Kiritow/wg-ops
1
0
Fork 0
mirror of https://github.com/Kiritow/wg-ops.git synced 2024-03-22 13:11:37 +08:00
Code Issues Projects Releases Wiki Activity

fix: iptables, udp2raw, expose port

Browse Source
This commit is contained in:
Kirigaya Kazuto 2022-02-05 23:03:55 +00:00
parent f143b3b295
commit 769a309880
1 changed files with 20 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
generate.py
View File

@ -93,10 +93,10 @@ class Parser:
ipt_filename_inside = "/root/conf/{}-ipt.conf".format(conf_uuid) ipt_filename_inside = "/root/conf/{}-ipt.conf".format(conf_uuid)
self.result_container_postbootstrap.append('PostUp=IPT_COMMANDS=$({}); echo $IPT_COMMANDS; $IPT_COMMANDS'.format( self.result_container_postbootstrap.append('PostUp=IPT_COMMANDS=$({}); echo $IPT_COMMANDS; $IPT_COMMANDS'.format(
self.get_podman_cmd_with("podman exec {} /root/bin/udp2raw_amd64 --conf-file {}".format(self.get_container_name(), ipt_filename_inside)) self.get_podman_cmd_with("podman exec {} /root/bin/udp2raw_amd64 --conf-file {} | grep ^iptables".format(self.get_container_name(), ipt_filename_inside))
)) ))
self.result_postdown.append("PostDown=IPT_COMMANDS=$({}); IPT_COMMANDS=$(echo $IPT_COMMANDS | sed -e 's/-I /-D /g'); echo $IPT_COMMANDS; $IPT_COMMANDS".format( self.result_postdown.append("PostDown=IPT_COMMANDS=$({}); IPT_COMMANDS=$(echo $IPT_COMMANDS | sed -e 's/-I /-D /g'); echo $IPT_COMMANDS; $IPT_COMMANDS".format(
self.get_podman_cmd_with("podman exec {} /root/bin/udp2raw_amd64 --conf-file {}".format(self.get_container_name(), ipt_filename_inside)) self.get_podman_cmd_with("podman exec {} /root/bin/udp2raw_amd64 --conf-file {} | grep ^iptables".format(self.get_container_name(), ipt_filename_inside))
)) ))
def add_udp2raw_client(self, listen_port, tunnel_password, remote_addr): def add_udp2raw_client(self, listen_port, tunnel_password, remote_addr):
@ -113,10 +113,10 @@ class Parser:
ipt_filename_inside = "/root/conf/{}-ipt.conf".format(conf_uuid) ipt_filename_inside = "/root/conf/{}-ipt.conf".format(conf_uuid)
self.result_container_postbootstrap.append('PostUp=IPT_COMMANDS=$({}); echo $IPT_COMMANDS; $IPT_COMMANDS'.format( self.result_container_postbootstrap.append('PostUp=IPT_COMMANDS=$({}); echo $IPT_COMMANDS; $IPT_COMMANDS'.format(
self.get_podman_cmd_with("podman exec {} /root/bin/udp2raw_amd64 --conf-file {}".format(self.get_container_name(), ipt_filename_inside)) self.get_podman_cmd_with("podman exec {} /root/bin/udp2raw_amd64 --conf-file {} | grep ^iptables".format(self.get_container_name(), ipt_filename_inside))
)) ))
self.result_postdown.append("PostDown=IPT_COMMANDS=$({}); IPT_COMMANDS=$(echo $IPT_COMMANDS | sed -e 's/-I /-D /g'); echo $IPT_COMMANDS; $IPT_COMMANDS".format( self.result_postdown.append("PostDown=IPT_COMMANDS=$({}); IPT_COMMANDS=$(echo $IPT_COMMANDS | sed -e 's/-I /-D /g'); echo $IPT_COMMANDS; $IPT_COMMANDS".format(
self.get_podman_cmd_with("podman exec {} /root/bin/udp2raw_amd64 --conf-file {}".format(self.get_container_name(), ipt_filename_inside)) self.get_podman_cmd_with("podman exec {} /root/bin/udp2raw_amd64 --conf-file {} | grep ^iptables".format(self.get_container_name(), ipt_filename_inside))
)) ))
def add_trojan_server(self, listen_port, tunnel_password, ssl_cert_path, ssl_key_path): def add_trojan_server(self, listen_port, tunnel_password, ssl_cert_path, ssl_key_path):
@ -138,13 +138,13 @@ class Parser:
"cert": cert_uuid, "cert": cert_uuid,
}) })
def add_trojan_client(self, listen_port, tunnel_password, remote_addr, target_addr, ssl_sni=None): def add_trojan_client(self, listen_port, tunnel_password, remote_addr, target_port, ssl_sni=None):
self.container_bootstrap.append({ self.container_bootstrap.append({
"type": "trojan-client", "type": "trojan-client",
"listen": listen_port, "listen": listen_port,
