优化Dockerfile使用

2021-04-09 14:49:41 +08:00 · 2021-04-09 14:49:41 +08:00 · d8eb8ab7ed
parent 9b509c33f3
commit d8eb8ab7ed
8 changed files with 201 additions and 48 deletions
--- a/59
+++ b/59
@ -1,26 +1,43 @@
-FROM golang:alpine as builder
-ENV GOPROXY=https://goproxy.io \
-    GO111MODULE=on \
-    GOOS=linux
-WORKDIR /root/
-RUN apk add --no-cache --update bash git g++ nodejs npm \
-    && git clone https://github.com/bjdgyc/anylink.git \
-    && cd anylink/server \
-    && go build -o anylink -ldflags "-X main.COMMIT_ID=$(git rev-parse HEAD)" \
-    && cd ../web \
+# web
+FROM node:lts-alpine as builder_node
+WORKDIR /web
+COPY ./web /web
+RUN npx browserslist@latest --update-db \
    && npm install \
-    && npx browserslist@latest --update-db \
-    && npm run build
+    && npm run build \
+    && ls /web/ui

+# server
+FROM golang:alpine as builder_golang
+ENV GOPROXY=https://goproxy.io \
+    GOOS=linux
+WORKDIR /anylink
+COPY . /anylink
+COPY --from=builder_node /web/ui  /anylink/server/ui
+
+RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories
+RUN apk add --no-cache git
+RUN cd /anylink/server;go build -o anylink -ldflags "-X main.COMMIT_ID=$(git rev-parse HEAD)" \
+    && /anylink/server/anylink tool -v
+
+# anylink
+FROM alpine
+LABEL maintainer="github.com/bjdgyc"
+
+ENV IPV4_CIDR="192.168.10.0/24"

-FROM golang:alpine
-LABEL maintainer="www.mrdoc.fun"
-COPY --from=builder /root/anylink/server  /app/
-COPY --from=builder /root/anylink/web/ui  /app/ui/
-COPY --from=builder /root/anylink/docker /app/
 WORKDIR /app
-RUN apk add --no-cache pwgen bash iptables openssl ca-certificates \
-    && rm -f /app/conf/server.toml \
-    && chmod +x docker_entrypoint.sh
+COPY --from=builder_node /web/ui  /app/ui
+COPY --from=builder_golang /anylink/server/anylink  /app/
+COPY ./server/conf  /app/conf
+COPY ./server/files  /app/files
+COPY docker_entrypoint.sh  /app/
+
+RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories
+RUN apk add --no-cache bash iptables && ls /app
+
+EXPOSE 443 8800
+
+#CMD ["/app/anylink"]
+ENTRYPOINT ["/app/docker_entrypoint.sh"]

-ENTRYPOINT ["./docker_entrypoint.sh"]
--- a/README.md
+++ b/README.md
@ -28,13 +28,19 @@ AnyLink 服务端仅在CentOS 7、Ubuntu 18.04测试通过，如需要安装在

 ## Installation

+> 没有编程基础的同学建议直接下载release包，从下面的地址下载 anylink-deploy.tar.gz
+>
+> https://github.com/bjdgyc/anylink/releases
+
 > 升级 go version = 1.15
+>
+> 需要提前安装好 golang 和 nodejs

 ```shell
 git clone https://github.com/bjdgyc/anylink.git

 cd anylink
-sh -x build.sh
+sh build.sh

 # 注意使用root权限运行
 cd anylink-deploy
@ -42,8 +48,9 @@ sudo ./anylink -conf="conf/server.toml"

 # 默认管理后台访问地址
 # http://host:8800
-# 默认日志文件
-# log/anylink.log
+# 默认账号密码
+# admin 123456
+
 ```

 ## Feature
@ -70,24 +77,27 @@ sudo ./anylink -conf="conf/server.toml"

 ```shell
 # 生成后台密码
-./anylink -passwd 123456
+./anylink tool -p 123456

 # 生成jwt密钥
-./anylink -secret
+./anylink tool -s
 ```

 [conf/server.toml](server/conf/server.toml)

-## systemd
+## Systemd

 添加 systemd脚本
+
 * anylink 程序目录放入 `/usr/local/anylink-deploy`

 systemd 脚本放入：
+
 * centos: `/usr/lib/systemd/system/`
 * ubuntu: `/lib/systemd/system/`

