From 206a920bf8b68e9a8914d4a49351e15f7e332d6d Mon Sep 17 00:00:00 2001 From: quackerd Date: Fri, 2 Dec 2022 13:52:11 +0100 Subject: [PATCH] clean new images --- .drone.yml | 12 +-- Dockerfile | 42 +++++++---- ci_prep.sh | 62 --------------- ci_reload.sh | 32 -------- confs/concerto.quacker.net | 50 ------------- confs/ivans.quacker.net | 46 ------------ confs/nocturne.quacker.net | 66 ---------------- docker-compose.yml | 24 ++++++ id_root | 7 -- id_root.pub | 1 - image/crontab | 1 - image/crypt.sh | 37 --------- image/run.sh | 59 --------------- key | 1 - opt/crontabs/root | 1 + opt/init.py | 75 +++++++++++++++++++ opt/init.sh | 13 ++++ opt/nginx/.htpasswd | 0 .../nginx/download/android/配置教程.txt | 0 .../nginx/download/ios/配置教程.txt | 0 opt/nginx/download/配置说明.txt | 3 + .../nginx.conf => opt/nginx/nginx.conf.in | 12 ++- {image => opt}/nginx/webroot/index.html | 0 opt/supervisord.conf | 42 +++++++++++ opt/xray/d2ray.json.in | 43 +++++++++++ {zip => opt/zip}/macos/config.json | 0 {zip => opt/zip}/macos/run.sh | 0 {zip => opt/zip}/windows/config.json | 0 {zip => opt/zip}/windows/run.bat | 0 {zip => opt/zip}/配置教程.txt | 22 +++--- reload_list | 3 - 31 files changed, 251 insertions(+), 403 deletions(-) delete mode 100644 ci_prep.sh delete mode 100644 ci_reload.sh delete mode 100644 confs/concerto.quacker.net delete mode 100644 confs/ivans.quacker.net delete mode 100644 confs/nocturne.quacker.net create mode 100644 docker-compose.yml delete mode 100644 id_root delete mode 100644 id_root.pub delete mode 100644 image/crontab delete mode 100644 image/crypt.sh delete mode 100644 image/run.sh delete mode 100644 key create mode 100644 opt/crontabs/root create mode 100644 opt/init.py create mode 100644 opt/init.sh create mode 100644 opt/nginx/.htpasswd rename {image => opt}/nginx/download/android/配置教程.txt (100%) rename {image => opt}/nginx/download/ios/配置教程.txt (100%) create mode 100644 opt/nginx/download/配置说明.txt rename image/nginx/nginx.conf => opt/nginx/nginx.conf.in (67%) rename {image => opt}/nginx/webroot/index.html (100%) create mode 100644 opt/supervisord.conf create mode 100644 opt/xray/d2ray.json.in rename {zip => opt/zip}/macos/config.json (100%) rename {zip => opt/zip}/macos/run.sh (100%) rename {zip => opt/zip}/windows/config.json (100%) rename {zip => opt/zip}/windows/run.bat (100%) rename {zip => opt/zip}/配置教程.txt (70%) delete mode 100644 reload_list diff --git a/.drone.yml b/.drone.yml index 874169d..f2a5330 100644 --- a/.drone.yml +++ b/.drone.yml @@ -7,11 +7,6 @@ trigger: - master steps: - - name: prep - image: alpine - commands: - - sh ./ci_prep.sh - - name: build image: plugins/docker settings: @@ -19,9 +14,4 @@ steps: from_secret: docker_username password: from_secret: docker_password - repo: quackerd/d2ray - - - name: reload - image: alpine - commands: - - sh ./ci_reload.sh + repo: quackerd/d2ray \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 6bb081d..d5403f3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,18 +1,33 @@ FROM alpine:latest -COPY image/ /opt/ +ENV VER_XRAY 1.6.1 +ENV VER_SO 2.5.20 +ENV VER_NG 1.7.20 # install packages -RUN