Merge branch 'main' into dev

# Conflicts:
#	docker/docker_entrypoint.sh

Dockerfile

@@ -0,0 +1,26 @@
+FROM golang:alpine as builder
+ENV GOPROXY=https://goproxy.io \
+    GO111MODULE=on \
+    GOOS=linux
+WORKDIR /root/
+RUN apk add --no-cache --update bash git g++ nodejs npm \
+    && git clone https://github.com/bjdgyc/anylink.git \
+    && cd anylink/server \
+    && go build -o anylink -ldflags "-X main.COMMIT_ID=$(git rev-parse HEAD)" \
+    && cd ../web \
+    && npm install \
+    && npx browserslist@latest --update-db \
+    && npm run build
+
+
+FROM golang:alpine
+LABEL maintainer="www.mrdoc.fun"
+COPY --from=builder /root/anylink/server  /app/
+COPY --from=builder /root/anylink/web/ui  /app/ui/
+COPY --from=builder /root/anylink/docker /app/
+WORKDIR /app
+RUN apk add --no-cache pwgen bash iptables openssl ca-certificates \
+    && rm -f /app/conf/server.toml \
+    && chmod +x docker_entrypoint.sh
+
+ENTRYPOINT ["./docker_entrypoint.sh"]

docker/docker_entrypoint.sh

@@ -1,37 +1,41 @@
-#! /bin/bash
-version=(`wget -qO- -t1 -T2 "https://api.github.com/repos/bjdgyc/anylink/releases/latest" | grep "tag_name" | head -n 1 | awk -F ":" '{print $2}' | sed 's/\"//g;s/,//g;s/ //g'`)
-count=(`ls anylink | wc -w `)
-wget https://github.com/bjdgyc/anylink/releases/download/${version}/anylink-deploy.tar.gz
-tar xf anylink-deploy.tar.gz
-rm -rf anylink-deploy.tar.gz
-if [ ${count} -eq 0 ]; then
-	echo "init anylink"
-	mv anylink-deploy/* anylink/
+#!/bin/sh
+USER="admin"
+MM=$(pwgen -1s)
+CREATE_USER=1
+CONFIG_FILE='/app/conf/server.toml'
+
+if [ $CREATE_USER -eq 1 ]; then
+  if [ ! -e $CREATE_USER ]; then
+	    MM=$(pwgen -1s)
+            touch $CREATE_USER
+	    bash /app/generate-certs.sh
+            cd /app/conf/ && cp *.crt  /usr/local/share/ca-certificates/
+	    update-ca-certificates --fresh
+            userpass=$(/app/anylink -passwd "${MM}"| cut -d : -f2)
+	    echo "${userpass}"
+            jwttoken=$(/app/anylink -secret | cut -d : -f2)
+            echo "-- First container startup --user:${USER} pwd:${MM}"
+            sed -i "s/admin/${USER}/g" /app/server-example.toml
+            sed -i "s/123456/${MM}/g" /app/server-example.toml
+            sed -i "s#usertoken#${userpass}#g" /app/server-example.toml
+            sed -i "s/jwttoken/${jwttoken}/g" /app/server-example.toml
+            else
+                        echo "-- Not first container startup --"
+  fi
+
 else
-	if [ ! -d "/anylink/log" ]; then
-		mv anylink-deploy/log anylink/
-	fi
-	if [ ! -d "/anylink/conf" ]; then
-                mv anylink-deploy/conf anylink/
-        fi
-	echo "update anylink"
-	rm -rf anylink/ui anylink/anylink anylink/files
-	mv anylink-deploy/ui anylink/
-	mv anylink-deploy/anylink anylink/
-	mv anylink-deploy/files anylink/
+                echo "user switch not create"
+
 fi
-rm -rf anylink-deploy
+
+if [ ! -f $CONFIG_FILE ]; then
+echo "#####Generating configuration file#####"
+cp /app/server-example.toml /app/conf/server.toml
+else
+        echo "#####Configuration file already exists#####"
+fi
+
+rtaddr=$(grep "cidr" /app/conf/server.toml |awk -F \" '{print $2}')
 sysctl -w net.ipv4.ip_forward=1
-if [[ ${mode} == pro ]];then
-	iptables -t nat -A POSTROUTING -s ${iproute} -o eth0 -j MASQUERADE
-	iptables -L -n -t nat
-	/anylink/anylink -conf=/anylink/conf/server.toml
-elif [[ ${mode} == password ]];then
-	if [ -z ${password} ];then
-		echo "invalid password"
-	else
-		/anylink/anylink -passwd ${password}
-	fi
-elif [[ ${mode} -eq jwt ]];then
-	/anylink/anylink -secret
-fi
+iptables -t nat -A POSTROUTING -s "${rtaddr}" -o eth0+ -j MASQUERADE
+/app/anylink -conf="/app/conf/server.toml"