 操作命令:
+
 * 启动: `systemctl start anylink`
 * 停止: `systemctl stop anylink`
 * 开机自启: `systemctl enable anylink`
@ -100,37 +110,43 @@ systemd 脚本放入：
   #获取仓库源码
   git clone -b dev https://github.com/bjdgyc/anylink.git
   # 构建镜像
-   cd docker
   docker build -t anylink .
   ```

 2. 生成密码

   ```bash
-   docker run -it --privileged -e mode=password -e password=< your password > --rm anylink
+   docker run -it --rm anylink tool -p 123456
+   #Passwd:$2a$10$lCWTCcGmQdE/4Kb1wabbLelu4vY/cUwBwN64xIzvXcihFgRzUvH2a
   ```

-3. 生成jwt token
+3. 生成jwt secret

   ```bash
-   docker run -it --privileged -e mode=jwt --rm anylink
+   docker run -it --rm anylink tool -s
+   #Secret:9qXoIhY01jqhWIeIluGliOS4O_rhcXGGGu422uRZ1JjZxIZmh17WwzW36woEbA
   ```

 4. 启动容器

   ```bash
   docker run -itd --privileged \
-   -e mode=pro \
-   -e iproute=192.168.10.0/255.255.255.0 \
   -p 443:443 \
   -p 8800:8800 \
-   -v <your conf path>:/anylink/conf \
-   -v <your log path>:/anylink/log \
   --restart=always \
   anylink
   ```

-
+5. 使用自定义参数启动容器
+   
+   ```bash
+   docker run -itd --privileged \
+   -e IPV4_CIDR=192.168.10.0/24 \
+   -p 443:443 \
+   -p 8800:8800 \
+   --restart=always \
+   anylink -c=/etc/server.toml --admin_addr=:8080
+   ```

 ## Setting

@ -154,7 +170,7 @@ systemd 脚本放入：