set -xe && apk add --no-cache unzip wget nginx certbot openssl +RUN set -xe && apk add --no-cache zip unzip wget nginx certbot openssl python3 py3-jinja2 supervisor apache2-utils bash -# setup core files -RUN set -xe && mkdir -p /opt/xray && \ - unzip /opt/Xray-linux-64.zip -d /opt/xray && \ - rm /opt/Xray-linux-64.zip && \ - chmod +x /opt/run.sh /opt/crypt.sh +COPY ./opt /opt/ -# crond -# RUN set -xe && mv /opt/crontab /var/spool/cron/crontabs/root +# download packages +RUN set -xe && \ + wget -P /opt/zip/windows/ https://github.com/XTLS/Xray-core/releases/download/v$VER_XRAY/Xray-windows-64.zip && \ + mkdir -p /opt/zip/linux && \ + wget -P /opt/zip/linux/ https://github.com/XTLS/Xray-core/releases/download/v$VER_XRAY/Xray-linux-64.zip && \ + mkdir -p /opt/zip/chrome && \ + wget -P /opt/zip/chrome/ https://github.com/FelisCatus/SwitchyOmega/releases/download/v$VER_SO/SwitchyOmega_Chromium.crx && \ + wget -P /opt/zip/android/ https://github.com/2dust/v2rayNG/releases/download/$VER_NG/v2rayNG_"$VER_NG"_arm64-v8a.apk && \ + wget -P /opt/zip/macos/ https://github.com/XTLS/Xray-core/releases/download/v$VER_XRAY/Xray-macos-64.zip && \ + wget -P /opt/zip/macos/ https://github.com/XTLS/Xray-core/releases/download/v$VER_XRAY/Xray-macos-arm64-v8a.zip + +# xray +RUN set -xe && unzip /opt/zip/linux/Xray-linux-64.zip -d /opt/xray + +# create zip +RUN set -xe && \ + zip -r /opt/d2ray.zip /opt/zip && \ + mv /opt/d2ray.zip /opt/nginx/download/ && \ + rm -r /opt/zip # nginx RUN set -xe && addgroup www && \ @@ -20,8 +35,7 @@ RUN set -xe && addgroup www && \ chown -R www:www /opt/nginx # remove packages -RUN set -xe && apk del unzip wget - -EXPOSE 80 443 - -CMD ["/opt/run.sh"] \ No newline at end of file +RUN set -xe && apk del zip unzip wget +EXPOSE 80 +VOLUME /etc/letsencrypt +CMD ["sh", "/opt/init.sh"] \ No newline at end of file diff --git a/ci_prep.sh b/ci_prep.sh deleted file mode 100644 index 0b8603b..0000000 --- a/ci_prep.sh +++ /dev/null @@ -1,62 +0,0 @@ -#!/bin/sh - -set -e - - -apk add openssh openssl wget unzip zip apache2-utils - -source image/crypt.sh - -chmod 600 ./id_root - -# versions -VER_XRAY=1.6.1 -VER_SO=2.5.20 -VER_NG=1.7.20 - -# upload files -for filename in confs/*; do - basename=$(basename $filename) - hash_sha256 $basename $(cat ./key) - output=$crypt_ret - encrypt_file $filename $(cat ./key) $output - scp -P77 -o StrictHostKeychecking=no -i ./id_root $output root@parrot.quacker.org:/dat/apps/nginx/http_dl/root/pub - rm $output -done - -# build zip -URL_SO=https://github.com/FelisCatus/SwitchyOmega/releases/download/v$VER_SO/SwitchyOmega_Chromium.crx -wget $URL_SO -O SwitchyOmega_Chromium.zip -mkdir zip/chrome -unzip ./SwitchyOmega_Chromium.zip -d zip/chrome || true - -URL_NG=https://github.com/2dust/v2rayNG/releases/download/$VER_NG/v2rayNG_"$VER_NG"_arm64-v8a.apk -wget $URL_NG -P image/nginx/download/android/ - -URL_XRAY_WIN=https://github.com/XTLS/Xray-core/releases/download/v$VER_XRAY/Xray-windows-64.zip -wget $URL_XRAY_WIN -unzip Xray-windows-64.zip -d zip/windows - -URL_XRAY_MAC=https://github.com/XTLS/Xray-core/releases/download/v$VER_XRAY/Xray-macos-64.zip -wget $URL_XRAY_MAC -unzip Xray-macos-64.zip -d zip/macos - -URL_XRAY_LINUX=https://github.com/XTLS/Xray-core/releases/download/v$VER_XRAY/Xray-linux-64.zip -wget $URL_XRAY_LINUX -P image/ - -cd zip -zip -r -D ../windows_macos.zip . -cd .. -mv windows_macos.zip image/nginx/download/ - -# build htpassword -touch .htpasswd -htpasswd -b ./.htpasswd liangyifang liangyifang -htpasswd -b ./.htpasswd ruyuechun ruyuechun -htpasswd -b ./.htpasswd liuxiangdong liuxiangdong -htpasswd -b ./.htpasswd zhoubowen zhoubowen -htpasswd -b ./.htpasswd gaoyuchen gaoyuchen -htpasswd -b ./.htpasswd quackerd quackerd -htpasswd -b ./.htpasswd yushengde yushengde -htpasswd -b ./.htpasswd ivansun ivansun -encrypt_file ./.htpasswd "$(cat ./key)" image/htpasswd diff --git a/ci_reload.sh b/ci_reload.sh deleted file mode 100644 index aec84ba..0000000 --- a/ci_reload.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/sh -set -e - -apk add openssh - -key=$(cat ./key) - -chmod 600 ./id_root - -while read -r line -do - filename="confs/$line" - echo "Conf name: $filename" - addr=$(basename $filename) - echo "Refreshing $addr..." - ssh -p 77 -o StrictHostKeychecking=no -i ./id_root root@$addr -t "docker pull quackerd/d2ray:latest" - set +e - ssh -p 77 -o StrictHostKeychecking=no -i ./id_root root@$addr -t "docker stop d2ray && docker rm d2ray" - set -e - ssh -p 77 -o StrictHostKeychecking=no -i ./id_root root@$addr -t "docker run -d \ - --restart unless-stopped \ - -e KEY=$key \ - -e FQDN=$addr \ - -p 80:80 \ - -p 8443:443 \ - -v d2ray_volume:/opt/config \ - --name d2ray \ - quackerd/d2ray:latest" - ssh -p 77 -o StrictHostKeychecking=no -i ./id_root root@$addr -t "docker system prune -af" -done < ./reload_list - -wait \ No newline at end of file diff --git a/confs/concerto.quacker.net b/confs/concerto.quacker.net deleted file mode 100644 index 87b5890..0000000 --- a/confs/concerto.quacker.net +++ /dev/null @@ -1,50 +0,0 @@ -{ - "log": { - "loglevel": "debug", - "access": "/opt/config/logs/xray/access.log", - "error": "/opt/config/logs/xray/error.log" - }, - "inbounds": [ - { - "port": 443, - "protocol": "vless", - "settings": { - "clients": [ - { - "id": "quackerd", - "flow": "xtls-rprx-direct" - }, - { - "id": "7-1803", - "flow": "xtls-rprx-direct" - } - ], - "decryption": "none", - "fallbacks": [ - { - "dest": "localhost:80" - } - ] - }, - "streamSettings": { - "network": "tcp", - "security": "xtls", - "xtlsSettings": { - "alpn": ["http/1.1", "h2"], - "certificates": [ - { - "certificateFile": "/etc/letsencrypt/live/concerto.quacker.net/fullchain.pem", - "keyFile": "/etc/letsencrypt/live/concerto.quacker.net/privkey.pem" - } - ] - } - } - } - ], - "outbounds": [ - { - "protocol": "freedom", - "settings": {} - } - ] -} \ No newline at end of file diff --git a/confs/ivans.quacker.net b/confs/ivans.quacker.net deleted file mode 100644 index 1917d2b..0000000 --- a/confs/ivans.quacker.net +++ /dev/null @@ -1,46 +0,0 @@ -{ - "log": { - "loglevel": "warn", - "access": "/opt/config/logs/xray/access.log", - "error": "/opt/config/logs/xray/error.log" - }, - "inbounds": [ - { - "port": 