Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve Docker Image and related Docs and CI #145

Merged
merged 7 commits into from
Jul 5, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions .dockerignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
/.idea/
/.vscode/

/.git/
/.github/
/README.md
/License

/Dockerfile

/conf/
95 changes: 82 additions & 13 deletions .github/workflows/build.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -109,8 +109,17 @@ jobs:
run: |
make
docker:
name: Docker
runs-on: ubuntu-20.04
name: Build Docker Image
runs-on: ubuntu-22.04
strategy:
matrix:
platform:
- linux/amd64
- linux/386
- linux/arm64/v8
- linux/arm/v7
- linux/arm/v6
- linux/riscv64
permissions:
packages: write
contents: read
Expand All @@ -124,6 +133,68 @@ jobs:
uses: docker/setup-qemu-action@v3
- name: Prepare Buildx
uses: docker/setup-buildx-action@v3
- name: Prepare Repo Name
id: repo
run: |
echo "repository=${GITHUB_REPOSITORY@L}" >> $GITHUB_OUTPUT
- name: Prepare Digest
run: |
platform=${{ matrix.platform }}
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
- name: Login GitHub Packages Docker Image Repository
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and Push Docker Image
id: build
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile
platforms: ${{ matrix.platform }}
provenance: false
outputs: type=image,name=ghcr.io/${{ steps.repo.outputs.repository }},push-by-digest=true,name-canonical=true,push=${{ github.event_name != 'pull_request' }}
cache-from: type=gha,scope=${{ matrix.platform }}
cache-to: type=gha,mode=max,scope=${{ matrix.platform }}
- name: Export Digest
if: github.event_name != 'pull_request'
run: |
mkdir -p /tmp/digests
digest="${{ steps.build.outputs.digest }}"
touch "/tmp/digests/${digest#sha256:}"
- name: Upload Digest
uses: actions/upload-artifact@v4
if: github.event_name != 'pull_request'
with:
name: digests-${{ env.PLATFORM_PAIR }}
path: /tmp/digests/*
if-no-files-found: error
retention-days: 1

docker-merge:
name: Merge Docker Image Tags
runs-on: ubuntu-22.04
if: github.event_name != 'pull_request'
needs:
- docker
permissions:
packages: write
contents: read
steps:
- name: Download Digests
uses: actions/download-artifact@v4
with:
path: /tmp/digests
pattern: digests-*
merge-multiple: true
- name: Prepare Buildx
uses: docker/setup-buildx-action@v3
- name: Prepare Repo Name
id: repo
run: |
echo "repository=${GITHUB_REPOSITORY@L}" >> $GITHUB_OUTPUT
- name: Login GitHub Packages Docker Image Repository
uses: docker/login-action@v3
with:
Expand All @@ -134,20 +205,18 @@ jobs:
uses: docker/metadata-action@v5
id: docker_meta
with:
images: ghcr.io/${{ github.repository }}
images: ghcr.io/${{ steps.repo.outputs.repository }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=raw,value=nightly,enable={{is_default_branch}}
- name: Build and Push Docker Image
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile
platforms: linux/amd64,linux/386,linux/arm64/v8,linux/arm/v7,linux/arm/v6,linux/riscv64
push: ${{ github.event_name != 'pull_request' }}
provenance: false
tags: ${{ steps.docker_meta.outputs.tags }}
labels: ${{ steps.docker_meta.outputs.labels }}
- name: Create Manifest List and Push
working-directory: /tmp/digests
run: |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf 'ghcr.io/${{ steps.repo.outputs.repository }}@sha256:%s ' *)
- name: Inspect image
run: |
docker buildx imagetools inspect ghcr.io/${{ steps.repo.outputs.repository }}:${{ steps.docker_meta.outputs.version }}
38 changes: 23 additions & 15 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,27 +1,35 @@
FROM alpine:latest AS builder

RUN apk add --update --no-cache \
make \
git \
gcc \
linux-headers \
musl-dev

WORKDIR /src
COPY . /src

RUN apk add --update --no-cache make git gcc linux-headers musl-dev \
&& make
RUN make

FROM alpine:latest
LABEL org.opencontainers.image.source="https://github.com/heiher/hev-socks5-tunnel"

