From 7e21b935f8513b12f131918dcef8751c15fc7fca Mon Sep 17 00:00:00 2001 From: Hiddify Date: Fri, 15 Mar 2024 09:33:57 +0100 Subject: [PATCH] refactor docker --- config/option.go | 2 ++ docker/Dockerfile | 22 +++++++++++----------- docker/hiddify.sh | 34 ++++++++++++++++++++++++++++++++++ 3 files changed, 47 insertions(+), 11 deletions(-) diff --git a/config/option.go b/config/option.go index 6479d52..9d32f96 100644 --- a/config/option.go +++ b/config/option.go @@ -40,6 +40,7 @@ type InboundOptions struct { MTU uint32 `json:"mtu"` StrictRoute bool `json:"strict-route"` TUNStack string `json:"tun-implementation"` + TProxyPort uint16 `json:"tproxy-port"` } type URLTestOptions struct { @@ -99,6 +100,7 @@ func DefaultConfigOptions() *ConfigOptions { EnableTun: false, SetSystemProxy: false, MixedPort: 2334, + TProxyPort: 2335, LocalDnsPort: 16450, MTU: 9000, StrictRoute: true, diff --git a/docker/Dockerfile b/docker/Dockerfile index 6a9ba52..2f670cf 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,18 +1,18 @@ FROM alpine:latest ENV CONFIG='https://raw.githubusercontent.com/ircfspace/warpsub/main/export/warp#WARP%20(IRCF)' -ENV VERSION=0.17.8 +ENV VERSION=v0.17.8 WORKDIR /hiddify -RUN apk add wget tar gzip libc6-compat +RUN apk add curl tar gzip libc6-compat # iptables ip6tables -RUN case "$(apk --print-arch)" in \ - x86_64) ARCH=amd64 ;; \ - i386) ARCH=386 ;; \ - armv7l) ARCH=arm ;; \ - aarch64) ARCH=arm64 ;; \ - *) echo "Unsupported architecture: $(apk --print-arch) $(uname -m)" && exit 1 ;; \ - esac && \ - curl -l -o hiddify-cli.tar.gz https://github.com/hiddify/hiddify-next-core/releases/download/${VERSION}/hiddify-cli-linux-$ARCH.tar.gz && \ - tar -xzf hiddify-cli.tar.gz && rm hiddify-cli.tar.gz + RUN case "$(apk --print-arch)" in \ + x86_64) ARCH=amd64 ;; \ + i386) ARCH=386 ;; \ + armv7l) ARCH=arm ;; \ + aarch64) ARCH=arm64 ;; \ + *) echo "Unsupported architecture: $(apk --print-arch) $(uname -m)" && exit 1 ;; \ + esac && \ + curl -L -o hiddify-cli.tar.gz https://github.com/hiddify/hiddify-next-core/releases/download/${VERSION}/hiddify-cli-linux-$ARCH.tar.gz && \ + tar -xzf hiddify-cli.tar.gz && rm hiddify-cli.tar.gz COPY hiddify.sh . RUN chmod +x hiddify.sh COPY hiddify.json ./data/ diff --git a/docker/hiddify.sh b/docker/hiddify.sh index 150b491..192a928 100644 --- a/docker/hiddify.sh +++ b/docker/hiddify.sh @@ -1,6 +1,40 @@ #!/bin/sh +# sysctl -w net.ipv4.ip_forward=1 +# sysctl -w net.ipv6.ip_forward=1 + +# ip rule add fwmark 1 table 100 ; +# ip route add local 0.0.0.0/0 dev lo table 100 + +# # CREATE TABLE +# iptables -t mangle -N hiddify + +# # RETURN LOCAL AND LANS +# iptables -t mangle -A OUTPUT -j RETURN +# iptables -t nat -A hiddify --dport 2334 -j RETURN + +# iptables -t mangle -A hiddify -d 10.0.0.0/8 -j RETURN +# iptables -t mangle -A hiddify -d 127.0.0.0/8 -j RETURN +# iptables -t mangle -A hiddify -d 169.254.0.0/16 -j RETURN +# iptables -t mangle -A hiddify -d 172.16.0.0/12 -j RETURN +# iptables -t mangle -A hiddify -d 192.168.50.0/16 -j RETURN +# iptables -t mangle -A hiddify -d 192.168.9.0/16 -j RETURN +# iptables -t mangle -A hiddify -d 224.0.0.0/4 -j RETURN +# iptables -t mangle -A hiddify -d 240.0.0.0/4 -j RETURN + +# iptables -t mangle -A hiddify -p udp -j TPROXY --on-port 2334 --tproxy-mark 1 +# iptables -t mangle -A hiddify -p tcp -j TPROXY --on-port 2334 --tproxy-mark 1 + +# # HIJACK ICMP (untested) +# # iptables -t mangle -A hiddify -p icmp -j DNAT --to-destination 127.0.0.1 + +# # REDIRECT +# iptables -t mangle -A PREROUTING -j hiddify + + if [ -f "/opt/hiddify.json" ]; then /hiddify/HiddifyCli run --config "$CONFIG" -h /hiddify/data/hiddify.json else /hiddify/HiddifyCli run --config "$CONFIG" fi + +