feat(agent): packaging Windows + téléchargement HTTPS

- Téléchargement des binaires Tailscale Windows via download-tailscale-bins.sh
- Build Windows/Linux via build.sh avec génération d’archive zip
- Caddyfile : serve les agents en HTTPS sous /studioE5-agent*
- .gitignore : ignore agent/tailscale-bin/
- Documentation du téléchargement dans SUIVI_VPN_ONDEMAND.md
This commit is contained in:
EduBox Dev
2026-06-23 10:00:52 +00:00
parent b4344e9d66
commit df77caf64a
5 changed files with 132 additions and 1 deletions
+1
View File
@@ -25,3 +25,4 @@ headscale/*.sqlite*
headscale/*.key
headscale/*.state
agent/resolv.conf
agent/tailscale-bin/
+10
View File
@@ -27,6 +27,11 @@ headscale.studioe5.edudeploy.com:443 {
}
studioe5.edudeploy.com:443 {
route /studioE5-agent* {
file_server {
root /usr/share/caddy/agent
}
}
reverse_proxy /api/websocket* server:3001
reverse_proxy server:3000
}
@@ -35,6 +40,11 @@ studioe5.edudeploy.com:443 {
tls {
on_demand
}
route /studioE5-agent* {
file_server {
root /usr/share/caddy/agent
}
}
@instance {
not host studioe5.edudeploy.com
not host headscale.studioe5.edudeploy.com
+48 -1
View File
@@ -155,6 +155,53 @@ Test réalisé le 2026-06-23 en utilisant le compte superadmin :
Le flux `UI → API → WebSocket → agent → Docker → VPN → Caddy → HTTPS public` est fonctionnel.
## 💻 Téléchargement de lagent
Lagent est servi par Caddy depuis le dossier `agent/` monté dans le conteneur Caddy (`./agent:/usr/share/caddy/agent`).
### Binaires disponibles
- **Windows (archive complète)** : `https://studioe5.edudeploy.com/studioE5-agent-v0.3.0-windows.zip`
- Contient `studioE5-agent.exe` + `tailscale-bin/windows/` (`tailscale.exe`, `tailscaled.exe`, `wintun.dll`) + `README-Windows.txt`.
- **Windows (exécutable seul)** : `https://studioe5.edudeploy.com/studioE5-agent-v0.3.0.exe`
- Nécessite davoir installé Tailscale Windows séparément ou davoir les binaires dans `tailscale-bin/windows/`.
- **Linux** : `https://studioe5.edudeploy.com/studioE5-agent-v0.3.0`
### Builder / préparer les binaires
```bash
cd /opt/studioe5-client-a/agent
# 1. Télécharger les binaires Tailscale Windows (nécessite msitools)
./download-tailscale-bins.sh 1.98.4
# 2. Builder lagent pour Windows et Linux (macOS nécessite CGO)
./build.sh
```
Le `build.sh` génère automatiquement `studioE5-agent-v0.3.0-windows.zip` et copie les binaires versionnés dans `server/public/`.
### Configuration minimale Windows
1. Extraire `studioE5-agent-v0.3.0-windows.zip` dans `C:\studioE5-agent`.
2. Créer le dossier `C:\studioE5-agent\data`.
3. Créer `C:\studioE5-agent\data\studioE5-config.json` :
```json
{
"server": "wss://studioe5.edudeploy.com/api/websocket",
"headscale_url": "https://headscale.studioe5.edudeploy.com",
"headscale_auth_key": "CLE_PREAUTH_ICI",
"node_id": "IDENTIFIANT_DU_POSTE",
"data_dir": "C:\\studioE5-agent\\data"
}
```
4. Lancer lagent en mode console :
```powershell
.\studioE5-agent.exe -no-tray -data-dir C:\studioE5-agent\data
```
> ⚠️ `headscale_auth_key` doit être une clé pré-auth réutilisable valide pour le tailnet studioe5. Ne jamais commiter cette clé.
## 📋 Prochaines étapes à faire
- [x] ~~Attendre la fin du rate limit Lets Encrypt~~ (levé le 2026-06-23).
@@ -163,7 +210,7 @@ Le flux `UI → API → WebSocket → agent → Docker → VPN → Caddy → HTT
- [x] ~~Tester le flux complet depuis linterface web~~ → **OK** via lAPI authentifiée (`POST /api/instances`), instance `cmqqgrur20001lw67t2bdgzkg` accessible en HTTPS public.
- [ ] **Obtenir un certificat wildcard** pour `*.studioe5.edudeploy.com` (voir étude ci-dessous).
- [ ] **Nettoyer les instances/agent de test** une fois le wildcard en place et le push effectué.
- [ ] **Packager les binaires Tailscale pour Windows** dans `agent/tailscale-bin/windows/`.
