7x31/anylink
1
0
Fork 0
mirror of https://github.com/bjdgyc/anylink.git synced 2025-09-28 16:15:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: 7x31:v0.10.1
Branches Tags
7x31:main
7x31:v0.13.1 7x31:v0.12.2 7x31:v0.12.1 7x31:v0.11.4 7x31:v0.11.3 7x31:v0.11.2 7x31:v0.11.1 7x31:v0.10.1 7x31:v0.9.4 7x31:v0.9.3 7x31:v0.9.2-beta2 7x31:v0.9.2-beta1 7x31:v0.9.1-beta1 7x31:v0.8.1 7x31:v0.7.4 7x31:v0.7.3 7x31:v0.7.2 7x31:v0.7.1 7x31:v0.6.2 7x31:v0.6.1 7x31:v0.5.1 7x31:v0.4.2 7x31:v0.4.1 7x31:v0.3.3 7x31:v0.3.1 7x31:v0.2.1 7x31:v0.1.8 7x31:v0.1.7 7x31:v0.1.6 7x31:v0.1.0 7x31:v0.0.8 7x31:v0.0.6
..
compare: 7x31:v0.11.1
Branches Tags
7x31:main
7x31:v0.13.1 7x31:v0.12.2 7x31:v0.12.1 7x31:v0.11.4 7x31:v0.11.3 7x31:v0.11.2 7x31:v0.11.1 7x31:v0.10.1 7x31:v0.9.4 7x31:v0.9.3 7x31:v0.9.2-beta2 7x31:v0.9.2-beta1 7x31:v0.9.1-beta1 7x31:v0.8.1 7x31:v0.7.4 7x31:v0.7.3 7x31:v0.7.2 7x31:v0.7.1 7x31:v0.6.2 7x31:v0.6.1 7x31:v0.5.1 7x31:v0.4.2 7x31:v0.4.1 7x31:v0.3.3 7x31:v0.3.1 7x31:v0.2.1 7x31:v0.1.8 7x31:v0.1.7 7x31:v0.1.6 7x31:v0.1.0 7x31:v0.0.8 7x31:v0.0.6

64 Commits
v0.10.1 ... v0.11.1

Author SHA1 Message Date
bjdgy
5d4a9c0082 test 2024-02-04 19:57:07 +08:00
bjdgy
8bd8651fd7 删除armv7 2024-02-04 00:01:24 +08:00
bjdgy
545ddb337f 删除静态编译 2024-02-02 19:24:02 +08:00
bjdgy
d53ab80848 删除静态编译 2024-02-02 19:22:13 +08:00
bjdgyc
6c1f29ba3a 修复build错误 2024-02-02 18:59:34 +08:00
bjdgyc
947339384b 更新版本 2024-02-01 17:27:00 +08:00
bjdgyc
0849c6049b 更新版本 2024-02-01 17:20:44 +08:00
bjdgyc
936c44e866 优化编译脚本 2024-02-01 17:18:16 +08:00
bjdgyc
02bc75b27a 优化编译脚本 2024-02-01 16:12:41 +08:00
bjdgy
1aa8c83d58 修复go test报错 2024-01-31 22:56:59 +08:00
bjdgy
7554876259 修复go test报错 2024-01-31 22:47:54 +08:00
bjdgyc
2fc3c33880 添加 deploy 部署脚本 
优化应用易用性
 2024-01-31 17:44:35 +08:00
bjdgy
d45ecbf3b7 添加 Release 2024-01-30 21:26:09 +08:00
bjdgy
54c2d95dd5 添加 Release 2024-01-30 21:21:42 +08:00
bjdgy
7eb8cc2077 添加 Release 2024-01-30 21:03:28 +08:00
bjdgyc
fbd799f9f9 添加 Release 2024-01-30 18:23:09 +08:00
bjdgyc
f9ff92d73d 修改 docker 编译 2024-01-30 11:06:15 +08:00
bjdgy
10a335dc3d 修改 docker 编译 2024-01-29 22:25:41 +08:00
bjdgy
cd5652215f 修改 docker 编译 2024-01-29 22:17:01 +08:00
bjdgy
b153997cf1 修改 docker 编译 2024-01-29 22:13:40 +08:00
bjdgy
d5046a4f53 修改 docker 编译 2024-01-29 22:11:15 +08:00
bjdgy
b7fbbdc58c 修改 docker 编译 2024-01-29 22:07:52 +08:00
bjdgy
39b28f23c0 修改 docker 编译 2024-01-29 21:47:42 +08:00
bjdgy
aa09d928c3 修改 docker 编译 2024-01-29 21:34:03 +08:00
bjdgy
9099aea122 修改 docker 编译 2024-01-29 21:26:38 +08:00
bjdgy
ef3f2aba4c 修改 docker 编译 2024-01-29 21:11:40 +08:00
bjdgy
3c015651ef 修改 docker 编译 2024-01-29 20:59:34 +08:00
bjdgy
6a598b2570 修改 docker 编译 2024-01-29 20:50:55 +08:00
bjdgyc
1f47e3e254 修改 docker 编译 2024-01-29 17:56:39 +08:00
bjdgyc
79b7f0c88e 修改 docker 编译 2024-01-29 17:50:28 +08:00
bjdgyc
289f748543 修改 docker 编译 2024-01-29 17:47:46 +08:00
bjdgyc
4f77fd9013 添加 release.sh 脚本 2024-01-29 15:11:10 +08:00
bjdgyc
769c304e9a 添加 release.sh 脚本 2024-01-29 14:40:12 +08:00
bjdgyc
a5d9764d35 添加 release.sh 脚本 2024-01-29 14:32:41 +08:00
bjdgyc
f47fbd0252 添加 release.sh 脚本 2024-01-29 14:30:15 +08:00
bjdgyc
41278f722d Update build.sh 2024-01-29 00:25:18 +08:00
bjdgyc
87e50e8e0d Update build.sh 2024-01-29 00:21:51 +08:00
bjdgyc
5371e4530f Update release-tag-version.yml 2024-01-29 00:19:56 +08:00
bjdgyc
9d5f5719d8 Merge pull request #290 from bjdgyc/dev 
添加github action编译
 2024-01-29 00:15:27 +08:00
bjdgy
911b96cc74 修改readme 2024-01-29 00:09:48 +08:00
bjdgyc
13de601474 修改readme 2024-01-24 10:08:48 +08:00
bjdgyc
56576cb22a 修改配置参数 2024-01-23 17:38:48 +08:00
bjdgyc
70f3e46ef7 修改配置参数 2024-01-23 14:28:11 +08:00
bjdgy
1592a1f01b fix 2024-01-22 22:49:27 +08:00
bjdgy
279498e37e 更改 http server log 2024-01-22 21:18:26 +08:00
bjdgyc
9ed8b1a9f1 更新证书信息 2024-01-22 15:12:10 +08:00
bjdgyc
31a1035267 更新证书信息 2024-01-22 15:06:05 +08:00
bjdgyc
5731d9a01c 修复otp二维码 不显示的问题 2024-01-22 13:21:12 +08:00
bjdgyc
c63604aba3 修复otp二维码 不显示的问题 2024-01-22 10:38:20 +08:00
bjdgyc
7c3ed549d0 增加 用户名或姓名或邮箱 搜索支持 2024-01-15 17:46:47 +08:00
bjdgyc
4a33b42726 Merge remote-tracking branch 'origin/dev' into dev 2024-01-15 17:31:48 +08:00
bjdgyc
da92c111e7 增加 用户名或姓名或邮箱 搜索支持 2024-01-15 17:30:58 +08:00
bjdgyc
634c8c8145 Update go-update.yml 2024-01-15 15:50:39 +08:00
bjdgyc
3408198d2d 修改说明文件 2024-01-15 15:21:39 +08:00
bjdgyc
1df0f60ed3 Update go-update.yml 2024-01-15 10:10:30 +08:00
bjdgyc
1f5d7d0dab Merge pull request #288 from Potterli20/patch-1 
update go.mod 7day
 2024-01-15 10:07:09 +08:00
trli
e73504b4b6 Create go-update.yml 2024-01-15 09:52:44 +08:00
bjdgy
2e86547e97 修复 DPD-REQ 协议 2023-12-31 22:39:29 +08:00
bjdgyc
970213f269 Merge pull request #285 from itviewer/dev 
遵循 DPD-REQ 协议,修复 OpenConnect DTLS 的 MTU 探测
 2023-12-31 21:53:03 +08:00
XinJun Ma
ffd68d6c81 遵循 DPD-REQ 协议,修复 OpenConnect DTLS 的 MTU 探测 2023-12-31 18:36:02 +08:00
bjdgyc
3f072242f4 添加 空闲链接超时自动断开 2023-12-29 16:17:50 +08:00
bjdgyc
ef1e20a558 添加 空闲链接超时自动断开 2023-12-29 15:51:49 +08:00
bjdgy
42142d95b7 修改报错信息 2023-12-27 21:24:24 +08:00
bjdgy
638a99275e fix 2023-12-26 13:00:55 +08:00
61 changed files with 1386 additions and 1457 deletions
Expand all files Collapse all files

10
.codecov.yml
View File

@@ -1,5 +1,7 @@
ignore: ignore:
- "screenshot" - "^doc"
- "web" - "^home"
- "server/conf" - "^web"
- "server/files" - "^server/conf"
- "^server/files"

4
.github/FUNDING.yml vendored
View File

@@ -1,6 +1,6 @@
# These are supported funding model platforms # These are supported funding model platforms
github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2] github: [ 'bjdgyc' ] # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
patreon: # Replace with a single Patreon username patreon: # Replace with a single Patreon username
open_collective: # Replace with a single Open Collective username open_collective: # Replace with a single Open Collective username
ko_fi: # Replace with a single Ko-fi username ko_fi: # Replace with a single Ko-fi username
@@ -10,4 +10,4 @@ liberapay: # Replace with a single Liberapay username
issuehunt: # Replace with a single IssueHunt username issuehunt: # Replace with a single IssueHunt username
otechie: # Replace with a single Otechie username otechie: # Replace with a single Otechie username
lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
custom: ['https://github.com/bjdgyc/anylink/blob/main/doc/README.md'] # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2'] custom: [ 'https://github.com/bjdgyc/anylink/blob/main/doc/README.md' ] # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']

64
.github/workflows/codeql-analysis.yml vendored
View File

@@ -12,13 +12,15 @@
name: "CodeQL" name: "CodeQL"
on: on:
push: workflow_dispatch:
branches: [ "main", "dev" ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ "main", "dev" ]
schedule: schedule:
- cron: '32 12 * * 5' - cron: '32 5 * * 1'
# push:
# branches: [ "main", "dev" ]
# pull_request:
# branches: [ "main", "dev" ]
jobs: jobs:
analyze: analyze:
@@ -38,34 +40,34 @@ jobs:
# https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v2 uses: actions/checkout@v4
# Initializes the CodeQL tools for scanning. # Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL - name: Initialize CodeQL
uses: github/codeql-action/init@v2 uses: github/codeql-action/init@v2
with: with:
languages: ${{ matrix.language }} languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file. # If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file. # By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file. # Prefix the list here with "+" to use these queries and those in the config file.
# queries: ./path/to/local/query, your-org/your-repo/queries@main # queries: ./path/to/local/query, your-org/your-repo/queries@main
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below) # If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild - name: Autobuild
uses: github/codeql-action/autobuild@v2 uses: github/codeql-action/autobuild@v2
# Command-line programs to run using the OS shell. # Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl # 📚 https://git.io/JvXDl
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
# and modify them (or add more) to build your code if your project # and modify them (or add more) to build your code if your project
# uses a compiled language # uses a compiled language
#- run: | #- run: |
# make bootstrap # make bootstrap
# make release # make release
- name: Perform CodeQL Analysis - name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2 uses: github/codeql-action/analyze@v2

48
.github/workflows/go-update.yml vendored Normal file
View File

@@ -0,0 +1,48 @@
name: go-update
on:
workflow_dispatch:
# schedule:
# - cron: "1 2 * * 5"
jobs:
go:
runs-on: ubuntu-latest
steps:
- name: Setup Go 1.x.y
uses: actions/setup-go@main
with:
go-version: '1.20'
stable: true
- name: Checkout codebase
uses: actions/checkout@main
- name: go
run: |
cd ./server
go mod tidy -compat=1.20
#gofmt -w -r 'interface{} -> any' .
go get -u
go mod download
go get -u
go mod download
- name: Git push
run: |
git init
git config --local user.name "github-actions[bot]"
git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
git remote rm origin
git remote add origin "https://${{ github.actor }}:${{ secrets.GITHUBTOKEN }}@github.com/${{ github.repository }}"
git gc --aggressive
git add --all
git commit -m "update go.mod $(date +%Y.%m.%d.%H.%M)"
#git push -f -u origin _autoaction
git push -u origin _autoaction
# 删除无用 workflow runs;
- name: Delete workflow runs
uses: GitRML/delete-workflow-runs@main
with:
retain_days: 0.1
keep_minimum_runs: 1

25
.github/workflows/go.yml vendored
View File

@@ -1,6 +1,8 @@
name: Go name: Go
on: on:
workflow_dispatch:
push: push:
branches: [ "main", "dev" ] branches: [ "main", "dev" ]
pull_request: pull_request:
@@ -12,15 +14,15 @@ jobs:
name: Build name: Build
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v4
- name: Set up Go 1.x - name: Set up Go 1.x
uses: actions/setup-go@v2 uses: actions/setup-go@v4
with: with:
go-version: 1.18 go-version: '1.20'
id: go go-version-file: 'server/go.mod'
cache-dependency-path: 'server/go.sum'
- name: Check out code into the Go module directory
uses: actions/checkout@v2
- name: Get dependencies - name: Get dependencies
run: | run: |
@@ -32,15 +34,16 @@ jobs:
cd server cd server
mkdir ui mkdir ui
touch ui/index.html touch ui/index.html
go build -v -o anylink -ldflags "-X main.CommitId=`git rev-parse HEAD`" go build -v -o anylink -trimpath -ldflags "-X main.CommitId=`git rev-parse HEAD`"
./anylink tool -v ./anylink tool -v
- name: Test coverage - name: Test coverage
run: | run: |
cd server cd server
go test ./...
go test -race -coverprofile=coverage.txt -covermode=atomic -v ./... go test -race -coverprofile=coverage.txt -covermode=atomic -v ./...
- name: Upload coverage to Codecov - name: Upload coverage reports to Codecov
run: | uses: codecov/codecov-action@v3
cd server env:
bash <(curl -s https://codecov.io/bash) CODECOV_TOKEN: 28d52fb0-8fc9-460f-95b9-fb84f9138e58

98
.github/workflows/release.yml vendored Normal file
View File

@@ -0,0 +1,98 @@
name: release
on:
workflow_dispatch:
push:
tags:
- "v0.*"
- "v1.*"
jobs:
Build:
name: build-binary
runs-on: ubuntu-latest
env:
TZ: Asia/Shanghai
steps:
- name: Hello world
run: uname -a
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '16'
cache: 'yarn'
cache-dependency-path: 'web/yarn.lock'
- name: Build web
working-directory: web
run: |
yarn install
yarn run build
# - uses: actions/setup-go@v4
# with:
# go-version: '1.20'
# cache-dependency-path: 'server/go.sum'
- name: Set up QEMU
# https://github.com/docker/setup-qemu-action
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: bjdgyc
password: ${{ secrets.DOCKERHUB_TOKEN }}
logout: true
- name: Pre bash
shell: bash
run: |
appVer=`cat version`
commitId=`git rev-parse HEAD`
echo "APP_VER=$appVer" >> $GITHUB_ENV
echo "commitId=$commitId" >> $GITHUB_ENV
echo $appVer > version_info
echo $commitId >> version_info
echo $GITHUB_REF >> version_info
echo $GITHUB_REF_NAME >> version_info
#cd server;go mod tidy
- name: Build and push
uses: docker/build-push-action@v5
with:
push: true
cache-from: type=gha,scope=anylink
cache-to: type=gha,mode=max,scope=anylink
context: .
file: ./docker/Dockerfile
platforms: linux/amd64,linux/arm64
#platforms: linux/amd64
build-args: |
appVer=${{ env.APP_VER }}
commitId=${{ env.commitId }}
tags: bjdgyc/anylink:latest,bjdgyc/anylink:${{ env.APP_VER }}
#tags: bjdgyc/anylink:${{ env.APP_VER }}
- name: Build deploy binary
shell: bash
run: bash release.sh
- name: Release
# https://github.com/ncipollo/release-action
# artifacts: bin/release/*
# generateReleaseNotes: true
# draft: true
# https://github.com/softprops/action-gh-release
uses: softprops/action-gh-release@v1
#if: startsWith(github.ref, 'refs/tags/')
with:
tag_name: v${{ env.APP_VER }}
files: artifact-dist/*
# Docker:
# name: build-docker

