Skip to content

Commit

Permalink
Refactor part of version and fix some bugs.
Browse files Browse the repository at this point in the history
  • Loading branch information
ellermister committed Nov 25, 2023
1 parent ee9fe39 commit a03db52
Show file tree
Hide file tree
Showing 9 changed files with 392 additions and 198 deletions.
68 changes: 68 additions & 0 deletions .github/workflows/docker-publish.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
name: Docker

on:
workflow_dispatch:
push:
branches: [ "master" ]
# Publish semver tags as releases.
tags: [ 'v*.*.*' ]

env:
# Use docker.io for Docker Hub if empty
REGISTRY: "docker.io"
# github.repository as <account>/<repo>
IMAGE_NAME: ${{ github.repository }}


jobs:
build:

runs-on: ubuntu-latest
permissions:
contents: read
packages: write
# This is used to complete the identity challenge
# with sigstore/fulcio when running outside of PRs.
id-token: write

steps:
- name: Checkout repository
uses: actions/checkout@v3

# Set up BuildKit Docker container builder to be able to build
# multi-platform images and export cache
# https://github.com/docker/setup-buildx-action
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0

# Login against a Docker registry except on PR
# https://github.com/docker/login-action
- name: Log into registry ${{ env.REGISTRY }}
if: github.event_name != 'pull_request'
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}

# Build and push Docker image with Buildx (don't push on PR)
# https://github.com/docker/build-push-action
- name: Build and push Docker image
id: build-and-push
uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
with:
context: .
platforms: linux/amd64,linux/arm64
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
6 changes: 6 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
mtg
mtproto-proxy
proxy-multi.conf
proxy-secret
build
pid
5 changes: 3 additions & 2 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
FROM --platform=$TARGETPLATFORM nginx AS build
FROM --platform=$TARGETPLATFORM nginx:1.23.2 AS build
#FROM nginx:1.23.2 AS build


COPY . /home/mtproxy

Expand All @@ -10,7 +12,6 @@ WORKDIR /home/mtproxy
RUN set -ex \
&& cd $WORKDIR \
&& cp src/* /usr/share/nginx/html \
&& cp mtp_config mtp_config.bak \
&& rm -rf .git \
&& cp mtproxy-entrypoint.sh /docker-entrypoint.d/40-mtproxy-start.sh \
&& chmod +x /docker-entrypoint.d/40-mtproxy-start.sh \
Expand Down
81 changes: 64 additions & 17 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,29 +1,43 @@
# mtproxy

MTProxyTLS 一键安装绿色脚本 [English](README-en.md)

> 如果你反复遇到段错误或者其他未知问题, 建议更换为 Debian 9+ 以上的系统或采用 Docker 方式运行.
这是一个一键安装 MTProxy 代理的绿色脚本,脚本可以在官方版本的 MTProxy 程序和兼容性最强的第三方作者开发的 mtg 程序中进行选择静态安装或者编译,该版本默认支持 Fake TLS 以及 AdTag 配置。

在此基础上,提供了 Nginx 作为前端转发,MTProxy 作为后端代理的方式以实现安全的伪装,并且在 nginx 转发层进行配置了 IP 白名单,只有通过白名单认证过的 IP 才可以进行访问,此功能提供了 Docker 镜像以便开箱即用。

[English](README-en.md)

## 交流群组

Telegram 群组:https://t.me/EllerHK

## 安装方式

提供了两种安装方式可供选择:

## 安装方式
- 使用脚本

选择该方式一般是你在宿主机中进行直接安装或者编译,会或多或少需要安装一些系统基础依赖库。

- 使用 Docker

**小白建议使用 Docker!** 不会对宿主机造成污染,如果你需要修改一些配置文件,需要你稍微学习一些基础Docker 使用技术。

### 使用脚本

> 如果你反复遇到段错误或者其他未知问题, 建议更换为 Debian 9+ 以上的系统或采用 Docker 方式运行.
执行如下代码进行安装

```bash
mkdir /home/mtproxy && cd /home/mtproxy
curl -s -o mtproxy.sh https://raw.githubusercontent.com/ellermister/mtproxy/master/mtproxy.sh && chmod +x mtproxy.sh && bash mtproxy.sh
rm -rf /home/mtproxy && mkdir /home/mtproxy && cd /home/mtproxy
curl -s -o mtproxy.sh https://github.com/ellermister/mtproxy/raw/master/mtproxy.sh
bash mtproxy.sh
```

![mtproxy.sh](https://raw.githubusercontent.com/ellermister/mtproxy/master/mtproxy.jpg)

## 白名单 MTProxy Docker 镜像
### 使用Docker | 白名单 MTProxy Docker 镜像

The image integrates nginx and mtproxy+tls to disguise traffic, and uses a whitelist mode to deal with firewall detection.

