diff --git a/.drone.yml b/.drone.yml
index 748e037..874169d 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -5,22 +5,12 @@ name: Docker image build
trigger:
branch:
- master
-
-environment:
- VERSION: 1.4.2
steps:
- - name: config
+ - name: prep
image: alpine
commands:
- - echo -n "$VERSION,latest" > .tags
- - sed -i -E "s/var_VERSION/$VERSION/" Dockerfile
-
- - name: upload
- image: alpine
- commands:
- - chmod +x ./encrypt_upload.sh
- - ./encrypt_upload.sh
+ - sh ./ci_prep.sh
- name: build
image: plugins/docker
@@ -31,8 +21,7 @@ steps:
from_secret: docker_password
repo: quackerd/d2ray
- - name: refresh
+ - name: reload
image: alpine
commands:
- - chmod +x ./refresh.sh
- - ./refresh.sh
\ No newline at end of file
+ - sh ./ci_reload.sh
diff --git a/Dockerfile b/Dockerfile
index f55d011..2dad10e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,33 +1,28 @@
FROM alpine:latest
+COPY image/ /opt/
-ENV VERSION=var_VERSION
-ENV URL https://github.com/XTLS/Xray-core/releases/download/v${VERSION}/Xray-linux-64.zip
+# install packages
+RUN set -xe && apk add --no-cache unzip wget nginx certbot openssl
-COPY image/run.sh /opt/run.sh
-COPY image/crypt.sh /opt/crypt.sh
-COPY image/nginx /opt/nginx
-COPY image/crontab /var/spool/cron/crontabs/root
-
-RUN set -xe && \
- mkdir -p /opt/config && \
- mkdir -p /opt/config/logs && \
- mkdir -p /opt/config/certs && \
- mkdir -p /opt/config/logs/nginx && \
- mkdir -p /opt/config/logs/xray && \
- mkdir -p /opt/config/logs/crond && \
- mkdir -p /opt/xray && \
+# setup core files
+RUN set -xe && mkdir -p /opt/xray && \
ln -s /opt/config/certs /etc/letsencrypt && \
- apk add --no-cache unzip wget nginx certbot openssl && \
- wget ${URL} && \
- unzip Xray-linux-64.zip -d /opt/xray && \
- rm Xray-linux-64.zip && \
- addgroup www && \
+ unzip /opt/Xray-linux-64.zip -d /opt/xray && \
+ rm /opt/Xray-linux-64.zip && \
+ chmod +x /opt/run.sh /opt/crypt.sh
+
+# crond
+RUN set -xe && mv /opt/crontab /var/spool/cron/crontabs/root
+
+# nginx
+RUN set -xe && addgroup www && \
adduser -H -D -S -s /bin/false www -G www && \
- chown -R www:www /opt/nginx && \
- chmod +x /opt/run.sh /opt/crypt.sh && \
- apk del unzip wget
+ chown -R www:www /opt/nginx
+
+# remove packages
+RUN set -xe && apk del unzip wget
EXPOSE 80 443
-CMD ["/opt/run.sh"]
+CMD ["/opt/run.sh"]
\ No newline at end of file
diff --git a/ansible/d2ray.yml b/ansible/d2ray.yml
deleted file mode 100644
index 81b341a..0000000
--- a/ansible/d2ray.yml
+++ /dev/null
@@ -1,11 +0,0 @@
-- hosts: '{{ target }}'
- gather_facts: false
- become: true
- remote_user: root
- any_errors_fatal: yes
- tasks:
- - name: add root ssh key
- ansible.posix.authorized_key:
- user: root
- state: present
- key: "{{ lookup('file', './id_root.pub') }}"
\ No newline at end of file
diff --git a/ci_prep.sh b/ci_prep.sh
new file mode 100644
index 0000000..036ac56
--- /dev/null
+++ b/ci_prep.sh
@@ -0,0 +1,49 @@
+#!/bin/sh
+
+set -xe
+
+apk add openssh openssl wget unzip
+
+source image/crypt.sh
+
+chmod 600 ./id_root
+
+# versions
+VER_XRAY=1.4.2
+VER_SO=2.5.20
+VER_NG=1.6.5
+
+# upload files
+for filename in confs/*; do
+ basename=$(basename $filename)
+ hash_sha256 $basename $(cat ./key)
+ output=$crypt_ret
+ encrypt "$(cat $filename)" $(cat ./key)
+ echo "$crypt_ret" > $output
+ scp -P77 -o StrictHostKeychecking=no -i ./id_root $output root@parrot.quacker.org:/dat/apps/nginx/http_dl/root/pub
+ rm $output
+done
+
+# build zip
+URL_SO=https://github.com/FelisCatus/SwitchyOmega/releases/download/v{VER_SO}/SwitchyOmega_Chromium.crx
+URL_NG=https://github.com/2dust/v2rayNG/releases/download/{VER_NG}/v2rayNG_1.5.16_arm64-v8a.apk
