Cross-platform desktop application for greenhouse
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
forest ca8edb6a76 skip testing other threshold clients' threshold configs 3 weeks ago
.vscode Use fbs instead of go 2 months ago
greenhouse-daemon skip testing other threshold clients' threshold configs 3 weeks ago
readme fleshing out the readme 2 months ago
src support unix sockets for all local connections -- support integration 3 weeks ago
.gitignore support unix sockets for all local connections -- support integration 3 weeks ago
README.md support unix sockets for all local connections -- support integration 3 weeks ago

README.md

Greenhouse Desktop

screenshot of splash screen

This is the desktop application for the Greenhouse cloud service (in development).

greenhouse-desktop is a cross-platform fbs python/QT application with an accompanying daemon (background service) written in Go. The python app will display status to the user and allow them to configure their tunnels, while the daemon will manage the embedded threshold and caddy processes.

getting started with fbs development

# Download python 3.6 with security updates from https://www.python.org/downloads/release/python-3613/
cd Python-3.6.13/
./configure
make
make test
# note some tests will fail because of openssl being newer since python 3.6 is very old.  https://bugs.python.org/issue32947
# for now i ignored this 😬

sudo make install
python3.6 -m venv venv
source venv/bin/activate
pip install fbs
pip install PyQt5==5.9.2
fbs startproject
pip install qtwidgets pyqtspinner

architechture

This diagram was created with https://app.diagrams.net/. To edit it, download the diagram file and edit it with the https://app.diagrams.net/ web application, or you may run the application from source if you wish.

greenhouse-daemon

This is the background service which runs/manages threshold + caddy and responds to requests from the UI.

It depends on threshold and SequentialRead's forked version of Caddy 2.

For now you must also provide caddy-config.json inside GREENHOUSE_DAEMON_PATH. Example config:

caddy-config.json
{
  "admin": {
    "disabled": false,
    "listen": "127.0.0.1:9574",
    "authorized_clients_ca_file": "greenhouse_daemon_localhost_ca.crt",
    "tls_key_file": "greenhouse-daemon.key",
    "tls_cert_file": "greenhouse-daemon.crt",
    "config": {
      "persist": false
    }
  }
}

environment variables

GREENHOUSE_DAEMON_PATH

Default Value (Linux): /opt/greenhouse-daemon Default Value (Windows): %ProgramData%\greenhouse-daemon Default Value (MacOS): /Library/Application Support/greenhouse-daemon

Path to folder where it will store all its files. This folder should be exclusively owned by the user that runs the greenhouse-daemon process for security reasons.

GREENHOUSE_DAEMON_CLOUD_URL

Default Value: https://greenhouse.forest-n-johnson.greenhouseusers.com

URL the daemon will use to contact the greenhouse cloud service, for example, to log into the users account.

GREENHOUSE_DAEMON_USE_UNIX_SOCKETS

Default Value: false

If set to true then the daemon will listen HTTP on unix sockets instead of listening HTTPS on local TCP ports.

ports used

greenhouse-daemon api: https://localhost:9572  -- certificate signed by daemon CA, the GUI does not validate the cert (it can't)

threshold admin api:   https://localhost:9573 -- certificate signed by daemon CA, uses mutual TLS with daemon
caddy admin api:       https://localhost:9574 -- certificate signed by daemon CA, uses mutual TLS with daemon
caddy http port:       https://localhost:9575 -- used by caddy for http -> https redirects 
caddy https port:      https://localhost:9576 -- certificate signed by Let's Encrypt CA, public internet TLS
caddy tls port:        https://localhost:9577 -- certificate signed by Let's Encrypt CA, public internet TLS

unix sockets used (alternative to ports)

All of these socket files are owned by whatever user is running the greenhouse-daemon process. They all use plain http with no TLS.

greenhouse-daemon api: /var/run/greenhouse-daemon.sock

threshold admin api:   /var/run/greenhouse-daemon-threshold.sock
caddy admin api:       /var/run/greenhouse-daemon-caddy-admin.sock
caddy http port:       /var/run/greenhouse-daemon-caddy-http.sock
caddy https port:      /var/run/greenhouse-daemon-caddy-https.sock
caddy tls port:        /var/run/greenhouse-daemon-caddy-tls.sock