 ```shell
 # eth0为服务器内网网卡
-iptables -t nat -A POSTROUTING -s 192.168.10.0/255.255.255.0 -o eth0 -j MASQUERADE
+iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o eth0 -j MASQUERADE
 ```

 3. 使用AnyConnect客户端连接即可
@ -195,7 +211,8 @@ sh bridge-init.sh

 ## Contribution

-欢迎提交 PR、Issues，感谢为AnyLink做出贡献。
+欢迎提交 PR、Issues，感谢为AnyLink做出贡献。 
+
 注意新建PR，需要提交到dev分支，其他分支暂不会合并。

 ## Other Screenshot
--- a/build.sh
+++ b/build.sh
@ -1,4 +1,13 @@
-#!/usr/bin/env bash
+#!/bin/env bash
+
+set -x
+function RETVAL(){
+	rt=$1
+	if [ $rt != 0 ]; then
+		echo $rt
+		exit 1
+	fi
+}

 #当前目录
 cpath=$(pwd)
@ -6,6 +15,7 @@ cpath=$(pwd)
 echo "编译二进制文件"
 cd $cpath/server
 go build -o anylink -ldflags "-X main.COMMIT_ID=$(git rev-parse HEAD)"
+RETVAL $?

 echo "编译前端项目"
 cd $cpath/web
@ -14,6 +24,7 @@ npm install --registry=https://registry.npm.taobao.org
 npm run build --registry=https://registry.npm.taobao.org
 #npm install
 #npm run build
+RETVAL $?

 cd $cpath

--- a/docker/docker_entrypoint_fix.sh
+++ b/docker/docker_entrypoint_fix.sh
@ -0,0 +1,37 @@
+#! /bin/bash
+version=(`wget -qO- -t1 -T2 "https://api.github.com/repos/bjdgyc/anylink/releases/latest" | grep "tag_name" | head -n 1 | awk -F ":" '{print $2}' | sed 's/\"//g;s/,//g;s/ //g'`)
+count=(`ls anylink | wc -w `)
+wget https://github.com/bjdgyc/anylink/releases/download/${version}/anylink-deploy.tar.gz
+tar xf anylink-deploy.tar.gz
+rm -rf anylink-deploy.tar.gz
+if [ ${count} -eq 0 ]; then
+	echo "init anylink"
+	mv anylink-deploy/* anylink/
+else
+	if [ ! -d "/anylink/log" ]; then
+		mv anylink-deploy/log anylink/
+	fi
+	if [ ! -d "/anylink/conf" ]; then
+                mv anylink-deploy/conf anylink/
+        fi
+	echo "update anylink"
+	rm -rf anylink/ui anylink/anylink anylink/files
+	mv anylink-deploy/ui anylink/
+	mv anylink-deploy/anylink anylink/
+	mv anylink-deploy/files anylink/
+fi
+rm -rf anylink-deploy
+sysctl -w net.ipv4.ip_forward=1
+if [[ ${mode} == pro ]];then
+	iptables -t nat -A POSTROUTING -s ${iproute} -o eth0 -j MASQUERADE
+	iptables -L -n -t nat
+	/anylink/anylink -conf=/anylink/conf/server.toml
+elif [[ ${mode} == password ]];then
+	if [ -z ${password} ];then
+		echo "invalid password"
+	else
+		/anylink/anylink -passwd ${password}
+	fi
+elif [[ ${mode} -eq jwt ]];then
+	/anylink/anylink -secret
+fi
--- a/docker/generate-certs.sh
+++ b/docker/generate-certs.sh
@ -1,8 +1,8 @@
 #!/bin/sh

-mkdir -p ssl
+mkdir -p /ssl

-OUTPUT_FILENAME="example.com"
+OUTPUT_FILENAME="vpn.xx.com"

 printf "[req]
 prompt                  = no
@ -19,9 +19,9 @@ x509_extensions         = req_x509v3_extensions
 C  = CN
 ST = BJ
 L  = BJ
-O  = example.com
-OU = example.com
-CN = example.com
+O  = xx.com
+OU = xx.com
+CN = xx.com

 [req_x509v3_extensions]
 basicConstraints        = critical,CA:true
@ -31,9 +31,11 @@ extendedKeyUsage        = critical,serverAuth #, clientAuth
 subjectAltName          = @alt_names

 [alt_names]
-DNS.1 = example.com
-DNS.2 = *.example.com
+DNS.1 = xx.com
+DNS.2 = *.xx.com

-">ssl/${OUTPUT_FILENAME}.conf
+">/ssl/${OUTPUT_FILENAME}.conf
+
+openssl req -x509 -newkey rsa:2048 -keyout /ssl/test_vpn_key.pem -out /ssl/test_vpn_cert.pem \
+-days 3600 -nodes -config /ssl/${OUTPUT_FILENAME}.conf

-openssl req -x509 -newkey rsa:2048 -keyout /app/conf/$OUTPUT_FILENAME.key -out /app/conf/$OUTPUT_FILENAME.crt -days 3600 -nodes -config ssl/${OUTPUT_FILENAME}.conf
--- a/docker_entrypoint.sh
+++ b/docker_entrypoint.sh