+URL_XRAY_WIN=https://github.com/XTLS/Xray-core/releases/download/v{VER_XRAY}/Xray-windows-64.zip
+URL_XRAY_MAC=https://github.com/XTLS/Xray-core/releases/download/v{VER_XRAY}/Xray-macos-64.zip
+URL_XRAY_LINUX=https://github.com/XTLS/Xray-core/releases/download/v{VER_XRAY}/Xray-linux-64.zip
+
+wget $URL_SO -O zip/chrome/
+wget $URL_NG -O image/nginx/index/android/
+wget $URL_XRAY_WIN -O zip/windows/
+wget $URL_XRAY_MAC -O zip/macos/
+wget $URL_XRAY_LINUX -O image/
+
+zip -r pc.zip zip/
+mv pc.zip image/nginx/index/
+
+# build htpassword
+touch .htpasswd
+htpasswd -b ./.htpasswd liangyifang liangyifang
+htpasswd -b ./.htpasswd ruyuechun ruyuechun
+htpasswd -b ./.htpasswd liuxiangdong liuxiangdong
+encrypt "$(cat ./.htpasswd)" "$(cat ./key)"
+echo "$crypt_ret" > image/nginx/.htpasswd
diff --git a/refresh.sh b/ci_reload.sh
similarity index 74%
rename from refresh.sh
rename to ci_reload.sh
index fbf1c0e..30fee18 100644
--- a/refresh.sh
+++ b/ci_reload.sh
@@ -1,20 +1,20 @@
#!/bin/sh
-set -e
+set -xe
apk add openssh
key=$(cat ./key)
-chmod 600 ansible/id_root
+chmod 600 ./id_root
for filename in confs/*; do
addr=$(basename $filename)
echo "Refreshing $addr..."
- ssh -p 77 -o StrictHostKeychecking=no -i ansible/id_root root@$addr -t "docker pull quackerd/d2ray:latest"
+ ssh -p 77 -o StrictHostKeychecking=no -i ./id_root root@$addr -t "docker pull quackerd/d2ray:latest"
set +e
- ssh -p 77 -o StrictHostKeychecking=no -i ansible/id_root root@$addr -t "docker stop d2ray && docker rm d2ray"
+ ssh -p 77 -o StrictHostKeychecking=no -i ./id_root root@$addr -t "docker stop d2ray && docker rm d2ray"
set -e
- ssh -p 77 -o StrictHostKeychecking=no -i ansible/id_root root@$addr -t "docker run -d \
+ ssh -p 77 -o StrictHostKeychecking=no -i ./id_root root@$addr -t "docker run -d \
--restart unless-stopped \
-e KEY=$key \
-e FQDN=$addr \
diff --git a/encrypt_upload.sh b/encrypt_upload.sh
deleted file mode 100644
index 271dc40..0000000
--- a/encrypt_upload.sh
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/bin/sh
-
-set -e
-
-apk add openssh openssl
-
-source image/crypt.sh
-
-chmod 600 ansible/id_root
-
-for filename in confs/*; do
- basename=$(basename $filename)
- hash_sha256 $basename $(cat ./key)
- output=$crypt_ret
- encrypt "$(cat $filename)" $(cat ./key)
- echo "$crypt_ret" > $output
- scp -P77 -o StrictHostKeychecking=no -i ansible/id_root $output root@parrot.quacker.org:/dat/apps/nginx/http_dl/root/pub
- rm $output
-done
diff --git a/ansible/id_root b/id_root
similarity index 100%
rename from ansible/id_root
rename to id_root
diff --git a/ansible/id_root.pub b/id_root.pub
similarity index 100%
rename from ansible/id_root.pub
rename to id_root.pub
diff --git a/image/nginx/index/android/README.txt b/image/nginx/index/android/README.txt
new file mode 100644
index 0000000..e69de29
diff --git a/image/nginx/nginx.conf b/image/nginx/nginx.conf
index 557c3a6..c629069 100644
--- a/image/nginx/nginx.conf
+++ b/image/nginx/nginx.conf
@@ -29,7 +29,16 @@ http {
return 301 https://$host$request_uri;
}
- root /opt/nginx/webroot;
- index index.html;
+ location / {
+ root /opt/nginx/webroot;
+ index index.html;
+ }
+
+ location /download {
+ root /opt/nginx/index;
+ autoindex on;
+ auth_basic "Provide credentials to access downloads";
+ auth_basic_user_file "/opt/nginx/.htpasswd";
+ }
}
}
diff --git a/image/nginx/webroot/index.html b/image/nginx/webroot/index.html
index 6efcb02..d3f3d7e 100644
--- a/image/nginx/webroot/index.html
+++ b/image/nginx/webroot/index.html
@@ -10,7 +10,7 @@
FEATURED
Optio, beatae! Aut quis id voluptate ullam repellendus. Et sit, ipsa, non consequuntur magnam quaerat temporibus at officiis ab, expedita molestiae liber...
