update

2025-02-26 05:48:44 +00:00 · 2024-01-08 12:29:54 +03:30 · 2024-01-08 12:29:54 +03:30 · 5a67dd3838
commit 5a67dd3838
parent 3432dce042
10 changed files with 1950 additions and 95 deletions
--- a/.github/workflows/docker-image.yaml
+++ b/.github/workflows/docker-image.yaml
@ -1,16 +1,23 @@
-name: Build Docker Image
+name: Build Prerelease Image
 on:
-  push:
+  workflow_dispatch:
-    branches:
+    inputs:
-      - "master"
+      tag:
        description: 'Tag to build'
        required: false
 env:
  BUILD_PLATFORMS: linux/amd64,linux/arm64
  IMAGE_TAG: canary-${{ github.event.inputs.tag || github.sha }}
 permissions:
  contents: read
  packages: write
 jobs:
  ghcr-build:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
    env:
      IMAGE_NAME: shahradelahi/wireadmin
@ -32,15 +39,12 @@ jobs:
          context: .
          file: ./Dockerfile
          push: true
-          platforms: linux/amd64,linux/arm64
+          platforms: ${{ env.BUILD_PLATFORMS }}
-          tags: ghcr.io/${{ env.IMAGE_NAME }}:canary-${{ github.sha }}
+          tags: ghcr.io/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}
  docker-build:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
    env:
      IMAGE_NAME: litehex/wireadmin
@ -62,5 +66,5 @@ jobs:
          context: .
          file: ./Dockerfile
          push: true
-          platforms: linux/amd64,linux/arm64
+          platforms: ${{ env.BUILD_PLATFORMS }}
-          tags: docker.io/${{ env.IMAGE_NAME }}:canary-${{ github.sha }}
+          tags: docker.io/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}
--- a/.github/workflows/release-image.yaml
+++ b/.github/workflows/release-image.yaml
@ -1,16 +1,19 @@
 name: Build Docker Image
 on:
-  push:
+  release:
-    tags:
+    types: [ created ]
-      - "v*.*.*"
+
 env:
  BUILD_PLATFORMS: linux/amd64,linux/arm64
 permissions:
  contents: read
  packages: write
 jobs:
  ghcr-build:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
    env:
      IMAGE_NAME: shahradelahi/wireadmin
@ -26,8 +29,7 @@ jobs:
          username: ${{ github.repository_owner }}
          password: ${{ secrets.PRIVATE_TOKEN }}
-      - name: Set Image tag
+      - run: |
        run: |
          echo "Labeling image with TAG: ${GITHUB_REF#refs/tags/v}"
          echo "IMAGE_TAG=${GITHUB_REF#refs/tags/v}" >> $GITHUB_ENV
@ -37,7 +39,7 @@ jobs:
          context: .
          file: ./Dockerfile
          push: true
-          platforms: linux/amd64,linux/arm64
+          platforms: ${{ env.BUILD_PLATFORMS }}
          tags: ghcr.io/${{ env.IMAGE_NAME }}:latest,ghcr.io/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}
@ -61,8 +63,7 @@ jobs:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Set Image tag
+      - run: |
        run: |
          echo "Labeling image with TAG: ${GITHUB_REF#refs/tags/v}"
          echo "IMAGE_TAG=${GITHUB_REF#refs/tags/v}" >> $GITHUB_ENV
@ -72,5 +73,5 @@ jobs:
          context: .
          file: ./Dockerfile
          push: true
-          platforms: linux/amd64,linux/arm64
+          platforms: ${{ env.BUILD_PLATFORMS }}
          tags: docker.io/${{ env.IMAGE_NAME }}:latest,docker.io/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}
--- a/6
+++ b/6
@ -5,6 +5,7 @@ WORKDIR /app
 ENV TZ=UTC
 RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
 COPY --from=chriswayg/tor-alpine:latest /usr/local/bin/tor /usr/local/bin/tor
 COPY --from=chriswayg/tor-alpine:latest /usr/local/bin/obfs4proxy /usr/local/bin/obfs4proxy
 COPY --from=chriswayg/tor-alpine:latest /usr/local/bin/meek-server /usr/local/bin/meek-server
@ -16,22 +17,19 @@ RUN apk update && apk upgrade \
  screen curl bash \
  wireguard-tools \
  openssl \
  tor \
  redis \
  # Clear APK cache
  && rm -rf /var/cache/apk/*
 COPY /config/torrc /etc/tor/torrc
 COPY /scripts /scripts
 RUN chmod -R +x /scripts