4
.gitignore vendored
View File

@@ -2,4 +2,8 @@
.idea/ .idea/
anylink-deploy anylink-deploy
anylink-deploy.tar.gz anylink-deploy.tar.gz
anylink
anylink.db
dist
artifact-dist

104
.goreleaser.yaml Normal file
View File

@@ -0,0 +1,104 @@
#https://goreleaser.com/static/schema.json
# release --skip=publish
# goreleaser build --skip=validate --clean --debug
# GOPROXY=https://goproxy.cn
# docker run -it --rm -v $PWD:/app -v /go:/go -w /app --platform=linux/arm64 golang:alpine3.19
# docker run -it --rm -v $PWD:/app -v /go:/go -w /app goreleaser/goreleaser-cross build --skip=validate --clean --debug
# docker run -it --rm -v $PWD:/app -v /go:/go -w /app bjdgyc/dcross goreleaser build --skip=validate --clean --debug
version: 1
dist: dist
before:
hooks:
- pwd
# - cmd: go mod tidy
# dir:
# "{{ dir .Dist}}"
# output: true
# - cmd: go generate
# dir:
# "{{ dir .Dist}}"
# output: true
builds:
- id: "build"
#main: .
dir: ./server
hooks:
pre:
- cmd: go mod tidy
dir: ./server
output: true
- cmd: go generate
dir: ./server
output: true
# {{- if eq .Arch "amd64" }}CC=x86_64-linux-gnu-gcc CXX=x86_64-linux-gnu-g++{{- end }}
env:
- CGO_ENABLED=1
- >-
{{- if eq .Os "linux" }}
{{- if eq .Arch "amd64" }}CC=x86_64-linux-musl-gcc{{- end }}
{{- if eq .Arch "arm64" }}CC=aarch64-linux-gnu-gcc{{- end }}
{{- end }}
{{- if eq .Os "darwin" }}
{{- if eq .Arch "amd64"}}CC=o64-clang{{- end }}
{{- if eq .Arch "arm64"}}CC=oa64-clang{{- end }}
{{- end }}
{{- if eq .Os "windows" }}
{{- if eq .Arch "amd64"}}CC=x86_64-w64-mingw32-gcc{{- end }}
{{- if eq .Arch "arm64"}}CC=aarch64-linux-gnu-gcc{{- end }}
{{- end }}
goos:
- linux
#- darwin
#- windows
goarch:
- amd64
#- arm64
# https://go.dev/wiki/MinimumRequirements
goamd64:
- v1
command: build
flags:
- -trimpath
- -tags osusergo,netgo,sqlite_omit_load_extension
ldflags:
# go tool link -help
# go tool compile -help
# -linkmode external
# -extld=$CC
# -fpic 作为动态链接库的时候 需要添加
- -s -w -extldflags '-static' -X main.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.Date}} -X main.builtBy=dcross
archives:
- id: "archive1"
format: tar.gz
# this name template makes the OS and Arch compatible with the results of `uname`.
name_template: >-
{{ .ProjectName }}_
{{- title .Os }}_
{{- if eq .Arch "amd64" }}x86_64
{{- else if eq .Arch "386" }}i386
{{- else }}{{ .Arch }}{{ end }}
{{- if .Arm }}v{{ .Arm }}{{ end }}
# use zip for windows archives
format_overrides:
- goos: windows
format: zip
changelog:
sort: asc
filters:
exclude:
- "^docs:"
- "^test:"

