add docker_overtls_caddy (#71)

docker_overtls_caddy/Dockerfile

@@ -0,0 +1,38 @@
+FROM alpine:3.17
+
+
+ENV TUNNEL_PATH=/secret-tunnel-path/ \
+    OVERTLS_LOG_LEVEL=debug \
+    HTTPS_PORT=443 \
+    OVERTLS_HOST=127.0.0.1 \
+    OVERTLS_PORT=10000 \
+    CADDY_VERSION=2.7.6 \
+    BASE_PATH="/etc/s6-overlay/s6-rc.d" \
+    DOMAIN_NAME="" \
+    S6_OVERLAY_VERSION="3.2.0.2"
+
+COPY --chmod=755 ./rootfs /
+
+RUN apk update && apk add --no-cache unzip wget && \
+    wget -O /tmp/s6-overlay-noarch.tar.xz https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz && \
+    tar -C / -Jxf /tmp/s6-overlay-noarch.tar.xz && \
+    rm -f /tmp/s6-overlay-noarch.tar.xz && \
+    wget -O /tmp/s6-overlay-x86_64.tar.xz https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-x86_64.tar.xz && \
+    tar -C / -Jxf /tmp/s6-overlay-x86_64.tar.xz && \
+    rm -f /tmp/s6-overlay-x86_64.tar.xz && \
+    wget -O /tmp/caddy.tar.gz https://github.com/caddyserver/caddy/releases/download/v${CADDY_VERSION}/caddy_${CADDY_VERSION}_linux_amd64.tar.gz && \
+    tar -xzvf /tmp/caddy.tar.gz -C ${BASE_PATH}/caddy && \
+    wget -O /tmp/overtls.zip https://github.com/shadowsocksr-live/overtls/releases/latest/download/overtls-x86_64-unknown-linux-musl.zip && \
+    unzip /tmp/overtls.zip -d ${BASE_PATH}/overtls -x "config.json" && \
+    rm -rf /var/cache/apk/* /tmp/*
+
+
+
+EXPOSE $HTTPS_PORT/tcp \
+       $HTTPS_PORT/udp
+
+
+VOLUME ["/web"]
+HEALTHCHECK --interval=10s --timeout=5s CMD /healthcheck.sh
+
+ENTRYPOINT ["/init"]

docker_overtls_caddy/README.md

@@ -0,0 +1,7 @@
+# overtls_caddy
+docker run -itd  --restart always --name overtls -p 443:443 -e DOMAIN_NAME=域名 -e TUNNEL_PATH=/admin/,/log/  -v /web:/web chengxudong2020/overtls_caddy:latest
+
+# 參數說​​明
+-v /web 可選建議設定web靜態檔案所在目錄其中必須為包含index.php index.html index.htm index.nginx-debian.html 任何一個為預設首頁請自己從網上下載之後放入目錄重啟容器或者新建容器提前放好，映射之後的容器的目錄必須是/web
+-e TUNNEL_PATH 可選 預設為 /secret-tunnel-path/ 請務必自行修改成複雜字串, 否則造成迅速被 GFW 封鎖之後果自負
+-e DOMAIN_NAME 必須配置否則無法啟動 域名，需要配置解析

docker_overtls_caddy/rootfs/etc/s6-overlay/s6-rc.d/caddy/dependencies

@@ -0,0 +1,2 @@
+overtls
+init

docker_overtls_caddy/rootfs/etc/s6-overlay/s6-rc.d/caddy/notification-fd

@@ -0,0 +1 @@
+3

docker_overtls_caddy/rootfs/etc/s6-overlay/s6-rc.d/caddy/run

@@ -0,0 +1,5 @@
+#!/command/with-contenv sh
+CADDY_PATH="${BASE_PATH}/caddy"
+exec \
+    /command/s6-notifyoncheck -d -n 300 -w 1000 -c "nc -z localhost ${OVERTLS_PORT}" \
+    "${CADDY_PATH}/caddy" run --config /etc/caddy/Caddyfile

docker_overtls_caddy/rootfs/etc/s6-overlay/s6-rc.d/caddy/type

@@ -0,0 +1 @@
+longrun

docker_overtls_caddy/rootfs/etc/s6-overlay/s6-rc.d/init/type

@@ -0,0 +1 @@
+oneshot

docker_overtls_caddy/rootfs/etc/s6-overlay/s6-rc.d/init/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init/up.real

