From 42d653b34ad3e19f41d5e6da11b150bbbb5d581b Mon Sep 17 00:00:00 2001 From: Wankko Ree Date: Thu, 4 Jul 2024 11:41:56 +0800 Subject: [PATCH 1/7] docker: custom log level --- docker/entrypoint.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index 952f549..93f9006 100644 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -10,8 +10,12 @@ SOCKS5_UDP_MODE="${SOCKS5_UDP_MODE:-udp}" TABLE="${TABLE:-20}" MARK="${MARK:-438}" +LOG_LEVEL="${LOG_LEVEL:-warn}" + config_file() { cat > /hs5t.yml << EOF +misc: + log-level: '${LOG_LEVEL}' tunnel: name: '${TUN}' mtu: ${MTU} From d795a4cd159a443ecb437e750ea607d89b8ce493 Mon Sep 17 00:00:00 2001 From: Wankko Ree Date: Fri, 5 Jul 2024 13:41:42 +0800 Subject: [PATCH 2/7] Docker: Merge and split Docker image layers to optimize rebuilding speed for devs and repulling speed for users --- .github/workflows/build.yaml | 2 ++ Dockerfile | 36 +++++++++++++++++++++--------------- 2 files changed, 23 insertions(+), 15 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 886da70..1c15a74 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -151,3 +151,5 @@ jobs: provenance: false tags: ${{ steps.docker_meta.outputs.tags }} labels: ${{ steps.docker_meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max diff --git a/Dockerfile b/Dockerfile index 822547d..0b842f2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,27 +1,33 @@ FROM alpine:latest AS builder +RUN apk add --update --no-cache \ + make \ + git \ + gcc \ + linux-headers \ + musl-dev + WORKDIR /src COPY . /src -RUN apk add --update --no-cache make git gcc linux-headers musl-dev \ - && make +RUN make FROM alpine:latest LABEL org.opencontainers.image.source="https://github.com/heiher/hev-socks5-tunnel" -COPY docker/entrypoint.sh /entrypoint.sh -COPY --from=builder /src/bin/hev-socks5-tunnel /usr/bin/hev-socks5-tunnel +RUN apk add --update --no-cache \ + iproute2 -RUN apk add --update --no-cache iproute2 \ - && chmod +x /entrypoint.sh - -ENV TUN=tun0 -ENV MTU=8500 -ENV IPV4=198.18.0.1 -ENV SOCKS5_ADDR=172.17.0.1 -ENV SOCKS5_PORT=1080 -ENV SOCKS5_UDP_MODE=udp -ENV IPV4_INCLUDED_ROUTES=0.0.0.0/0 -ENV IPV4_EXCLUDED_ROUTES=172.17.0.0/16 +ENV TUN=tun0 \ + MTU=8500 \ + IPV4=198.18.0.1 \ + SOCKS5_ADDR=172.17.0.1 \ + SOCKS5_PORT=1080 \ + SOCKS5_UDP_MODE=udp \ + IPV4_INCLUDED_ROUTES=0.0.0.0/0 \ + IPV4_EXCLUDED_ROUTES=172.17.0.0/16 + +COPY --chmod=755 docker/entrypoint.sh /entrypoint.sh +COPY --from=builder /src/bin/hev-socks5-tunnel /usr/bin/hev-socks5-tunnel ENTRYPOINT ["/entrypoint.sh"] From 819b7121947d24a1d532be5017d544380e3e454e Mon Sep 17 00:00:00 2001 From: Wankko Ree Date: Fri, 5 Jul 2024 13:45:42 +0800 Subject: [PATCH 3/7] Docker: Ignore some docs and config files when copying src --- .dockerignore | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 .dockerignore diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..12d120f --- /dev/null +++ b/.dockerignore @@ -0,0 +1,11 @@ +/.idea/ +/.vscode/ + +/.git/ +/.github/ +/README.md +/License + +/Dockerfile + +/conf/ From d8cea8a9b988529c35dbb9c48120184e9a8bc17e Mon Sep 17 00:00:00 2001 From: Wankko Ree Date: Fri, 5 Jul 2024 14:15:48 +0800 Subject: [PATCH 4/7] README: demo for Docker Compose --- README.md | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/README.md b/README.md index e338f6c..bac2a7a 100644 --- a/README.md +++ b/README.md @@ -169,6 +169,53 @@ sudo route change -inet default -interface utun99 sudo route change -inet6 default -interface utun99 ``` +#### Docker Compose + +```yaml +version: "3.9" + +services: + client: + image: alpine:latest # just for network testing + tty: true # you can test network in terminal + depends_on: + - tun + network_mode: "service:tun" + + tun: + image: ghcr.io/heiher/hev-socks5-tunnel:latest # `latest` for the latest published version; `nightly` for the latest source build; `vX.Y.Z` for the specific version + cap_add: + - NET_ADMIN # needed + devices: + - /dev/net/tun:/dev/net/tun # needed + environment: + TUN: tun0 # optional, tun interface name, default `tun0` + MTU: 8500 # optional, MTU is MTU, default `8500` + IPV4: 198.18.0.1 # optional, tun interface ip, default `198.18.0.1` + TABLE: 20 # optional, ip route table id, default `20` + MARK: 438 # optional, ip route rule mark, hex format, default `438` + SOCKS5_ADDR: a.b.c.d # socks5 proxy server address + SOCKS5_PORT: 1080 # socks5 proxy server port + SOCKS5_USERNAME: user # optional, socks5 proxy username, only set when need to auth + SOCKS5_PASSWORD: pass # optional, socks5 proxy password, only set when need to auth + SOCKS5_UDP_MODE: udp # optional, UDP relay mode, default `udp`, other option `tcp` + IPV4_INCLUDED_ROUTES: 0.0.0.0/0 # optional, demo means proxy all traffic. for multiple network segments, join with `,` or `\n` + IPV4_EXCLUDED_ROUTES: a.b.c.d # optional, demo means exclude traffic from the proxy itself. for multiple network segments, join with `,` or `\n` + LOG_LEVEL: warn # optional, default `warn`, other option `debug`/`info`/`error` + dns: + - 8.8.8.8 +``` + +You can also set the route rules with multiple network segments like: + +```yaml + environment: + IPV4_INCLUDED_ROUTES: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 + IPV4_EXCLUDED_ROUTES: |- + a.b.c.d/24 + a.b.c.f/24 +``` + ## API ```c From f8480f8c428725c4b960b082b8b0ef90d2b20cd8 Mon Sep 17 00:00:00 2001 From: Wankko Ree Date: Fri, 5 Jul 2024 15:05:34 +0800 Subject: [PATCH 5/7] Docker: try matrix build --- .github/workflows/build.yaml | 94 ++++++++++++++++++++++++++++++------ 1 file changed, 80 insertions(+), 14 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 1c15a74..880cb9c 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -110,7 +110,16 @@ jobs: make docker: name: Docker - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 + strategy: + matrix: + platform: + - linux/amd64 + - linux/386 + - linux/arm64/v8 + - linux/arm/v7 + - linux/arm/v6 + - linux/riscv64 permissions: packages: write contents: read @@ -124,6 +133,67 @@ jobs: uses: docker/setup-qemu-action@v3 - name: Prepare Buildx uses: docker/setup-buildx-action@v3 + - name: Prepare Repo Name + id: repo + run: | + echo "repository=${GITHUB_REPOSITORY@L}" >> $GITHUB_OUTPUT + - name: Prepare Digest + run: | + platform=${{ matrix.platform }} + echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV + - name: Login GitHub Packages Docker Image Repository + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build and Push Docker Image + id: build + uses: docker/build-push-action@v5 + with: + context: . + file: ./Dockerfile + platforms: ${{ matrix.platform }} + provenance: false + outputs: type=image,name=ghcr.io/${{ steps.repo.outputs.repository }},push-by-digest=true,name-canonical=true,push=${{ github.event_name != 'pull_request' }} + cache-from: type=gha,scope=${{ matrix.platform }} + cache-to: type=gha,mode=max,scope=${{ matrix.platform }} + - name: Export Digest + if: github.event_name != 'pull_request' + run: | + mkdir -p /tmp/digests + digest="${{ steps.build.outputs.digest }}" + touch "/tmp/digests/${digest#sha256:}" + - name: Upload Digest + uses: actions/upload-artifact@v4 + if: github.event_name != 'pull_request' + with: + name: digests-${{ env.PLATFORM_PAIR }} + path: /tmp/digests/* + if-no-files-found: error + retention-days: 1 + + docker-merge: + runs-on: ubuntu-22.04 + if: github.event_name != 'pull_request' + needs: + - docker + permissions: + packages: write + contents: read + steps: + - name: Download Digests + uses: actions/download-artifact@v4 + with: + path: /tmp/digests + pattern: digests-* + merge-multiple: true + - name: Prepare Buildx + uses: docker/setup-buildx-action@v3 + - name: Prepare Repo Name + id: repo + run: | + echo "repository=${GITHUB_REPOSITORY@L}" >> $GITHUB_OUTPUT - name: Login GitHub Packages Docker Image Repository uses: docker/login-action@v3 with: @@ -134,22 +204,18 @@ jobs: uses: docker/metadata-action@v5 id: docker_meta with: - images: ghcr.io/${{ github.repository }} + images: ghcr.io/${{ steps.repo.outputs.repository }} tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} type=raw,value=nightly,enable={{is_default_branch}} - - name: Build and Push Docker Image - uses: docker/build-push-action@v5 - with: - context: . - file: ./Dockerfile - platforms: linux/amd64,linux/386,linux/arm64/v8,linux/arm/v7,linux/arm/v6,linux/riscv64 - push: ${{ github.event_name != 'pull_request' }} - provenance: false - tags: ${{ steps.docker_meta.outputs.tags }} - labels: ${{ steps.docker_meta.outputs.labels }} - cache-from: type=gha - cache-to: type=gha,mode=max + - name: Create Manifest List and Push + working-directory: /tmp/digests + run: | + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ + $(printf 'ghcr.io/${{ steps.repo.outputs.repository }}@sha256:%s ' *) + - name: Inspect image + run: | + docker buildx imagetools inspect ghcr.io/${{ steps.repo.outputs.repository }}:${{ steps.docker_meta.outputs.version }} From e5cbc83330771169bd84079646f6e1479150aac4 Mon Sep 17 00:00:00 2001 From: Wankko Ree Date: Fri, 5 Jul 2024 16:08:38 +0800 Subject: [PATCH 6/7] CI: Complete job name --- .github/workflows/build.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 880cb9c..ff552eb 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -109,7 +109,7 @@ jobs: run: | make docker: - name: Docker + name: Build Docker Image runs-on: ubuntu-22.04 strategy: matrix: @@ -174,6 +174,7 @@ jobs: retention-days: 1 docker-merge: + name: Merge Docker Image Tags runs-on: ubuntu-22.04 if: github.event_name != 'pull_request' needs: From 3e2f03437b87b2656b4dd4b04b994b0e96b56602 Mon Sep 17 00:00:00 2001 From: Wankko Ree Date: Fri, 5 Jul 2024 17:40:24 +0800 Subject: [PATCH 7/7] Docker: Health Check --- Dockerfile | 2 ++ README.md | 3 ++- docker/entrypoint.sh | 1 + 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 0b842f2..a31387f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -27,6 +27,8 @@ ENV TUN=tun0 \ IPV4_INCLUDED_ROUTES=0.0.0.0/0 \ IPV4_EXCLUDED_ROUTES=172.17.0.0/16 +HEALTHCHECK --start-period=5s --interval=5s --timeout=2s --retries=3 CMD ["test", "-f", "/success"] + COPY --chmod=755 docker/entrypoint.sh /entrypoint.sh COPY --from=builder /src/bin/hev-socks5-tunnel /usr/bin/hev-socks5-tunnel diff --git a/README.md b/README.md index bac2a7a..75db63c 100644 --- a/README.md +++ b/README.md @@ -179,7 +179,8 @@ services: image: alpine:latest # just for network testing tty: true # you can test network in terminal depends_on: - - tun + tun: + condition: service_healthy network_mode: "service:tun" tun: diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index 93f9006..1af7d61 100644 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -58,6 +58,7 @@ config_route() { run() { config_file config_route + echo "echo 1 > /success" >> /route.sh hev-socks5-tunnel /hs5t.yml }