该镜像集成了 nginx、mtproxy+tls 实现对流量的伪装,并采用**白名单**模式来应对防火墙的检测。
Expand All @@ -32,20 +46,55 @@ If you use this Docker image, you don't need to use the script, you can choose o

若使用该 Docker 镜像, 就不需要用脚本了,二者二选一,不要搞混了。

**如果没有安装Docker**,一键安装方式:

```bash
curl -fsSL https://get.docker.com -o get-docker.sh
sh get-docker.sh
```

**创建白名单镜像:**

```bash
secret=$(head -c 16 /dev/urandom | xxd -ps)
domain="cloudflare.com"
docker run --name nginx-mtproxy -d -e secret="$secret" -e domain="$domain" -p 8080:80 -p 8443:443 ellermister/nginx-mtproxy:latest
docker run -d \
--name mtproxy \
--restart=always \
-e domain="cloudflare.com" \
-p 8080:80 \
-p 8443:443 \
ellermister/mtproxy
```
镜像默认开启了 IP 段白名单,如果你不需要可以取消
**镜像默认开启了 IP 段白名单**,如果你不需要可以配置 `ip_white_list="OFF"` 取消

```bash
docker run --name nginx-mtproxy -d -e secret="$secret" -e domain="$domain" -e ip_white_list="IP" -p 8080:80 -p 8443:443 ellermister/nginx-mtproxy:latest
docker run -d \
--name mtproxy \
--restart=always \
-e domain="cloudflare.com" \
-e secret="548593a9c0688f4f7d9d57377897d964" \
-e ip_white_list="OFF" \
-p 8080:80 \
-p 8443:443 \
ellermister/mtproxy
```

更多使用请参考: https://hub.docker.com/r/ellermister/nginx-mtproxy
`ip_white_list` 选项:

- **OFF** 关闭白名单
- **IP** 开启 IP 白名单
- **IPSEG** 开启 IP 段白名单

`secret`指定密钥:如果你想创建已知的密钥,格式为:32位十六进制字符。

**在日志中查看链接的参数配置**

```bash
docker logs -f mtproxy
```

连接端口记得修改为你映射后的外部端口,如上文例子中都是`8443`,在连接时修改端口。

更多使用请参考: https://hub.docker.com/r/ellermister/mtproxy

## 使用方式

Expand Down Expand Up @@ -73,8 +122,6 @@ bash mtproxy.sh stop
bash mtproxy.sh restart
```



## 卸载安装

因为是绿色版卸载极其简单,直接删除所在目录即可。
Expand All @@ -83,10 +130,10 @@ bash mtproxy.sh restart
rm -rf /home/mtproxy
```



## 开机启动

> 该脚本没有配置为系统服务的方式,你可以将其添加到开机启动脚本中。
开机启动脚本,如果你的 rc.local 文件不存在请检查开机自启服务。

通过编辑文件`/etc/rc.local`将如下代码加入到开机自启脚本中:
Expand Down
3 changes: 2 additions & 1 deletion mtp_config → mtp_config.example
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,6 @@
secret="4451023506896290666356006a67ce93"
port=8443
web_port=8888
domain="azure.microsoft.com"
domain="cloudflare.com"
proxy_tag="4451023506896290666356006a67ce91"
provider=1
17 changes: 12 additions & 5 deletions mtproxy-entrypoint.sh
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,15 @@ set -e
chmod 777 /etc/nginx/ip_white.conf
chmod 777 /run/php/php7.4-fpm.sock


default_config="/home/mtproxy/mtp_config.example"
mtp_config="/home/mtproxy/mtp_config"
init_lock="/home/mtproxy/mtp_config.lock"

function gen_rand_hex() {
local result=$(dd if=/dev/urandom bs=1 count=500 status=none | od -An -tx1 | tr -d ' \n')
echo "${result:0:$1}"
}


set_config(){
if [ "$secret" ] && [[ "$secret" =~ ^[A-Za-z0-9]{32}$ ]]; then
Expand All @@ -19,11 +26,11 @@ set_config(){
fi
}

if [ ! -f $init_lock ];then
cp "${mtp_config}.bak" "$mtp_config"
echo 1>"$init_lock"
if [ ! -f $mtp_config ];then
cp "${default_config}" "$mtp_config"

if [ ! "$secret" ]; then
secret=$(head -c 16 /dev/urandom | xxd -ps)
secret=$(gen_rand_hex 32)
fi

if [ ! "$ip_white_list" ]; then
Expand Down
Loading

0 comments on commit a03db52

Please sign in to comment.