docker add (#42)

.gitignore

@@ -3,7 +3,9 @@ nginx_signing.key
 overtls-daemon.sh
 project.xcworkspace/
 xcuserdata/
-.*
+.vscode/
+.VSCodeCounter/
+.env
 build/
 tmp/
 dev/

Dockerfile

@@ -0,0 +1,25 @@
+FROM rust AS build
+LABEL overtls by source
+
+WORKDIR /app
+
+# apt
+RUN apt-get update && \
+    apt-get install -y openssl curl && \
+    apt-get install -y git
+
+
+RUN git clone https://github.com/shadowsocksr-live/overtls.git && \
+    cd overtls && \
+    cargo build --release
+
+
+
+
+ENV CONFIG=/app/config.json
+
+
+CMD bash /app/overtls -r server -c ${CONFIG}
+
+
+

docker/50x.html

@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Error</title>
+<style>
+html { color-scheme: light dark; }
+body { width: 35em; margin: 0 auto;
+font-family: Tahoma, Verdana, Arial, sans-serif; }
+</style>
+</head>
+<body>
+<h1>An error occurred.</h1>
+<p>Sorry, the page you are looking for is currently unavailable.<br/>
+Please try again later.</p>
+<p>If you are the system administrator of this resource then you should check
+the error log for details.</p>
+<p><em>Faithfully yours, nginx.</em></p>
+</body>
+</html>

docker/Dockerfile

@@ -0,0 +1,51 @@
+FROM visense/debain11_slim:v1
+
+
+ENV TUNNEL_PATH=/secret-tunnel-path/
+ENV OVERTLS_LOG_LEVEL=debug
+
+
+ARG HTTP_PORT=80
+ARG HTTPS_PORT=443
+
+ARG VERION=v0.2.8
+ARG OVERTLS_HOST=127.0.0.1
+ARG OVERTLS_PORT=10000
+
+
+COPY run.sh utils.sh index.html security.conf 50x.html /
+
+RUN echo 'export HTTP_PORT='"$HTTP_PORT" > /etc/envinit.sh && \
+    echo 'export HTTPS_PORT='"$HTTPS_PORT" >> /etc/envinit.sh && \
+    echo 'export HTTP_PORT='"$HTTP_PORT" >> /etc/envinit.sh && \
+    echo 'export OVERTLS_HOST='"$OVERTLS_HOST" >> /etc/envinit.sh && \
+    echo 'export OVERTLS_PORT='"$OVERTLS_PORT" >> /etc/envinit.sh && \
+    sed -i 's/deb.debian.org/mirrors.aliyun.com/g' /etc/apt/sources.list && \
+    \cp /utils.sh /etc/utils.sh && \
+    apt-get update && apt-get install -y wget nginx vim && chmod +x /run.sh && mkdir -p /default/ && cd /default && \
+    wget -O overtls.zip https://github.com/ShadowsocksR-Live/overtls/releases/download/$VERION/overtls-x86_64-unknown-linux-musl.zip && \
+    unzip overtls.zip && rm -rf overtls.zip && \
+    rm -rf /var/lib/apt/lists/* && \
+    mkdir /web && \
+    mkdir /cert && \
+    cd /default && \
+    rm -rf /etc/nginx/sites-enabled/* && \
+    \cp /security.conf /etc/nginx/conf.d/ && \
+    chown -R www-data:www-data /web && \
+    chmod -R 777 /web
+
+
+
+
+
+VOLUME ["/web"]
+VOLUME ["/cert"]
+
+USER root
+
+
+EXPOSE $HTTP_PORT
+EXPOSE $HTTPS_PORT
+
+
+ENTRYPOINT ["/bin/bash", "run.sh"]

docker/README.md

@@ -0,0 +1,8 @@
+# overtls
+docker run --restart always -p 80:80 -p 443:443  --name overtls -e TUNNEL_PATH=/secret-tunnel-path/ -v /cert:/cert -v /web:/web -itd registry.cn-hangzhou.aliyuncs.com/dubux/overtls:latest
+
+# 参数说明
+- -v 证书所在目录 一定要映射到/cert容器目录 证书要目录中必须存在私钥privkey.pem 公钥fullchain.pem 名字不对请该名
+- -v web静态文件所在目录 其中必须为包含index.php index.html index.htm index.nginx-debian.html 
+  任何一个为默认首页 请自己从网上下载之后放入目录重启容器或者新建容器提前放好，映射之后的容器的目录必须是 /web
+- -e TUNNEL_PATH 默认为 /secret-tunnel-path/ 请修改 否则出现任何后果自负

