Docker之利用Dockerfile创建ShadowSocks多用户版镜像,实现快速集群式部署

摘要

一句话就是,很蛋疼,为了方便自己快速部署和维护自己的ShadowSocks集群就做了这么镜像,还是和之前一样自建的镜像,中间遇到很多的坑,尤其是有一对单引号坑了我2小时,感谢Google、github.com、hub.docker.com。

镜像获取

[root@docker-node01 ~]# docker search shadowsocksr_manyuser
NAME                           DESCRIPTION                  STARS     OFFICIAL   AUTOMATED
benyoo/shadowsocksr_manyuser   基于ShadowSocksR版的manyuser封装   0                    
[root@docker-node01 ~]# docker run -d --name=ShadowSocks \
-p 10000-10010:10000-10010 \
-p 10000-10010:10000-10010/udp \
-e MANYUSER=R \
-e MYSQL_HOST=1.2.3.4 \
-e MYSQL_PORT=3306 \
-e MYSQL_USER=mysqlroot \
-e MYSQL_DBNAME=shadowsocks \
-e MYSQL_PASSWORD=********* \
-e METHOD=rc4-md5 \
-e PROTOCOL=auth_simple \
-e OBFS=http_simple_compatible \
-e OBFS_PARAM="youku.com" \
benyoo/shadowsocksr_manyuser:latest
67d941fa8c96bc44a5fd5e3e49776928d66e45c58705f056500dd9f88caf3931
[root@docker-node01 ~]# docker ps -a
CONTAINER ID        IMAGE                                 COMMAND               CREATED             STATUS              PORTS                                                                                         NAMES
67d941fa8c96        benyoo/shadowsocksr_manyuser:latest   "/run.sh server.py"   7 seconds ago       Up 4 seconds        0.0.0.0:10000-10010->10000-10010/tcp, 0.0.0.0:10000-10010->10000-10010/udp, 10011-20000/tcp   ShadowSocks

Docker之利用Dockerfile创建ShadowSocks多用户版镜像,实现快速集群式部署
镜像使用说明

变量名默认参数说明
MANYUSER可用参数有:R|On
当参数是R的时候则使用ShadowSocksR模式的多用户版本,
否则用ShadowSocks原版的多用户模式。
MYSQL_HOST当MANYUSER变量有参数时,才会启用。
数据库地址
MYSQL_PORT当MANYUSER变量有参数时,才会启用。
数据库端口
MYSQL_USER当MANYUSER变量有参数时,才会启用。
数据库用户名
MYSQL_DBNAME当MANYUSER变量有参数时,才会启用。
数据库库名
MYSQL_PASSWORD当MANYUSER变量有参数时,才会启用。
数据库密码
METHODaes-256-cfb可用选项有:
aes-256-cfb|aes-192-cfb|aes-128-cfb|chacha20|salsa20|rc4-md5
PROTOCOLorigin可用参数有:
origin|verify_simple|verify_deflate|auth_simple
OBFShttp_simple_compatible可用参数有:
plain|http_simple|http_simple_compatible
|tls_simple|tls_simple_compatible|random_head
|random_head_compatible
OBFS_PARAM
DNS_IPV6false可用参数有:false|true

FROM centos:6.7

MAINTAINER from www.dwhd.org by lookback (mondeolove@gmail.com)

RUN yum clean all && \
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-* && \
yum install -y m2crypto python-setuptools git curl iptables-devel && \
easy_install pip && pip install cymysql

RUN git clone -b manyuser https://github.com/breakwa11/shadowsocks.git
#RUN git clone -b manyuser https://github.com/mengskysama/shadowsocks.git

ADD run.sh /run.sh
RUN chmod +x /run.sh

EXPOSE 10000-20000

ENTRYPOINT ["/run.sh"]

