This README provides step-by-step instructions for setting up and running THIEFD, an open-source function-as-a-service framework written in Lua, using Podman instead of Docker.
- Ubuntu-based system (for apt-get commands)
- Sudo access
- Podman installed and configured
-
Install Lua and required system dependencies:
sudo apt-get update sudo apt-get install -y lua5.3 liblua5.3-dev luarocks build-essential libssl-dev -
Install Lua dependencies using LuaRocks:
sudo luarocks install luasocket sudo luarocks install luasec sudo luarocks install lanes sudo luarocks install luafilesystem sudo luarocks install lua-cjson sudo luarocks install compat53 -
Install Certbot for SSL certificate management:
sudo apt-get install -y certbot -
Set up the required environment variables:
export THIEFD_FORWARD_MODE=false export THIEFD_PODMAN_IMAGE="fully-qualified-container-url (e.g. docker.io/registry/image:latest)" export THIEFD_API_USERNAME="your-api-username" export THIEFD_API_PASSWORD="your-api-password" export THIEFD_SERVER_PORT=443 export THIEFD_DOMAIN="your-domain.com" export THIEFD_EMAIL="[email protected]" export THIEFD_CUSTOM_ENDPOINT="/thiefd" # Optional: Set custom endpointReplace the placeholder values with your actual configuration.
Optional: If you want to use forward mode, also set:
export THIEFD_FORWARD_MODE=true export THIEFD_FORWARD_WEBHOOK_URL="https://your-webhook-url.com" -
Save the Lua script to a file named
thiefd.lua.
-
Make sure you have root privileges to bind to port 443:
sudo -E lua thiefd.luaThe
-Eflag ensures that your environment variables are passed to the sudo environment. -
The script will automatically attempt to obtain or renew a Let's Encrypt SSL certificate for your domain.
-
Once running, the server will listen for HTTPS requests on the specified port (default 443).
Send POST requests to https://your-domain.com{CUSTOM_ENDPOINT} with the following:
- Basic Authentication using the API username and password
- Request body containing the Podman command to execute
Example using curl:
curl -X POST -u "your-api-username:your-api-password" \
-d "your podman command here" \
https://your-domain.com/thiefd
Note: Replace /thiefd with your custom endpoint if you've set the THIEFD_CUSTOM_ENDPOINT environment variable.
You can set a custom endpoint for your THIEFD server:
-
Set the
THIEFD_CUSTOM_ENDPOINTenvironment variable before running the script:export THIEFD_CUSTOM_ENDPOINT="/your-custom-endpoint" -
If not set, the default endpoint
/thiefdwill be used. -
Use your custom endpoint when sending requests to the server.
To use the install script:
- Save it to a file, e.g.,
install_thiefd.sh. - Make it executable:
chmod +x install_thiefd.sh. - Run it with sudo:
sudo ./install_thiefd.sh.
After running the script, you'll need to:
- Edit the configuration file at
/etc/thiefd.confwith your specific settings. - Start the THIEFD service using
sudo systemctl start thiefd. - Enable THIEFD to start on boot with
sudo systemctl enable thiefd.
Remember to replace the placeholder URL in the script where it downloads thiefd.lua with the location of a secure repository containing the thiefd-with-podman.lua script.
- Ensure your server is properly secured, as this script allows remote execution of Podman commands.
- Use strong, unique credentials for the API username and password.
- Regularly update and patch your system and all dependencies.
- Monitor logs and access to the server.
- Choose a non-obvious custom endpoint to add an extra layer of security.
- If you encounter permission issues, ensure you're running the script with appropriate privileges.
- Check that all required environment variables are correctly set.
- Verify that your domain's DNS is properly configured to point to your server's IP address.
- Ensure that port 443 is open and accessible from the internet.
- If you're using a custom endpoint and can't connect, double-check that you're using the correct endpoint in your requests.
- If Podman commands fail, ensure that Podman is properly installed and configured on your system.
For any issues or questions, please contact me[at]thiefd.com.