docker/generate-certs.sh

@@ -0,0 +1,39 @@
+#!/bin/sh
+
+mkdir -p ssl
+
+OUTPUT_FILENAME="example.com"
+
+printf "[req]
+prompt                  = no
+default_bits            = 4096
+default_md              = sha256
+encrypt_key             = no
+string_mask             = utf8only
+
+distinguished_name      = cert_distinguished_name
+req_extensions          = req_x509v3_extensions
+x509_extensions         = req_x509v3_extensions
+
+[ cert_distinguished_name ]
+C  = CN
+ST = BJ
+L  = BJ
+O  = example.com
+OU = example.com
+CN = example.com
+
+[req_x509v3_extensions]
+basicConstraints        = critical,CA:true
+subjectKeyIdentifier    = hash
+keyUsage                = critical,digitalSignature,keyCertSign,cRLSign #,keyEncipherment
+extendedKeyUsage        = critical,serverAuth #, clientAuth
+subjectAltName          = @alt_names
+
+[alt_names]
+DNS.1 = example.com
+DNS.2 = *.example.com
+
+">ssl/${OUTPUT_FILENAME}.conf
+
+openssl req -x509 -newkey rsa:2048 -keyout /app/conf/$OUTPUT_FILENAME.key -out /app/conf/$OUTPUT_FILENAME.crt -days 3600 -nodes -config ssl/${OUTPUT_FILENAME}.conf

docker/server-example.toml

@@ -0,0 +1,61 @@
+#服务配置信息
+
+#其他配置文件,可以使用绝对路径
+#或者相对于server.toml的路径
+
+#数据文件
+db_file = "./data.db"
+#证书文件
+cert_file = "./example.com.crt"
+cert_key = "./example.com.key"
+ui_path = "../ui"
+files_path = "../files"
+#日志目录,为空写入标准输出
+#log_path = "../log"
+log_path = ""
+log_level = "info"
+
+#系统名称
+issuer = "XX公司VPN"
+#后台管理用户
+admin_user = "admin"
+#pass 123456
+admin_pass = "usertoken"
+jwt_secret = "jwttoken"
+
+
+#vpn服务对外地址,影响开通邮件二维码
+link_addr = "test.example.com"
+
+#前台服务监听地址
+server_addr = ":443"
+#后台服务监听地址
+admin_addr = ":8800"
+#开启tcp proxy protocol协议
+proxy_protocol = false
+
+link_mode = "tun"
+
+#客户端分配的ip地址池
+ipv4_cidr = "192.168.10.0/24"
+ipv4_gateway = "192.168.10.1"
+ipv4_pool = ["192.168.10.100", "192.168.10.200"]
+
+#最大客户端数量
+max_client = 100
+#单个用户同时在线数量
+max_user_client = 3
+#IP租期(秒)
+ip_lease = 1209600
+
+#默认选择的组
+default_group = "one"
+
+#客户端失效检测时间(秒) dpd > keepalive
+cstp_keepalive = 20
+cstp_dpd = 30
+mobile_keepalive = 50
+mobile_dpd = 60
+#session过期时间，用于断线重连，0永不过期
+session_timeout = 3600
+auth_timeout = 0