forked from silencebay/clash-tproxy
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
220 lines (206 loc) · 7.3 KB
/
Dockerfile
File metadata and controls
220 lines (206 loc) · 7.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
FROM --platform=$TARGETPLATFORM alpine:3.20 AS rootfs-stage
# environment
ENV ROOTFS=/root-out
# args
ARG TARGETPLATFORM
ARG BUILDPLATFORM
ARG RELEASE_TAG
ARG MIHOMO_VERSION
ARG MIHOMO_UPDATED_AT
ARG COMPILED_WITH
# set version for s6 overlay
ARG S6_OVERLAY_VERSION="3.1.5.0"
# ARG S6_OVERLAY_ARCH="x86_64"
# RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories
RUN apk add --no-cache curl jq
WORKDIR $ROOTFS
# Prevent cache
# ADD https://api.github.com/repos/MetaCubeX/mihomo/releases version.json
RUN set -eux; \
\
mkdir -p "${ROOTFS}/config/mihomo" \
"${ROOTFS}/usr/local/bin" \
; \
\
case "${RELEASE_TAG}" in \
"prerelease-alpha") release_endpoint="tags/Prerelease-Alpha" ;; \
"prerelease-meta") release_endpoint="tags/Prerelease-Meta" ;; \
*) release_endpoint="latest"; \
esac; \
\
case "${TARGETPLATFORM}" in \
"linux/amd64") architecture="linux-amd64" ;; \
"linux/arm64") architecture="linux-arm64" ;; \
"linux/arm/v7") architecture="linux-armv7" ;; \
esac; \
\
res=$(curl -LSs "https://api.github.com/repos/MetaCubeX/mihomo/releases/${release_endpoint}?per_page=1"); \
assets=$(echo "${res}" | jq -r --arg architecture "${architecture}" '.assets | map(select((.name | contains($architecture)) and (.name | endswith(".gz"))))'); \
\
if [ -z "${COMPILED_WITH}" ]; then \
mihomo_download_url=$(echo "${assets}" | jq -r '. | sort_by(.name | length) | first | .browser_download_url' -); \
else \
mihomo_download_url=$(echo "${assets}" | jq -r --arg compiled_with "${COMPILED_WITH}" '[.[] | select(.name | contains($compiled_with))] | sort_by(.name | length) | first | .browser_download_url' -); \
fi; \
curl -L "${mihomo_download_url}" | gunzip - > "${ROOTFS}/usr/local/bin/mihomo"; \
\
cd "${ROOTFS}/config/mihomo"; \
curl -L -O https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/release/country.mmdb; \
curl -L -O https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/release/geoip.dat; \
curl -L -O https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/release/geosite.dat; \
\
# Add s6 overlay
case "${TARGETPLATFORM}" in \
"linux/amd64") s6_overlay_arch="x86_64" ;; \
"linux/arm64") s6_overlay_arch="aarch64" ;; \
"linux/arm/v7") s6_overlay_arch="armhf" ;; \
*) s6_overlay_arch="amd64" ;; \
esac; \
\
add_s6_overlay() { \
local overlay_version="${1}"; \
local overlay_arch="${2}"; \
curl -fsSL -o /tmp/s6-overlay.tar.xz "https://github.com/just-containers/s6-overlay/releases/download/v${overlay_version}/s6-overlay-${overlay_arch}.tar.xz"; \
tar -C "${ROOTFS}" -Jxpf "/tmp/s6-overlay.tar.xz"; \
rm /tmp/s6-overlay.tar.xz; \
}; \
\
add_s6_overlay "${S6_OVERLAY_VERSION}" "noarch"; \
add_s6_overlay "${S6_OVERLAY_VERSION}" "${s6_overlay_arch}"; \
\
# Add s6 optional symlinks
add_s6_symlinks() { \
local overlay_version="${1}"; \
local overlay_arch="${2}"; \
curl -fsSL -o /tmp/s6-overlay-symlinks.tar.xz "https://github.com/just-containers/s6-overlay/releases/download/v${overlay_version}/s6-overlay-symlinks-${overlay_arch}.tar.xz"; \
tar -C "${ROOTFS}" -Jxpf "/tmp/s6-overlay-symlinks.tar.xz"; \
rm /tmp/s6-overlay-symlinks.tar.xz; \
}; \
\
add_s6_symlinks "${S6_OVERLAY_VERSION}" "noarch"; \