443, - "protocol": "vless", - "settings": { - "clients": [ - { - "id": "ivansun", - "flow": "xtls-rprx-direct" - } - ], - "decryption": "none", - "fallbacks": [ - { - "dest": "localhost:80" - } - ] - }, - "streamSettings": { - "network": "tcp", - "security": "xtls", - "xtlsSettings": { - "alpn": ["http/1.1", "h2"], - "certificates": [ - { - "certificateFile": "/etc/letsencrypt/live/ivans.quacker.net/fullchain.pem", - "keyFile": "/etc/letsencrypt/live/ivans.quacker.net/privkey.pem" - } - ] - } - } - } - ], - "outbounds": [ - { - "protocol": "freedom", - "settings": {} - } - ] -} diff --git a/confs/nocturne.quacker.net b/confs/nocturne.quacker.net deleted file mode 100644 index 63a3db7..0000000 --- a/confs/nocturne.quacker.net +++ /dev/null @@ -1,66 +0,0 @@ -{ - "log": { - "loglevel": "warn", - "access": "/opt/config/logs/xray/access.log", - "error": "/opt/config/logs/xray/error.log" - }, - "inbounds": [ - { - "port": 443, - "protocol": "vless", - "settings": { - "clients": [ - { - "id": "quackerd", - "flow": "xtls-rprx-direct" - }, - { - "id": "e6569ab4-c0dd-4c29-9b29-5afef6a39a92", - "flow": "xtls-rprx-direct" - }, - { - "id": "ruyuechun", - "flow": "xtls-rprx-direct" - }, - { - "id": "liangyifang", - "flow": "xtls-rprx-direct" - }, - { - "id": "bowen", - "flow": "xtls-rprx-direct" - }, - { - "id": "gaoyuchen", - "flow": "xtls-rprx-direct" - } - ], - "decryption": "none", - "fallbacks": [ - { - "dest": "localhost:80" - } - ] - }, - "streamSettings": { - "network": "tcp", - "security": "xtls", - "xtlsSettings": { - "alpn": ["http/1.1", "h2"], - "certificates": [ - { - "certificateFile": "/etc/letsencrypt/live/nocturne.quacker.net/fullchain.pem", - "keyFile": "/etc/letsencrypt/live/nocturne.quacker.net/privkey.pem" - } - ] - } - } - } - ], - "outbounds": [ - { - "protocol": "freedom", - "settings": {} - } - ] -} diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..6e6e855 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,24 @@ +networks: + d2ray_br: + external: false + +volumes: + d2ray_certs: + +services: + d2ray: + image: quackerd/d2ray + container_name: d2ray + ports: + - ${PORT}:${PORT} + - 80:80 + environment: + - PORT=${PORT} + - FQDN=${FQDN} + - USERS=${USERS} + restart: "no" + networks: + - d2ray_br + volumes: + - d2ray_certs:/etc/letsencrypt + - ${LOGDIR}:/etc/d2ray \ No newline at end of file diff --git a/id_root b/id_root deleted file mode 100644 index 76156a8..0000000 --- a/id_root +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN OPENSSH PRIVATE KEY----- -b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW -QyNTUxOQAAACCZkiqqwNqxkOBmoaSiTqKfz6Vt8doQyFt8KhHRFAmXGAAAAKB/tAMff7QD -HwAAAAtzc2gtZWQyNTUxOQAAACCZkiqqwNqxkOBmoaSiTqKfz6Vt8doQyFt8KhHRFAmXGA -AAAECpU6mEunFZV2qLmgJHRlpj08fIR6b5Ndz23fde0Q9UN5mSKqrA2rGQ4GahpKJOop/P -pW3x2hDIW3wqEdEUCZcYAAAAHHF1YWNrZXJkQGJhbGxhZGUucXVhY2tlci5vcmcB ------END OPENSSH PRIVATE KEY----- diff --git a/id_root.pub b/id_root.pub deleted file mode 100644 index f234a14..0000000 --- a/id_root.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJmSKqrA2rGQ4GahpKJOop/PpW3x2hDIW3wqEdEUCZcY quackerd@ballade.quacker.org diff --git a/image/crontab b/image/crontab deleted file mode 100644 index fbc7611..0000000 --- a/image/crontab +++ /dev/null @@ -1 +0,0 @@ -# 0 */24 * * * certbot renew \ No newline at end of file diff --git a/image/crypt.sh b/image/crypt.sh deleted file mode 100644 index 2641421..0000000 --- a/image/crypt.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/sh - -decrypt() -{ - input=$1 - key=$2 - crypt_ret=$(echo $input | openssl enc -d -salt -aes-256-cbc -a -A -md sha512 -pbkdf2 -pass pass:$key) -} - -decrypt_file() -{ - input=$1 - key=$2 - output=$3 - openssl enc -d -salt -aes-256-cbc -a -md sha512 -pbkdf2 -pass pass:$key -in $input -out $output -} - -encrypt_file() -{ - input=$1 - key=$2 - output=$3 - openssl enc -e -salt -aes-256-cbc -a -md sha512 -pbkdf2 -pass pass:$key -in $input -out $output -} - -encrypt() -{ - input=$1 - key=$2 - crypt_ret=$(echo $input | openssl enc -e -salt -aes-256-cbc -a -A -md sha512 -pbkdf2 -pass pass:$key) -} - -hash_sha256() -{ - input=$1$2 - crypt_ret=$(echo $input | openssl dgst -sha256 | sed -E "s/\(stdin\)= (.*)/\1/g") -} \ No newline at end of file diff --git a/image/run.sh b/image/run.sh deleted file mode 100644 index 04fb7fa..0000000 --- a/image/run.sh +++ /dev/null @@ -1,59 +0,0 @@ -#!/bin/sh - -set -e - -source /opt/crypt.sh - -mkdir -p /opt/config -mkdir -p /opt/config/logs -mkdir -p /opt/config/logs/nginx -mkdir -p /opt/config/logs/xray -mkdir -p /opt/config/logs/crond - -URL='U2FsdGVkX19/qz4kcbpQpJKz/iebXKih1BK3Cp1wGSoEyhLtoyAi0wewP5Tr++FbRLt/EG2f8zDF9cIEuoTLEA==' - -echo "" -echo "===== Checking Environment Variables =====" -if [ -z "$FQDN" ]; then - echo "FQDN must be set" - exit 1 -fi - -if [ -z "$KEY" ]; then - echo "KEY must be set" - exit 1 -fi - -echo "" -echo "===== Checking Certificates ====" -if [ ! -d "/etc/letsencrypt/live/$FQDN" ]; then - echo "Generating new certificates..." - certbot certonly -n --standalone -m dummy@dummy.com --agree-tos --no-eff-email -d $FQDN -fi - -echo "" -echo "===== Fetching Configuration =====" -decrypt $URL $KEY -URL=$crypt_ret - -echo "Fetching from $URL..." -hash_sha256 $FQDN $KEY -URL=$URL/$crypt_ret -wget $URL -O /opt/$FQDN - -echo "Decrypting..." -decrypt_file /opt/$FQDN $KEY /opt/config.json - -decrypt_file /opt/htpasswd $KEY /opt/nginx/.htpasswd - -echo "" -echo "===== Starting cron =====" -crond -L /opt/config/logs/crond/log.txt - -echo "" -echo "===== Starting Nginx =====" -nginx -c /opt/nginx/nginx.conf - -echo "" -echo "===== Starting xray =====" -exec /opt/xray/xray -c /opt/config.json diff --git a/key b/key deleted file mode 100644 index 3dd6df5..0000000 --- a/key +++ /dev/null @@ -1 +0,0 @@ -K336yS5BAoQabLyxLvcnwrRxt5Vv \ No newline at end of file diff --git a/opt/crontabs/root b/opt/crontabs/root new file mode 100644 index 0000000..1afd79c --- /dev/null +++ b/opt/crontabs/root @@ -0,0 +1 @@ +* * * * * certbot renew --post-hook "supervisorctl xray restart" \ No newline at end of file diff --git a/opt/init.py b/opt/init.py new file mode 100644 index 0000000..f589d5f --- /dev/null +++ b/opt/init.py @@ -0,0 +1,75 @@ +import os +import