111
README.md
View File

@@ -3,9 +3,10 @@
[![Go](https://github.com/bjdgyc/anylink/workflows/Go/badge.svg?branch=main)](https://github.com/bjdgyc/anylink/actions) [![Go](https://github.com/bjdgyc/anylink/workflows/Go/badge.svg?branch=main)](https://github.com/bjdgyc/anylink/actions)
[![PkgGoDev](https://pkg.go.dev/badge/github.com/bjdgyc/anylink)](https://pkg.go.dev/github.com/bjdgyc/anylink) [![PkgGoDev](https://pkg.go.dev/badge/github.com/bjdgyc/anylink)](https://pkg.go.dev/github.com/bjdgyc/anylink)
[![Go Report Card](https://goreportcard.com/badge/github.com/bjdgyc/anylink)](https://goreportcard.com/report/github.com/bjdgyc/anylink) [![Go Report Card](https://goreportcard.com/badge/github.com/bjdgyc/anylink)](https://goreportcard.com/report/github.com/bjdgyc/anylink)
[![codecov](https://codecov.io/gh/bjdgyc/anylink/branch/master/graph/badge.svg?token=JTFLIIIBQ0)](https://codecov.io/gh/bjdgyc/anylink) [![codecov](https://codecov.io/gh/bjdgyc/anylink/graph/badge.svg?token=JTFLIIIBQ0)](https://codecov.io/gh/bjdgyc/anylink)
![GitHub release](https://img.shields.io/github/v/release/bjdgyc/anylink) ![GitHub release](https://img.shields.io/github/v/release/bjdgyc/anylink)
![GitHub downloads)](https://img.shields.io/github/downloads/bjdgyc/anylink/total) ![GitHub downloads total)](https://img.shields.io/github/downloads/bjdgyc/anylink/total)
![GitHub Downloads (all assets, latest release)](https://img.shields.io/github/downloads/bjdgyc/anylink/latest/total)
[![Docker pulls)](https://img.shields.io/docker/pulls/bjdgyc/anylink.svg)](https://hub.docker.com/r/bjdgyc/anylink) [![Docker pulls)](https://img.shields.io/docker/pulls/bjdgyc/anylink.svg)](https://hub.docker.com/r/bjdgyc/anylink)
![LICENSE](https://img.shields.io/github/license/bjdgyc/anylink) ![LICENSE](https://img.shields.io/github/license/bjdgyc/anylink)
@@ -46,6 +47,8 @@ AnyLink 服务端仅在 CentOS 7、CentOS 8、Ubuntu 18.04、Ubuntu 20.04 测试
> 没有编程基础的同学建议直接下载 release 包,从下面的地址下载 anylink-deploy.tar.gz > 没有编程基础的同学建议直接下载 release 包,从下面的地址下载 anylink-deploy.tar.gz
> >
> https://github.com/bjdgyc/anylink/releases > https://github.com/bjdgyc/anylink/releases
>
> 如果不会安装可以提供有偿远程协助服务。添加QQ联系我 68492170
### 使用问题 ### 使用问题
@@ -59,11 +62,13 @@ AnyLink 服务端仅在 CentOS 7、CentOS 8、Ubuntu 18.04、Ubuntu 20.04 测试
> >
> 其他问题 [前往查看](doc/question.md) > 其他问题 [前往查看](doc/question.md)
> >
> 首次使用,请在浏览器访问 https://域名:443浏览器提示安全后在客户端输入 【域名:443】 即可 > 默认管理后台访问地址 https://host:8800 默认账号密码 admin 123456
>
> 首次使用,请在浏览器访问 https://域名:443 浏览器提示安全后,在客户端输入 【域名:443】 即可
### 自行编译安装 ### 自行编译安装
> 需要提前安装好 golang >= 1.19 和 nodejs >= 16.x 和 yarn >= v1.22.x > 需要提前安装好 golang >= 1.20 和 nodejs = 16.x 和 yarn >= v1.22.x
```shell ```shell
git clone https://github.com/bjdgyc/anylink.git git clone https://github.com/bjdgyc/anylink.git
@@ -120,14 +125,22 @@ sudo ./anylink
> 示例配置文件内有详细的注释,根据注释填写配置即可。 > 示例配置文件内有详细的注释,根据注释填写配置即可。
```shell ```shell
# 查看帮助信息
./anylink -h
# 生成后台密码 # 生成后台密码
./anylink tool -p 123456 ./anylink tool -p 123456
# 生成jwt密钥 # 生成jwt密钥
./anylink tool -s ./anylink tool -s
# 查看所有配置项
./anylink tool -d
``` ```
> 数据库配置示例 > 数据库配置示例
>
> 数据库表结构自动生成,无需手动导入(请赋予 DDL 权限)
| db_type | db_source | | db_type | db_source |
|----------|--------------------------------------------------------| |----------|--------------------------------------------------------|
@@ -139,6 +152,14 @@ sudo ./anylink
> >
> [conf/server-sample.toml](server/conf/server-sample.toml) > [conf/server-sample.toml](server/conf/server-sample.toml)
## Upgrade
> 升级前请备份配置文件`conf`目录 和 数据库,并停止服务
>
> 使用新版的 `anylink` 二进制文件替换旧版
>
> 重启服务后,即可完成升级
## Setting ## Setting
> 以下参数必须设置其中之一 > 以下参数必须设置其中之一
@@ -211,12 +232,17 @@ https://cloud.tencent.com/document/product/216/62007
> 以下参数可以通过执行 `ip a` 查看 > 以下参数可以通过执行 `ip a` 查看
``` ```
# 命令行执行 master网卡需要打开混杂模式
ip link set dev eth0 promisc on
#=====================#
# 配置文件修改
# 首先关闭nat转发功能 # 首先关闭nat转发功能
iptables_nat = false iptables_nat = false
# master网卡需要打开混杂模式 link_mode = "macvtap"
ip link set dev eth0 promisc on
#内网主网卡名称 #内网主网卡名称
ipv4_master = "eth0" ipv4_master = "eth0"
#以下网段需要跟ipv4_master网卡设置成一样 #以下网段需要跟ipv4_master网卡设置成一样
@@ -226,28 +252,36 @@ ipv4_start = "10.1.2.100"
ipv4_end = "10.1.2.200" ipv4_end = "10.1.2.200"
``` ```
## Systemd ## Deploy
> 部署配置文件放在 `deploy` 目录下,请根据实际情况修改配置文件
### Systemd
1. 添加 anylink 程序 1. 添加 anylink 程序
- 首先把 `anylink-deploy` 文件夹放入 `/usr/local/anylink-deploy`
- anylink 程序目录放入 `/usr/local/anylink-deploy`
- 添加执行权限 `chmod +x /usr/local/anylink-deploy/anylink` - 添加执行权限 `chmod +x /usr/local/anylink-deploy/anylink`
2.`anylink.service` 脚本放入:
2. systemd/anylink.service 脚本放入:
- centos: `/usr/lib/systemd/system/` - centos: `/usr/lib/systemd/system/`
- ubuntu: `/lib/systemd/system/` - ubuntu: `/lib/systemd/system/`
3. 操作命令: 3. 操作命令:
- 启动: `systemctl start anylink` - 启动: `systemctl start anylink`
- 停止: `systemctl stop anylink` - 停止: `systemctl stop anylink`
- 开机自启: `systemctl enable anylink` - 开机自启: `systemctl enable anylink`
### Docker Compose
1. 进入 `deploy` 目录
2. 执行脚本 `docker-compose up`
### k8s
1. 进入 `deploy` 目录
2. 执行脚本 `kubectl apply -f deployment.yaml`
## Docker ## Docker
1. 获取镜像 1. 获取镜像
```bash ```bash
# 具体tag可以从docker hub获取 # 具体tag可以从docker hub获取
# https://hub.docker.com/r/bjdgyc/anylink/tags # https://hub.docker.com/r/bjdgyc/anylink/tags
@@ -255,50 +289,67 @@ ipv4_end = "10.1.2.200"
``` ```
2. 查看命令信息 2. 查看命令信息
```bash ```bash
docker run -it --rm bjdgyc/anylink -h docker run -it --rm bjdgyc/anylink -h
``` ```
3. 生成密码 3. 生成密码
```bash ```bash
docker run -it --rm bjdgyc/anylink tool -p 123456 docker run -it --rm bjdgyc/anylink tool -p 123456
#Passwd:$2a$10$lCWTCcGmQdE/4Kb1wabbLelu4vY/cUwBwN64xIzvXcihFgRzUvH2a #Passwd:$2a$10$lCWTCcGmQdE/4Kb1wabbLelu4vY/cUwBwN64xIzvXcihFgRzUvH2a
``` ```
4. 生成 jwt secret 4. 生成 jwt secret
```bash ```bash
docker run -it --rm bjdgyc/anylink tool -s docker run -it --rm bjdgyc/anylink tool -s
#Secret:9qXoIhY01jqhWIeIluGliOS4O_rhcXGGGu422uRZ1JjZxIZmh17WwzW36woEbA #Secret:9qXoIhY01jqhWIeIluGliOS4O_rhcXGGGu422uRZ1JjZxIZmh17WwzW36woEbA
``` ```
5. 启动容器 5. 查看所有配置项
```bash ```bash
docker run -it --rm bjdgyc/anylink tool -d
```
6. 启动容器
```bash
# 默认启动
docker run -itd --name anylink --privileged \ docker run -itd --name anylink --privileged \
-p 443:443 -p 8800:8800 \ -p 443:443 -p 8800:8800 -p 443:443/udp \
--restart=always \ --restart=always \
bjdgyc/anylink bjdgyc/anylink
# 自定义配置目录
# 首次启动会自动创建配置文件
# 配置文件初始化完成后,容器会强制退出,请重新启动容器
docker run -itd --name anylink --privileged \
-p 443:443 -p 8800:8800 -p 443:443/udp \
-v /home/myconf:/app/conf \
--restart=always \
bjdgyc/anylink
docker restart anylink
``` ```
6. 使用自定义参数启动容器 6. 使用自定义参数启动容器
```bash ```bash
# 参数可以参考 -h 命令 # 参数可以参考 ./anylink tool -d
# 可以使用命令行参数 或者 环境变量 配置
docker run -itd --name anylink --privileged \ docker run -itd --name anylink --privileged \
-p 443:443 -p 8800:8800 \ -e LINK_LOG_LEVEL=info \
-p 443:443 -p 8800:8800 -p 443:443/udp \
-v /home/myconf:/app/conf \
--restart=always \ --restart=always \
bjdgyc/anylink \ bjdgyc/anylink \
-c=/etc/server.toml --ip_lease=1209600 # IP地址租约时长 --ip_lease=1209600 # IP地址租约时长
``` ```
7. 构建镜像 (非必需) 7. 构建镜像 (非必需)
```bash ```bash
#获取仓库源码 #获取仓库源码
git clone https://github.com/bjdgyc/anylink.git git clone https://github.com/bjdgyc/anylink.git
# 构建镜像 # 构建镜像
sh build_docker.sh
docker build -t anylink -f docker/Dockerfile . docker build -t anylink -f docker/Dockerfile .
``` ```
@@ -308,7 +359,7 @@ ipv4_end = "10.1.2.200"
## Discussion ## Discussion
添加QQ群(1): 567510628 添加QQ群(1)(已满): 567510628
添加QQ群(2): 739072205 添加QQ群(2): 739072205
@@ -320,6 +371,12 @@ ipv4_end = "10.1.2.200"
![contact_me_qr](doc/screenshot/contact_me_qr.png) ![contact_me_qr](doc/screenshot/contact_me_qr.png)
--> -->
## Support Client
- [AnyConnect Secure Client](https://www.cisco.com/) (可通过群文件下载: Windows/macOS/Linux/Android/iOS)
- [OpenConnect](https://gitlab.com/openconnect/openconnect) (Windows/macOS/Linux)
- [AnyLink Secure Client](https://github.com/tlslink/anylink-client) (Windows/macOS/Linux)
## Contribution ## Contribution
欢迎提交 PR、Issues感谢为 AnyLink 做出贡献。 欢迎提交 PR、Issues感谢为 AnyLink 做出贡献。

26
build.sh
View File

@@ -11,43 +11,47 @@ function RETVAL() {
#当前目录 #当前目录
cpath=$(pwd) cpath=$(pwd)
#ver=`cat server/base/app_ver.go | grep APP_VER | awk '{print $3}' | sed 's/"//g'`
ver=`cat server/base/app_ver.go | grep APP_VER | awk '{print $3}' | sed 's/"//g'` ver=$(cat version)
echo "当前版本 $ver" echo "当前版本 $ver"
echo "编译前端项目" echo "编译前端项目"
cd $cpath/web cd $cpath/web
#国内可替换源加快速度 #国内可替换源加快速度
#npx browserslist@latest --update-db #npx browserslist@latest --update-db
#npm install --registry=https://registry.npm.taobao.org
#npm install
#npm run build
yarn install --registry=https://registry.npmmirror.com yarn install --registry=https://registry.npmmirror.com
yarn run build yarn run build
RETVAL $? RETVAL $?
echo "编译二进制文件" echo "编译二进制文件"
cd $cpath/server cd $cpath/server
rm -rf ui rm -rf ui
cp -rf $cpath/web/ui . cp -rf $cpath/web/ui .
# -tags osusergo,netgo,sqlite_omit_load_extension
flags="-v -trimpath"
# -extldflags '-static'
ldflags="-s -w -X main.appVer=$ver -X main.commitId=$(git rev-parse HEAD) -X main.date=$(date -Iseconds)"
#国内可替换源加快速度 #国内可替换源加快速度
export GOPROXY=https://goproxy.io export GOPROXY=https://goproxy.io
go mod tidy go mod tidy
go build -v -o anylink -ldflags "-s -w -X main.CommitId=$(git rev-parse HEAD)" go build -o anylink $flags -ldflags "$ldflags"
RETVAL $?
cd $cpath cd $cpath
exit 0
echo "整理部署文件" echo "整理部署文件"
deploy="anylink-deploy" deploy="anylink-deploy"
rm -rf $deploy ${deploy}.tar.gz rm -rf $deploy ${deploy}.tar.gz
mkdir $deploy mkdir $deploy
mkdir $deploy/log
cp -r server/anylink $deploy cp -r server/anylink $deploy
#cp -r server/bridge-init.sh $deploy cp -r server/bridge-init.sh $deploy
cp -r server/conf $deploy cp -r server/conf $deploy
cp -r systemd $deploy cp -r systemd $deploy

20
build_docker.sh
View File

@@ -1,18 +1,18 @@
#!/bin/bash #!/bin/bash
ver=`cat server/base/app_ver.go | grep APP_VER | awk '{print $3}' | sed 's/"//g'` ver=$(cat version)
echo $ver echo $ver
#docker login -u bjdgyc # docker login -u bjdgyc
#docker build -t bjdgyc/anylink . # 生成时间 2024-01-30T21:41:27+08:00
# date -Iseconds
docker build -t bjdgyc/anylink --build-arg GitCommitId=$(git rev-parse HEAD) -f docker/Dockerfile . docker run -it --rm -v $PWD/web:/app -w /app node:16-alpine \
sh -c "yarn install --registry=https://registry.npmmirror.com && yarn run build"
docker buildx build -t bjdgyc/anylink:latest --progress=plain --build-arg CN="yes" --build-arg appVer=$ver \
--build-arg commitId=$(git rev-parse HEAD) -f docker/Dockerfile .
echo "docker tag latest $ver"
docker tag bjdgyc/anylink:latest bjdgyc/anylink:$ver docker tag bjdgyc/anylink:latest bjdgyc/anylink:$ver
exit 0
docker push bjdgyc/anylink:$ver
docker push bjdgyc/anylink:latest

4
systemd/anylink.service → deploy/anylink.service
View File

@@ -17,8 +17,8 @@ ExecStart=/usr/local/anylink-deploy/anylink --conf=/usr/local/anylink-deploy/con
# ExecStart=/bin/bash -c 'exec /usr/local/anylink-deploy/anylink --conf=/usr/local/anylink-deploy/conf/server.toml >> /usr/local/anylink-deploy/log/anylink.log 2>&1' # ExecStart=/bin/bash -c 'exec /usr/local/anylink-deploy/anylink --conf=/usr/local/anylink-deploy/conf/server.toml >> /usr/local/anylink-deploy/log/anylink.log 2>&1'
# systemd new than v236 # systemd new than v236
# StandardOutput=file:/usr/local/anylink-deploy/log/anylink.log # StandardOutput=file:/usr/local/anylink-deploy/log/anylink-systemd.log
# StandardError=file:/usr/local/anylink-deploy/log/anylink.log # StandardError=file:/usr/local/anylink-deploy/log/anylink-systemd.log
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

101
deploy/deployment.yaml Normal file
View File

@@ -0,0 +1,101 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: anylink
namespace: default
labels:
link-app: anylink
spec:
replicas: 1
selector:
matchLabels:
link-app: anylink
template:
metadata:
labels:
link-app: anylink
spec:
#hostNetwork: true
dnsPolicy: ClusterFirst
containers:
- name: anylink
env:
- name: NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: GOMAXPROCS
valueFrom:
resourceFieldRef:
resource: limits.cpu
- name: POD_CPU_LIMIT
valueFrom:
resourceFieldRef:
resource: limits.cpu
- name: POD_MEMORY_LIMIT
valueFrom:
resourceFieldRef:
resource: limits.memory
- name: TZ
value: "Asia/Shanghai"
image: bjdgyc/anylink:latest
imagePullPolicy: Always
args:
- --conf=/app/conf/server.toml
ports:
- name: https
containerPort: 443
protocol: TCP
- name: https-admin
containerPort: 8800
protocol: TCP
- name: dtls
containerPort: 443
protocol: UDP
# 设置资源
resources:
limits:
cpu: "2"
memory: 4Gi
ephemeral-storage: "2Gi"
securityContext:
privileged: true
# 禁用自动注入 service 信息到环境变量
enableServiceLinks: false
restartPolicy: Always
terminationGracePeriodSeconds: 30
nodeSelector:
kubernetes.io/os: linux
securityContext: { }
tolerations:
- operator: Exists
#设置优先级
priorityClassName: system-cluster-critical
---
apiVersion: v1
kind: Service
metadata:
name: anylink
namespace: default
labels:
link-app: anylink
spec:
ports:
- name: https
port: 443
targetPort: 443
protocol: TCP
- name: https-admin
port: 8800
targetPort: 8800
protocol: TCP
- name: dtls
port: 443
targetPort: 443
protocol: UDP
selector:
link-app: anylink
sessionAffinity: ClientIP
type: ClusterIP

19
deploy/docker-compose.yaml Normal file
View File

@@ -0,0 +1,19 @@
services:
anylink:
image: bjdgyc/anylink:latest
container_name: anylink
restart: always
privileged: true
#cpus: 2
#mem_limit: 4g
ports:
- 443:443
- 8800:8800
- 443:443/udp
environment:
LINK_LOG_LEVEL: info
command:
- --conf=/app/conf/server.toml
#volumes:
# - /home/myconf:/app/conf
dns_search: .

7
doc/README.md
View File

@@ -12,7 +12,7 @@
> >
> 需要展示主页的同学可以在QQ群 直接联系我添加。 > 需要展示主页的同学可以在QQ群 直接联系我添加。
| 昵称 | 主页 / 留言 | | 昵称 | 主页 / 联系方式 |
|-----------|------------------------------| |-----------|------------------------------|
| 代码 oo8 | | | 代码 oo8 | |
| 甘磊 | https://github.com/ganlei333 | | 甘磊 | https://github.com/ganlei333 |
@@ -40,9 +40,10 @@
| 悲鸣 | | | 悲鸣 | |
| 谢谢 | | | 谢谢 | |
| 云思科技 | | | 云思科技 | |
| 哆啦A伟(张佳伟) | 嘿嘿 | | 哆啦A伟(张佳伟) | |
| 人类的悲欢并不相通 | 开源不易,感谢分享 | | 人类的悲欢并不相通 | |
| 做人要低调 | | | 做人要低调 | |
| 洛洛 | |

6
doc/question.md
View File

@@ -46,6 +46,12 @@ mobile_dpd = 15
> >
> 如经常出现 timeout 的错误信息应根据当前防火墙的设置适当减小dpd数值 > 如经常出现 timeout 的错误信息应根据当前防火墙的设置适当减小dpd数值
### 关于审计日志 audit_interval 参数
> 默认值 `audit_interval = 600` 表示相同日志600秒内只记录一次不同日志首次出现立即记录
>
> 去重key的格式: 16字节源IP地址 + 16字节目的IP地址 + 2字节目的端口 + 1字节协议类型 + 16字节域名MD5
### 反向代理问题 ### 反向代理问题
> anylink 仅支持四层反向代理,不支持七层反向代理 > anylink 仅支持四层反向代理,不支持七层反向代理

67
docker/Dockerfile
View File

@@ -1,57 +1,58 @@
#node:16-bullseye #node:16-bullseye
#golang:1.20-bullseye #golang:1.20-bullseye
#debian:bullseye-slim #debian:bullseye-slim
#sed -i 's/deb.debian.org/mirrors.ustc.edu.cn/g' /etc/apt/sources.list #bullseye
# sed -i 's/deb.debian.org/mirrors.ustc.edu.cn/g' /etc/apt/sources.list
#bookworm
# sed -i 's/deb.debian.org/mirrors.ustc.edu.cn/g' /etc/apt/sources.list.d/debian.sources
# sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories
# web # 配合 github action 使用
FROM node:16-alpine3.18 as builder_node # 需要先编译出ui文件后 再执行docker编译
WORKDIR /web
COPY ./web /web
RUN yarn install \
&& yarn run build \
&& ls /web/ui
# server # server
FROM golang:1.20-alpine3.18 as builder_golang FROM golang:1.20-alpine3.19 as builder_golang
#TODO 本地打包时使用镜像
ENV GOPROXY=https://goproxy.cn
ENV GOOS=linux
ARG GitCommitId="gitCommitId"
WORKDIR /anylink ARG CN="no"
COPY server /anylink ARG appVer="appVer"
COPY --from=builder_node /web/ui /anylink/ui ARG commitId="commitId"
#TODO 本地打包时使用镜像 ENV TZ=Asia/Shanghai
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories
RUN apk add gcc musl-dev WORKDIR /server
RUN cd /anylink;go mod tidy;go build -o anylink -ldflags "-s -w -X main.CommitId=${GitCommitId}" \ COPY docker/init_build.sh /tmp/
&& /anylink/anylink tool -v COPY server/ /server/
COPY web/ui /server/ui
#RUN apk add gcc musl-dev bash
RUN sh /tmp/init_build.sh
# anylink # anylink
FROM alpine:3.18 FROM alpine:3.19
LABEL maintainer="github.com/bjdgyc" LABEL maintainer="github.com/bjdgyc"
ARG CN="no"
ENV TZ=Asia/Shanghai
ENV ANYLINK_IN_CONTAINER=true ENV ANYLINK_IN_CONTAINER=true
WORKDIR /app WORKDIR /app
COPY --from=builder_golang /anylink/anylink /app/ COPY docker/init_release.sh /tmp/
COPY docker/docker_entrypoint.sh /app/
COPY ./server/bridge-init.sh /app/ COPY --from=builder_golang /server/anylink /app/
COPY docker/docker_entrypoint.sh server/bridge-init.sh ./README.md ./LICENSE version_info /app/
COPY ./deploy /app/deploy
COPY ./index_template /app/index_template
COPY ./server/conf /app/conf COPY ./server/conf /app/conf
COPY ./LICENSE /app/LICENSE
COPY ./home /app/home
#TODO 本地打包时使用镜像 #TODO 本地打包时使用镜像
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories RUN sh /tmp/init_release.sh
RUN apk add --no-cache bash iptables \
&& chmod +x /app/docker_entrypoint.sh \
&& ls /app
EXPOSE 443 8800
EXPOSE 443 8800 443/udp
#CMD ["/app/anylink"] #CMD ["/app/anylink"]
ENTRYPOINT ["/app/docker_entrypoint.sh"] ENTRYPOINT ["/app/docker_entrypoint.sh"]

8
docker/docker_entrypoint.sh
View File

@@ -18,6 +18,14 @@ case $var1 in
#iptables -t nat -A POSTROUTING -s "${IPV4_CIDR}" -o eth0+ -j MASQUERADE #iptables -t nat -A POSTROUTING -s "${IPV4_CIDR}" -o eth0+ -j MASQUERADE
#iptables -nL -t nat #iptables -nL -t nat
# 启动服务 先判断配置文件是否存在
if [ ! -f /app/conf/profile.xml ]; then
/bin/cp -r /home/conf-bak/* /app/conf/
echo "After the configuration file is initialized, the container will be forcibly exited. Restart the container."
echo "配置文件初始化完成后,容器会强制退出,请重新启动容器。"
exit 1
fi
exec /app/anylink "$@" exec /app/anylink "$@"
;; ;;
esac esac

34
docker/init_build.sh Normal file
View File

@@ -0,0 +1,34 @@
#!/bin/sh
set -x
#TODO 本地打包时使用镜像
if [[ $CN == "yes" ]]; then
sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories
export GOPROXY=https://goproxy.cn
fi
apk add build-base tzdata gcc musl-dev upx
uname -a
env
date
cd /server
go mod tidy
echo "start build"
extldflags="-static"
ldflags="-s -w -X main.appVer=$appVer -X main.commitId=$commitId -X main.buildDate=$(date -Iseconds) \
-extldflags \"$extldflags\" "
CGO_ENABLED=1 go build -o anylink -trimpath -ldflags "$ldflags"
ls -lh /server/
# 压缩文件
upx -9 -k anylink
/server/anylink -v

21
docker/init_release.sh Normal file
View File

@@ -0,0 +1,21 @@
#!/bin/sh
set -x
#TODO 本地打包时使用镜像
if [[ $CN == "yes" ]]; then
sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories
export GOPROXY=https://goproxy.cn
fi
apk add --no-cache bash iptables iproute2 tzdata
chmod +x /app/docker_entrypoint.sh
mkdir /app/log
#备份配置文件
cp -r /app/conf /home/conf-bak
tree /app
uname -a
date -Iseconds

0
home/自定义首页1.html → index_template/自定义首页1.html
View File

50
release.sh Normal file
View File

@@ -0,0 +1,50 @@
#!/bin/bash
#github action release.sh
set -x
function RETVAL() {
rt=$1
if [ $rt != 0 ]; then
echo $rt
exit 1
fi
}
#当前目录
cpath=$(pwd)
ver=$(cat version)
echo "当前版本 $ver"
rm -rf artifact-dist
mkdir artifact-dist
function archive() {
arch=$1
#echo "整理部署文件 $arch"
arch_name=${arch//\//-}
echo $arch_name
deploy="anylink-$ver-$arch_name"
docker container rm $deploy
docker container create --platform $arch --name $deploy bjdgyc/anylink:$ver
rm -rf anylink-deploy
docker cp -a $deploy:/app ./anylink-deploy
ls -lh anylink-deploy
tar zcf ${deploy}.tar.gz anylink-deploy
mv ${deploy}.tar.gz artifact-dist/
}
echo "copy二进制文件"
archive "linux/amd64"
archive "linux/arm64"
ls -lh artifact-dist
#注意使用root权限运行
#cd anylink-deploy
#sudo ./anylink --conf="conf/server.toml"

58
release_bak.sh Normal file
View File

@@ -0,0 +1,58 @@
#!/bin/bash
#github action release.sh
set -x
function RETVAL() {
rt=$1
if [ $rt != 0 ]; then
echo $rt
exit 1
fi
}
#当前目录
cpath=$(pwd)
echo "copy二进制文件"
cd $cpath/server
# -tags osusergo,netgo,sqlite_omit_load_extension
flags="-trimpath"
ldflags="-s -w -extldflags '-static' -X main.appVer=$ver -X main.commitId=$(git rev-parse HEAD) -X main.date=$(date --iso-8601=seconds)"
#github action
gopath=$(go env GOPATH)
go mod tidy
# alpine3
apk add gcc musl-dev
#使用 musl-dev 编译
docker run -q --rm -v $PWD:/app -v $gopath:/go -w /app --platform=linux/amd64 \
golang:1.20-alpine3.19 go build -o anylink_amd64 $flags -ldflags "$ldflags"
./anylink_amd64 -v
#arm64编译
docker run -q --rm -v $PWD:/app -v $gopath:/go -w /app --platform=linux/arm64 \
golang:1.20-alpine3.19 go build -o anylink_arm64 $flags -ldflags "$ldflags"
./anylink_arm64 -v
exit 0
cd $cpath
echo "整理部署文件"
deploy="anylink-deploy"
rm -rf $deploy ${deploy}.tar.gz
mkdir $deploy
mkdir $deploy/log
cp -r server/anylink $deploy
cp -r server/bridge-init.sh $deploy
cp -r server/conf $deploy
cp -r systemd $deploy
cp -r LICENSE $deploy
cp -r home $deploy
tar zcvf ${deploy}.tar.gz $deploy
#注意使用root权限运行
#cd anylink-deploy
#sudo ./anylink --conf="conf/server.toml"

2
server/admin/api_base.go
View File

@@ -36,7 +36,7 @@ func Login(w http.ResponseWriter, r *http.Request) {
totp := gotp.NewDefaultTOTP(base.Cfg.AdminOtp) totp := gotp.NewDefaultTOTP(base.Cfg.AdminOtp)
unix := time.Now().Unix() unix := time.Now().Unix()
verify := totp.Verify(otp, int(unix)) verify := totp.Verify(otp, unix)
if !verify { if !verify {
RespError(w, RespUserOrPassErr) RespError(w, RespUserOrPassErr)

10
server/admin/api_user.go
View File

@@ -22,6 +22,7 @@ import (
func UserList(w http.ResponseWriter, r *http.Request) { func UserList(w http.ResponseWriter, r *http.Request) {
_ = r.ParseForm() _ = r.ParseForm()
prefix := r.FormValue("prefix") prefix := r.FormValue("prefix")
prefix = strings.TrimSpace(prefix)
pageS := r.FormValue("page") pageS := r.FormValue("page")
page, _ := strconv.Atoi(pageS) page, _ := strconv.Atoi(pageS)
if page < 1 { if page < 1 {
@@ -37,8 +38,11 @@ func UserList(w http.ResponseWriter, r *http.Request) {
// 查询前缀匹配 // 查询前缀匹配
if len(prefix) > 0 { if len(prefix) > 0 {
count = dbdata.CountPrefix("username", prefix, &dbdata.User{}) fuzzy := "%" + prefix + "%"
err = dbdata.Prefix("username", prefix, &datas, pageSize, 1) where := "username LIKE ? OR nickname LIKE ? OR email LIKE ?"
count = dbdata.FindWhereCount(&dbdata.User{}, where, fuzzy, fuzzy, fuzzy)
err = dbdata.FindWhere(&datas, pageSize, page, where, fuzzy, fuzzy, fuzzy)
} else { } else {
count = dbdata.CountAll(&dbdata.User{}) count = dbdata.CountAll(&dbdata.User{})
err = dbdata.Find(&datas, pageSize, page) err = dbdata.Find(&datas, pageSize, page)
@@ -107,7 +111,7 @@ func UserSet(w http.ResponseWriter, r *http.Request) {
return return
} }
} }
//修改用户资料后执行过期用户检测 // 修改用户资料后执行过期用户检测
sessdata.CloseUserLimittimeSession() sessdata.CloseUserLimittimeSession()
RespSucess(w, nil) RespSucess(w, nil)
} }

7
server/admin/server.go
View File

@@ -25,6 +25,7 @@ func StartAdmin() {
r.Use(func(next http.Handler) http.Handler { r.Use(func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
utils.SetSecureHeader(w) utils.SetSecureHeader(w)
w.Header().Set("Server", "AnyLinkAdminOpenSource")
next.ServeHTTP(w, req) next.ServeHTTP(w, req)
}) })
}) })
@@ -96,8 +97,9 @@ func StartAdmin() {
r.HandleFunc("/debug/pprof", location("/debug/pprof/")).Name("debug") r.HandleFunc("/debug/pprof", location("/debug/pprof/")).Name("debug")
r.PathPrefix("/debug/pprof/").HandlerFunc(pprof.Index).Name("debug") r.PathPrefix("/debug/pprof/").HandlerFunc(pprof.Index).Name("debug")
// statsviz // statsviz
r.Path("/debug/statsviz/ws").Name("debug").HandlerFunc(statsviz.Ws) srv, _ := statsviz.NewServer() // Create server or handle error
r.PathPrefix("/debug/statsviz/").Name("debug").Handler(statsviz.Index) r.Path("/debug/statsviz/ws").Name("debug").HandlerFunc(srv.Ws())
r.PathPrefix("/debug/statsviz/").Name("debug").Handler(srv.Index())
} }
base.Info("Listen admin", base.Cfg.AdminAddr) base.Info("Listen admin", base.Cfg.AdminAddr)
@@ -128,6 +130,7 @@ func StartAdmin() {
Addr: base.Cfg.AdminAddr, Addr: base.Cfg.AdminAddr,
Handler: r, Handler: r,
TLSConfig: tlsConfig, TLSConfig: tlsConfig,
ErrorLog: base.GetServerLog(),
} }
err := srv.ListenAndServeTLS("", "") err := srv.ListenAndServeTLS("", "")
if err != nil { if err != nil {

10
server/base/app_ver.go
View File

@@ -2,6 +2,12 @@ package base
const ( const (
APP_NAME = "AnyLink" APP_NAME = "AnyLink"
// app版本号 )
APP_VER = "0.10.1"
var (
// APP_VER app版本号
APP_VER = "0.0.1"
// 提交id
CommitId string
BuildDate string
) )

18
server/base/cfg.go
View File

@@ -45,6 +45,7 @@ type ServerConfig struct {
FilesPath string `json:"files_path"` FilesPath string `json:"files_path"`
LogPath string `json:"log_path"` LogPath string `json:"log_path"`
LogLevel string `json:"log_level"` LogLevel string `json:"log_level"`
HttpServerLog bool `json:"http_server_log"`
Pprof bool `json:"pprof"` Pprof bool `json:"pprof"`
Issuer string `json:"issuer"` Issuer string `json:"issuer"`
AdminUser string `json:"admin_user"` AdminUser string `json:"admin_user"`
@@ -70,6 +71,7 @@ type ServerConfig struct {
Mtu int `json:"mtu"` Mtu int `json:"mtu"`
DefaultDomain string `json:"default_domain"` DefaultDomain string `json:"default_domain"`
IdleTimeout int `json:"idle_timeout"` // in seconds
SessionTimeout int `json:"session_timeout"` // in seconds SessionTimeout int `json:"session_timeout"` // in seconds
// AuthTimeout int `json:"auth_timeout"` // in seconds // AuthTimeout int `json:"auth_timeout"` // in seconds
AuditInterval int `json:"audit_interval"` // in seconds AuditInterval int `json:"audit_interval"` // in seconds
@@ -153,6 +155,7 @@ type SCfg struct {
Env string `json:"env"` Env string `json:"env"`
Info string `json:"info"` Info string `json:"info"`
Data interface{} `json:"data"` Data interface{} `json:"data"`
Val interface{} `json:"default"`
} }
func ServerCfg2Slice() []SCfg { func ServerCfg2Slice() []SCfg {
@@ -167,18 +170,27 @@ func ServerCfg2Slice() []SCfg {
field := typ.Field(i) field := typ.Field(i)
value := s.Field(i) value := s.Field(i)
tag := field.Tag.Get("json") tag := field.Tag.Get("json")
usage, env := getUsageEnv(tag) usage, env, val := getUsageEnv(tag)
datas = append(datas, SCfg{Name: tag, Env: env, Info: usage, Data: value.Interface()}) datas = append(datas, SCfg{Name: tag, Env: env, Info: usage, Data: value.Interface(), Val: val})
} }
return datas return datas
} }
func getUsageEnv(name string) (usage, env string) { func getUsageEnv(name string) (usage, env string, val interface{}) {
for _, v := range configs { for _, v := range configs {
if v.Name == name { if v.Name == name {
usage = v.Usage usage = v.Usage
if v.Typ == cfgStr {
val = v.ValStr
}
if v.Typ == cfgInt {
val = v.ValInt
}
if v.Typ == cfgBool {
val = v.ValBool
}
} }
} }

44
server/base/cmd.go
View File

@@ -1,7 +1,6 @@
package base package base
import ( import (
"errors"
"fmt" "fmt"
"io" "io"
"os" "os"
@@ -17,8 +16,6 @@ import (
) )
var ( var (
// 提交id
CommitId string
// pass明文 // pass明文
passwd string passwd string
// 生成otp // 生成otp
@@ -61,8 +58,28 @@ func execute() {
} }
if !runSrv { if !runSrv {
if debug {
scfgData := ServerCfg2Slice()
fmtStr := "%-18v %-23v %-20v %v\n"
fmt.Printf(fmtStr, "Name", "Env", "Value", "Info")
for _, v := range scfgData {
if v.Name == "admin_pass" || v.Name == "jwt_secret" {
v.Val = "******"
}
fmt.Printf(fmtStr, v.Name, v.Env, v.Val, v.Info)
}
}
os.Exit(0) os.Exit(0)
} }
// 移动配置解析代码
conf := linkViper.GetString("conf")
linkViper.SetConfigFile(conf)
err = linkViper.ReadInConfig()
if err != nil {
// 没有配置文件,直接报错
panic("config file err:" + err.Error())
}
} }
func initCmd() { func initCmd() {
@@ -106,19 +123,6 @@ func initCmd() {
cobra.OnInitialize(func() { cobra.OnInitialize(func() {
linkViper.AutomaticEnv() linkViper.AutomaticEnv()
conf := linkViper.GetString("conf")
_, err := os.Stat(conf)
if errors.Is(err, os.ErrNotExist) {
// 没有配置文件,不做处理
panic(err)
}
linkViper.SetConfigFile(conf)
err = linkViper.ReadInConfig()
if err != nil {
panic("config file err:" + err.Error())
}
}) })
} }
@@ -136,6 +140,8 @@ func initToolCmd() *cobra.Command {
toolCmd.Flags().BoolVarP(&debug, "debug", "d", false, "list the config viper.Debug() info") toolCmd.Flags().BoolVarP(&debug, "debug", "d", false, "list the config viper.Debug() info")
toolCmd.Run = func(cmd *cobra.Command, args []string) { toolCmd.Run = func(cmd *cobra.Command, args []string) {
runSrv = false
switch { switch {
case rev: case rev:
printVersion() printVersion()
@@ -154,7 +160,7 @@ func initToolCmd() *cobra.Command {
pass, _ := utils.PasswordHash(passwd) pass, _ := utils.PasswordHash(passwd)
fmt.Printf("Passwd:%s\n", pass) fmt.Printf("Passwd:%s\n", pass)
case debug: case debug:
linkViper.Debug() // linkViper.Debug()
default: default:
fmt.Println("Using [anylink tool -h] for help") fmt.Println("Using [anylink tool -h] for help")
} }
@@ -164,6 +170,6 @@ func initToolCmd() *cobra.Command {
} }
func printVersion() { func printVersion() {
fmt.Printf("%s v%s build on %s [%s, %s] commit_id(%s) \n", fmt.Printf("%s v%s build on %s [%s, %s] date:%s commit_id(%s)\n",
APP_NAME, APP_VER, runtime.Version(), runtime.GOOS, runtime.GOARCH, CommitId) APP_NAME, APP_VER, runtime.Version(), runtime.GOOS, runtime.GOARCH, BuildDate, CommitId)
} }

18
server/base/config.go
View File

@@ -22,9 +22,9 @@ type config struct {
var configs = []config{ var configs = []config{
{Typ: cfgStr, Name: "conf", Usage: "config file", ValStr: "./conf/server.toml", Short: "c"}, {Typ: cfgStr, Name: "conf", Usage: "config file", ValStr: "./conf/server.toml", Short: "c"},
{Typ: cfgStr, Name: "profile", Usage: "profile.xml file", ValStr: "./conf/profile.xml"}, {Typ: cfgStr, Name: "profile", Usage: "profile.xml file", ValStr: "./conf/profile.xml"},
{Typ: cfgStr, Name: "server_addr", Usage: "服务监听地址", ValStr: ":443"}, {Typ: cfgStr, Name: "server_addr", Usage: "TCP服务监听地址(任意端口)", ValStr: ":443"},
{Typ: cfgBool, Name: "server_dtls", Usage: "开启DTLS", ValBool: false}, {Typ: cfgBool, Name: "server_dtls", Usage: "开启DTLS", ValBool: true},
{Typ: cfgStr, Name: "server_dtls_addr", Usage: "DTLS监听地址", ValStr: ":443"}, {Typ: cfgStr, Name: "server_dtls_addr", Usage: "DTLS监听地址(任意端口)", ValStr: ":443"},
{Typ: cfgStr, Name: "admin_addr", Usage: "后台服务监听地址", ValStr: ":8800"}, {Typ: cfgStr, Name: "admin_addr", Usage: "后台服务监听地址", ValStr: ":8800"},
{Typ: cfgBool, Name: "proxy_protocol", Usage: "TCP代理协议", ValBool: false}, {Typ: cfgBool, Name: "proxy_protocol", Usage: "TCP代理协议", ValBool: false},
{Typ: cfgStr, Name: "db_type", Usage: "数据库类型 [sqlite3 mysql postgres]", ValStr: "sqlite3"}, {Typ: cfgStr, Name: "db_type", Usage: "数据库类型 [sqlite3 mysql postgres]", ValStr: "sqlite3"},
@@ -34,6 +34,7 @@ var configs = []config{
{Typ: cfgStr, Name: "files_path", Usage: "外部下载文件路径", ValStr: "./conf/files"}, {Typ: cfgStr, Name: "files_path", Usage: "外部下载文件路径", ValStr: "./conf/files"},
{Typ: cfgStr, Name: "log_path", Usage: "日志文件路径,默认标准输出", ValStr: ""}, {Typ: cfgStr, Name: "log_path", Usage: "日志文件路径,默认标准输出", ValStr: ""},
{Typ: cfgStr, Name: "log_level", Usage: "日志等级 [debug info warn error]", ValStr: "debug"}, {Typ: cfgStr, Name: "log_level", Usage: "日志等级 [debug info warn error]", ValStr: "debug"},
{Typ: cfgBool, Name: "http_server_log", Usage: "开启go标准库http.Server的日志", ValBool: false},
{Typ: cfgBool, Name: "pprof", Usage: "开启pprof", ValBool: false}, {Typ: cfgBool, Name: "pprof", Usage: "开启pprof", ValBool: false},
{Typ: cfgStr, Name: "issuer", Usage: "系统名称", ValStr: "XX公司VPN"}, {Typ: cfgStr, Name: "issuer", Usage: "系统名称", ValStr: "XX公司VPN"},
{Typ: cfgStr, Name: "admin_user", Usage: "管理用户名", ValStr: "admin"}, {Typ: cfgStr, Name: "admin_user", Usage: "管理用户名", ValStr: "admin"},
@@ -52,14 +53,15 @@ var configs = []config{
{Typ: cfgInt, Name: "ip_lease", Usage: "IP租期(秒)", ValInt: 86400}, {Typ: cfgInt, Name: "ip_lease", Usage: "IP租期(秒)", ValInt: 86400},
{Typ: cfgInt, Name: "max_client", Usage: "最大用户连接", ValInt: 200}, {Typ: cfgInt, Name: "max_client", Usage: "最大用户连接", ValInt: 200},
{Typ: cfgInt, Name: "max_user_client", Usage: "最大单用户连接", ValInt: 3}, {Typ: cfgInt, Name: "max_user_client", Usage: "最大单用户连接", ValInt: 3},
{Typ: cfgInt, Name: "cstp_keepalive", Usage: "keepalive时间(秒)", ValInt: 4}, {Typ: cfgInt, Name: "cstp_keepalive", Usage: "keepalive时间(秒)", ValInt: 5},
{Typ: cfgInt, Name: "cstp_dpd", Usage: "死链接检测时间(秒)", ValInt: 9}, {Typ: cfgInt, Name: "cstp_dpd", Usage: "死链接检测时间(秒)", ValInt: 12},
{Typ: cfgInt, Name: "mobile_keepalive", Usage: "移动端keepalive接检测时间(秒)", ValInt: 7}, {Typ: cfgInt, Name: "mobile_keepalive", Usage: "移动端keepalive接检测时间(秒)", ValInt: 10},
{Typ: cfgInt, Name: "mobile_dpd", Usage: "移动端死链接检测时间(秒)", ValInt: 15}, {Typ: cfgInt, Name: "mobile_dpd", Usage: "移动端死链接检测时间(秒)", ValInt: 22},
{Typ: cfgInt, Name: "mtu", Usage: "最大传输单元MTU", ValInt: 1460}, {Typ: cfgInt, Name: "mtu", Usage: "最大传输单元MTU", ValInt: 1460},
{Typ: cfgInt, Name: "idle_timeout", Usage: "空闲链接超时时间(秒)-超时后断开链接0关闭此功能", ValInt: 7200},
{Typ: cfgInt, Name: "session_timeout", Usage: "session过期时间(秒)-用于断线重连0永不过期", ValInt: 3600}, {Typ: cfgInt, Name: "session_timeout", Usage: "session过期时间(秒)-用于断线重连0永不过期", ValInt: 3600},
// {Typ: cfgInt, Name: "auth_timeout", Usage: "auth_timeout", ValInt: 0}, // {Typ: cfgInt, Name: "auth_timeout", Usage: "auth_timeout", ValInt: 0},
{Typ: cfgInt, Name: "audit_interval", Usage: "审计去重间隔(秒),-1关闭", ValInt: -1}, {Typ: cfgInt, Name: "audit_interval", Usage: "审计去重间隔(秒),-1关闭", ValInt: 600},
{Typ: cfgBool, Name: "show_sql", Usage: "显示sql语句用于调试", ValBool: false}, {Typ: cfgBool, Name: "show_sql", Usage: "显示sql语句用于调试", ValBool: false},
{Typ: cfgBool, Name: "iptables_nat", Usage: "是否自动添加NAT", ValBool: true}, {Typ: cfgBool, Name: "iptables_nat", Usage: "是否自动添加NAT", ValBool: true},

21
server/base/log.go
View File

@@ -28,6 +28,10 @@ var (
logName = "anylink.log" logName = "anylink.log"
) )
func init() {
log.SetFlags(log.LstdFlags | log.Lshortfile)
}
// 实现 os.Writer 接口 // 实现 os.Writer 接口
type logWriter struct { type logWriter struct {
UseStdout bool UseStdout bool
@@ -77,15 +81,28 @@ func initLog() {
baseLw.newFile() baseLw.newFile()
baseLevel = logLevel2Int(Cfg.LogLevel) baseLevel = logLevel2Int(Cfg.LogLevel)
baseLog = log.New(baseLw, "", log.LstdFlags|log.Lshortfile) baseLog = log.New(baseLw, "", log.LstdFlags|log.Lshortfile)
serverLog = log.New(&sLogWriter{}, "[http_server]", log.LstdFlags|log.Lshortfile)
} }
func GetBaseLw() *logWriter { func GetBaseLw() *logWriter {
return baseLw return baseLw
} }
var serverLog *log.Logger
type sLogWriter struct{}
func (w *sLogWriter) Write(p []byte) (n int, err error) {
if Cfg.HttpServerLog {
return os.Stderr.Write(p)
}
return 0, nil
}
// 获取 log.Logger // 获取 log.Logger
func GetBaseLog() *log.Logger { func GetServerLog() *log.Logger {
return baseLog return serverLog
} }
func GetLogLevel() int { func GetLogLevel() int {

17
server/base/mod.go
View File

@@ -50,20 +50,25 @@ func CheckModOrLoad(mod string) {
return return
} }
var err error
if mod == "tun" || mod == "tap" { if mod == "tun" || mod == "tap" {
_, err := os.Stat(tunPath) _, err = os.Stat(tunPath)
if err == nil { if err == nil {
// 文件存在 // 文件存在
return return
} }
panic("Linux tunFile is null " + tunPath) err = fmt.Errorf("[error] Linux tunFile is null %s", tunPath)
log.Println(err)
return
// panic(err)
} }
if InContainer { if InContainer {
err := fmt.Errorf("Linux module %s is not loaded, please run `modprobe %s`", mod, mod) err = fmt.Errorf("[error] Linux module %s is not loaded, please run `modprobe %s`", mod, mod)
// log.Println(err) log.Println(err)
// return return
panic(err) // panic(err)
} }
cmdstr := fmt.Sprintln("modprobe", mod) cmdstr := fmt.Sprintln("modprobe", mod)

20
server/build_test.sh Normal file
View File

@@ -0,0 +1,20 @@
#!/bin/sh
# docker run -it --rm -v $PWD:/app -v /go:/go -w /app --platform=linux/arm64 golang:alpine3.19 sh build_test.sh
set -x
sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories
export GOPROXY=https://goproxy.cn
apk add build-base tzdata gcc musl-dev upx
#go build -o anylink
go build -o anylink -ldflags "-s -w -extldflags '-static'"
go env
uname -a
./anylink -v

22
server/conf/server-sample.toml
View File

@@ -29,16 +29,18 @@ admin_otp = ""
jwt_secret = "abcdef.0123456789.abcdef" jwt_secret = "abcdef.0123456789.abcdef"
#服务监听地址 #TCP服务监听地址(任意端口)
server_addr = ":443" server_addr = ":443"
#开启 DTLS, 默认关闭 #开启 DTLS
server_dtls = false server_dtls = true
#UDP监听地址(任意端口)
server_dtls_addr = ":443" server_dtls_addr = ":443"
#后台服务监听地址 #后台服务监听地址
admin_addr = ":8800" admin_addr = ":8800"
#开启tcp proxy protocol协议 #开启tcp proxy protocol协议
proxy_protocol = false proxy_protocol = false
#虚拟网络类型[tun macvtap tap]
link_mode = "tun" link_mode = "tun"
#客户端分配的ip地址池 #客户端分配的ip地址池
@@ -49,7 +51,7 @@ ipv4_start = "192.168.90.100"
ipv4_end = "192.168.90.200" ipv4_end = "192.168.90.200"
#最大客户端数量 #最大客户端数量
max_client = 100 max_client = 200
#单个用户同时在线数量 #单个用户同时在线数量
max_user_client = 3 max_user_client = 3
#IP租期(秒) #IP租期(秒)
@@ -59,10 +61,10 @@ ip_lease = 86400
default_group = "one" default_group = "one"
#客户端失效检测时间(秒) dpd > keepalive #客户端失效检测时间(秒) dpd > keepalive
cstp_keepalive = 6 cstp_keepalive = 5
cstp_dpd = 10 cstp_dpd = 12
mobile_keepalive = 15 mobile_keepalive = 10
mobile_dpd = 20 mobile_dpd = 22
#设置最大传输单元 #设置最大传输单元
mtu = 1460 mtu = 1460
@@ -71,10 +73,12 @@ mtu = 1460
default_domain = "example.com" default_domain = "example.com"
#default_domain = "example.com abc.example.com" #default_domain = "example.com abc.example.com"
#空闲链接超时时间(秒)-超时后断开链接0关闭此功能
idle_timeout = 7200
#session过期时间用于断线重连0永不过期 #session过期时间用于断线重连0永不过期
session_timeout = 3600 session_timeout = 3600
auth_timeout = 0 auth_timeout = 0
audit_interval = -1 audit_interval = 600
show_sql = false show_sql = false

9
server/conf/server.toml
View File

@@ -23,12 +23,17 @@ admin_pass = "$2a$10$UQ7C.EoPifDeJh6d8.31TeSPQU7hM/NOM2nixmBucJpAuXDQNqNke"
admin_otp = "" admin_otp = ""
jwt_secret = "abcdef.0123456789.abcdef" jwt_secret = "abcdef.0123456789.abcdef"
#服务监听地址 #TCP服务监听地址(任意端口)
server_addr = ":443" server_addr = ":443"
#开启 DTLS
server_dtls = true
#UDP监听地址(任意端口)
server_dtls_addr = ":443"
#后台服务监听地址 #后台服务监听地址
admin_addr = ":8800" admin_addr = ":8800"
#虚拟网络类型[tun macvtap]
link_mode = "tun"
#客户端分配的ip地址池 #客户端分配的ip地址池
ipv4_master = "eth0" ipv4_master = "eth0"
ipv4_cidr = "192.168.90.0/24" ipv4_cidr = "192.168.90.0/24"

120
server/conf/vpn_cert.crt
View File