docker_overtls_caddy/rootfs/etc/s6-overlay/s6-rc.d/init/up.real

@@ -0,0 +1,84 @@
+#!/command/with-contenv sh
+function initCaddyfile() {
+    rm -rf /etc/caddy/Caddyfile
+    cat > /etc/caddy/Caddyfile <<EOF
+    ${DOMAIN_NAME}:${HTTPS_PORT} {
+    tls [email protected]
+    encode gzip
+EOF
+     TUNNEL_PATH_STRING="$TUNNEL_PATH"
+     OLD_IFS="$IFS"
+     IFS=','
+     for path in $TUNNEL_PATH; do  
+          path="${path#"${path%%[![:space:]]*}"}"  
+          path="${path%"${path##*[![:space:]]}"}"  
+          cat >> /etc/caddy/Caddyfile <<EOF
+            reverse_proxy ${path} $OVERTLS_HOST:$OVERTLS_PORT
+EOF
+    done
+    IFS="$OLD_IFS"
+    cat >> /etc/caddy/Caddyfile <<EOF
+    file_server browse {
+           root /web
+    }
+EOF
+}
+
+random_string_gen() {
+    local PASS=""
+    local MATRIX="0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" # "~!@#$%^&*()_+="
+    local LENGTH=$1
+    [ -z $1 ] && LENGTH="16"
+    while [ "${n:=1}" -le "$LENGTH" ]
+    do
+        PASS="$PASS${MATRIX:$(($RANDOM%${#MATRIX})):1}"
+        let n+=1
+    done
+
+    echo ${PASS}
+}
+
+gettunnelpath(){
+    TUNNEL_PATH_STRING="$TUNNEL_PATH"   
+    TUNNEL_PATH_STRING="${TUNNEL_PATH_STRING#,}"  
+    TUNNEL_PATH_STRING="${TUNNEL_PATH_STRING%,}"  
+    NEW_TUNNEL_PATH=""  
+    OLD_IFS="$IFS"
+    IFS=','  
+    for item in $TUNNEL_PATH_STRING; do  
+        item="${item#"${item%%[![:space:]]*}"}"  
+        item="${item%"${item##*[![:space:]]}"}" 
+        if [ -n "$NEW_TUNNEL_PATH" ]; then  
+            NEW_TUNNEL_PATH="$NEW_TUNNEL_PATH,\"$item\""  
+        else  
+            NEW_TUNNEL_PATH="\"$item\""  
+        fi  
+    done  
+    IFS="$OLD_IFS"
+    NEW_TUNNEL_PATH="[${NEW_TUNNEL_PATH}]"  
+    echo $NEW_TUNNEL_PATH
+}
+
+function initOvertlsConfig() {
+    local identity=$(random_string_gen 4)
+    rm -rf ${BASE_PATH}/overtls/config.json
+    cat > ${BASE_PATH}/overtls/config.json <<EOF
+{
+    "remarks": "${identity}",
+    "tunnel_path": $(gettunnelpath),
+
+    "server_settings": {
+        "listen_host": "$OVERTLS_HOST",
+        "listen_port": $OVERTLS_PORT
+    }
+
+}
+EOF
+}
+
+if [ -z "${DOMAIN_NAME}" ] || [ -z "${TUNNEL_PATH}" ]; then
+    echo "Error: DOMAIN_NAME or TUNNEL_PATH is not set or empty. Exiting."
+    exit 1
+fi
+initCaddyfile
+initOvertlsConfig

docker_overtls_caddy/rootfs/etc/s6-overlay/s6-rc.d/overtls/dependencies

@@ -0,0 +1 @@
+init

docker_overtls_caddy/rootfs/etc/s6-overlay/s6-rc.d/overtls/run

@@ -0,0 +1,3 @@
+#!/command/with-contenv sh
+OVERTLS_PATH="${BASE_PATH}/overtls"
+exec "${OVERTLS_PATH}/overtls-bin" -v $OVERTLS_LOG_LEVEL -r server -c "${OVERTLS_PATH}/config.json"

docker_overtls_caddy/rootfs/etc/s6-overlay/s6-rc.d/overtls/type

@@ -0,0 +1 @@
+longrun

docker_overtls_caddy/rootfs/healthcheck.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+/command/s6-svstat /run/s6-rc/servicedirs/caddy || exit 1
+/command/s6-svstat /run/s6-rc/servicedirs/overtls || exit 1

docker_overtls_caddy/rootfs/web/50x.html

@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Error</title>
+<style>
+html { color-scheme: light dark; }
+body { width: 35em; margin: 0 auto;
+font-family: Tahoma, Verdana, Arial, sans-serif; }
+</style>
+</head>
+<body>
+<h1>An error occurred.</h1>
+<p>Sorry, the page you are looking for is currently unavailable.<br/>
+Please try again later.</p>
+<p>If you are the system administrator of this resource then you should check
+the error log for details.</p>
+<p><em>Faithfully yours, caddy.</em></p>
+</body>
+</html>

docker_overtls_caddy/rootfs/web/index.html

@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Welcome to caddy!</title>
+<style>
+html { color-scheme: light dark; }
+body { width: 35em; margin: 0 auto;
+font-family: Tahoma, Verdana, Arial, sans-serif; }
+</style>
+</head>
+<body>
+<h1>Welcome to caddy!</h1>
+<p>If you see this page, the nginx web server is successfully installed and
+working. Further configuration is required.</p>
+
+<p>For online documentation and support please refer to
+<a href="https://caddyserver.com/">caddy.com</a>.<br/>
+Commercial support is available at
+<a href="https://caddyserver.com/">caddy.com</a>.</p>
+
+<p><em>Thank you for using caddy.</em></p>
+</body>
+</html>