merge #43

docker/Dockerfile

@@ -1,50 +1,44 @@
-FROM visense/debain11_slim:v1
-
+FROM alpine:3.17
 
 ENV TUNNEL_PATH=/secret-tunnel-path/
 ENV OVERTLS_LOG_LEVEL=debug
 
-
 ARG HTTP_PORT=80
 ARG HTTPS_PORT=443
 
 ARG OVERTLS_HOST=127.0.0.1
 ARG OVERTLS_PORT=10000
+ARG SSL_KEY=privkey.pem
+ARG SSL_PUBLIC=fullchain.pem
 
-
-COPY run.sh utils.sh index.html security.conf 50x.html /
+COPY run.sh utils.sh index.html 50x.html /
 
 RUN echo 'export HTTP_PORT='"$HTTP_PORT" > /etc/envinit.sh && \
     echo 'export HTTPS_PORT='"$HTTPS_PORT" >> /etc/envinit.sh && \
     echo 'export HTTP_PORT='"$HTTP_PORT" >> /etc/envinit.sh && \
     echo 'export OVERTLS_HOST='"$OVERTLS_HOST" >> /etc/envinit.sh && \
     echo 'export OVERTLS_PORT='"$OVERTLS_PORT" >> /etc/envinit.sh && \
-    sed -i 's/deb.debian.org/mirrors.aliyun.com/g' /etc/apt/sources.list && \
+    echo 'export SSL_KEY='"$SSL_KEY" >> /etc/envinit.sh && \
+    echo 'export SSL_PUBLIC='"$SSL_PUBLIC" >> /etc/envinit.sh && \
+    sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories && \
     \cp /utils.sh /etc/utils.sh && \
-    apt-get update && apt-get install -y wget nginx vim && chmod +x /run.sh && mkdir -p /default/ && cd /default && \
+    apk add --update --no-cache bash unzip wget fontconfig nginx nginx-mod-stream nginx-mod-http-headers-more nginx-mod-http-lua vim && \
+    chmod +x /run.sh && mkdir -p /default/ && cd /default && \
     wget -O overtls.zip https://github.com/shadowsocksr-live/overtls/releases/latest/download/overtls-x86_64-unknown-linux-musl.zip && \
     unzip overtls.zip && rm -rf overtls.zip && \
-    rm -rf /var/lib/apt/lists/* && \
+    fc-cache -f -v && \
+    rm -rf /var/cache/apk/* /tmp/* && \
     mkdir /web && \
     mkdir /cert && \
-    cd /default && \
     rm -rf /etc/nginx/sites-enabled/* && \
-    \cp /security.conf /etc/nginx/conf.d/ && \
-    chown -R www-data:www-data /web && \
-    chmod -R 777 /web
-
-
-
-
+    rm -rf /etc/nginx/http.d/*
 
 VOLUME ["/web"]
 VOLUME ["/cert"]
 
 USER root
 
-
 EXPOSE $HTTP_PORT
 EXPOSE $HTTPS_PORT
 
-
 ENTRYPOINT ["/bin/bash", "run.sh"]

docker/README.md

@@ -1,5 +1,7 @@
 # overtls
-docker run --restart always -p 80:80 -p 443:443  --name overtls -e TUNNEL_PATH=/secret-tunnel-path/ -v /cert:/cert -v /web:/web -itd registry.cn-hangzhou.aliyuncs.com/dubux/overtls:latest
+```bash
+docker run --restart always -p 80:80 -p 443:443  --name overtls -e TUNNEL_PATH=/secret-tunnel-path/ -v /cert:/cert -v /web:/web -itd chengxudong2020/overtls
+```
 