docker/index.html

@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Welcome to nginx!</title>
+<style>
+html { color-scheme: light dark; }
+body { width: 35em; margin: 0 auto;
+font-family: Tahoma, Verdana, Arial, sans-serif; }
+</style>
+</head>
+<body>
+<h1>Welcome to nginx!</h1>
+<p>If you see this page, the nginx web server is successfully installed and
+working. Further configuration is required.</p>
+
+<p>For online documentation and support please refer to
+<a href="http://nginx.org/">nginx.org</a>.<br/>
+Commercial support is available at
+<a href="http://nginx.com/">nginx.com</a>.</p>
+
+<p><em>Thank you for using nginx.</em></p>
+</body>
+</html>

docker/run.sh

@@ -0,0 +1,96 @@
+#!/bin/bash
+source /etc/envinit.sh
+source /etc/utils.sh
+
+checkindex(){
+  isindex=0
+  local dir="/web"  
+    if [ ! -d "$dir" ]; then  
+      mkdir "$dir"  
+    fi  
+  cd $dir
+   file_list=("index.php" "index.html" "index.htm" "index.nginx-debian.html")  
+   for file in "${file_list[@]}"; do    
+    if [ -f "$file" ]; then    
+      echolog "存在默认首页： $file"  
+      isindex=1
+      break
+    fi    
+  done
+  local xfile="50x.html"
+  is50x=0
+   if [ -f "$xfile" ]; then    
+      echolog "存在默认50x错误页： $xfile"
+      is50x=1
+    fi
+}
+initIndex(){
+    checkindex
+    if [ $isindex -eq 0 ]; then
+     echolog "不存在首页，则使用默认首页"
+     \cp /index.html /web/index.html
+    fi
+    if [ $is50x -eq 0 ]; then
+     echolog "不存在50x错误页，则使用默认50x错误页"
+     \cp /50x.html /web/50x.html
+    fi
+}
+
+initConfig(){
+  rm -rf /etc/nginx/conf.d/overtls.conf
+  cat > /etc/nginx/conf.d/overtls.conf <<EOF
+  server {
+        listen $HTTP_PORT default_server;
+        listen [::]:$HTTP_PORT default_server;
+        server_name localhost;
+        index index.php index.html index.htm index.nginx-debian.html;
+        root  /web;
+    }
+     server {
+        listen $HTTPS_PORT ssl default_server;
+        listen [::]:$HTTPS_PORT ssl default_server;
+        ssl_certificate       /cert/fullchain.pem;
+        ssl_certificate_key   /cert/privkey.pem;
+        ssl_protocols         TLSv1 TLSv1.1 TLSv1.2;
+        ssl_ciphers           HIGH:!aNULL:!MD5;
+        server_name           localhost;
+        index index.php index.html index.htm index.nginx-debian.html;
+        root  /web;
+        error_page 400 = /400.html;
+
+        location ~ \\.php$ {
+            
+        }
+
+        location $TUNNEL_PATH {
+            proxy_redirect off;
+            proxy_pass http://$OVERTLS_HOST:$OVERTLS_PORT;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade \$http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header Host \$http_host;
+        }
+    }
+EOF
+    local identity=$(random_string_gen 4)
+    rm -rf /default/config.json
+    cat > /default/config.json <<EOF
+{
+    "remarks": "${identity}",
+    "tunnel_path": "$TUNNEL_PATH",
+
+    "server_settings": {
+        "forward_addr": "http://127.0.0.1:$HTTP_PORT",
+        "listen_host": "$OVERTLS_HOST",
+        "listen_port": $OVERTLS_PORT
+    }
+
+}
+EOF
+
+}
+
+echolog "-----------开始启动------------------"
+echolog "--使用的tunnel_path=$TUNNEL_PATH-----"
+initIndex && initConfig && nginx -g "daemon off;" & \
+cd /default && chmod +x ./overtls && ./overtls -v $OVERTLS_LOG_LEVEL -r server -c config.json

docker/security.conf

@@ -0,0 +1 @@
+server_tokens off;

docker/utils.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+echolog() {
+    echo -e "\033[32m[overtls log]\033[0m" $*
+}
+
+random_string_gen() {
+    local PASS=""
+    local MATRIX="0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" # "~!@#$%^&*()_+="
+    local LENGTH=$1
+    [ -z $1 ] && LENGTH="16"
+    while [ "${n:=1}" -le "$LENGTH" ]
+    do
+        PASS="$PASS${MATRIX:$(($RANDOM%${#MATRIX})):1}"
+        let n+=1
+    done
+
+    echo ${PASS}
+}