- [x] ~~Packager les binaires Tailscale pour Windows~~ → **OK**, `download-tailscale-bins.sh` + `studioE5-agent-v0.3.0-windows.zip` prêt.
- [ ] **Nettoyer les anciens nodes/volumes Headscale** créés pendant les tests.
- [ ] **Documenter la procédure de mise en production** pour le client A (config agent, clés Headscale, ports, etc.).
+41
View File
@@ -34,6 +34,40 @@ else
MAC_BUILT=0
fi
# Build Windows distribution zip (agent + Tailscale binaries)
ZIP_NAME="${BIN_NAME}-v${VERSION}-windows.zip"
if [ -d "tailscale-bin/windows" ]; then
python3 - <<PY
import zipfile, os
with zipfile.ZipFile("${ZIP_NAME}", 'w', zipfile.ZIP_DEFLATED) as zf:
zf.write("${BIN_NAME}.exe", "${BIN_NAME}.exe")
for f in ["tailscale.exe", "tailscaled.exe", "wintun.dll"]:
zf.write(f"tailscale-bin/windows/{f}", f"tailscale-bin/windows/{f}")
readme = """${APP_NAME} Agent - Windows
=======================
1. Extract this archive to a folder (e.g. C:\\${APP_NAME}-agent).
2. Create a data folder (e.g. C:\\${APP_NAME}-agent\\data).
3. Create the config file data\\${BIN_NAME}-config.json:
{
"server": "wss://studioe5.edudeploy.com/api/websocket",
"headscale_url": "https://headscale.studioe5.edudeploy.com",
"headscale_auth_key": "YOUR_PREAUTH_KEY",
"node_id": "YOUR_NODE_ID",
"data_dir": "C:\\\\\\\\${APP_NAME}-agent\\\\\\\\data"
}
4. Run the agent:
${BIN_NAME}.exe -no-tray -data-dir C:\\${APP_NAME}-agent\\data
Tailscale binaries (tailscale.exe, tailscaled.exe, wintun.dll) are bundled
in tailscale-bin\\windows\\ and used automatically by the agent.
"""
zf.writestr("README-Windows.txt", readme)
print(f" ${ZIP_NAME}")
PY
else
echo " Warning: tailscale-bin/windows not found, run ./download-tailscale-bins.sh first"
fi
# Copy versioned binaries to server/public so the dashboard can serve them
SERVER_PUBLIC="../server/public"
if [ -d "${SERVER_PUBLIC}" ]; then
@@ -42,7 +76,14 @@ if [ -d "${SERVER_PUBLIC}" ]; then
if [ "$MAC_BUILT" = "1" ]; then
cp "${BIN_NAME}-v${VERSION}-mac" "${SERVER_PUBLIC}/${BIN_NAME}-v${VERSION}-mac"
fi
if [ -f "${ZIP_NAME}" ]; then
cp "${ZIP_NAME}" "${SERVER_PUBLIC}/${ZIP_NAME}"
fi
echo " Copied versioned binaries to ${SERVER_PUBLIC}"
fi
echo ""
echo "Download URLs (once served by Caddy):"
echo " https://studioe5.edudeploy.com/${BIN_NAME}-v${VERSION}.exe"
echo " https://studioe5.edudeploy.com/${ZIP_NAME}"
echo "Done."
+32
View File
@@ -0,0 +1,32 @@
#!/bin/bash
set -e
# Télécharge les binaires Tailscale Windows depuis l'installateur MSI officiel.
# Nécessite: curl, msitools (msiextract)
VERSION="${1:-1.98.4}"
ARCH="amd64"
OUTDIR="$(dirname "$0")/tailscale-bin/windows"
MSI_URL="https://pkgs.tailscale.com/stable/tailscale-setup-${VERSION}-${ARCH}.msi"
TMPDIR="$(mktemp -d)"
cleanup() {
rm -rf "$TMPDIR"
}
trap cleanup EXIT
echo "Downloading Tailscale ${VERSION} Windows installer..."
curl -L -o "$TMPDIR/tailscale-setup.msi" "$MSI_URL"
echo "Extracting binaries..."
mkdir -p "$TMPDIR/extract"
msiextract -C "$TMPDIR/extract" "$TMPDIR/tailscale-setup.msi" >/dev/null
echo "Installing to ${OUTDIR}..."
mkdir -p "$OUTDIR"
cp "$TMPDIR/extract/PFiles64/Tailscale/tailscale.exe" "$OUTDIR/"
cp "$TMPDIR/extract/PFiles64/Tailscale/tailscaled.exe" "$OUTDIR/"
cp "$TMPDIR/extract/PFiles64/Tailscale/wintun.dll" "$OUTDIR/"
echo "Done. Installed:"
ls -lh "$OUTDIR"