CMD ["server.py"]
#!/bin/sh
#########################################################################
# File Name: run.sh
# Author: LookBack
# Email: admin#dwhd.org
# Version:
# Created Time: 2015年11月18日 星期三 02时49分12秒
#########################################################################
PATH=/bin:/sbin:$PATH

set -e

if [ "${1:0:1}" = '-' ]; then
    set -- python "$@"
fi

if [ -n "$MANYUSER" ]; then
        if [ -z "$MYSQL_PASSWORD" ]; then
                echo >&2 'error:  missing MYSQL_PASSWORD'
                echo >&2 '  Did you forget to add -e MYSQL_PASSWORD=... ?'
                exit 1
        fi

        if [ -z "$MYSQL_USER" ]; then
                echo >&2 'error:  missing MYSQL_USER'
                echo >&2 '  Did you forget to add -e MYSQL_USER=... ?'
                exit 1
        fi

        if [ -z "$MYSQL_PORT" ]; then
                echo >&2 'error:  missing MYSQL_PORT'
                echo >&2 '  Did you forget to add -e MYSQL_PORT=... ?'
                exit 1
        fi

        if [ -z "$MYSQL_HOST" ]; then
                echo >&2 'error:  missing MYSQL_HOST'
                echo >&2 '  Did you forget to add -e MYSQL_HOST=... ?'
                exit 1
        fi

        if [ -z "$MYSQL_DBNAME" ]; then
                echo >&2 'error:  missing MYSQL_DBNAME'
                echo >&2 '  Did you forget to add -e MYSQL_DBNAME=... ?'
                exit 1
        fi

        for i in $MYSQL_USER $MYSQL_PORT $MYSQL_HOST $MYSQL_DBNAME $MYSQL_PASSWORD; do
                if grep '@' <<<"$i" >/dev/null 2>&1; then
                        echo >&2 "error:  missing -e $i"
                        echo >&2 "  You can't special characters '@'"
                        exit 1
                fi
        done
 
        sed -ri "s@^(MYSQL_HOST = ).*@\1'$MYSQL_HOST'@" /shadowsocks/Config.py
        sed -ri "s@^(MYSQL_PORT = ).*@\1$MYSQL_PORT@" /shadowsocks/Config.py
        sed -ri "s@^(MYSQL_USER = ).*@\1'$MYSQL_USER'@" /shadowsocks/Config.py
        sed -ri "s@^(MYSQL_PASS = ).*@\1'$MYSQL_PASSWORD'@" /shadowsocks/Config.py
        sed -ri "s@^(MYSQL_DB = ).*@\1'$MYSQL_DBNAME'@" /shadowsocks/Config.py
else
        echo >&2 'error:  missing MANYUSER'
        echo >&2 '  Did you forget to add -e MANYUSER=... ?'
        exit 1
fi

if [ "$MANYUSER" = "R" ]; then
        if [ -z "$PROTOCOL" ]; then
                echo >&2 'error:  missing PROTOCOL'
                echo >&2 '  Did you forget to add -e PROTOCOL=... ?'
                exit 1
        elif [[ ! "$PROTOCOL" =~ ^(origin|verify_simple|verify_deflate|auth_simple)$ ]]; then
                echo >&2 'error : missing PROTOCOL'
                echo >&2 '  You must be used -e PROTOCOL=[origin|verify_simple|verify_deflate|auth_simple]'
                exit 1
        fi

        if [ -z "$OBFS" ]; then
                echo >&2 'error:  missing OBFS'
                echo >&2 '  Did you forget to add -e OBFS=... ?'
                exit 1
        elif [[ ! "$OBFS" =~ ^(plain|http_simple|http_simple_compatible|tls_simple|tls_simple_compatible|random_head|random_head_compatible)$ ]]; then
                echo >&2 'error:  missing OBFS'
                echo >&2 '  You must be used -e OBFS=[http_simple|plain|http_simple_compatible|tls_simple|tls_simple_compatible|random_head|random_head_compatible]'
                exit 1
        fi

        if [ -z "$OBFS_PARAM" ]; then
                echo >&2 'error:  missing OBFS_PARAM'
                echo >&2 '  Did you forget to add -e OBFS_PARAM=... ?'
                exit 1
        fi

        if [ -n "$METHOD" ]; then
                if [[ ! "$METHOD" =~ ^(aes-(256|192|128)-cfb|(chacha|salsa)20|rc4-md5)$ ]]; then
                        echo >&2 'error:  missing METHOD'
                        echo >&2 '  You must be used -e METHOD=[aes-256-cfb|aes-192-cfb|aes-128-cfb|chacha20|salsa20|rc4-md5]'
                        exit 1
                else
                        sed -ri "s@^(.*\"method\": ).*@\1\"$METHOD\",@" /shadowsocks/config.json
                fi
        fi

