl, msitools (msiextract)
|
||||
|
||||
VERSION="${1:-1.98.4}"
|
||||
ARCH="amd64"
|
||||
OUTDIR="$(dirname "$0")/tailscale-bin/windows"
|
||||
MSI_URL="https://pkgs.tailscale.com/stable/tailscale-setup-${VERSION}-${ARCH}.msi"
|
||||
TMPDIR="$(mktemp -d)"
|
||||
|
||||
cleanup() {
|
||||
rm -rf "$TMPDIR"
|
||||
}
|
||||
trap cleanup EXIT
|
||||
|
||||
echo "Downloading Tailscale ${VERSION} Windows installer..."
|
||||
curl -L -o "$TMPDIR/tailscale-setup.msi" "$MSI_URL"
|
||||
|
||||
echo "Extracting binaries..."
|
||||
mkdir -p "$TMPDIR/extract"
|
||||
msiextract -C "$TMPDIR/extract" "$TMPDIR/tailscale-setup.msi" >/dev/null
|
||||
|
||||
echo "Installing to ${OUTDIR}..."
|
||||
mkdir -p "$OUTDIR"
|
||||
cp "$TMPDIR/extract/PFiles64/Tailscale/tailscale.exe" "$OUTDIR/"
|
||||
cp "$TMPDIR/extract/PFiles64/Tailscale/tailscaled.exe" "$OUTDIR/"
|
||||
cp "$TMPDIR/extract/PFiles64/Tailscale/wintun.dll" "$OUTDIR/"
|
||||
|
||||
echo "Done. Installed:"
|
||||
ls -lh "$OUTDIR"
|
||||
Reference in New Issue
Block a user