COPY docker/entrypoint.sh /entrypoint.sh
COPY --from=builder /src/bin/hev-socks5-tunnel /usr/bin/hev-socks5-tunnel
RUN apk add --update --no-cache \
iproute2

ENV TUN=tun0 \
MTU=8500 \
IPV4=198.18.0.1 \
SOCKS5_ADDR=172.17.0.1 \
SOCKS5_PORT=1080 \
SOCKS5_UDP_MODE=udp \
IPV4_INCLUDED_ROUTES=0.0.0.0/0 \
IPV4_EXCLUDED_ROUTES=172.17.0.0/16

RUN apk add --update --no-cache iproute2 \
&& chmod +x /entrypoint.sh

ENV TUN=tun0
ENV MTU=8500
ENV IPV4=198.18.0.1
ENV SOCKS5_ADDR=172.17.0.1
ENV SOCKS5_PORT=1080
ENV SOCKS5_UDP_MODE=udp
ENV IPV4_INCLUDED_ROUTES=0.0.0.0/0
ENV IPV4_EXCLUDED_ROUTES=172.17.0.0/16
HEALTHCHECK --start-period=5s --interval=5s --timeout=2s --retries=3 CMD ["test", "-f", "/success"]

COPY --chmod=755 docker/entrypoint.sh /entrypoint.sh
COPY --from=builder /src/bin/hev-socks5-tunnel /usr/bin/hev-socks5-tunnel

ENTRYPOINT ["/entrypoint.sh"]
48 changes: 48 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -169,6 +169,54 @@ sudo route change -inet default -interface utun99
sudo route change -inet6 default -interface utun99
```

#### Docker Compose

```yaml
version: "3.9"

services:
client:
image: alpine:latest # just for network testing
tty: true # you can test network in terminal
depends_on:
tun:
condition: service_healthy
network_mode: "service:tun"

tun:
image: ghcr.io/heiher/hev-socks5-tunnel:latest # `latest` for the latest published version; `nightly` for the latest source build; `vX.Y.Z` for the specific version
cap_add:
- NET_ADMIN # needed
devices:
- /dev/net/tun:/dev/net/tun # needed
environment:
TUN: tun0 # optional, tun interface name, default `tun0`
MTU: 8500 # optional, MTU is MTU, default `8500`
IPV4: 198.18.0.1 # optional, tun interface ip, default `198.18.0.1`
TABLE: 20 # optional, ip route table id, default `20`
MARK: 438 # optional, ip route rule mark, hex format, default `438`
SOCKS5_ADDR: a.b.c.d # socks5 proxy server address
SOCKS5_PORT: 1080 # socks5 proxy server port
SOCKS5_USERNAME: user # optional, socks5 proxy username, only set when need to auth
SOCKS5_PASSWORD: pass # optional, socks5 proxy password, only set when need to auth
SOCKS5_UDP_MODE: udp # optional, UDP relay mode, default `udp`, other option `tcp`
IPV4_INCLUDED_ROUTES: 0.0.0.0/0 # optional, demo means proxy all traffic. for multiple network segments, join with `,` or `\n`
IPV4_EXCLUDED_ROUTES: a.b.c.d # optional, demo means exclude traffic from the proxy itself. for multiple network segments, join with `,` or `\n`
LOG_LEVEL: warn # optional, default `warn`, other option `debug`/`info`/`error`
dns:
- 8.8.8.8
```

You can also set the route rules with multiple network segments like:

```yaml
environment:
IPV4_INCLUDED_ROUTES: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
IPV4_EXCLUDED_ROUTES: |-
a.b.c.d/24
a.b.c.f/24
```

## API

```c
Expand Down
5 changes: 5 additions & 0 deletions docker/entrypoint.sh
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,12 @@ SOCKS5_UDP_MODE="${SOCKS5_UDP_MODE:-udp}"
TABLE="${TABLE:-20}"
MARK="${MARK:-438}"

LOG_LEVEL="${LOG_LEVEL:-warn}"

config_file() {
cat > /hs5t.yml << EOF
misc:
log-level: '${LOG_LEVEL}'
tunnel:
name: '${TUN}'
mtu: ${MTU}
Expand Down Expand Up @@ -54,6 +58,7 @@ config_route() {
run() {
config_file
config_route
echo "echo 1 > /success" >> /route.sh
hev-socks5-tunnel /hs5t.yml
}

Expand Down