        if [ -n "$DNS_IPV6" ]; then
                if [[ ! "$DNS_IPV6" =~ ^(false|true)$ ]]; then
                        echo >&2 'error:  missing DNS_IPV6'
                        echo >&2 '  You must be used -e DNS_IPV6=[false|true]'
                        exit 1
                else
                        sed -ri "s@^(.*\"dns_ipv6\": ).*@\1\"$DNS_IPV6\",@" /shadowsocks/config.json
                fi
        fi

        sed -ri "s@^(.*\"protocol\": ).*@\1\"$PROTOCOL\",@" /shadowsocks/config.json
        sed -ri "s@^(.*\"obfs\": ).*@\1\"$OBFS\",@" /shadowsocks/config.json
        sed -ri "s@^(.*\"obfs_param\": ).*@\1\"$OBFS_PARAM\",@" /shadowsocks/config.json

fi

if [ -n "$SPAM" ]; then
        if [ "$SPAM" = "On" ]; then
                iptables -t mangle -A OUTPUT -m string --string "Subject" --algo bm --to 65535 -j DROP
                iptables -t mangle -A OUTPUT -m string --string "HELO" --algo bm --to 65535 -j DROP
                iptables -t mangle -A OUTPUT -m string --string "SMTP" --algo bm --to 65535 -j DROP
                iptables -t mangle -A OUTPUT -m string --string "torrent" --algo bm --to 65535 -j DROP
                iptables -t mangle -A OUTPUT -m string --string ".torrent" --algo bm --to 65535 -j DROP
                iptables -t mangle -A OUTPUT -m string --string "peer_id=" --algo bm --to 65535 -j DROP
                iptables -t mangle -A OUTPUT -m string --string "announce" --algo bm --to 65535 -j DROP
                iptables -t mangle -A OUTPUT -m string --string "info_hash" --algo bm --to 65535 -j DROP
                iptables -t mangle -A OUTPUT -m string --string "get_peers" --algo bm --to 65535 -j DROP
                iptables -t mangle -A OUTPUT -m string --string "find_node" --algo bm --to 65535 -j DROP
                iptables -t mangle -A OUTPUT -m string --string "BitTorrent" --algo bm --to 65535 -j DROP
                iptables -t mangle -A OUTPUT -m string --string "announce_peer" --algo bm --to 65535 -j DROP
                iptables -t mangle -A OUTPUT -m string --string "BitTorrent" --algo bm --to 65535 -j DROP
                iptables -t mangle -A OUTPUT -m string --string "protocol" --algo bm --to 65535 -j DROP
                iptables -t mangle -A OUTPUT -m string --string "announce.php?passkey=" --algo bm --to 65535 -j DROP
                iptables -t filter -A OUTPUT -p tcp -m multiport --dports 25,26,465 -m state --state NEW,ESTABLISHED -j REJECT --reject-with icmp-port-unreachable
                iptables -t filter -A OUTPUT -p tcp -m multiport --dports 109,110,995 -m state --state NEW,ESTABLISHED -j REJECT --reject-with icmp-port-unreachable
                iptables -t filter -A OUTPUT -p tcp -m multiport --dports 143,218,220,993 -m state --state NEW,ESTABLISHED -j REJECT --reject-with icmp-port-unreachable
                iptables -t filter -A OUTPUT -p tcp -m multiport --dports 24,50,57,105,106,158,209,587,1109,24554,60177,60179 -m state --state NEW,ESTABLISHED -j REJECT --reject-with icmp-port-unreachable
                iptables -t mangle -L -nvx --lin
                iptables -t filter -L -nvx --lin
        fi
else
        echo >&2 'error:  missing SPAM'
        echo >&2 '  You must be used -e SPAM=[On|Off]'
fi

exec python /shadowsocks/server.py

您可以选择一种方式赞助本站

支付宝扫一扫赞助

微信钱包扫描赞助

lookback

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: