diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..72f751f --- /dev/null +++ b/.dockerignore @@ -0,0 +1,28 @@ +**/__pycache__ +**/*venv +**/.classpath +**/.dockerignore +**/.env +**/.git +**/.gitignore +**/.project +**/.settings +**/.toolstarget +**/.vs +**/.vscode +**/*.*proj.user +**/*.dbmdl +**/*.jfm +**/charts +**/docker-compose* +**/compose* +**/Dockerfile* +**/node_modules +**/npm-debug.log +**/obj +**/secrets.dev.yaml +**/values.dev.yaml +*.db +.python-version +LICENSE +README.md diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..c3ebc67 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,54 @@ +FROM --platform=linux/amd64 registry.cn-hangzhou.aliyuncs.com/browser/python:3.8.19-2 +LABEL maintainer="Browser " + +# 设置环境变量 +# 防止 python 将 pyc 文件写入硬盘 +ENV PYTHONDONTWRITEBYTECODE=1 +# 防止 python 缓冲 (buffering) stdout 和 stderr, 以便更容易地进行容器日志记录 +ENV PYTHONUNBUFFERED=1 + +WORKDIR /opt/openvpn-cms-flask + +COPY . . + +# vpn init script +RUN cp -r /opt/openvpn-cms-flask/bin/* /usr/local/bin/ \ + && chmod a+x /usr/local/bin/* \ + && cp /opt/openvpn-cms-flask/app/scripts/cmd/* /usr/local/bin/ \ + && sed -i s/127.0.0.1/mysql/g /usr/local/bin/connect.sh \ + && sed -i s/127.0.0.1/mysql/g /usr/local/bin/disconnect.sh \ + && chmod 755 -R /usr/local/bin/ + +# python +RUN set -ex \ + && yum install -y gcc GeoIP GeoIP-devel net-tools \ + && pip3 install --no-cache-dir -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple \ + && sed -i s/localhost/mysql/g /opt/openvpn-cms-flask/app/config/secure.py + +# openvpn +RUN set -ex \ + && yum install -y epel-release \ + && yum install -y openvpn easy-rsa expect zip unzip net-tools telnet mysql netcat \ + && yum clean all + + +# arp script +#ADD cronfile /etc/cron.d/arp-cron + +RUN set -ex \ + && rm -rf /etc/localtime \ + && ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime + +# && chmod 0644 /etc/cron.d/arp-cron \ +# && touch /var/log/cron.log \ +# && env | grep -v "no_proxy" >> /etc/environment \ + +VOLUME ["/etc/openvpn"] +VOLUME ["/opt/vpnuser"] + +# 暴露端口 +EXPOSE 5000 +EXPOSE 11940/udp + +CMD ["vpn_run"] + diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..cc88751 --- /dev/null +++ b/Makefile @@ -0,0 +1,16 @@ +#all: build push +# +#build: +# docker buildx build --platform linux/arm64,linux/amd64 -t registry.cn-hangzhou.aliyuncs.com/browser/openvpn-cms-flask:v1.2.0 -f Dockerfile . --push +# +#.PHONY: all build + +all: build push + +build: + docker build --pull --platform linux/amd64 -t registry.cn-hangzhou.aliyuncs.com/browser/openvpn-cms-flask:v1.2.7 . + +push: + docker push registry.cn-hangzhou.aliyuncs.com/browser/openvpn-cms-flask:v1.2.7 + +.PHONY: all build push diff --git a/app/scripts/ovpn_env.sh b/app/scripts/ovpn_env.sh new file mode 100644 index 0000000..c2f57e0 --- /dev/null +++ b/app/scripts/ovpn_env.sh @@ -0,0 +1,2 @@ +declare -x OVPN_SERVER=172.16.64.0/20 +declare -x OVPN_NATDEVICE=eth0 \ No newline at end of file diff --git a/bin/vpn_init b/bin/vpn_init new file mode 100755 index 0000000..36b5878 --- /dev/null +++ b/bin/vpn_init @@ -0,0 +1,38 @@ +#!/bin/bash + +# Initialize the EasyRSA PKI + +IP=$1 +VPN_SERVER=${IP:=127.0.0.1} + +cp -r /usr/share/easy-rsa /etc/openvpn/ \ +&& cp -r /opt/openvpn-cms-flask/app/scripts/vars /etc/openvpn/easy-rsa/3.0/ \ +&& cp /opt/openvpn-cms-flask/app/scripts/server.conf /etc/openvpn/ \ +&& sed -i s/\#dev\ tun/dev\ tun/g /etc/openvpn/server.conf \ +&& sed -i s/dev\ tap/\#dev\ tap/g /etc/openvpn/server.conf \ +&& cp /opt/openvpn-cms-flask/app/scripts/ovpn_env.sh /etc/openvpn/ \ +&& cp /opt/openvpn-cms-flask/app/scripts/*.expect /etc/openvpn/easy-rsa/3.0/ \ +&& chmod +x /etc/openvpn/easy-rsa/3.0/*.expect \ +&& cd /etc/openvpn/easy-rsa/3.0 \ +&& ./easyrsa init-pki \ +&& ./easyrsa --batch build-ca nopass \ +&& ./easyrsa gen-dh \ +&& ./easyrsa build-server-full openvpnserver nopass \ +&& openvpn --genkey --secret ta.key \ +&& ./easyrsa gen-crl \ +&& chmod 666 pki/crl.pem \ +&& mkdir -p /var/log/openvpn \ +&& mkdir -p /opt/vpnuser \ +&& mkdir -p /etc/openvpn/easy-rsa/3/pki/package \ +&& cp pki/ca.crt pki/package/ \ +&& cp ta.key pki/package/ \ +&& cp /opt/openvpn-cms-flask/app/scripts/client.ovpn pki/package/ \ +&& sed -i s/\#dev\ tun/dev\ tun/g pki/package/client.ovpn \ +&& sed -i s/dev\ tap/\#dev\ tap/g pki/package/client.ovpn \ +&& sed -i s/openvpn.example.com/$VPN_SERVER/g pki/package/client.ovpn + +cd /opt/openvpn-cms-flask \ +&& sleep 3 \ +&& python add_super.py + +echo "Initialization complete" diff --git a/bin/vpn_run b/bin/vpn_run new file mode 100755 index 0000000..3b7d223 --- /dev/null +++ b/bin/vpn_run @@ -0,0 +1,60 @@ +#!/bin/bash + +# 脚本只要发生错误,就终止执行 +set -e + +# 参数组 +USER_ARGS=("${@}") +ARGS=() + +# 参数检查重复 +function hasArg { + local element + for element in "${@:2}"; do + [ "${element}" == "${1}" ] && return 0 + done + return 1 +} + +# 添加参数 +function addArg { + local arg="${1}" + [ $# -ge 1 ] && local val="${2}" + if ! hasArg "${arg}" "${USER_ARGS[@]}"; then + ARGS+=("${arg}") + [ $# -ge 1 ] && ARGS+=("${val}") + fi +} + +# openvpn启动参数 +addArg "--config" "/etc/openvpn/server.conf" + +# tun +mkdir -p /dev/net +if [ ! -c /dev/net/tun ]; then + mknod /dev/net/tun c 10 200 +fi + + +function setup_iptables { + iptables -t nat -A POSTROUTING -s $OVPN_SERVER -o $OVPN_NATDEVICE -j MASQUERADE 2>/dev/null +} + +source "/etc/openvpn/ovpn_env.sh" +setup_iptables + +if [ $# -ge 1 ] ;then + # shellcheck disable=SC2145 + echo "Running 'openvpn ${ARGS[@]} ${USER_ARGS[@]}'" + # shellcheck disable=SC2068 + exec openvpn ${ARGS[@]} ${USER_ARGS[@]} +else + # start openvpn-cms-flask + sleep 5 + python starter.py > /opt/openvpn-cms-flask/logs/openvpn-cms-flask.log 2>&1 & + # shellcheck disable=SC2068 + exec openvpn ${ARGS[@]} +fi + + + diff --git a/cronfile b/cronfile new file mode 100644 index 0000000..3ff12f5 --- /dev/null +++ b/cronfile @@ -0,0 +1 @@ +*/10 * * * * sh /usr/local/bin/add_arp.sh \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..0e9a049 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,62 @@ +services: + openvpn-cms-vue: + image: registry.cn-hangzhou.aliyuncs.com/browser/openvpn-cms-vue:v1.1.0 + container_name: openvpn-cms-vue + volumes: + - ./service/nginx/logs:/var/log/nginx + ports: + - "8000:8000" + links: + - openvpn-cms-flask + restart: always + networks: + - openvpn + depends_on: + - openvpn-cms-flask + + openvpn-cms-flask: + image: registry.cn-hangzhou.aliyuncs.com/browser/openvpn-cms-flask:v1.2.7 + container_name: openvpn-cms-flask + volumes: + - ./service/openvpn/data:/etc/openvpn + - ./service/openvpn/log:/var/log/openvpn + - ./service/vpnuser:/opt/vpnuser + - ./logs:/opt/openvpn-cms-flask/logs + ports: + - "5000:5000" + - "11940:11940/udp" + links: + - mysql + restart: always + cap_add: + - NET_ADMIN + networks: + - openvpn + depends_on: + - mysql + + mysql: + image: registry.cn-hangzhou.aliyuncs.com/browser/mysql:8.0.21 + restart: unless-stopped + container_name: mysql + volumes: + - ./service/mysql/data:/var/lib/mysql + command: + --default-authentication-plugin=mysql_native_password + --character-set-server=utf8mb4 + --collation-server=utf8mb4_general_ci + --explicit_defaults_for_timestamp=true + --lower_case_table_names=1 + environment: + MYSQL_ROOT_PASSWORD: "openvpn" + MYSQL_DATABASE: "openvpn" + TZ: Asia/Shanghai + privileged: true + ports: + - "3306:3306" + networks: + - openvpn + +networks: + openvpn: + driver: bridge \ No newline at end of file