 # 参数说明
 - `-v 证书所在目录` 一定要映射到 /cert容器目录 证书目录中必须存在私钥 `privkey.pem` 公钥 `fullchain.pem` 若名字不对请改名

docker/run.sh

@@ -2,66 +2,76 @@
 source /etc/envinit.sh
 source /etc/utils.sh
 
+checkssl(){
+  local file="/cert/$SSL_PUBLIC"
+  if [ ! -f "$file" ]; then
+    echoerr "找不到证书公钥文件： $file, 请检查配置"
+    exit 1
+  fi
+  file="/cert/$SSL_KEY"
+  if [ ! -f "$file" ]; then
+    echoerr "找不到证书私钥文件： $file, 请检查配置"
+    exit 1
+  fi
+}
+
 checkindex(){
   isindex=0
-  local dir="/web"  
-    if [ ! -d "$dir" ]; then  
-      mkdir "$dir"  
-    fi  
+  local dir="/web"
+    if [ ! -d "$dir" ]; then
+      mkdir "$dir"
+    fi
   cd $dir
-   file_list=("index.php" "index.html" "index.htm" "index.nginx-debian.html")  
-   for file in "${file_list[@]}"; do    
-    if [ -f "$file" ]; then    
-      echolog "存在默认首页： $file"  
+   file_list=("index.php" "index.html" "index.htm" "index.nginx-debian.html")
+   for file in "${file_list[@]}"; do
+    if [ -f "$file" ]; then
+      echolog "存在默认首页: $file"
       isindex=1
       break
-    fi    
+    fi
   done
   local xfile="50x.html"
   is50x=0
-   if [ -f "$xfile" ]; then    
-      echolog "存在默认50x错误页： $xfile"
+   if [ -f "$xfile" ]; then
+      echolog "存在默认50x错误页: $xfile"
       is50x=1
     fi
 }
 initIndex(){
     checkindex
     if [ $isindex -eq 0 ]; then
-     echolog "不存在首页，则使用默认首页"
-     \cp /index.html /web/index.html
+      echolog "不存在首页，则使用默认首页"
+      \cp /index.html /web/index.html
     fi
     if [ $is50x -eq 0 ]; then
-     echolog "不存在50x错误页，则使用默认50x错误页"
+     echolog "不存在50x错误页, 则使用默认50x错误页"
      \cp /50x.html /web/50x.html
     fi
 }
 
 initConfig(){
-  rm -rf /etc/nginx/conf.d/overtls.conf
-  cat > /etc/nginx/conf.d/overtls.conf <<EOF
+  rm -rf /etc/nginx/http.d/overtls.conf
+  cat > /etc/nginx/http.d/overtls.conf <<EOF
   server {
         listen $HTTP_PORT default_server;
         listen [::]:$HTTP_PORT default_server;
         server_name localhost;
-        index index.php index.html index.htm index.nginx-debian.html;
-        root  /web;
-    }
-     server {
+        rewrite ^(.*)$ https://\$host\$1 permanent;
+  }
+  server {
         listen $HTTPS_PORT ssl default_server;
         listen [::]:$HTTPS_PORT ssl default_server;
-        ssl_certificate       /cert/fullchain.pem;
-        ssl_certificate_key   /cert/privkey.pem;
+        ssl_certificate       /cert/$SSL_PUBLIC;
+        ssl_certificate_key   /cert/$SSL_KEY;
         ssl_protocols         TLSv1 TLSv1.1 TLSv1.2;
         ssl_ciphers           HIGH:!aNULL:!MD5;
         server_name           localhost;
         index index.php index.html index.htm index.nginx-debian.html;
         root  /web;
         error_page 400 = /400.html;
-
         location ~ \\.php$ {
             
         }
-
         location $TUNNEL_PATH {
             proxy_redirect off;
             proxy_pass http://$OVERTLS_HOST:$OVERTLS_PORT;
@@ -70,27 +80,26 @@ initConfig(){
             proxy_set_header Connection "upgrade";
             proxy_set_header Host \$http_host;
         }
-    }
+  }
 EOF
-    local identity=$(random_string_gen 4)
-    rm -rf /default/config.json
-    cat > /default/config.json <<EOF
+
+  local identity=$(random_string_gen 4)
+  rm -rf /default/config.json
+  cat > /default/config.json <<EOF
 {
     "remarks": "${identity}",
     "tunnel_path": "$TUNNEL_PATH",
-
     "server_settings": {
         "forward_addr": "http://127.0.0.1:$HTTP_PORT",
         "listen_host": "$OVERTLS_HOST",
         "listen_port": $OVERTLS_PORT
     }
-
 }
 EOF
-    
+
 }
 
-echolog "-----------开始启动------------------"
-echolog "--使用的tunnel_path=$TUNNEL_PATH-----"
-initIndex && initConfig && nginx -g "daemon off;" & \
-cd /default && chmod +x ./overtls && ./overtls -v $OVERTLS_LOG_LEVEL -r server -c config.json
+echolog "开始启动-----------------------------"
+echolog "使用的tunnel_path=$TUNNEL_PATH-------"
+checkssl && initIndex && initConfig && nginx && \
+cd /default && chmod +x ./overtls && ./overtls -v $OVERTLS_LOG_LEVEL -r server -c config.json

docker/utils.sh

@@ -3,6 +3,10 @@ echolog() {
     echo -e "\033[32m[overtls log]\033[0m" $*
 }
 
+echoerr() {
+    echo -e "\033[31m[overtls err]\033[0m" $*
+}
+
 random_string_gen() {
     local PASS=""
     local MATRIX="0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" # "~!@#$%^&*()_+="