getopt +import sys +import subprocess +import jinja2 +import random +import string + +def parse_comma_str(users : str) -> list[str]: + return users.split(",") + +def build_users_json(users: list[str]) -> str: + ret : str= "" + for i in range(len(users)): + if (i > 0): + ret = ret + "," + u = users[i] + ret = ret + "{ \"id\": \"" + u + "\", \"flow\": \"xtls-rprx-direct\"}" + return ret + +try: + opts, _ = getopt.getopt(sys.argv[1:], "u:p:f:") +except getopt.GetoptError as err: + # print help information and exit: + print(err, flush=True) # will print something like "option -a not recognized" + exit(1) + +port : int = 443 +users : list[str] = [''.join(random.choices(string.ascii_uppercase + string.digits, k=24))] +fqdn : str = "example.com" + +for o, a in opts: + if o == "-u": + users = parse_comma_str(a) + elif o == "-p": + port = int(a) + elif o == "-f": + fqdn = a + else: + print(f"Unknown option {o}, ignoring...", flush=True) + exit(1) +print("====== init.py ======", flush=True) +print("Configuration:\n" + \ + f" port = {port}\n" + \ + f" fqdn = {fqdn}\n" + \ + f" users = {str(users)}", flush=True) + +print(f"Checking certs for {fqdn}...", flush=True) +if (os.path.exists(f"/etc/letsencrypt/live/{fqdn}")): + print("Found existing certs, trying to renew...", flush=True) + subprocess.check_call(f"certbot renew", shell=True) +else: + print("Unable to locate certs, generating...", flush=True) + subprocess.check_call(f"certbot certonly -n --standalone -m dummy@dummy.com --agree-tos --no-eff-email -d {fqdn}", shell=True) + +jinja_dict : dict[str,str] = dict() +jinja_dict["USERS"] = build_users_json(users) +jinja_dict["PORT"] = str(port) +jinja_dict["FQDN"] = str(fqdn) + +print(f"Processing Xray config files...", flush=True) +with open("/opt/xray/d2ray.json.in", "r") as f: + with open("/opt/xray/d2ray.json", "w") as d: + template : jinja2.Template = jinja2.Template(f.read()) + d.write(template.render(**jinja_dict)) + +print(f"Processing Nginx config files...", flush=True) +with open("/opt/nginx/nginx.conf.in", "r") as f: + with open("/opt/nginx/nginx.conf", "w") as d: + template : jinja2.Template = jinja2.Template(f.read()) + d.write(template.render(**jinja_dict)) +for u in users: + subprocess.check_call(f"htpasswd -b /opt/nginx/.htpasswd {u} {u}", shell=True) + +exit(0) \ No newline at end of file diff --git a/opt/init.sh b/opt/init.sh new file mode 100644 index 0000000..25fa31b --- /dev/null +++ b/opt/init.sh @@ -0,0 +1,13 @@ +#!/bin/sh +# create log directories +mkdir -p /etc/d2ray/logs/cron +mkdir -p /etc/d2ray/logs/xray +mkdir -p /etc/d2ray/logs/nginx +mkdir -p /etc/d2ray/logs/supervisor + +python3 /opt/init.py -p $PORT -u $USERS -f $FQDN +retval=$? +if [ $retval -ne 0 ]; then + exit $retval +fi +exec /usr/bin/supervisord -c /opt/supervisord.conf \ No newline at end of file diff --git a/opt/nginx/.htpasswd b/opt/nginx/.htpasswd new file mode 100644 index 0000000..e69de29 diff --git a/image/nginx/download/android/配置教程.txt b/opt/nginx/download/android/配置教程.txt similarity index 100% rename from image/nginx/download/android/配置教程.txt rename to opt/nginx/download/android/配置教程.txt