diff --git a/.drone.yml b/.drone.yml index 748e037..874169d 100644 --- a/.drone.yml +++ b/.drone.yml @@ -5,22 +5,12 @@ name: Docker image build trigger: branch: - master - -environment: - VERSION: 1.4.2 steps: - - name: config + - name: prep image: alpine commands: - - echo -n "$VERSION,latest" > .tags - - sed -i -E "s/var_VERSION/$VERSION/" Dockerfile - - - name: upload - image: alpine - commands: - - chmod +x ./encrypt_upload.sh - - ./encrypt_upload.sh + - sh ./ci_prep.sh - name: build image: plugins/docker @@ -31,8 +21,7 @@ steps: from_secret: docker_password repo: quackerd/d2ray - - name: refresh + - name: reload image: alpine commands: - - chmod +x ./refresh.sh - - ./refresh.sh \ No newline at end of file + - sh ./ci_reload.sh diff --git a/Dockerfile b/Dockerfile index f55d011..2dad10e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,33 +1,28 @@ FROM alpine:latest +COPY image/ /opt/ -ENV VERSION=var_VERSION -ENV URL https://github.com/XTLS/Xray-core/releases/download/v${VERSION}/Xray-linux-64.zip +# install packages +RUN set -xe && apk add --no-cache unzip wget nginx certbot openssl -COPY image/run.sh /opt/run.sh -COPY image/crypt.sh /opt/crypt.sh -COPY image/nginx /opt/nginx -COPY image/crontab /var/spool/cron/crontabs/root - -RUN set -xe && \ - mkdir -p /opt/config && \ - mkdir -p /opt/config/logs && \ - mkdir -p /opt/config/certs && \ - mkdir -p /opt/config/logs/nginx && \ - mkdir -p /opt/config/logs/xray && \ - mkdir -p /opt/config/logs/crond && \ - mkdir -p /opt/xray && \ +# setup core files +RUN set -xe && mkdir -p /opt/xray && \ ln -s /opt/config/certs /etc/letsencrypt && \ - apk add --no-cache unzip wget nginx certbot openssl && \ - wget ${URL} && \ - unzip Xray-linux-64.zip -d /opt/xray && \ - rm Xray-linux-64.zip && \ - addgroup www && \ + unzip /opt/Xray-linux-64.zip -d /opt/xray && \ + rm /opt/Xray-linux-64.zip && \ + chmod +x /opt/run.sh /opt/crypt.sh + +# crond +RUN set -xe && mv /opt/crontab /var/spool/cron/crontabs/root + +# nginx +RUN set -xe && addgroup www && \ adduser -H -D -S -s /bin/false www -G www && \ - chown -R www:www /opt/nginx && \ - chmod +x /opt/run.sh /opt/crypt.sh && \ - apk del unzip wget + chown -R www:www /opt/nginx + +# remove packages +RUN set -xe && apk del unzip wget EXPOSE 80 443 -CMD ["/opt/run.sh"] +CMD ["/opt/run.sh"] \ No newline at end of file diff --git a/ansible/d2ray.yml b/ansible/d2ray.yml deleted file mode 100644 index 81b341a..0000000 --- a/ansible/d2ray.yml +++ /dev/null @@ -1,11 +0,0 @@ -- hosts: '{{ target }}' - gather_facts: false - become: true - remote_user: root - any_errors_fatal: yes - tasks: - - name: add root ssh key - ansible.posix.authorized_key: - user: root - state: present - key: "{{ lookup('file', './id_root.pub') }}" \ No newline at end of file diff --git a/ci_prep.sh b/ci_prep.sh new file mode 100644 index 0000000..036ac56 --- /dev/null +++ b/ci_prep.sh @@ -0,0 +1,49 @@ +#!/bin/sh + +set -xe + +apk add openssh openssl wget unzip + +source image/crypt.sh + +chmod 600 ./id_root + +# versions +VER_XRAY=1.4.2 +VER_SO=2.5.20 +VER_NG=1.6.5 + +# upload files +for filename in confs/*; do + basename=$(basename $filename) + hash_sha256 $basename $(cat ./key) + output=$crypt_ret + encrypt "$(cat $filename)" $(cat ./key) + echo "$crypt_ret" > $output + scp -P77 -o StrictHostKeychecking=no -i ./id_root $output root@parrot.quacker.org:/dat/apps/nginx/http_dl/root/pub + rm $output +done + +# build zip +URL_SO=https://github.com/FelisCatus/SwitchyOmega/releases/download/v{VER_SO}/SwitchyOmega_Chromium.crx +URL_NG=https://github.com/2dust/v2rayNG/releases/download/{VER_NG}/v2rayNG_1.5.16_arm64-v8a.apk +URL_XRAY_WIN=https://github.com/XTLS/Xray-core/releases/download/v{VER_XRAY}/Xray-windows-64.zip +URL_XRAY_MAC=https://github.com/XTLS/Xray-core/releases/download/v{VER_XRAY}/Xray-macos-64.zip +URL_XRAY_LINUX=https://github.com/XTLS/Xray-core/releases/download/v{VER_XRAY}/Xray-linux-64.zip + +wget $URL_SO -O zip/chrome/ +wget $URL_NG -O image/nginx/index/android/ +wget $URL_XRAY_WIN -O zip/windows/ +wget $URL_XRAY_MAC -O zip/macos/ +wget $URL_XRAY_LINUX -O image/ + +zip -r pc.zip zip/ +mv pc.zip image/nginx/index/ + +# build htpassword +touch .htpasswd +htpasswd -b ./.htpasswd liangyifang liangyifang +htpasswd -b ./.htpasswd ruyuechun ruyuechun +htpasswd -b ./.htpasswd liuxiangdong liuxiangdong +encrypt "$(cat ./.htpasswd)" "$(cat ./key)" +echo "$crypt_ret" > image/nginx/.htpasswd diff --git a/refresh.sh b/ci_reload.sh similarity index 74% rename from refresh.sh rename to ci_reload.sh index fbf1c0e..30fee18 100644 --- a/refresh.sh +++ b/ci_reload.sh @@ -1,20 +1,20 @@ #!/bin/sh -set -e +set -xe apk add openssh key=$(cat ./key) -chmod 600 ansible/id_root +chmod 600 ./id_root for filename in confs/*; do addr=$(basename $filename) echo "Refreshing $addr..." - ssh -p 77 -o StrictHostKeychecking=no -i ansible/id_root root@$addr -t "docker pull quackerd/d2ray:latest" + ssh -p 77 -o StrictHostKeychecking=no -i ./id_root root@$addr -t "docker pull quackerd/d2ray:latest" set +e - ssh -p 77 -o StrictHostKeychecking=no -i ansible/id_root root@$addr -t "docker stop d2ray && docker rm d2ray" + ssh -p 77 -o StrictHostKeychecking=no -i ./id_root root@$addr -t "docker stop d2ray && docker rm d2ray" set -e - ssh -p 77 -o StrictHostKeychecking=no -i ansible/id_root root@$addr -t "docker run -d \ + ssh -p 77 -o StrictHostKeychecking=no -i ./id_root root@$addr -t "docker run -d \ --restart unless-stopped \ -e KEY=$key \ -e FQDN=$addr \ diff --git a/encrypt_upload.sh b/encrypt_upload.sh deleted file mode 100644 index 271dc40..0000000 --- a/encrypt_upload.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/sh - -set -e - -apk add openssh openssl - -source image/crypt.sh - -chmod 600 ansible/id_root - -for filename in confs/*; do - basename=$(basename $filename) - hash_sha256 $basename $(cat ./key) - output=$crypt_ret - encrypt "$(cat $filename)" $(cat ./key) - echo "$crypt_ret" > $output - scp -P77 -o StrictHostKeychecking=no -i ansible/id_root $output root@parrot.quacker.org:/dat/apps/nginx/http_dl/root/pub - rm $output -done diff --git a/ansible/id_root b/id_root similarity index 100% rename from ansible/id_root rename to id_root diff --git a/ansible/id_root.pub b/id_root.pub similarity index 100% rename from ansible/id_root.pub rename to id_root.pub diff --git a/image/nginx/index/android/README.txt b/image/nginx/index/android/README.txt new file mode 100644 index 0000000..e69de29 diff --git a/image/nginx/nginx.conf b/image/nginx/nginx.conf index 557c3a6..c629069 100644 --- a/image/nginx/nginx.conf +++ b/image/nginx/nginx.conf @@ -29,7 +29,16 @@ http { return 301 https://$host$request_uri; } - root /opt/nginx/webroot; - index index.html; + location / { + root /opt/nginx/webroot; + index index.html; + } + + location /download { + root /opt/nginx/index; + autoindex on; + auth_basic "Provide credentials to access downloads"; + auth_basic_user_file "/opt/nginx/.htpasswd"; + } } } diff --git a/image/nginx/webroot/index.html b/image/nginx/webroot/index.html index 6efcb02..d3f3d7e 100644 --- a/image/nginx/webroot/index.html +++ b/image/nginx/webroot/index.html @@ -10,7 +10,7 @@ FEATURED
Optio, beatae! Aut quis id voluptate ullam repellendus. Et sit, ipsa, non consequuntur magnam quaerat temporibus at officiis ab, expedita molestiae liber...
- +