"password": tunnel_password, "password": tunnel_password,
"remote": remote_addr, "remote": remote_addr,
"target": target_addr, "target": target_port,
"sni": ssl_sni, "sni": ssl_sni,
}) })
@ -318,6 +318,7 @@ class Parser:
while len(config_gen) > 1024: while len(config_gen) > 1024:
config_parts.append(config_gen[:1024]) config_parts.append(config_gen[:1024])
config_gen = config_gen[1024:] config_gen = config_gen[1024:]
config_parts.append(config_gen)
tmp_base64_filepath = "/tmp/wg-op-container-bootstrap-{}.data".format(self.wg_name) tmp_base64_filepath = "/tmp/wg-op-container-bootstrap-{}.data".format(self.wg_name)
tmp_filepath = "/tmp/wg-op-container-bootstrap-{}.json".format(self.wg_name) tmp_filepath = "/tmp/wg-op-container-bootstrap-{}.json".format(self.wg_name)
@ -337,9 +338,15 @@ class Parser:
self.result_postup.append('PostUp={}'.format( self.result_postup.append('PostUp={}'.format(
self.get_podman_cmd_with('podman network create {}'.format(self.get_container_network_name())) self.get_podman_cmd_with('podman network create {}'.format(self.get_container_network_name()))
)) ))
if self.container_expose_port:
cmd_ports = ["-p {}:{}/{}".format(this_port['port'], this_port['port'], this_port['mode']) for this_port in self.container_expose_port]
cmd_ports = ' '.join(cmd_ports)
else:
cmd_ports = ''
self.result_postup.append('PostUp={}'.format( self.result_postup.append('PostUp={}'.format(
self.get_podman_cmd_with('podman run --rm -v {}:/root/bin -v {}:/root/app --name {} --network {} -d wg-ops-systemd'.format( self.get_podman_cmd_with('podman run --rm --cap-add NET_RAW -v {}:/root/bin -v {}:/root/app {} --name {} --network {} -d wg-ops-systemd'.format(
path_bin_dir, path_app_dir, self.get_container_name(), self.get_container_network_name())) path_bin_dir, path_app_dir, cmd_ports, self.get_container_name(), self.get_container_network_name()))
)) ))
self.result_postup.append('PostUp={}'.format( self.result_postup.append('PostUp={}'.format(
self.get_podman_cmd_with('podman exec {} mkdir -p /root/ssl /root/runner /root/conf'.format( self.get_podman_cmd_with('podman exec {} mkdir -p /root/ssl /root/runner /root/conf'.format(
@ -355,8 +362,8 @@ class Parser:
self.result_postup.extend(self.result_container_prebootstrap) self.result_postup.extend(self.result_container_prebootstrap)
self.result_postup.append('PostUp={}'.format( self.result_postup.append('PostUp={}'.format(
self.get_podman_cmd_with('CT_GATEWAY=$(/usr/bin/python3 {} {}); podman exec -e GATEWAY_IP=$CT_GATEWAY {} /usr/bin/python3 /root/app/bootstrap.py'.format( self.get_podman_cmd_with('CT_GATEWAY=$(/usr/bin/python3 {} {}); podman exec -e GATEWAY_IP=$CT_GATEWAY -e WG_PORT={} {} /usr/bin/python3 /root/app/bootstrap.py'.format(
path_get_gateway, self.get_container_network_name(), self.get_container_name())) path_get_gateway, self.get_container_network_name(), self.wg_port, self.get_container_name()))
)) ))
self.result_postup.extend(self.result_container_postbootstrap) self.result_postup.extend(self.result_container_postbootstrap)
@ -397,8 +404,9 @@ class Parser:
if addr_host == "gateway": if addr_host == "gateway":
tunnel_addr = "" tunnel_addr = ""
self.result_postup.append("PostUp=CT_GATEWAY=$(/usr/bin/python3 {} {}); wg set {} peer {} endpoint $CT_GATEWAY:{}".format( self.result_postup.append("PostUp=CT_GATEWAY=$({}); wg set {} peer {} endpoint $CT_GATEWAY:{}".format(
path_get_gateway, self.get_container_network_name(), self.wg_name, current_pubkey, addr_port)) self.get_podman_cmd_with('/usr/bin/python3 {} {}'.format(path_get_gateway, self.get_container_network_name())),
self.wg_name, current_pubkey, addr_port))
elif tunnel_addr: elif tunnel_addr:
tunnel_addr = "127.0.0.1:{}".format(tunnel_addr) tunnel_addr = "127.0.0.1:{}".format(tunnel_addr)