@ -0,0 +1,23 @@
+#!/bin/sh
+var1=$1
+
+#set -x
+
+case $var1 in
+"bash" | "sh")
+  echo $var1
+  exec "$@"
+  ;;
+
+"tool")
+  /app/anylink "$@"
+  ;;
+
+*)
+  sysctl -w net.ipv4.ip_forward=1
+  iptables -t nat -A POSTROUTING -s "${IPV4_CIDR}" -o eth0+ -j MASQUERADE
+  #  iptables -nL -t nat
+
+  /app/anylink "$@"
+  ;;
+esac
--- a/server/conf/test_vpn_cert.pem
+++ b/server/conf/test_vpn_cert.pem
@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDGDCCAgACCQCecQDpy/8hRTANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJD
+TjELMAkGA1UECAwCQkoxCzAJBgNVBAcMAkJKMQswCQYDVQQKDAJCRDELMAkGA1UE
+CwwCQkQxCzAJBgNVBAMMAkNTMB4XDTIxMDMyNjA5MTkwNloXDTMxMDMyNDA5MTkw
+NlowTjELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAlNIMQswCQYDVQQHDAJTSDELMAkG
+A1UECgwCVE0xCzAJBgNVBAsMAlRNMQswCQYDVQQDDAJDUzCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAJtDxHduS8gjI0P6txHS+cODxKjyjNiCBa7tFgSc
+d9hRrzCvK4Q4M5StKJoSczmHl0C3HVoq92Gv1vENxq4irYdCrwLeOZGyt7urUlbs
+PkvEoVXxfAkPpue+JewG/CvGArJeP7UGsP5IrD0Dt5X1DP677K6qf5igzyaJqYJu
+RDJ5wR84BoDvY66Zc578N9tK9XusdJ63gQ5jGcG4Dneu1UX3g8lQkJ6P0xLXTh7W
+u5Sjx8axbDcFxbDLxNGL1yPgAjhIRgMfaWLwuQQg4WKFsdMljv1Flz8/h91z2xo+
+E/B4YF0UFWTcWQ2TQ8w8noDqnnXVVQyOvuI3aajodml/f0CAwEAATANBgkqhkiG
+9w0BAQsFAAOCAQEAd89n0eWXgO1lqMciWmS9xY8Sj/U840bPo/4Kclsm1vFNvIXu
+I50PeaNiU2E5+CMk8AwXaJ5gDO7vsRxvLLRAUWZeuxSror2a0RkViEFW+UKcBuuB
+Izl9giXUhB/P85+We1ma5jizqj7OpzgMkzkcTZL2M6Gw6IWY4jopvLQjiCooSiYF
+wtLZjuFKfpLrPw5RgpWI4L8Hftbkmh6Q8nqcoQvgwm7rLrD5VqiTu7Rk1SXTFuXn
+uuazXasWIWRVGFuFcYP1rwyOfp9HhCFKngi0w8IRnbOcaPdXydtbKMcKt5z9zQX5
+BqrZ3ZfPp5HeklG7L8eQrnp4ines6YDshPnaRQ==
+-----END CERTIFICATE-----
--- a/server/conf/test_vpn_key.pem
+++ b/server/conf/test_vpn_key.pem
@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAm0PEd25LyCMjQ/q3EdL5w4PEqPKM2IIFru0WBJx32FGvMK8r
+hDgzlK0omhJzOYeXQLcdWir3Ya/W8Q3GriKth0KvAt45kbK3u6tSVuw+S8ShVfF8
+CQ+m574l7Ab8K8YCsl4/tQaw/kisPQO3lfUM/rvsrqp/mKDPJompgm5EMnnBHzgG
+gO9jrplznvw320r1e6x0nreBDmMZwbgOd67VRfeDyVCQno/TEtdOHta7lKPHxrFs
+NwXFsMvE0YvXI+ACOEhGAx9pYvC5BCDhYoWx0yWO/UWXPz+H3XPbGj74T8HhgXRQ
+VZNxZDZNDzDyegOqeddVVDI6+4jdpqOh2aX9/QIDAQABAoIBADWT2fz4g5AJiAbS
+QlAVRHjSRI+kOzQPEhT93SY0NCribRjYqaSTnEEGy8b27OoCPxBm3+sYfosoGXzP
+Kys17jmJqkjMFIORb1OEWAKEvS56KM42aX3a99ZqSD29X1Ffn9ibK1K1f2gP/deE
+K9rEV/qjMJZJYYRyoWkEAglvMXtU/NMRoTuFYtrJPr9sFEfpBFq97WpWiyMdLKTG
+MmlN+T1CXFQj/+mpv+DDSXcwLPBxAttDYE2GeqlhntId0I6cgaEGMO42D6fnqrKi
+PDilA/D6zos4o/bpRGvVBdXHqOXvX2stNHK+PvEX46GRd+OZhLh0KEcrWAx8cXs9
+ZhugTyECgYEAyffRPd98acL0OhXJR9mZTgDdotl7iYq+RTZbmEvAFst3mL3LA6Ba
+BTrwRLh9x8lzxoTQHHFaJL63kIrN6QAR9e3+pR0e8IX3vYCVGIlRCYB5CrE/O3Pi
+B9R17tCI5dFrFXYiST38sjwrWG9+geKarbUH5AZrZEO5uw0q7+4F3TkCgYEAxM1h
+Xo+xRt8RXoWZ6Cl66HhZKIvDcxkBtoNh54YLzrVpv0D+RvAWNDzRVXbbIUUpBGPN
+pHrwU8G0qWr4Q/Zx+vnckqotGMTNCB7vcmB/qwF9grNW9E0rCyIYLXtJcEiclJIF
+Oe406YXl7mSG1I6QjAADz8PNb4++Ct1+hVS56uUCgYAx9g/Y0nQgZY2s4L7N+1Il
+LammI06gE6ZF0NCPuA1oliSbsDeMShp6uL2/AjR7O6ZcMXaZ0qCN/m/CXdPaE55d
+y+X2SmHg9gL26dv4Gd/mDdXjgz01I9GCRlh2Hzf+QfPPd027+I2OObwvQEV3M+s3
+lVTCX6QpRWeokfVRLPxeYQKBgDIYPVK+rNdnbJps05JfDKQkDj3d5bBkiyUUKFWw
+r0y8rOA8AP25m01MtdRVXs4HNruhU/UsPgRz6DK/wdY64ySJeXXzz2rgnXgVt8mb
+eqPiyzn7wISLKAu7cAATw8vLD+BZku7+DYXryW13NULhzzVzw4SdSKu/IRbO7qet
+u21pAoGAd2mBJ+PWKnUkARS8gQ3Y3cagA/qGGr094P9relglRDBv/Pm7kTUt6K8B
+NnpqWydcVtcrXmNzGRx4ftm18SzmTJEohF14nF9424q4aiWoNZyG8adxaI0Yqv3G
+LnH8n2fzC+pf31LijBRM8DRnepah64mLF+OM/SxgVg1nP9jVUG4=
+-----END RSA PRIVATE KEY-----