diff --git a/image/nginx/download/ios/配置教程.txt b/opt/nginx/download/ios/配置教程.txt similarity index 100% rename from image/nginx/download/ios/配置教程.txt rename to opt/nginx/download/ios/配置教程.txt diff --git a/opt/nginx/download/配置说明.txt b/opt/nginx/download/配置说明.txt new file mode 100644 index 0000000..c84705e --- /dev/null +++ b/opt/nginx/download/配置说明.txt @@ -0,0 +1,3 @@ +Android用户请看 android 文件夹 +iOS用户请看 ios 文件夹 +其他系统用户请下载 d2ray.zip \ No newline at end of file diff --git a/image/nginx/nginx.conf b/opt/nginx/nginx.conf.in similarity index 67% rename from image/nginx/nginx.conf rename to opt/nginx/nginx.conf.in index 03b45d0..7ce07fe 100644 --- a/image/nginx/nginx.conf +++ b/opt/nginx/nginx.conf.in @@ -1,7 +1,8 @@ user www www; worker_processes auto; -error_log /opt/config/logs/nginx/error.log; +daemon off; pid /tmp/nginx.pid; +worker_rlimit_nofile 8192; events { worker_connections 4096; ## Default: 1024 @@ -22,13 +23,16 @@ http { } charset utf-8; + access_log /etc/d2ray/logs/nginx/access.log; + error_log /etc/d2ray/logs/nginx/error.log; + include /etc/nginx/mime.types; server { listen 80 default_server; server_name _; - access_log /opt/config/logs/nginx/access.log; + if ($external) { - return 301 https://$host$request_uri:8443; + return 301 https://$host:{{ PORT }}$request_uri; } location / { @@ -39,7 +43,7 @@ http { location /download { root /opt/nginx/; autoindex on; - auth_basic "Provide credentials to access downloads"; + auth_basic "Please provide credentials to access this server"; auth_basic_user_file "/opt/nginx/.htpasswd"; } } diff --git a/image/nginx/webroot/index.html b/opt/nginx/webroot/index.html similarity index 100% rename from image/nginx/webroot/index.html rename to opt/nginx/webroot/index.html diff --git a/opt/supervisord.conf b/opt/supervisord.conf new file mode 100644 index 0000000..f7df6e6 --- /dev/null +++ b/opt/supervisord.conf @@ -0,0 +1,42 @@ +[unix_http_server] +file=/var/run/supervisord.sock + +[rpcinterface:supervisor] +supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface + +[supervisord] +nodaemon=true +loglevel=warn +logfile=/etc/d2ray/logs/supervisor/supervisord.log +logfile_maxbytes=0 + +[supervisorctl] +serverurl=unix:///var/run/supervisord.sock + +[program:nginx] +command=nginx -c /opt/nginx/nginx.conf +autostart=true +autorestart=false +stdout_logfile=/dev/fd/1 +stdout_logfile_maxbytes=0 +redirect_stderr=true + +[program:cron] +command=crond -f -L /etc/d2ray/logs/cron/crond.log -c /opt/crontabs +autostart=true +autorestart=false +stdout_logfile=/etc/d2ray/logs/cron/crond.log +stdout_logfile_maxbytes=0 +redirect_stderr=true + +[program:xray] +command=/opt/xray/xray -c /opt/xray/d2ray.json +autostart=true +autorestart=false +stdout_logfile=/dev/fd/1 +stdout_logfile_maxbytes=0 +redirect_stderr=true + +[eventlistener:exit] +command=bash -c "printf 'READY\n' && while read line; do kill -SIGQUIT $PPID; done < /dev/stdin" +events=PROCESS_STATE_FATAL,PROCESS_STATE_STOPPED,PROCESS_STATE_EXITED diff --git a/opt/xray/d2ray.json.in b/opt/xray/d2ray.json.in new file mode 100644 index 0000000..54995a8 --- /dev/null +++ b/opt/xray/d2ray.json.in @@ -0,0 +1,43 @@ +{ + "log": { + "loglevel": "warn", + "access": "/etc/d2ray/logs/xray/access.log", + "error": "/etc/d2ray/logs/xray/error.log" + }, + "inbounds": [ + { + "port": {{ PORT }}, + "protocol": "vless", + "settings": { + "clients": [ + {{ USERS }} + ], + "decryption": "none", + "fallbacks": [ + { + "dest": "localhost:80" + } + ] + }, + "streamSettings": { + "network": "tcp", + "security": "xtls", + "xtlsSettings": { + "alpn": ["http/1.1", "h2"], + "certificates": [ + { + "certificateFile": "/etc/letsencrypt/live/{{ FQDN }}/fullchain.pem", + "keyFile": "/etc/letsencrypt/live/{{ FQDN }}/privkey.pem" + } + ] + } + } + } + ], + "outbounds": [ + { + "protocol": "freedom", + "settings": {} + } + ] + } \ No newline at end of file diff --git a/zip/macos/config.json b/opt/zip/macos/config.json similarity index 100% rename from zip/macos/config.json rename to opt/zip/macos/config.json diff --git a/zip/macos/run.sh b/opt/zip/macos/run.sh similarity index 100% rename from zip/macos/run.sh rename to opt/zip/macos/run.sh diff --git a/zip/windows/config.json b/opt/zip/windows/config.json similarity index 100% rename from zip/windows/config.json rename to opt/zip/windows/config.json diff --git a/zip/windows/run.bat b/opt/zip/windows/run.bat similarity index 100% rename from zip/windows/run.bat rename to opt/zip/windows/run.bat diff --git a/zip/配置教程.txt b/opt/zip/配置教程.txt similarity index 70% rename from zip/配置教程.txt rename to opt/zip/配置教程.txt index 5255596..5b472c6 100644 --- a/zip/配置教程.txt +++ b/opt/zip/配置教程.txt @@ -11,21 +11,25 @@ VPN陪置教程 **** 1. 配置 VPN程序 **** Windows系统请看这里: -- 进入windows目录 -- 用文本编辑器打开config.json,搜索并替换 *所有* (划重点*所有*): +- 进入当前文件夹 windows 目录 +- 解压 Xray-windows-64.zip +- 用文本编辑器打开 config.json,搜索并替换 *所有* (划重点*所有*): %PASSWORD% => 你的密码. 比如密码是12345的话 文件中所有的 "%PASSWORD%" 应该替换成 "12345", 以下同理 %SERVER% => 你的服务器地址(这个是你下载zip文件的地址,比如你从https://xxx.quacker.net/download下载你的服务器地址就是xxx.quacker.net) -- 保存config.json -- 双击run.bat运行VPN程序 +- 保存 config.json +- 拷贝 config.json 和 run.bat 进入解压后的文件夹 +- 进入解压后文件夹双击 run.bat 运行VPN程序 MacOS系统请看这里: -- 进入macos目录 -- 用文本编辑器打开config.json,搜索并替换 *所有* (划重点*所有*): +- 进入当前文件夹 macos 目录 +- 解压 Xray-macos-64.zip 或者 Xray-macos-arm64-v8a.zip (Apple M系芯片请用arm64) +- 用文本编辑器打开 config.json,搜索并替换 *所有* (划重点*所有*): %PASSWORD% => 你的密码(和你的网站下载密码相同). 比如密码是12345的话 文件中所有的 "%PASSWORD%" 应该替换成 "12345", 以下同理 %SERVER% => 你的服务器地址(这个是你下载zip文件的地址,比如你从https://xxx.quacker.net/download下载你的服务器地址就是xxx.quacker.net) -- 保存config.json -- 右键run.sh => 用应用程序打开(Open With) => 其他(Other) => 在新打开的窗口下方选择框里选"所有应用程序"(All Applications) => 找到 终端"Terminal" 并勾选 永久以程序打开(Always Open With) => 确定 -- 上述设置后直接双击run.sh就可以打开VPN程序了 +- 保存 config.json +- 右键 run.sh => 用应用程序打开(Open With) => 其他(Other) => 在新打开的窗口下方选择框里选"所有应用程序"(All Applications) => 找到 终端"Terminal" 并勾选 永久以程序打开(Always Open With) => 确定 +- 拷贝 config.json 和 run.sh 进入解压后的文件夹 +- 进入解压后文件夹双击 run.sh 运行VPN程序 **** 2. 配置 浏览器 **** diff --git a/reload_list b/reload_list deleted file mode 100644 index c6217bc..0000000 --- a/reload_list +++ /dev/null @@ -1,3 +0,0 @@ -ivans.quacker.net -concerto.quacker.net -nocturne.quacker.net