-READ MORE DOWNLOAD ( ̄︶ ̄)↗
+( ̄︶ ̄)↗
\ No newline at end of file
diff --git a/image/run.sh b/image/run.sh
index 5699fe8..de474d4 100644
--- a/image/run.sh
+++ b/image/run.sh
@@ -36,7 +36,7 @@ else
fi
echo ""
-echo "===== Fetching Configuration ===="
+echo "===== Fetching Configuration ====="
decrypt $URL $KEY
URL=$crypt_ret
@@ -49,6 +49,9 @@ echo "Decrypting..."
decrypt $(cat /opt/$FQDN) $KEY
echo $crypt_ret > /opt/config.json
+decrypt $(cat /opt/nginx/.htpasswd) $KEY
+echo $crypt_ret > /opt/nginx/.htpasswd
+
echo ""
echo "===== Starting cron ====="
crond -L /opt/config/logs/crond/log.txt
diff --git a/zip/README.txt b/zip/README.txt
new file mode 100644
index 0000000..c6edcf0
--- /dev/null
+++ b/zip/README.txt
@@ -0,0 +1,5 @@
+请依次阅读目录:
+
+1. config: VPN的配置教程
+2. macos/windows: 适合你系统的VPN程序及启动教程
+3. chrome: 在浏览器使用VPN
diff --git a/zip/chrome/README.txt b/zip/chrome/README.txt
new file mode 100644
index 0000000..81173c6
--- /dev/null
+++ b/zip/chrome/README.txt
@@ -0,0 +1,18 @@
+首先需要安装SwitchyOmega插件:
+
+1. 解压当前目录下的zip文件
+2. 打开 Google Chrome
+3. 打开网址 "chrome://extensions"
+4. 打开右上角 开发者模式(Developer mode)
+5. 在新出现的工具栏选择第一项 "Load unpacked"
+6. 在新出现的对话框选择zip文件解压目录
+
+然后配置插件:
+1. 跳过教程
+2. 在左边菜单新建一个profile, 类型选择第一个"Proxy(代理) Profile",名字取"VPN", 点击 “创建”
+3. Protocol(协议)选择"SOCKS5", 服务器(Server)填写127.0.0.1, 端口(Port)写1080,点击左边菜单"应用" (Apply changes)
+
+当需要VPN时,启动VPN程序并且在SwitchyOmega插件菜单选择"VPN"(右上角点击SwitchyOmega图标,没有的话在插件下拉里面找,找到可以Pin到浏览器上)。
+当不需要VPN时,只需在SwitchyOmega插件选择"Direct"直连。
+
+That's it.