 COPY /bin /app/bin
 RUN chmod -R +x /app/bin
 ENV PATH="$PATH:/app/bin"
 COPY web/package.json web/pnpm-lock.yaml ./
 FROM base AS build
 ENV PNPM_HOME="/pnpm"
--- a/5
+++ b/5
@ -5,6 +5,7 @@ WORKDIR /app
 ENV TZ=UTC
 RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
 COPY --from=chriswayg/tor-alpine:latest /usr/local/bin/tor /usr/local/bin/tor
 COPY --from=chriswayg/tor-alpine:latest /usr/local/bin/obfs4proxy /usr/local/bin/obfs4proxy
 COPY --from=chriswayg/tor-alpine:latest /usr/local/bin/meek-server /usr/local/bin/meek-server
@ -16,7 +17,6 @@ RUN apk update && apk upgrade \
  screen vim curl bash \
  wireguard-tools \
  openssl \
  tor \
  redis \
  # Clear APK cache
  && rm -rf /var/cache/apk/*
@ -24,9 +24,6 @@ RUN apk update && apk upgrade \
 COPY /config/torrc /etc/tor/torrc
 COPY /config/obfs4-bridges.conf /etc/torrc.d/obfs4-bridges.conf
 COPY /scripts /scripts
 RUN chmod -R +x /scripts
 COPY /bin /app/bin
 RUN chmod -R +x /app/bin
 ENV PATH="$PATH:/app/bin"
--- a/config/torrc
+++ b/config/torrc
@ -1,5 +1,5 @@
 ##### Auto-Generated by the WireAdmin. Do not edit. #####
 VirtualAddrNetwork 10.192.0.0/10
-DNSPort {{INET_ADDRESS}}:53530
+DNSPort 53530
-TransPort {{INET_ADDRESS}}:9040
+TransPort 59040
 ClientTransportPlugin obfs4 exec /usr/local/bin/obfs4proxy managed
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@ -4,6 +4,46 @@ set -e
 TOR_CONFIG="/etc/tor/torrc"
 ENV_FILE="/app/.env"
 to_camel_case() {
  echo "${1}" | awk -F_ '{for(i=1;i<=NF;i++) $i=toupper(substr($i,1,1)) tolower(substr($i,2));}1' OFS=""
 }
 generate_tor_config() {
  # IP address of the container
  local inet_address="$(hostname -i | awk '{print $1}')"
  sed -i "s/{{INET_ADDRESS}}/$inet_address/g" "${TOR_CONFIG}"
  # any other environment variables that start with TOR_ are added to the torrc
  # file
  env | grep ^TOR_ | sed -e 's/TOR_//' -e 's/=/ /' | while read -r line; do
    key=$(echo "$line" | awk '{print $1}')
    value=$(echo "$line" | awk '{print $2}')
    key=$(to_camel_case "$key")
    echo "$key $value" >>"${TOR_CONFIG}"
  done
  # Removing duplicated tor options
  awk -F= '!a[tolower($1)]++' "${TOR_CONFIG}" >"/tmp/$(basename "${TOR_CONFIG}")" &&
    mv "/tmp/$(basename "${TOR_CONFIG}")" "${TOR_CONFIG}"
  # Checking if there is /etc/torrc.d folder and if there is
  # any file in it, adding them to the torrc file
  local torrc_files=$(find /etc/torrc.d -type f -name "*.conf")
  if [ -n "${torrc_files}" ]; then
    for file in ${torrc_files}; do
      cat "$file" >>"${TOR_CONFIG}"
    done
  fi
  # Remove comment line with single Hash
  sed -i '/^#\([^#]\)/d' "${TOR_CONFIG}"
  # Remove options with no value. (KEY[:space:]{...VALUE})
  sed -i '/^[^ ]* $/d' "${TOR_CONFIG}"
  # Remove double empty lines
  sed -i '/^$/N;/^\n$/D' "${TOR_CONFIG}"
 }
 echo "                                                   "
 echo " _       ___           ___       __          _     "
 echo "| |     / (_)_______  /   | ____/ /___ ___  (_)___ "
@ -37,6 +77,11 @@ else
  exit 1
 fi
 if [ -z "$WG_HOST" ]; then
  echo "[error] the WG_HOST environment variable is not set"
  exit 1
 fi
 # Remove duplicated envs
 awk -F= '!a[$1]++' "${ENV_FILE}" >"/tmp/$(basename "${ENV_FILE}")" &&
  mv "/tmp/$(basename "${ENV_FILE}")" "${ENV_FILE}"
@ -45,9 +90,6 @@ awk -F= '!a[$1]++' "${ENV_FILE}" >"/tmp/$(basename "${ENV_FILE}")" &&
 screen -L -Logfile /var/vlogs/redis -dmS "redis" \
  bash -c "redis-server --port 6479 --daemonize no --dir /data --appendonly yes"
 # Starting Tor
 source /scripts/tord.sh
 # Generate Tor configuration
 generate_tor_config
@ -65,7 +107,4 @@ cat "${TOR_CONFIG}"
 echo -e "========================================================\n"
 sleep 1
 screen -L -Logfile /var/vlogs/warmup -dmS warmup \
  bash -c "sleep 10; echo -n '[+] Warming Up...'; curl -s http://127.0.0.1:3000/; echo -e 'Done!'"
