switched to key-based auth for SSH, added docs

.drone.yml

@@ -33,7 +33,7 @@ steps:
         from_secret: drone_abra-bot_token
       fork: true
       repositories:
-        - coop-cloud/auto-recipes-catalogue-json
+        - toolshed/auto-recipes-catalogue-json
 
 trigger:
   event: tag

.env.sample

@@ -23,3 +23,10 @@ COMPOSE_FILE="compose.yml"
 # temporary or permanent redirect? (uncomment one)
 #REDIRECT_TYPE=redirect
 #REDIRECT_TYPE=permanent
+
+# Optionally handle all URL requests using a single file (commonly index.html)
+#SINGLE_PAGE_SITE_HANDLER=/index.html
+
+# Enable an SSH server to allow SFTP uploads to the web root
+#COMPOSE_FILE="$COMPOSE_FILE:compose.sftp.yml"
+#PUBLIC_KEY="ssh-ed25519 AAAAC3NzaJ1lZDI1NTE5AAAAIXqf4nxUxuGmLOaxXXXXXXXXoM/GwhcrAgmtbgXToaYmCJ user@host" # Replace with a public key you generate

README.md

@@ -28,5 +28,20 @@ Custom HTML website, served using Nginx.
 abra app cp YOURAPPDOMAIN index.html app:/usr/share/nginx/html
 ```
 
+## Allowing upload via SSH/SFTP
+To allow management of your site's files using scp, rsync or other SSH-based tools:
+1. If you don't already have one, generate an SSH keypair using `ssh-keygen`
+1. `abra app config YOURAPPDOMAIN`
+2. Uncomment these lines and add your public key:
+```
+#COMPOSE_FILE="$COMPOSE_FILE:compose.sftp.yml"
+#PUBLIC_KEY="ssh-ed25519 AAAAC3NzaJ1lZDI1NTE5AAAAIXqf4nxUxuGmLOaxXXXXXXXXoM/GwhcrAgmtbgXToaYmCJ user@host" # Replace with a public key you generate
+```
+3. `abra app undeploy YOURAPPDOMAIN`
+3. `abra app deploy YOURAPPDOMAIN`
+4. Test the SSH connection: `ssh -p 2220 sftp@YOURAPPDOMAIN`
+5. You can copy local files into the server's web root with a command like: `scp -r -P 2220 * sftp@YOURAPPDOMAIN:/content`
+
+
 [`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra
 [`coop-cloud/traefik`]: https://git.autonomic.zone/coop-cloud/traefik

compose.sftp.yml

@@ -0,0 +1,41 @@
+version: "3.8"
+services:
+  ssh:
+    image: lscr.io/linuxserver/openssh-server:latest
+    networks:
+      - proxy
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Etc/UTC
+      - USER_NAME=sftp
+      - PUBLIC_KEY
+    volumes:
+      - content:/content:rw
+    ports:
+      - 2220:2222
+    deploy:
+      restart_policy:
+        condition: on-failure
+  # The following is an admittedly hacky way of setting the owner
+  # of the `content` volume to the unprivileged `sftp` user, so
+  # that content can be transferred through the unprivileged sshd process
+  # using `scp` etc.
+  sshstart:
+    image: lscr.io/linuxserver/openssh-server:latest
+    user: root
+    depends_on:
+      - ssh
+    deploy:
+      restart_policy:
+        condition: none
+    volumes:
+      - content:/content:rw
+    entrypoint: [ "bash", "-c", "sleep 10 && chown -R 1000:1000 /content"]
+
+volumes:
+  content:
+
+networks:
+  proxy:
+    external: true

default.conf.tmpl

@@ -15,7 +15,11 @@ server {
             rewrite ^{{ env "REDIRECT_FROM_PATH" }}(.*)$ {{ env "REDIRECT_TO_URL" }}$1 {{ env "REDIRECT_TYPE" }}; 
         {{ end }}
 
-		try_files $uri $uri/ $uri.html =404;
+        {{ if env "SINGLE_PAGE_SITE_HANDLER" }}
+		try_files $uri $uri/ {{ env "SINGLE_PAGE_SITE_HANDLER" }} =404;
+        {{ else }}
+        try_files $uri $uri/ $uri.html =404;
+        {{ end }}
     }
 
     error_page  404              /404.html;