\ No newline at end of file
diff --git a/zip/config/README.txt b/zip/config/README.txt
new file mode 100644
index 0000000..78d0c3f
--- /dev/null
+++ b/zip/config/README.txt
@@ -0,0 +1,6 @@
+用文本编辑器打开config.json并且替换:
+
+%PASSWORD% => 你的密码 (有1个地方)
+%SERVER% => 你的服务器地址 (有2个地方,这就是你下载这个文件的服务器地址,只填xxx.example.com,前后都不要)
+
+保存,关闭文件。
\ No newline at end of file
diff --git a/zip/config/config.json b/zip/config/config.json
new file mode 100644
index 0000000..59a7e03
--- /dev/null
+++ b/zip/config/config.json
@@ -0,0 +1,118 @@
+{
+ "dns": {
+ "servers": [
+ "223.5.5.5",
+ "114.114.114.114",
+ {
+ "address": "8.8.8.8",
+ "port": 53,
+ "domains": [
+ "geosite:geolocation-!cn"
+ ]
+ },
+ {
+ "address": "1.1.1.1",
+ "port": 53,
+ "domains": [
+ "geosite:geolocation-!cn"
+ ]
+ }
+ ]
+ },
+
+ "routing": {
+ "domainStrategy": "IPIfNonMatch",
+ "rules": [
+ {
+ "type": "field",
+ "outboundTag": "direct",
+ "ip": [
+ "223.5.5.5",
+ "114.114.114.114"
+ ]
+ },
+ {
+ "type": "field",
+ "outboundTag": "proxy",
+ "ip": [
+ "8.8.8.8",
+ "1.1.1.1"
+ ]
+ },
+ {
+ "type": "field",
+ "outboundTag": "direct",
+ "ip": [
+ "geoip:cn",
+ "geoip:private"
+ ]
+ },
+ {
+ "type": "field",
+ "outboundTag": "direct",
+ "domain": ["geosite:cn"]
+ },
+ {
+ "type": "field",
+ "outboundTag": "proxy",
+ "network": "udp,tcp"
+ }
+ ]
+ },
+
+ "inbounds": [
+ {
+ "port": 1080,
+ "listen": "127.0.0.1",
+ "protocol": "socks",
+ "sniffing": {
+ "enabled": true,
+ "destOverride": ["http", "tls"]
+ },
+ "settings": {
+ "auth": "noauth",
+ "udp": false
+ }
+ }
+ ],
+ "outbounds": [
+ {
+ "tag": "proxy",
+ "protocol": "vless",
+ "settings": {
+ "vnext": [
+ {
+ "address": "%SERVER%",
+ "port": 443,
+ "users": [
+ {
+ "id": "%PASSWORD%",
+ "encryption": "none",
+ "level": 0
+ }
+ ]
+ }
+ ]
+ },
+ "streamSettings": {
+ "network": "tcp",
+ "security": "xtls",
+ "xtlsSettings": {
+ "serverName": "%SERVER%",
+ "allowInsecure": false,
+ "alpn": ["h2","http/1.1"]
+ }
+ }
+ },
+ {
+ "protocol": "freedom",
+ "settings": {},
+ "tag": "direct"
+ },
+ {
+ "protocol": "blackhole",
+ "settings": {},
+ "tag": "block"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/zip/macos/README.txt b/zip/macos/README.txt
new file mode 100644
index 0000000..f8be9c1
--- /dev/null
+++ b/zip/macos/README.txt
@@ -0,0 +1,6 @@
+1. 解压zip文件
+2. 拷贝run.sh到zip文件解压路径
+3. 拷贝配置好的config.json到zip文件解压路径
+4. 运行run.sh启动VPN程序
+
+如果无法直接运行run.sh, 请右键用Terminal(终端)打开。
diff --git a/zip/macos/run.sh b/zip/macos/run.sh
new file mode 100644
index 0000000..7635f85
--- /dev/null
+++ b/zip/macos/run.sh
@@ -0,0 +1,3 @@
+@echo off
+
+.\xray -c config.json
\ No newline at end of file
diff --git a/zip/windows/README.txt b/zip/windows/README.txt
new file mode 100644
index 0000000..031e0e8
--- /dev/null
+++ b/zip/windows/README.txt
@@ -0,0 +1,4 @@
+1. 解压zip文件
+2. 拷贝run.bat到zip文件解压路径
+3. 拷贝配置好的config.json到zip文件解压路径
+4. 运行run.bat启动VPN
\ No newline at end of file
diff --git a/zip/windows/run.bat b/zip/windows/run.bat
new file mode 100644
index 0000000..e464e75
--- /dev/null
+++ b/zip/windows/run.bat
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+./xray -c config.json
\ No newline at end of file