add_s6_symlinks "${S6_OVERLAY_VERSION}" "arch";
COPY root/. "${ROOTFS}/"
# Runtime stage
FROM --platform=$TARGETPLATFORM alpine:3.20 AS runtime
LABEL org.opencontainers.image.source https://silencebay@github.com/silencebay/clash-tproxy.git
ARG TARGETPLATFORM
ARG BUILDPLATFORM
ARG FIREQOS_VERSION=latest
ARG FIREQOS_UPDATED_AT
# environment variables
ENV FAKE_IP_RANGE=198.18.0.1/16
# ENV DOCKER_HOST_INTERNAL=172.17.0.0/16,eth0
ENV DOCKER_HOST_INTERNAL=
ENV REMOVE_IPV6_HOSTS=true
ENV HOME="/config" \
## s6-overlay
S6_VERBOSITY=1 \
# Fails the container if any service fails to start
S6_BEHAVIOUR_IF_STAGE2_FAILS="2" \
# Waits for all services to start before running CMD
S6_CMD_WAIT_FOR_SERVICES="1" \
# Honors the timeout-up for each service
S6_CMD_WAIT_FOR_SERVICES_MAXTIME="0" \
# Honors container's environment variables on CMD
S6_KEEP_ENV="1" \
# Applies services conditions to decide which services should start
S6_STAGE2_HOOK="/apply_services_conditions.sh"
# RUN echo "https://mirror.tuna.tsinghua.edu.cn/alpine/v3.11/main/" > /etc/apk/repositories
# RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories
COPY --from=rootfs-stage /root-out/ /
# Seems like a nested hidden folder won't be copied by build-push-action@v4
# the file placed in /root/.config/mihomo/config.yaml.example will never be copy by `COPY root/. /`
# Just put the config.yaml out of that hidden folder and copy it.
# But We don't create another layer here, so the config.yaml.example file should have been copied from the builder
# COPY config.yaml.example /root/.config/mihomo/config.yaml
# fireqos
## iprange
WORKDIR /src
RUN set -eux; \
\
echo "**** create abc user and make our folders ****"; \
# addgroup -g 1000 users; \
# adduser -u 911 -D -h /config -s /bin/false abc; \
adduser -u 911 -D -h /config -s /bin/bash abc; \
addgroup abc users; \
\
echo "**** install system packages ****"; \
buildDeps=" \
jq \
git \
autoconf \
automake \
libtool \
help2man \
build-base \
"; \
runDeps=" \
bash \
mawk \
iproute2 \
nftables \
ipset \
libcap \
radvd \
# for debug
curl \
bind-tools \
# eudev \
"; \
\
apk add --no-cache --virtual .build-deps \
$buildDeps \
$runDeps \
; \
\
## fireqos
echo "**** build fireqos ****"; \
git clone https://github.com/firehol/iprange; \
cd iprange; \
./autogen.sh; \
./configure \
--prefix=/usr \
--sysconfdir=/etc/ssh \
--datadir=/usr/share/openssh \
--libexecdir=/usr/lib/ssh \
--disable-man \
--enable-maintainer-mode \
; \
make; \
make install; \
\
cd /src; \
git clone https://github.com/firehol/firehol; \
cd firehol; \
tag=${FIREQOS_VERSION:-latest}; \
[ "${tag}" = "latest" ] && tag=$(curl -SsL https://api.github.com/repos/firehol/firehol/releases/latest | jq -r '.tag_name'); \
git checkout $tag; \
./autogen.sh; \
./configure \
CHMOD=chmod \
--prefix=/usr \
--sysconfdir=/etc \
--disable-firehol \
--disable-link-balancer \
--disable-update-ipsets \
--disable-vnetbuild \
--disable-doc \
--disable-man \
; \
make; \
make install; \
\
apk add --no-network --virtual .run-deps \
$runDeps \
; \
apk del .build-deps; \
rm -rf /src; \
\
echo "**** setup permisions ****"; \
chown -R abc:users /config; \
chmod a+x /app/* /usr/local/bin/* /usr/lib/mihomo/*; \
# dumped by `pscap` of package `libcap-ng-utils`
setcap cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap,cap_net_admin=+ep /usr/local/bin/mihomo
WORKDIR $HOME
ENTRYPOINT [ "/entrypoint.sh" ]
CMD []