 exec "$@"
--- a/package.json
+++ b/package.json
@ -4,9 +4,12 @@
  "description": "",
  "scripts": {
    "dev:image": "DOCKER_BUILDKIT=1 docker build --tag wireadmin -f Dockerfile-Dev .",
-    "dev": "docker compose rm -fsv && docker compose -f docker-compose.yml -f docker-compose.dev.yml up && docker compose rm -fsv"
+    "dev": "docker compose rm -fsv && docker compose -f docker-compose.yml -f docker-compose.dev.yml up"
  },
  "keywords": [],
  "author": "Shahrad Elahi <https://github.com/shahradelahi>",
-  "license": "MIT"
+  "license": "MIT",
  "devDependencies": {
    "@changesets/cli": "^2.27.1"
  }
 }
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
--- a/scripts/tord.sh
+++ b/scripts/tord.sh
@ -1,43 +0,0 @@
 #!/usr/bin/env bash
 to_camel_case() {
  echo "${1}" | awk -F_ '{for(i=1;i<=NF;i++) $i=toupper(substr($i,1,1)) tolower(substr($i,2));}1' OFS=""
 }
 generate_tor_config() {
  # IP address of the container
  local inet_address="$(hostname -i | awk '{print $1}')"
  sed -i "s/{{INET_ADDRESS}}/$inet_address/g" "${TOR_CONFIG}"
  # any other environment variables that start with TOR_ are added to the torrc
  # file
  env | grep ^TOR_ | sed -e 's/TOR_//' -e 's/=/ /' | while read -r line; do
    key=$(echo "$line" | awk '{print $1}')
    value=$(echo "$line" | awk '{print $2}')
    key=$(to_camel_case "$key")
    echo "$key $value" >>"${TOR_CONFIG}"
  done
  # Removing duplicated tor options
  awk -F= '!a[tolower($1)]++' "${TOR_CONFIG}" >"/tmp/$(basename "${TOR_CONFIG}")" &&
    mv "/tmp/$(basename "${TOR_CONFIG}")" "${TOR_CONFIG}"
  # Checking if there is /etc/torrc.d folder and if there is
  # any file in it, adding them to the torrc file
  local torrc_files=$(find /etc/torrc.d -type f -name "*.conf")
  if [ -n "${torrc_files}" ]; then
    for file in ${torrc_files}; do
      cat "$file" >>"${TOR_CONFIG}"
    done
  fi
  # Remove comment line with single Hash
  sed -i '/^#\([^#]\)/d' "${TOR_CONFIG}"
  # Remove options with no value. (KEY[:space:]{...VALUE})
  sed -i '/^[^ ]* $/d' "${TOR_CONFIG}"
  # Remove double empty lines
  sed -i '/^$/N;/^\n$/D' "${TOR_CONFIG}"
 }
--- a/web/src/lib/wireguard/index.ts
+++ b/web/src/lib/wireguard/index.ts
@ -676,11 +676,6 @@ export async function findServer(
 }
 export async function makeWgIptables(s: WgServer): Promise<{ up: string; down: string }> {
  const inet = await Network.defaultInterface();
  const { stdout: inet_address } = await execa(`hostname -i | awk '{print $1}'`, {
    shell: true,
  });
  const source = `${s.address}/24`;
  const wg_inet = `wg${s.confId}`;
@ -688,9 +683,9 @@ export async function makeWgIptables(s: WgServer): Promise<{ up: string; down: s
    const up = dynaJoin([
      `iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT`,
      `iptables -A INPUT -i ${wg_inet} -s ${source} -m state --state NEW -j ACCEPT`,
-      `iptables -t nat -A PREROUTING -i ${wg_inet} -p udp -s ${source} --dport 53 -j DNAT --to-destination ${inet_address}:53530`,
+      `iptables -t nat -A PREROUTING -i ${wg_inet} -p udp -s ${source} --dport 53 -j DNAT --to-destination 127.0.0.1:53530`,
-      `iptables -t nat -A PREROUTING -i ${wg_inet} -p tcp -s ${source} -j DNAT --to-destination ${inet_address}:9040`,
+      `iptables -t nat -A PREROUTING -i ${wg_inet} -p tcp -s ${source} -j DNAT --to-destination 127.0.0.1:59040`,
-      `iptables -t nat -A PREROUTING -i ${wg_inet} -p udp -s ${source} -j DNAT --to-destination ${inet_address}:9040`,
+      `iptables -t nat -A PREROUTING -i ${wg_inet} -p udp -s ${source} -j DNAT --to-destination 127.0.0.1:59040`,
      `iptables -t nat -A OUTPUT -o lo -j RETURN`,
      `iptables -A OUTPUT -m conntrack --ctstate INVALID -j DROP`,
      `iptables -A OUTPUT -m state --state INVALID -j DROP`,
@ -699,6 +694,7 @@ export async function makeWgIptables(s: WgServer): Promise<{ up: string; down: s
    return { up, down: up.replace(/-A/g, '-D') };
  }
  const inet = await Network.defaultInterface();
  const up = dynaJoin([
    `iptables -t nat -A POSTROUTING -s ${source} -o ${inet} -j MASQUERADE`,
    `iptables -A INPUT -p udp -m udp --dport ${s.listen} -j ACCEPT`,