At work, I had the need of implement a virus scanner for all files uploaded to the server.
Well lets give a chance the clamav a deamon virus scanner opensource.
I found a project what implement a rest api very easy!
https://github.com/benzino77/clamav-rest-api/
I run the docker compose of the proyect and works like charm!
It use clamav in a docker container, an a api rest application to scan the file, using a network connector.
I'm not a big fan of docker, for run the docker project by hand, but dokku handle very well and can manage (deploy, maintain, etc) very well without effort.
With the good advice of the core developer from dokku. I can implement very fast the solution in dokku.
Then let's jump in....
ββββββββ
β β
βββββββββββββββββββββ ββββββββββββββββββββββ β N β
β β clamav-net β β proxyβ G β
β Clamav (clamd) βββββββββββββββββββ€ Rest API :3000 βββββββββ€ I β
β β β β β N β
βββββββββββββββββββββ ββββββββββββββββββββββ β X β
β β
β :443β
β β
ββββββββ
Basically this is implemented by dokku..
first the nginx proxy the http request to the rest api application
which is listen at :3000 in the container, to do that needs to communicate with clamd the deamon which scan the file and return the result to the apirest.
Easy right ?
My first approach to solve this is creating a plugin doing that but @savant Jose Gonzales from dokku suggest better create two dokku apps using https://dokkupose.netlify.app
The I paste the docker-compose file to the dokkupose and for my surprise it give exactly all the commands needed to deploy in dokku. Feeling like this:
Then the only missing here is the network link between clamd and the rest-api. I handle it by hand.
I left you the script i made to create the solution with comments:
## | |
# this script born about the needs of implement a virus scanner for files using a api rest. | |
# then using https://github.com/benzino77/clamav-rest-api/ and https://dokkupose.netlify.app | |
# I create this script to deploy the api rest | |
## | |
### dokku apps:destroy clamav-service && dokku apps:destroy clamav-apirest && dokku network:destroy clamav-net | |
# Let's create a network bridge to communicate | |
dokku apps:create clamav-service | |
dokku apps:create clamav-restapi | |
# network configuration | |
dokku network:create clamav-net | |
# attach the network to the cointainers | |
dokku network:set clamav-service attach-post-create clamav-net | |
dokku network:set clamav-restapi attach-post-create lamav-net | |
# doing this i have acces from clamav-restapi to clamav-service throught clamav-service.web | |
# for not expose the ports through nginx | |
dokku config:set --no-restart clamav-service DOKKU_DISABLE_PROXY=1 | |
dokku git:from-image clamav-service clamav/clamav:0.104 | |
# check if get working | |
sleep 5 | |
nc -vz $(dokku network:report clamav-service --network-web-listeners | tr ':' ' ') | |
# then it is working now install the restapi | |
# clamav-restapi | |
dokku apps:create clamav-restapi | |
# configure ports of clamav-restapi | |
dokku config:set --no-restart clamav-restapi DOKKU_DOCKERFILE_PORTS="3000/tcp" | |
dokku config:set --no-restart clamav-restapi DOKKU_PROXY_PORT_MAP="http:80:3000" | |
dokku config:set --no-restart clamav-restapi DOKKU_LETSENCRYPT_EMAIL="myemail@email.com" | |
dokku config:set --no-restart clamav-restapi NODE_ENV="production" | |
# using the network reference | |
dokku config:set --no-restart clamav-restapi CLAMD_IP=clamav-service.web | |
dokku config:set --no-restart clamav-restapi APP_FORM_KEY="FILES" | |
dokku config:set --no-restart clamav-restapi APP_PORT="3000" | |
#show the env vars | |
dokku config:show clamav-restapi | |
# assign image to clamav-restapi | |
dokku git:from-image clamav-restapi benzino77/clamav-rest-api | |
# configure ssl for the domain | |
dokku letsencrypt:enable clamav-restapi | |
# lets rock! | |
curl -s $(dokku url clamav-restapi)/api/v1/version | python3 -m json.tool | |
# secure the application | |
dokku plugin:install https://github.com/dokku/dokku-http-auth.git | |
export RANDOM_PASSWORD=$(date | md5sum | awk '{print $1}') | |
dokku http-auth:enable clamav-restapi app $RANDOM_PASSWORD | |
curl -s -u app:$RANDOM_PASSWORD $(dokku url clamav-restapi)/api/v1/version | python3 -m json.tool | |
{ | |
"success": true, | |
"data": { | |
"version": "ClamAV 0.104.3/26595/Wed Jul 6 07:53:23 2022\n" | |
} | |
} | |
echo "your password is $RANDOM_PASSWORD" | |
Question?
What about the signature updates ?
In container handle it by automatically and update daily
you don't know about dokku ?
Dokku
Docker powered mini-Heroku. The smallest PaaS implementation you've ever seen.
Sponsors
Become a sponsor and get your logo on our README on GitHub with a link to your site. [Become a sponsor]
Backers
Support us with a monthly donation and help us continue our activities. [Become a backer]
Requirements
A fresh VM running any of the following operating systems:
- Ubuntu 20.04 / 22.04 / 24.04 (amd64/arm64) - Any currently supported release
- Debian 11+ (amd64/arm64)
An SSH keypair that can be used for application deployment. If this exists before installation, it will be automatically imported into dokku.
Otherwise, you will need to import the keypair manually after installation using dokku ssh-keys:add
.
Installation
To install the latest stable release, run the following commands as a user who has access to sudo
:
wget -NP . https://dokku.com/install/v0.35.5/bootstrap.sh
sudo DOKKU_TAG=v0.35.5 bash bootstrap.sh
You can then proceed to configureβ¦
It's like heroku but selfhosted.
Top comments (0)