@@ -1,61 +1,67 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIF9jCCBN6gAwIBAgIQAuUy6Rv6Bo3nDXn5FackbDANBgkqhkiG9w0BAQsFADBu MIIGbTCCBNWgAwIBAgIQIodwqN03+Y3aYpdvfq2qKTANBgkqhkiG9w0BAQwFADBZ
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 MQswCQYDVQQGEwJDTjElMCMGA1UEChMcVHJ1c3RBc2lhIFRlY2hub2xvZ2llcywg
d3cuZGlnaWNlcnQuY29tMS0wKwYDVQQDEyRFbmNyeXB0aW9uIEV2ZXJ5d2hlcmUg SW5jLjEjMCEGA1UEAxMaVHJ1c3RBc2lhIFJTQSBEViBUTFMgQ0EgRzIwHhcNMjQw
RFYgVExTIENBIC0gRzEwHhcNMjMwMTAzMDAwMDAwWhcNMjQwMTAzMjM1OTU5WjAc MTIyMDAwMDAwWhcNMjUwMTIxMjM1OTU5WjAcMRowGAYDVQQDExF2cG4udGVzdC52
MRowGAYDVQQDExF2cG4udGVzdC52cWlsdS5jbjCCASIwDQYJKoZIhvcNAQEBBQAD cWlsdS5jbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANFWPBr5g8py
ggEPADCCAQoCggEBANJAJPYBvOP/7v8SgMIkVLIulN/ziPALvFcEwVnQDImUIky8 8oPZhklQw9zBcIvfaEX2AVPIwW6iOm+j8v0LvXTGQkE1bZx4RwB1jKiEGG3KVsIU
4udy0fmvJ2E3E3NL6Qv14ZHDGtH7CafukimNWTT2BVmQBYiO1ZlUkHcHUX4IoYEh pTJCkNEmwCZGJYvnNKN952zhtUQieZe8X4Zr0W43+j9Hbv+TKt6MFV3u70ArOD2T
egdy2xw0WwknJWTOyvkRkeDhtT9QUpA/zeemS4q1TG95zRDf5htUR4OMZXsZpkQ2 m8j/gWFcUyK9mDCCFpKImRUckbp6GYJUZHXUDktQiOu5v6Jgl9pLZ2XhZXGf2TJh
bkSgnLtdyUmw2nhfSWgsD9fbwr6WnOx/swsUe52N3sIDZ6JTgn3N7xeT3/lVJKVN G441TScMwidYToX51VrnscRQQ6iUMSav1H43lchdh9fAThbheP/kIv6YEswT45oA
wyYkZldialmRzrs6btr3mmnqpWObcc4FvKr/CLmoOSXl0I1wWsr+HnQ4X9hHsJUk MrxET10+iaCTdWpz+zy2GWXLO2pH9N9AjALCZA1/5QHkMhavmJgOxfitTeGzAlBQ
jk3EZKfhH3mM37HF8apqztb6WjC3R96Zam6Z8bMCAwEAAaOCAuAwggLcMB8GA1Ud JNAIs0Rx1K0CAwEAAaOCAuwwggLoMB8GA1UdIwQYMBaAFF86fBEQfgxncWHci6O1
IwQYMBaAFFV0T7JyT/VgulDR1+ZRXJoBhxrXMB0GA1UdDgQWBBSUpPcW3emC2l0o AANn9VccMB0GA1UdDgQWBBRDRfNBNYRlLb4V1MRTnU+bUVnvnDAOBgNVHQ8BAf8E
q6qRBOBDMjQ2rDAcBgNVHREEFTATghF2cG4udGVzdC52cWlsdS5jbjAOBgNVHQ8B BAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMD4GA1UdIAQ3 AwIwSQYDVR0gBEIwQDA0BgsrBgEEAbIxAQICMTAlMCMGCCsGAQUFBwIBFhdodHRw
MDUwMwYGZ4EMAQIBMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQu czovL3NlY3RpZ28uY29tL0NQUzAIBgZngQwBAgEwfQYIKwYBBQUHAQEEcTBvMEIG
Y29tL0NQUzCBgAYIKwYBBQUHAQEEdDByMCQGCCsGAQUFBzABhhhodHRwOi8vb2Nz CCsGAQUFBzAChjZodHRwOi8vY3J0LnRydXN0LXByb3ZpZGVyLmNuL1RydXN0QXNp
cC5kaWdpY2VydC5jb20wSgYIKwYBBQUHMAKGPmh0dHA6Ly9jYWNlcnRzLmRpZ2lj YVJTQURWVExTQ0FHMi5jcnQwKQYIKwYBBQUHMAGGHWh0dHA6Ly9vY3NwLnRydXN0
ZXJ0LmNvbS9FbmNyeXB0aW9uRXZlcnl3aGVyZURWVExTQ0EtRzEuY3J0MAkGA1Ud LXByb3ZpZGVyLmNuMBwGA1UdEQQVMBOCEXZwbi50ZXN0LnZxaWx1LmNuMIIBfwYK
EwQCMAAwggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB2AO7N0GTV2xrOxVy3nbTN KwYBBAHWeQIEAgSCAW8EggFrAWkAdgDPEVbu1S58r/OHW9lpLpvpGnFnSrAX7KwB
E6Iyh0Z8vOzew1FIWUZxH7WbAAABhXXkyXMAAAQDAEcwRQIgVhLvLOPcW0V1xhBv 0lt3zsw7CAAAAY0v95Z6AAAEAwBHMEUCIDbFVgzV1DDvqTq6UnYisMqAEJn1cR+d
5KSeqGHbAnRVhew3kutV3Bu1x+ICIQCbYjRtmkDo1hx6p0YNdNfkZ3N5u+syVjwH mc+agwaOuRbrAiEAz3W2HooNcKqADX9QyK8xQQ8r9BQKVCQzF76g9AZKeDoAdwCi
Al3a9NpVxgB1AEiw42vapkc0D+VqAvqdMOscUgHLVt0sgdm7v6s52IRzAAABhXXk 4wrkRe+9rZt+OO1HZ3dT14JbhJTXK14bLMS5UKRH5wAAAY0v95ZkAAAEAwBIMEYC
yY4AAAQDAEYwRAIgcuscG2kkSGNvAsVH9CAtXjNUwk9UJriY0+3OtQ4WVrMCIAsC IQCWVxDjciJ/KMbwbqMbEZdsDq0nCrotlPhIBb5wFBurVgIhAOgnw3nqSqFYRm8y
CkqEI1Ek5M26yrWt0Q7+u+UZ8rXhfYu3kcMMq7PVAHYAO1N3dT4tuYBOizBbBv5A OL3nz8rop0V5IEtgiNarOqMfLf33AHYATnWjJ1yaEMM4W2zU3z9S6x3w4I4bjWnA
O2fYT8P0x70ADS1yb+H61BcAAAGFdeTJkAAABAMARzBFAiAEJbJTN8hrRUZ6UaaD sfpksWKaOd8AAAGNL/eWFwAABAMARzBFAiBB+V0NBebuCniZVuin5OaMYvWyNvRd
2TlyDQfzUvTkex0XGT6PGKHkagIhAJ+Kg6tdt/csKde2vdweu+dT01fzg/fq4q3o NJ6hRmLbSKQAwwIhAKrPRrAP3An/9HSrFN/70eEK5DHT8+q8m0L5tc0+TckmMA0G
mjfPhFm1MA0GCSqGSIb3DQEBCwUAA4IBAQAKFTUHbpgKsXARCBIIfEZGqkOvaafm CSqGSIb3DQEBDAUAA4IBgQCB65Q0V6Mewca0iVCxLJxczu6XYCCwsUzJiTWYjao3
QaoNodc6cj0+LJCbuMzrTlkzmII0X/U52MBG8JCEIO8BPe5R4NIFqqaE066zQANq XZVe8yB4RhAimsUY+U3nXIL3RivkJydqfOO9N5APWndDgbtS4r55TFdscDUDmzsR
HOsROOJi2A+WTTZcSEHbH3uhdVwcEQHvDzaOEEJc9Ilz6pdYsrv+trOmeR5PeIxv S5kYCoEudbDWT89U+tHMOxzUKkb3nDA0WvJEN52CAanYO3blihnX3eX7enQMGtsM
t1jQacSwN1z6z0N4CRjBpePV/9nwETkEaKjQuXSoYlN+pczK/4nX2W9+E/OnwtZs gfDrArcQyS+WMKUkyOlNysqGtj3XWYKssBPrX/0GqMimoeYkg+B4daBTbOVB6sKs
ScyFffPtTLHf1u4eSYuBT/AdwaKHXetxWzh98GP9LRfQhm63Gs+/WcloYl489dG/ +USnmhI2MF3QUxn0+fC207HbSDj7s4a6npjg5KsL0zUsFrNZlMH30Tx2L0WuI1T7
FOFjch2TdmrPcUwxxGEbbPt3zXRxSVlzvIaf4gTUl2+PsKwbKy/w4OLS 65lKHaKt8CyuL/YTjD5lAGYtJ+K9ypl5sBUFCXeW1lazTocjDa2CKv3WV+kVBhyO
2nA2Lo4e643YXwXw98+ufU2U9yUjn1OrhsUXo3qaxETGVMumRwubtX4O2dUKnYGF
xBxfHzXJKhZjX+U2ENIwsrm7pp3dcpIZqKxPCeowU5Ma9tvYpM7kgDhploMfsVic
H7pWcFY99X5nMwJoDDBYomY=
-----END CERTIFICATE----- -----END CERTIFICATE-----
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIEqjCCA5KgAwIBAgIQAnmsRYvBskWr+YBTzSybsTANBgkqhkiG9w0BAQsFADBh MIIFBzCCA++gAwIBAgIRALIM7VUuMaC/NDp1KHQ76aswDQYJKoZIhvcNAQELBQAw
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 ezELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD A1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNV
QTAeFw0xNzExMjcxMjQ2MTBaFw0yNzExMjcxMjQ2MTBaMG4xCzAJBgNVBAYTAlVT BAMMGEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczAeFw0yMjAxMTAwMDAwMDBaFw0y
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j ODEyMzEyMzU5NTlaMFkxCzAJBgNVBAYTAkNOMSUwIwYDVQQKExxUcnVzdEFzaWEg
b20xLTArBgNVBAMTJEVuY3J5cHRpb24gRXZlcnl3aGVyZSBEViBUTFMgQ0EgLSBH VGVjaG5vbG9naWVzLCBJbmMuMSMwIQYDVQQDExpUcnVzdEFzaWEgUlNBIERWIFRM
MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALPeP6wkab41dyQh6mKc UyBDQSBHMjCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKjGDe0GSaBs
oHqt3jRIxW5MDvf9QyiOR7VfFwK656es0UFiIb74N9pRntzF1UgYzDGu3ppZVMdo Yl/VhMaTM6GhfR1TAt4mrhN8zfAMwEfLZth+N2ie5ULbW8YvSGzhqkDhGgSBlafm
lbxhm6dWS9OK/lFehKNT0OYI9aqk6F+U7cA6jxSC+iDBPXwdF4rs3KRyp3aQn6pj qq05oeESrIJQyz24j7icGeGyIZ/jIChOOvjt4M8EVi3O0Se7E6RAgVYcX+QWVp5c
pp1yr7IB6Y4zv72Ee/PlZ/6rK6InC6WpK0nPVOYR7n9iDuPe1E4IxUMBH/T33+3h Sy+l7XrrtL/pDDL9Bngnq/DVfjCzm5ZYUb1PpyvYTP7trsV+yYOCNmmwQvB4yVjf
yuH3dvfgiWUOUkjdpMbyxX+XNle5uEIiyBsi4IvbcTCh8ruifCIi5mDXkZrnMT8n IIpHC1OcsPBntMUGeH1Eja4D+qJYhGOxX9kpa+2wTCW06L8T6OhkpJWYn5JYiht5
wfYCV6v6kDdXkbgGRLKsR4pucbJtbKqIkUGxuZI2t7pfewKRc5nWecvDBZf3+p1M 8exjAR7b8Zi3DeG9oZO5o6Qvhl3f8uGU8lK1j9jCUN/18mI/5vZJ76i+hsgdlfZB
pA8CAwEAAaOCAU8wggFLMB0GA1UdDgQWBBRVdE+yck/1YLpQ0dfmUVyaAYca1zAf Rh5lmAQjD80M9TY+oD4MYUqB5XrigPfFAUwXFGehhlwCVw7y6+5kpbq/NpvM5Ba8
BgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTAOBgNVHQ8BAf8EBAMCAYYw SeQYUUuMA8RXpTtGlrrTPqJryfa55hTuX/ThhX4gcCVkbyujo0CYr+Uuc14IOyNY
HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8C 1fD0/qORbllbgV41wiy/2ZUWZQUodqHWkjT1CwIMbQOY5jmrSYGBwwIDAQABo4IB
AQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp JjCCASIwHwYDVR0jBBgwFoAUoBEKIz6W8Qfs4q8p74Klf9AwpLQwHQYDVR0OBBYE
Y2VydC5jb20wQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQu FF86fBEQfgxncWHci6O1AANn9VccMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8E
Y29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDBMBgNVHSAERTBDMDcGCWCGSAGG CDAGAQH/AgEAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAiBgNVHSAE
/WwBAjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BT GzAZMA0GCysGAQQBsjEBAgIxMAgGBmeBDAECATBDBgNVHR8EPDA6MDigNqA0hjJo
MAgGBmeBDAECATANBgkqhkiG9w0BAQsFAAOCAQEAK3Gp6/aGq7aBZsxf/oQ+TD/B dHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNy
SwW3AU4ETK+GQf2kFzYZkby5SFrHdPomunx2HBzViUchGoofGgg7gHW0W3MlQAXW bDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9k
M0r5LUvStcr82QDWYNPaUy4taCQmyaJ+VB+6wxHstSigOlSNF2a6vg4rgexixeiV b2NhLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAHMUom5cxIje2IiFU7mOCsBr2F6CY
4YSB03Yqp2t3TeZHM9ESfkus74nQyW7pRGezj+TC44xCagCQQOzzNmzEAP2SnCrJ eU5cyfQ/Aep9kAXYUDuWsaT85721JxeXFYkf4D/cgNd9+hxT8ZeDOJrn+ysqR7NO
sNE2DpRVMnL8J6xBRdjmOsC3N6cQuKuRXbzByVBjCqAA8t1L0I+9wXJerLPyErjy 2K9AdqTdIY2uZPKmvgHOkvH2gQD6jc05eSPOwdY/10IPvmpgUKaGOa/tyygL8Og4
rMKWaBFLmfK/AHNF4ZihwPGOc7w6UHczBZXH5RFzJNnww+WnKuTPI0HfnVH8lg== 3tYyoHipMMnS4OiYKakDJny0XVuchIP7ZMKiP07Q3FIuSS4omzR77kmc75/6Q9dP
v4wa90UCOn1j6r7WhMmX3eT3Gsdj3WMe9bYD0AFuqa6MDyjIeXq08mVGraXiw73s
Zale8OMckn/BU3O/3aFNLHLfET2H2hT6Wb3nwxjpLIfXmSVcVd8A58XH0g==
-----END CERTIFICATE----- -----END CERTIFICATE-----

55
server/conf/vpn_cert.key
View File

@@ -1,27 +1,28 @@
-----BEGIN RSA PRIVATE KEY----- -----BEGIN PRIVATE KEY-----
MIIEpQIBAAKCAQEA0kAk9gG84//u/xKAwiRUsi6U3/OI8Au8VwTBWdAMiZQiTLzi MIIEuwIBADANBgkqhkiG9w0BAQEFAASCBKUwggShAgEAAoIBAQDRVjwa+YPKcvKD
53LR+a8nYTcTc0vpC/XhkcMa0fsJp+6SKY1ZNPYFWZAFiI7VmVSQdwdRfgihgSF6 2YZJUMPcwXCL32hF9gFTyMFuojpvo/L9C710xkJBNW2ceEcAdYyohBhtylbCFKUy
B3LbHDRbCSclZM7K+RGR4OG1P1BSkD/N56ZLirVMb3nNEN/mG1RHg4xlexmmRDZu QpDRJsAmRiWL5zSjfeds4bVEInmXvF+Ga9FuN/o/R27/kyrejBVd7u9AKzg9k5vI
RKCcu13JSbDaeF9JaCwP19vCvpac7H+zCxR7nY3ewgNnolOCfc3vF5Pf+VUkpU3D /4FhXFMivZgwghaSiJkVHJG6ehmCVGR11A5LUIjrub+iYJfaS2dl4WVxn9kyYRuO
JiRmV2JqWZHOuzpu2veaaeqlY5txzgW8qv8Iuag5JeXQjXBayv4edDhf2EewlSSO NU0nDMInWE6F+dVa57HEUEOolDEmr9R+N5XIXYfXwE4W4Xj/5CL+mBLME+OaADK8
TcRkp+EfeYzfscXxqmrO1vpaMLdH3plqbpnxswIDAQABAoIBAGKKzugAi4Q/Vch2 RE9dPomgk3Vqc/s8thllyztqR/TfQIwCwmQNf+UB5DIWr5iYDsX4rU3hswJQUCTQ
ZyPXPF0hCQToE3QSxAzy/R53rRCkfekClMTO44xHpEjjs/mTiCBjd3xGeiEVrIJp CLNEcdStAgMBAAECgf97UHp7u8+x4lz6BQB8/c0xHWdAw1clIveZbEVl0hNoVUN/
hlb0WW3Bq2M9ZeKJs6JAaM9o/jB4oh2wT44DLqALB+oDz3puk+Jl8j34++a3YmMa EKku+q/1Sf+CuhnbgLjT1bkVnnotmVcGeWH2DeCnkMJqHVMOBRb/dso2fw+pCTzY
jIq4veo+rBsJduwkTKjdeQE2ge/ODZEQ6bUmSjYo1P9LNGEyO2wmcVk+jHx0zBi7 VofQpmbPy1xCXb6chqrpT3MTaJdI7IrBCNEQ54cOxsojwzp0MfejS/NI41q8iuCS
8fR3oY03Io+byuN0494Di1m3IpIdj3ma0MV5zJf31urLXqqYtOApouWL/yhZOIuo hVry+VEbmtA22vjwMvsF6NsRKlfc1DUyC/ZoHB91gzKmvLdXBREwBXtdiJfMlu9G
YW+mcuS7ZgK5FsqrUm0vGBcf24GcKhhlBlUu0mfLrCRrWLDsqJDQ/8alvuNP0IVm EKH3ORxbcanmdsXWIG84t5M9Sf9L5FZe6tlL4FdoKv25Vxv2z+PVM8Y/0B3IBTCb
gqz0H5UCgYEA8yaKzMfkeRXSTERt6NZHo/8ShIn26Yf+pMDpVdYKfVBL254vGTeq yqMK8579PTlHl40WRjSgzpijGvMxuIpgm5KaXQECgYEA7U6lBhRWmPsJRaK0jyAv
B+LQhDpxZV1iMr1FNvkhHtNGQ74ZbWOj4+5Xjsllaw1ao2iGp1w/chuJ6FG/Go4q qnaC5AbnM8OjIbsDtnQxn0BWvx7aZznxOE4jL0QejUD/gov6yYkNhIu797LzO8Mq
9FaY3eGiCqRJOQNivBxU/D7sN0y4b48HAEQdmp516pItlGtG+C8TY38CgYEA3VyD fEqEX7Bp23PfLvybqkyhJWFz26v0erU5q8Rlt648bK7Ul1j8FkmsEN3qu+64c8Fu
6EczHdAmPO7bdbYn/irfe78so1lHT04P0FiVg2W77ZKuQINTNDK9w/alYyZ2tH1b pzN081bqOGjEcaCjsHswvkMCgYEA4dOPvYYu8wBfrH3Gn94XHWWVvFMnWErXEOzK
N2JznulJ6UDcl4xw43xJixxhme2jWPaYzmQUuQHviZ0D0tCgmOkN8bUnc9LSvEGA eL0dFg3Ae+y8Sg5x9YTz3XjwyzwcTbrD0zg4huWwmD64BgPcliG7XKA093ea2JIs
SnaiKbOtUfP8Z3c/mF997wuFNfdmhww8LBpbO80CgYEAmdRKf9/+5bQuhd3NAz99 Mah5/KTQmltcIut7qUvzwwbQVfN3xTwWzd7eDtEIAeFZ8r/HzJM6X21b/LaQIXUY
t31KQ9vdAEXvjmAVvx5ZKIrCU0EyXuvegHq4nM80qoJ3+83Omkbm80+K5pTAFXqy Gb7dik8CgYAaaUxYlt7ke9wWUfuCinSDplj/A/2rdzSqxmOtZNU5AjIlZ0urfXlp
VyOU9Vro9N9P9o3MktlDsndFulrtYmmLN2YJ9GYpVD43rQA9WPE7uxI784hwLvP3 aNjlo9E6q2dEokuxLn3AqMSs1s/XcOtDlg+RjtLZR9YpJpg0pf6xaF06r7KwDYdz
4+00JXwW8b5lY76y+ZUe2RUCgYEAt6BQN/YgPCH4JmHKIWp64If2HbQntlWQJwRN pJIllVDIT9T9WzwDRwPNhMVhUTpaN8cW+NUlWCENUiu68cQGGk/cfQKBgEmvRk+I
b/qcBIT3EQu1iwSll85jxtSqu4YjwHOgoGAGI5PIYTsSApFY8AyhAUoI2OTdtSXS 4PjZPl6CC7VOOiyVYO46E7RzdwlGuin7SupPQmctL6LaY8TAxPGW7LrjujiCoDLj
+prg6dvmNhTPICk6n73seE5bLOR9NfdsEdk5ijhnlW09OyMb2S2VzR+UYIEbRvnq PU6G08BZdqI/0FIMX54xiBbXJ+dSiqkJWARfotE6zi12uLrc1YTlTEU/U+0/VhGG
THeMqR0CgYEAwQ9aAIGD4t4DXjHHtz6Wqpbq6jj6mmYBsL9jqRgu8ASj1/THgWWn jt42xm4WocrbWM4fnARXIpSq3QyNsHd2F8NxAoGBAMEcT0mFQ0J7HCQ+zL36ogGv
iUrlCbFIXWu2vnP1h0SBV56GA7MSTqAt0ZdTzpI1PRkMOIO9z1dN4Q2R1SEya1eF Bc/N6WR0xSEBQVG9D4iysxX4XyJukCuUCvMIbsBj5IVAVBlMNxfDtL/kD6tgy0L7
7/LPLqJIoLbILGvy6U3DLYdMckPZaoTPf5BNKD52paZcNbjkXTlVLSY= tdN7nOaYgnqTyZfQItz92cQ6oiIqW7GPJA5ATJe1fxXINjcP6EkRDAfACBW7/l85
-----END RSA PRIVATE KEY----- Cd/yRpaOSMPbqKO1OOSn
-----END PRIVATE KEY-----

21
server/dbdata/db.go
View File

@@ -101,22 +101,11 @@ func addInitData() error {
// SettingDnsProvider // SettingDnsProvider
provider := &SettingLetsEncrypt{ provider := &SettingLetsEncrypt{
Domain: "vpn.xxx.com", Domain: "vpn.xxx.com",
Legomail: "legomail", Legomail: "legomail",
Name: "aliyun", Name: "aliyun",
Renew: false, Renew: false,
DNSProvider: DNSProvider{ DNSProvider: DNSProvider{},
AliYun: struct {
APIKey string `json:"apiKey"`
SecretKey string `json:"secretKey"`
}{APIKey: "", SecretKey: ""},
TXCloud: struct {
SecretID string `json:"secretId"`
SecretKey string `json:"secretKey"`
}{SecretID: "", SecretKey: ""},
CfCloud: struct {
AuthToken string `json:"authToken"`
}{AuthToken: ""}},
} }
err = SettingSessAdd(sess, provider) err = SettingSessAdd(sess, provider)
if err != nil { if err != nil {

5
server/dbdata/db_orm.go
View File

@@ -75,6 +75,11 @@ func Find(data interface{}, limit, page int) error {
return xdb.Limit(limit, start).Find(data) return xdb.Limit(limit, start).Find(data)
} }
func FindWhereCount(data interface{}, where string, args ...interface{}) int {
n, _ := xdb.Where(where, args...).Count(data)
return int(n)
}
func FindWhere(data interface{}, limit int, page int, where string, args ...interface{}) error { func FindWhere(data interface{}, limit int, page int, where string, args ...interface{}) error {
if limit == 0 { if limit == 0 {
return xdb.Where(where, args...).Find(data) return xdb.Where(where, args...).Find(data)

2
server/dbdata/setting.go
View File

@@ -62,7 +62,7 @@ func SettingSet(data interface{}) error {
func SettingGet(data interface{}) error { func SettingGet(data interface{}) error {
name := StructName(data) name := StructName(data)
s := &Setting{Name: name} s := &Setting{}
err := One("name", name, s) err := One("name", name, s)
if err != nil { if err != nil {
return err return err

2
server/dbdata/user.go
View File

@@ -186,7 +186,7 @@ func checkOtp(name, otp, secret string) bool {
totp := gotp.NewDefaultTOTP(secret) totp := gotp.NewDefaultTOTP(secret)
unix := time.Now().Unix() unix := time.Now().Unix()
verify := totp.Verify(otp, int(unix)) verify := totp.Verify(otp, unix)
return verify return verify
} }

2
server/dbdata/user_act_log.go
View File

@@ -22,6 +22,7 @@ const (
UserLogoutTimeout = 3 // 用户超时登出 UserLogoutTimeout = 3 // 用户超时登出
UserLogoutAdmin = 4 // 账号被管理员踢下线 UserLogoutAdmin = 4 // 账号被管理员踢下线
UserLogoutExpire = 5 // 账号过期被踢下线 UserLogoutExpire = 5 // 账号过期被踢下线
UserIdleTimeout = 6 // 用户空闲链接超时
) )
type UserActLogProcess struct { type UserActLogProcess struct {
@@ -62,6 +63,7 @@ var (
UserLogoutTimeout: "Session过期被踢下线", UserLogoutTimeout: "Session过期被踢下线",
UserLogoutAdmin: "账号被管理员踢下线", UserLogoutAdmin: "账号被管理员踢下线",
UserLogoutExpire: "账号过期被踢下线", UserLogoutExpire: "账号过期被踢下线",
UserIdleTimeout: "用户空闲链接超时",
}, },
} }
) )

134
server/go.mod
View File

@@ -1,103 +1,107 @@
module github.com/bjdgyc/anylink module github.com/bjdgyc/anylink
go 1.19 go 1.20
require ( require (
github.com/arl/statsviz v0.5.1 github.com/arl/statsviz v0.6.0
github.com/deckarep/golang-set v1.8.0 github.com/deckarep/golang-set v1.8.0
github.com/go-acme/lego/v4 v4.10.2 github.com/go-acme/lego/v4 v4.14.2
github.com/go-co-op/gocron v1.17.0 github.com/go-co-op/gocron v1.37.0
github.com/go-ldap/ldap v3.0.3+incompatible github.com/go-ldap/ldap v3.0.3+incompatible
github.com/go-sql-driver/mysql v1.6.0 github.com/go-sql-driver/mysql v1.7.1
github.com/gocarina/gocsv v0.0.0-20220712153207-8b2118da4570 github.com/gocarina/gocsv v0.0.0-20231116093920-b87c2d0e983a
github.com/golang-jwt/jwt/v4 v4.2.0 github.com/golang-jwt/jwt/v4 v4.5.0
github.com/google/gopacket v1.1.19 github.com/google/gopacket v1.1.19
github.com/gorilla/handlers v1.5.1 github.com/gorilla/handlers v1.5.2
github.com/gorilla/mux v1.8.0 github.com/gorilla/mux v1.8.1
github.com/ivpusic/grpool v1.0.0 github.com/ivpusic/grpool v1.0.0
github.com/lanrenwo/lzsgo v0.0.2 github.com/lanrenwo/lzsgo v0.0.2
github.com/lib/pq v1.10.2 github.com/lib/pq v1.10.9
github.com/mattn/go-sqlite3 v1.14.9 github.com/mattn/go-sqlite3 v1.14.19
github.com/orcaman/concurrent-map v1.0.0 github.com/orcaman/concurrent-map v1.0.0
github.com/pion/dtls/v2 v2.2.7 github.com/pion/dtls/v2 v2.2.9
github.com/pion/logging v0.2.2 github.com/pion/logging v0.2.2
github.com/pires/go-proxyproto v0.6.2 github.com/pires/go-proxyproto v0.7.0
github.com/shirou/gopsutil v3.21.7+incompatible github.com/shirou/gopsutil v3.21.11+incompatible
github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
github.com/songgao/packets v0.0.0-20160404182456-549a10cd4091 github.com/songgao/packets v0.0.0-20160404182456-549a10cd4091
github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8 github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8
github.com/spf13/cast v1.3.1 github.com/spf13/cast v1.6.0
github.com/spf13/cobra v1.2.1 github.com/spf13/cobra v1.8.0
github.com/spf13/viper v1.8.1 github.com/spf13/viper v1.18.2
github.com/stretchr/testify v1.8.3 github.com/stretchr/testify v1.8.4
github.com/xhit/go-simple-mail/v2 v2.10.0 github.com/xhit/go-simple-mail/v2 v2.16.0
github.com/xlzd/gotp v0.0.0-20181030022105-c8557ba2c119 github.com/xlzd/gotp v0.1.0
github.com/xuri/excelize/v2 v2.6.1 github.com/xuri/excelize/v2 v2.8.0
go.uber.org/atomic v1.10.0 go.uber.org/atomic v1.11.0
golang.org/x/crypto v0.8.0 golang.org/x/crypto v0.18.0
golang.org/x/net v0.9.0 golang.org/x/net v0.20.0
golang.org/x/text v0.9.0 golang.org/x/text v0.14.0
golang.org/x/time v0.3.0 golang.org/x/time v0.5.0
layeh.com/radius v0.0.0-20210819152912-ad72663a72ab layeh.com/radius v0.0.0-20231213012653-1006025d24f8
xorm.io/xorm v1.3.2 xorm.io/xorm v1.3.7
) )
require ( require (
github.com/aliyun/alibaba-cloud-sdk-go v1.61.1755 // indirect github.com/aliyun/alibaba-cloud-sdk-go v1.62.664 // indirect
github.com/cenkalti/backoff/v4 v4.2.0 // indirect github.com/cenkalti/backoff/v4 v4.2.1 // indirect
github.com/cloudflare/cloudflare-go v0.49.0 // indirect github.com/cloudflare/cloudflare-go v0.86.0 // indirect
github.com/felixge/httpsnoop v1.0.1 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/go-jose/go-jose/v3 v3.0.0 // indirect github.com/go-jose/go-jose/v3 v3.0.1 // indirect
github.com/go-test/deep v1.1.0 // indirect
github.com/google/go-querystring v1.1.0 // indirect github.com/google/go-querystring v1.1.0 // indirect
github.com/google/uuid v1.5.0 // indirect
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
github.com/hashicorp/go-retryablehttp v0.7.1 // indirect github.com/hashicorp/go-retryablehttp v0.7.5 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/kr/text v0.2.0 // indirect github.com/miekg/dns v1.1.58 // indirect
github.com/miekg/dns v1.1.50 // indirect github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b // indirect
github.com/pion/transport/v2 v2.2.1 // indirect github.com/pelletier/go-toml/v2 v2.1.1 // indirect
github.com/pkg/errors v0.9.1 // indirect github.com/pion/transport/v2 v2.2.4 // indirect
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.490 // indirect github.com/sagikazarmark/locafero v0.4.0 // indirect
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.490 // indirect github.com/sagikazarmark/slog-shim v0.1.0 // indirect
golang.org/x/mod v0.8.0 // indirect github.com/sourcegraph/conc v0.3.0 // indirect
golang.org/x/tools v0.6.0 // indirect github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.846 // indirect
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.846 // indirect
github.com/toorop/go-dkim v0.0.0-20240103092955-90b7d1423f92 // indirect
github.com/yusufpapurcu/wmi v1.2.3 // indirect
go.uber.org/multierr v1.11.0 // indirect
golang.org/x/exp v0.0.0-20240119083558-1b970713d09a // indirect
golang.org/x/mod v0.14.0 // indirect
golang.org/x/tools v0.17.0 // indirect
) )
require ( require (
github.com/StackExchange/wmi v1.2.1 // indirect github.com/coreos/go-iptables v0.7.0
github.com/coreos/go-iptables v0.6.0 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
github.com/davecgh/go-spew v1.1.1 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect
github.com/fsnotify/fsnotify v1.5.4 // indirect github.com/go-ole/go-ole v1.3.0 // indirect
github.com/go-ole/go-ole v1.2.5 // indirect github.com/goccy/go-json v0.10.2 // indirect
github.com/goccy/go-json v0.8.1 // indirect
github.com/golang/snappy v0.0.4 // indirect github.com/golang/snappy v0.0.4 // indirect
github.com/gorilla/websocket v1.4.2 // indirect github.com/gorilla/websocket v1.5.1 // indirect
github.com/hashicorp/hcl v1.0.0 // indirect github.com/hashicorp/hcl v1.0.0 // indirect
github.com/inconshreveable/mousetrap v1.0.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect github.com/json-iterator/go v1.1.12 // indirect
github.com/magiconair/properties v1.8.5 // indirect github.com/magiconair/properties v1.8.7 // indirect
github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect
github.com/pelletier/go-toml v1.9.3 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/richardlehane/mscfb v1.0.4 // indirect github.com/richardlehane/mscfb v1.0.4 // indirect
github.com/richardlehane/msoleps v1.0.3 // indirect github.com/richardlehane/msoleps v1.0.3 // indirect
github.com/robfig/cron/v3 v3.0.1 // indirect github.com/robfig/cron/v3 v3.0.1 // indirect
github.com/spf13/afero v1.6.0 // indirect github.com/spf13/afero v1.11.0 // indirect
github.com/spf13/jwalterweatherman v1.1.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect github.com/spf13/pflag v1.0.5 // indirect
github.com/subosito/gotenv v1.2.0 // indirect github.com/subosito/gotenv v1.6.0 // indirect
github.com/syndtr/goleveldb v1.0.0 // indirect github.com/syndtr/goleveldb v1.0.0 // indirect
github.com/tklauser/go-sysconf v0.3.7 // indirect github.com/tklauser/go-sysconf v0.3.13 // indirect
github.com/tklauser/numcpus v0.2.3 // indirect github.com/tklauser/numcpus v0.7.0 // indirect
github.com/xuri/efp v0.0.0-20220603152613-6918739fd470 // indirect github.com/xuri/efp v0.0.0-20231025114914-d1ff6096ae53 // indirect
github.com/xuri/nfp v0.0.0-20220409054826-5e722a1d9e22 // indirect github.com/xuri/nfp v0.0.0-20230919160717-d98342af3f05 // indirect
golang.org/x/sync v0.1.0 // indirect golang.org/x/sys v0.16.0 // indirect
golang.org/x/sys v0.7.0 // indirect
gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d // indirect gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d // indirect
gopkg.in/ini.v1 v1.66.6 // indirect gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect
xorm.io/builder v0.3.11-0.20220531020008-1bd24a7dc978 // indirect xorm.io/builder v0.3.13 // indirect
) )

1240
server/go.sum
View File

File diff suppressed because it is too large Load Diff

2
server/handler/link_auth.go
View File

@@ -157,7 +157,7 @@ func tplRequest(typ int, w io.Writer, data RequestData) {
if data.Banner != "" { if data.Banner != "" {
buf := new(bytes.Buffer) buf := new(bytes.Buffer)
xml.EscapeText(buf, []byte(data.Banner)) _ = xml.EscapeText(buf, []byte(data.Banner))
data.Banner = buf.String() data.Banner = buf.String()
} }

26
server/handler/link_cstp.go
View File

@@ -21,10 +21,13 @@ func LinkCstp(conn net.Conn, bufRW *bufio.ReadWriter, cSess *sessdata.ConnSessio
}() }()
var ( var (
err error err error
n int n int
dataLen uint16 dataLen uint16
dead = time.Duration(cSess.CstpDpd+5) * time.Second dead = time.Second * time.Duration(cSess.CstpDpd+5)
idle = time.Second * time.Duration(base.Cfg.IdleTimeout)
checkIdle = base.Cfg.IdleTimeout > 0
lastTime time.Time
) )
go cstpWrite(conn, bufRW, cSess) go cstpWrite(conn, bufRW, cSess)
@@ -55,13 +58,24 @@ func LinkCstp(conn net.Conn, bufRW *bufio.ReadWriter, cSess *sessdata.ConnSessio
case 0x07: // KEEPALIVE case 0x07: // KEEPALIVE
// do nothing // do nothing
// base.Debug("recv keepalive", cSess.IpAddr) // base.Debug("recv keepalive", cSess.IpAddr)
// 判断超时时间
if checkIdle {
lastTime = cSess.LastDataTime.Load()
if lastTime.Before(utils.NowSec().Add(-idle)) {
base.Warn("IdleTimeout", cSess.Username, cSess.IpAddr, "lastTime", lastTime)
sessdata.CloseSess(cSess.Sess.Token, dbdata.UserIdleTimeout)
return
}
}
case 0x05: // DISCONNECT case 0x05: // DISCONNECT
cSess.UserLogoutCode = dbdata.UserLogoutClient cSess.UserLogoutCode = dbdata.UserLogoutClient
base.Debug("DISCONNECT", cSess.Username, cSess.IpAddr) base.Debug("DISCONNECT", cSess.Username, cSess.IpAddr)
sessdata.CloseSess(cSess.Sess.Token, dbdata.UserLogoutClient)
return return
case 0x03: // DPD-REQ case 0x03: // DPD-REQ
// base.Debug("recv DPD-REQ", cSess.IpAddr) // base.Debug("recv DPD-REQ", cSess.IpAddr)
pl.PType = 0x04 pl.PType = 0x04
pl.Data = pl.Data[:n]
if payloadOutCstp(cSess, pl) { if payloadOutCstp(cSess, pl) {
return return
} }
@@ -98,6 +112,8 @@ func LinkCstp(conn net.Conn, bufRW *bufio.ReadWriter, cSess *sessdata.ConnSessio
if payloadIn(cSess, pl) { if payloadIn(cSess, pl) {
return return
} }
// 只记录返回正确的数据时间
cSess.LastDataTime.Store(utils.NowSec())
} }
} }
} }
@@ -153,7 +169,7 @@ func cstpWrite(conn net.Conn, bufRW *bufio.ReadWriter, cSess *sessdata.ConnSessi
binary.BigEndian.PutUint16(pl.Data[4:6], uint16(l)) binary.BigEndian.PutUint16(pl.Data[4:6], uint16(l))
} }
} else { } else {
pl.Data = append(pl.Data[:0], plHeader...) // pl.Data = append(pl.Data[:0], plHeader...)
// 设置头类型 // 设置头类型
pl.Data[6] = pl.PType pl.Data[6] = pl.PType
} }

6
server/handler/link_dtls.go
View File

@@ -64,6 +64,7 @@ func LinkDtls(conn net.Conn, cSess *sessdata.ConnSession) {
case 0x03: // DPD-REQ case 0x03: // DPD-REQ
// base.Debug("recv DPD-REQ", cSess.IpAddr) // base.Debug("recv DPD-REQ", cSess.IpAddr)
pl.PType = 0x04 pl.PType = 0x04
pl.Data = pl.Data[:n]
if payloadOutDtls(cSess, dSess, pl) { if payloadOutDtls(cSess, dSess, pl) {
return return
} }
@@ -93,6 +94,8 @@ func LinkDtls(conn net.Conn, cSess *sessdata.ConnSession) {
if payloadIn(cSess, pl) { if payloadIn(cSess, pl) {
return return
} }
// 只记录返回正确的数据时间
cSess.LastDataTime.Store(utils.NowSec())
} }
} }
@@ -147,7 +150,8 @@ func dtlsWrite(conn net.Conn, dSess *sessdata.DtlsSession, cSess *sessdata.ConnS
} }
} else { } else {
// 设置头类型 // 设置头类型
pl.Data = append(pl.Data[:0], pl.PType) // pl.Data = append(pl.Data[:0], pl.PType)
pl.Data[0] = pl.PType
