add dockerfile and enable env for proxy-client

cmd/proxy-client/main.go

@@ -15,47 +15,56 @@ import (
 
 var flags []cli.Flag = []cli.Flag{
 	&cli.StringFlag{
-		Name:  "listen-addr",
-		Value: "127.0.0.1:8080",
-		Usage: "address to listen on",
+		Name:    "listen-addr",
+		EnvVars: []string{"LISTEN_ADDR"},
+		Value:   "127.0.0.1:8080",
+		Usage:   "address to listen on",
 	},
 	&cli.StringFlag{
-		Name:  "target-addr",
-		Value: "https://localhost:80",
-		Usage: "address to proxy requests to",
+		Name:    "target-addr",
+		EnvVars: []string{"TARGET_ADDR"},
+		Value:   "https://localhost:80",
+		Usage:   "address to proxy requests to",
 	},
 	&cli.StringFlag{
-		Name:  "server-attestation-type",
-		Value: string(proxy.AttestationAzureTDX),
-		Usage: "type of attestation to expect and verify (" + proxy.AvailableAttestationTypes + ")",
+		Name:    "server-attestation-type",
+		EnvVars: []string{"SERVER_ATTESTATION_TYPE"},
+		Value:   string(proxy.AttestationAzureTDX),
+		Usage:   "type of attestation to present (" + proxy.AvailableAttestationTypes + ")",
 	},
 	&cli.StringFlag{
-		Name:  "server-measurements",
-		Usage: "optional path to JSON measurements enforced on the server",
+		Name:    "server-measurements",
+		EnvVars: []string{"SERVER_MEASUREMENTS"},
+		Usage:   "optional path to JSON measurements enforced on the server",
 	},
 	&cli.BoolFlag{
-		Name:  "verify-tls",
-		Value: false,
-		Usage: "verify server's TLS certificate instead of server's attestation. Only valid for server-attestation-type=none.",
+		Name:    "verify-tls",
+		EnvVars: []string{"VERIFY_TLS"},
+		Value:   false,
+		Usage:   "verify server's TLS certificate instead of server's attestation. Only valid for server-attestation-type=none.",
 	},
 	&cli.StringFlag{
-		Name:  "tls-ca-certificate",
-		Usage: "additional CA certificate to verify against (PEM) [default=no additional TLS certs]. Only valid with --verify-tls.",
+		Name:    "tls-ca-certificate",
+		EnvVars: []string{"TLS_CA_CERTIFICATE"},
+		Usage:   "additional CA certificate to verify against (PEM) [default=no additional TLS certs]. Only valid with --verify-tls.",
 	},
 	&cli.StringFlag{
-		Name:  "client-attestation-type",
-		Value: string(proxy.AttestationNone),
-		Usage: "type of attestation to present (" + proxy.AvailableAttestationTypes + ")",
+		Name:    "client-attestation-type",
+		EnvVars: []string{"CLIENT_ATTESTATION_TYPE"},
+		Value:   string(proxy.AttestationNone),
+		Usage:   "type of attestation to expect and verify (" + proxy.AvailableAttestationTypes + ")",
 	},
 	&cli.BoolFlag{
-		Name:  "log-json",
-		Value: false,
-		Usage: "log in JSON format",
+		Name:    "log-json",
+		EnvVars: []string{"LOG_JSON"},
+		Value:   false,
+		Usage:   "log in JSON format",
 	},
 	&cli.BoolFlag{
-		Name:  "log-debug",
-		Value: false,
-		Usage: "log debug messages",
+		Name:    "log-debug",
+		EnvVars: []string{"LOG_DEBUG"},
+		Value:   false,
+		Usage:   "log debug messages",
 	},
 }
 

proxy-client.dockerfile

@@ -0,0 +1,23 @@
+# syntax=docker/dockerfile:1
+FROM golang:1.23 AS builder
+ARG VERSION
+WORKDIR /build
+ADD go.mod /build/
+RUN --mount=type=cache,target=/root/.cache/go-build CGO_ENABLED=0 GOOS=linux \
+       go mod download
+ADD . /build/
+RUN --mount=type=cache,target=/root/.cache/go-build CGO_ENABLED=0 GOOS=linux \
+    go build \
+        -trimpath \
+        -ldflags "-s -X github.com/flashbots/cvm-reverse-proxy/common.Version=${VERSION}" \
+        -v \
+        -o proxy-client \
+    cmd/proxy-client/main.go
+
+FROM alpine:latest
+WORKDIR /app
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+COPY --from=builder /build/proxy-client /app/proxy-client
+ENV LISTEN_ADDR=":8080"
+EXPOSE 8080
+CMD ["/app/proxy-client"]