} }
n, err := conn.Write(pl.Data) n, err := conn.Write(pl.Data)
if err != nil { if err != nil {

4
server/handler/link_home.go
View File

@@ -14,6 +14,8 @@ func LinkHome(w http.ResponseWriter, r *http.Request) {
// hu, _ := httputil.DumpRequest(r, true) // hu, _ := httputil.DumpRequest(r, true)
// fmt.Println("DumpHome: ", string(hu)) // fmt.Println("DumpHome: ", string(hu))
w.Header().Set("Content-Type", "text/html; charset=utf-8") w.Header().Set("Content-Type", "text/html; charset=utf-8")
w.Header().Del("X-Aggregate-Auth")
connection := strings.ToLower(r.Header.Get("Connection")) connection := strings.ToLower(r.Header.Get("Connection"))
userAgent := strings.ToLower(r.UserAgent()) userAgent := strings.ToLower(r.UserAgent())
if connection == "close" && (strings.Contains(userAgent, "anyconnect") || strings.Contains(userAgent, "openconnect")) { if connection == "close" && (strings.Contains(userAgent, "anyconnect") || strings.Contains(userAgent, "openconnect")) {
@@ -33,6 +35,8 @@ func LinkHome(w http.ResponseWriter, r *http.Request) {
} }
func LinkOtpQr(w http.ResponseWriter, r *http.Request) { func LinkOtpQr(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Cross-Origin-Resource-Policy", "cross-origin")
_ = r.ParseForm() _ = r.ParseForm()
idS := r.FormValue("id") idS := r.FormValue("id")
jwtToken := r.FormValue("jwt") jwtToken := r.FormValue("jwt")

6
server/handler/link_tun.go
View File

@@ -74,11 +74,7 @@ func LinkTun(cSess *sessdata.ConnSession) error {
// 通过 ip link show 查看 alias 信息 // 通过 ip link show 查看 alias 信息
cmdstr1 := fmt.Sprintf("ip link set dev %s up mtu %d multicast off", ifce.Name(), cSess.Mtu) cmdstr1 := fmt.Sprintf("ip link set dev %s up mtu %d multicast off alias %s.%s", ifce.Name(), cSess.Mtu, cSess.Group.Name, cSess.Username)
if !base.InContainer {
// 容器默认 iproute 不支持 alias
cmdstr1 += fmt.Sprintf(" alias %s.%s", cSess.Group.Name, cSess.Username)
}
cmdstr2 := fmt.Sprintf("ip addr add dev %s local %s peer %s/32", cmdstr2 := fmt.Sprintf("ip addr add dev %s local %s peer %s/32",
ifce.Name(), base.Cfg.Ipv4Gateway, cSess.IpAddr) ifce.Name(), base.Cfg.Ipv4Gateway, cSess.IpAddr)
err = execCmd([]string{cmdstr1, cmdstr2}) err = execCmd([]string{cmdstr1, cmdstr2})

7
server/handler/link_tunnel.go
View File

@@ -136,7 +136,7 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {
} }
HttpAddHeader(w, "X-CSTP-Split-Include", v.IpMask) HttpAddHeader(w, "X-CSTP-Split-Include", v.IpMask)
} }
// 不允许的路由 // 不允许的路由 X-Cstp-Remote-Address-Ip4:
for _, v := range cSess.Group.RouteExclude { for _, v := range cSess.Group.RouteExclude {
HttpAddHeader(w, "X-CSTP-Split-Exclude", v.IpMask) HttpAddHeader(w, "X-CSTP-Split-Exclude", v.IpMask)
} }
@@ -184,10 +184,9 @@ func LinkTunnel(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK) w.WriteHeader(http.StatusOK)
hClone := w.Header().Clone() hClone := w.Header().Clone()
headers := make([]byte, 0) buf := &bytes.Buffer{}
buf := bytes.NewBuffer(headers)
_ = hClone.Write(buf) _ = hClone.Write(buf)
base.Debug(buf.String()) base.Trace("LinkTunnel Response Header:", buf.String())
hj := w.(http.Hijacker) hj := w.(http.Hijacker)
conn, bufRW, err := hj.Hijack() conn, bufRW, err := hj.Hijack()

8
server/handler/link_vtap.go
View File

@@ -55,11 +55,9 @@ func LinkMacvtap(cSess *sessdata.ConnSession) error {
cSess.SetIfName(ifName) cSess.SetIfName(ifName)
cmdstr1 := fmt.Sprintf("ip link add link %s name %s type macvtap mode bridge", base.Cfg.Ipv4Master, ifName) cmdstr1 := fmt.Sprintf("ip link add link %s name %s type macvtap mode bridge", base.Cfg.Ipv4Master, ifName)
cmdstr2 := fmt.Sprintf("ip link set dev %s up mtu %d address %s", ifName, cSess.Mtu, cSess.MacHw) cmdstr2 := fmt.Sprintf("ip link set dev %s up mtu %d address %s alias %s.%s", ifName, cSess.Mtu,
if !base.InContainer { cSess.MacHw, cSess.Group.Name, cSess.Username)
// 容器默认 iproute 不支持 alias
cmdstr2 += fmt.Sprintf(" alias %s.%s", cSess.Group.Name, cSess.Username)
}
err := execCmd([]string{cmdstr1, cmdstr2}) err := execCmd([]string{cmdstr1, cmdstr2})
if err != nil { if err != nil {
base.Error(err) base.Error(err)

1
server/handler/payload_access_audit.go
View File

@@ -135,6 +135,7 @@ func logAudit(userName string, pl *sessdata.Payload) {
ipSrc := waterutil.IPv4Source(pl.Data) ipSrc := waterutil.IPv4Source(pl.Data)
ipDst := waterutil.IPv4Destination(pl.Data) ipDst := waterutil.IPv4Destination(pl.Data)
b := getByte51() b := getByte51()
// key格式 16字节源IP地址 + 16字节目的IP地址 + 2字节目的端口 + 1字节协议类型 + 16字节域名MD5
key := *b key := *b
copy(key[:16], ipSrc) copy(key[:16], ipSrc)
copy(key[16:32], ipDst) copy(key[16:32], ipDst)

11
server/handler/server.go
View File

@@ -4,7 +4,6 @@ import (
"crypto/tls" "crypto/tls"
"fmt" "fmt"
"io" "io"
"log"
"net" "net"
"net/http" "net/http"
"os" "os"
@@ -51,7 +50,7 @@ func startTls() {
MinVersion: tls.VersionTLS12, MinVersion: tls.VersionTLS12,
CipherSuites: selectedCipherSuites, CipherSuites: selectedCipherSuites,
GetCertificate: func(chi *tls.ClientHelloInfo) (*tls.Certificate, error) { GetCertificate: func(chi *tls.ClientHelloInfo) (*tls.Certificate, error) {
base.Trace("GetCertificate", chi.ServerName) base.Trace("GetCertificate ServerName", chi.ServerName)
return dbdata.GetCertificateBySNI(chi.ServerName) return dbdata.GetCertificateBySNI(chi.ServerName)
}, },
} }
@@ -59,14 +58,14 @@ func startTls() {
Addr: addr, Addr: addr,
Handler: initRoute(), Handler: initRoute(),
TLSConfig: tlsConfig, TLSConfig: tlsConfig,
ErrorLog: base.GetBaseLog(), ErrorLog: base.GetServerLog(),
ReadTimeout: 60 * time.Second, ReadTimeout: 100 * time.Second,
WriteTimeout: 60 * time.Second, WriteTimeout: 100 * time.Second,
} }
ln, err = net.Listen("tcp", addr) ln, err = net.Listen("tcp", addr)
if err != nil { if err != nil {
log.Fatal(err) base.Fatal(err)
} }
defer ln.Close() defer ln.Close()

13
server/main.go
View File

@@ -20,14 +20,21 @@ import (
var uiData embed.FS var uiData embed.FS
// 程序版本 // 程序版本
var CommitId string var (
appVer string
commitId string
buildDate string
)
func main() { func main() {
base.CommitId = CommitId
admin.UiData = uiData admin.UiData = uiData
base.APP_VER = appVer
base.CommitId = commitId
base.BuildDate = buildDate
base.Start() base.Start()
handler.Start() handler.Start()
signalWatch() signalWatch()
} }
@@ -35,7 +42,7 @@ func signalWatch() {
base.Info("Server pid: ", os.Getpid()) base.Info("Server pid: ", os.Getpid())
sigs := make(chan os.Signal, 1) sigs := make(chan os.Signal, 1)
signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM, syscall.SIGALRM) signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM, syscall.SIGALRM, syscall.SIGUSR2)
for { for {
sig := <-sigs sig := <-sigs
base.Info("Get signal:", sig) base.Info("Get signal:", sig)

9
server/sessdata/ip_pool.go
View File

@@ -89,10 +89,13 @@ func initIpPool() {
// } // }
// AcquireIp 获取动态ip // AcquireIp 获取动态ip
func AcquireIp(username, macAddr string, uniqueMac bool) net.IP { func AcquireIp(username, macAddr string, uniqueMac bool) (newIp net.IP) {
base.Trace("AcquireIp:", username, macAddr, uniqueMac) base.Trace("AcquireIp start:", username, macAddr, uniqueMac)
ipPoolMux.Lock() ipPoolMux.Lock()
defer ipPoolMux.Unlock() defer func() {
ipPoolMux.Unlock()
base.Trace("AcquireIp end:", username, macAddr, uniqueMac, newIp)
}()
var ( var (
err error err error

2
server/sessdata/session.go
View File

@@ -49,6 +49,7 @@ type ConnSession struct {
BandwidthDownAll atomic2.Uint64 // 使用下行带宽总量 BandwidthDownAll atomic2.Uint64 // 使用下行带宽总量
closeOnce sync.Once closeOnce sync.Once
CloseChan chan struct{} CloseChan chan struct{}
LastDataTime atomic2.Time // 最后数据传输时间
PayloadIn chan *Payload PayloadIn chan *Payload
PayloadOutCstp chan *Payload // Cstp的数据 PayloadOutCstp chan *Payload // Cstp的数据
PayloadOutDtls chan *Payload // Dtls的数据 PayloadOutDtls chan *Payload // Dtls的数据
@@ -219,6 +220,7 @@ func (s *Session) NewConn() *ConnSession {
PayloadOutDtls: make(chan *Payload, 64), PayloadOutDtls: make(chan *Payload, 64),
dSess: &atomic.Value{}, dSess: &atomic.Value{},
} }
cSess.LastDataTime.Store(time.Now())
dSess := &DtlsSession{ dSess := &DtlsSession{
isActive: -1, isActive: -1,

5
server/sessdata/session_test.go
View File

@@ -33,7 +33,7 @@ func TestConnSession(t *testing.T) {
sess.MacAddr = "00:15:5d:50:14:43" sess.MacAddr = "00:15:5d:50:14:43"
cSess := sess.NewConn() cSess := sess.NewConn()
base.Info("cSess", cSess) // base.Info("cSess", cSess)
err := cSess.RateLimit(100, true) err := cSess.RateLimit(100, true)
ast.Nil(err) ast.Nil(err)
@@ -60,4 +60,7 @@ func TestConnSession(t *testing.T) {
ast.Equal(cmpName, "") ast.Equal(cmpName, "")
cSess.Close() cSess.Close()
// 等待日志执行完成
time.Sleep(time.Second * 10)
} }

1
version Normal file
View File

@@ -0,0 +1 @@
0.11.1

1
version_info Normal file
View File

@@ -0,0 +1 @@
version_info

69
web/src/pages/user/List.vue
View File

@@ -13,23 +13,26 @@
<el-form-item> <el-form-item>
<el-dropdown size="small" placement="bottom"> <el-dropdown size="small" placement="bottom">
<el-upload <el-upload
class="uploaduser" class="uploaduser"
action="uploaduser" action="uploaduser"
accept=".xlsx, .xls" accept=".xlsx, .xls"
:http-request="upLoadUser" :http-request="upLoadUser"
:limit="1" :limit="1"
:show-file-list="false"> :show-file-list="false">
<el-button size="small" icon="el-icon-upload2" type="primary">批量添加</el-button> <el-button size="small" icon="el-icon-upload2" type="primary">批量添加</el-button>
</el-upload> </el-upload>
<el-dropdown-menu slot="dropdown"> <el-dropdown-menu slot="dropdown">
<el-dropdown-item> <el-dropdown-item>
<el-link style="font-size:12px;" type="success" href="批量添加用户模版.xlsx"><i class="el-icon-download"></i>下载模版</el-link> <el-link style="font-size:12px;" type="success" href="批量添加用户模版.xlsx"><i
</el-dropdown-item> class="el-icon-download"></i>下载模版
</el-dropdown-menu> </el-link>
</el-dropdown-item>
</el-dropdown-menu>
</el-dropdown> </el-dropdown>
</el-form-item> </el-form-item>
<el-form-item label="用户名:"> <el-form-item label="用户名或姓名或邮箱:">
<el-input size="small" v-model="searchData" placeholder="请输入内容" @keydown.enter.native="searchEnterFun"></el-input> <el-input size="small" v-model="searchData" placeholder="请输入内容"
@keydown.enter.native="searchEnterFun"></el-input>
</el-form-item> </el-form-item>
<el-form-item> <el-form-item>
@@ -105,7 +108,7 @@
<template slot-scope="scope"> <template slot-scope="scope">
<el-tag v-if="scope.row.status === 1" type="success">可用</el-tag> <el-tag v-if="scope.row.status === 1" type="success">可用</el-tag>
<el-tag v-if="scope.row.status === 0" type="danger">停用</el-tag> <el-tag v-if="scope.row.status === 0" type="danger">停用</el-tag>
<el-tag v-if="scope.row.status === 2" >过期</el-tag> <el-tag v-if="scope.row.status === 2">过期</el-tag>
</template> </template>
</el-table-column> </el-table-column>
@@ -202,16 +205,16 @@
<el-form-item label="过期时间" prop="limittime"> <el-form-item label="过期时间" prop="limittime">
<el-date-picker <el-date-picker
v-model="ruleForm.limittime" v-model="ruleForm.limittime"
type="date" type="date"
size="small" size="small"
align="center" align="center"
style="width:130px" style="width:130px"
:picker-options="pickerOptions" :picker-options="pickerOptions"
placeholder="选择日期"> placeholder="选择日期">
</el-date-picker> </el-date-picker>
</el-form-item> </el-form-item>
<el-form-item label="禁用OTP" prop="disable_otp"> <el-form-item label="禁用OTP" prop="disable_otp">
<el-switch <el-switch
v-model="ruleForm.disable_otp"> v-model="ruleForm.disable_otp">
@@ -278,7 +281,7 @@ export default {
count: 10, count: 10,
pickerOptions: { pickerOptions: {
disabledDate(time) { disabledDate(time) {
return time.getTime() < Date.now(); return time.getTime() < Date.now();
} }
}, },
searchData: '', searchData: '',
@@ -324,7 +327,7 @@ export default {
const formData = new FormData(); const formData = new FormData();
formData.append("file", item.file); formData.append("file", item.file);
axios.post('/user/uploaduser', formData, { axios.post('/user/uploaduser', formData, {
headers: { headers: {
'Content-Type': 'multipart/form-data' 'Content-Type': 'multipart/form-data'
} }
}).then(resp => { }).then(resp => {
@@ -456,15 +459,15 @@ export default {
this.$refs[formName].resetFields(); this.$refs[formName].resetFields();
}, },
searchEnterFun(e) { searchEnterFun(e) {
var keyCode = window.event ? e.keyCode : e.which; var keyCode = window.event ? e.keyCode : e.which;
if (keyCode == 13) { if (keyCode == 13) {
this.handleSearch() this.handleSearch()
} }
}, },
reset() { reset() {
this.searchData = ""; this.searchData = "";
this.handleSearch(); this.handleSearch();
}, },
}, },
} }
</script> </script>

4
yarn.lock Normal file
View File

@@ -0,0 +1,4 @@
# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
# yarn lockfile v1