feat: Add Cloudflare-WARP Docker build functionality

Added a new Dockerfile and corresponding build tasks in the .goreleaser script for a container running a nanoproxy with Cloudflare-WARP. Also added a startup shell script for WARP service registration and configuration. This deployment will be beneficial for enabling secure, encrypted connections for the proxy server.
ryanbekhen · May 23, 2024 · 1eba201 · 1eba201
1 parent c539132
commit 1eba201
Show file tree

Hide file tree

Showing 3 changed files with 133 additions and 0 deletions.
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -110,6 +110,38 @@ dockers:
       - "--platform=linux/arm64"
     goarch: arm64
 
+  - image_templates:
+      - "ghcr.io/ryanbekhen/nanoproxy-warp:{{ .Version }}-amd64"
+    dockerfile: Dockerfile
+    build_flag_templates:
+      - "--label=io.artifacthub.package.readme-url=https://raw.githubusercontent.com/ryanbekhen/nanoproxy/main/README.md"
+      - '--label=io.artifacthub.package.maintainers=[{"name":"Achmad Irianto Eka Putra","email":"[email protected]"}]'
+      - "--label=io.artifacthub.package.license=MIT"
+      - "--label=org.opencontainers.image.description=Nanoproxy is a simple proxy written in Go."
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.name={{.ProjectName}}"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.version={{.Version}}"
+      - "--label=org.opencontainers.image.source={{.GitURL}}"
+      - "--platform=linux/amd64"
+  - image_templates:
+      - "ghcr.io/ryanbekhen/nanoproxy-warp:{{ .Version }}-arm64"
+    dockerfile: Dockerfile
+    build_flag_templates:
+      - "--label=io.artifacthub.package.readme-url=https://raw.githubusercontent.com/ryanbekhen/nanoproxy/main/README.md"
+      - '--label=io.artifacthub.package.maintainers=[{"name":"Achmad Irianto Eka Putra","email":"[email protected]"}]'
+      - "--label=io.artifacthub.package.license=MIT"
+      - "--label=org.opencontainers.image.description=Nanoproxy is a simple proxy written in Go."
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.name={{.ProjectName}}"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.version={{.Version}}"
+      - "--label=org.opencontainers.image.source={{.GitURL}}"
+      - "--platform=linux/arm64"
+    goarch: arm64
+    extra_files:
+      - script.sh
+
 docker_manifests:
   - name_template: "ghcr.io/ryanbekhen/nanoproxy:{{ .Version }}"
     image_templates:
@@ -119,6 +151,14 @@ docker_manifests:
     image_templates:
       - "ghcr.io/ryanbekhen/nanoproxy:{{ .Version }}-amd64"
       - "ghcr.io/ryanbekhen/nanoproxy:{{ .Version }}-arm64"
+  - name_template: "ghcr.io/ryanbekhen/nanoproxy-warp:{{ .Version }}"
+    image_templates:
+      - "ghcr.io/ryanbekhen/nanoproxy-warp:{{ .Version }}-amd64"
+      - "ghcr.io/ryanbekhen/nanoproxy-warp:{{ .Version }}-arm64"
+  - name_template: "ghcr.io/ryanbekhen/nanoproxy-warp:latest"
+    image_templates:
+      - "ghcr.io/ryanbekhen/nanoproxy-warp:{{ .Version }}-amd64"
+      - "ghcr.io/ryanbekhen/nanoproxy-warp:{{ .Version }}-arm64"
 
 archives:
   - name_template: >-

diff --git a/Dockerfile-warp b/Dockerfile-warp
@@ -0,0 +1,28 @@
+FROM ubuntu:22.04
+
+COPY nanoproxy /usr/bin/nanoproxy
+
+RUN apt-get update && apt-get upgrade -y && apt-get install -y curl gnupg lsb-release dbus
+
+# WARP
+RUN curl -fsSL https://pkg.cloudflareclient.com/pubkey.gpg | gpg --yes --dearmor --output /usr/share/keyrings/cloudflare-warp-archive-keyring.gpg && \
+    echo "deb [signed-by=/usr/share/keyrings/cloudflare-warp-archive-keyring.gpg] https://pkg.cloudflareclient.com/ $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/cloudflare-client.list
+
+RUN apt-get update && apt-get install -y cloudflare-warp && apt-get clean
+
+# Accept Cloudflare WARP TOS
+RUN mkdir -p /root/.local/share/warp \
+  && echo -n 'yes' > /root/.local/share/warp/accepted-tos.txt
+
+ENV WARP_LICENSE_KEY=""
+
+HEALTHCHECK --interval=15s --timeout=5s --start-period=30s --retries=3 \
+  CMD curl -fsS --connect-timeout 1 --max-time 3 "https://cloudflare.com/cdn-cgi/trace" | grep -qE "warp=(plus|on)" || exit 1
+
+COPY script.sh /usr/local/bin/script.sh
+
+RUN chmod +x /usr/local/bin/script.sh
+
+EXPOSE 1080
+
+ENTRYPOINT ["script.sh"]
diff --git a/script.sh b/script.sh
@@ -0,0 +1,65 @@
+#!/bin/bash
+
+set -e
+
+function start_nanoproxy_if_need() {
+  if pgrep -x "nanoproxy" >/dev/null; then
+    return
+  fi
+
+  # start the proxy
+  nohup nanoproxy >/dev/null 2>&1 &
+}
+
+function register_if_need() {
+  if [ -f /var/lib/cloudflare-warp/reg.json ]; then
+    return
+  fi
+
+  # if /var/lib/cloudflare-warp/reg.json not exists, register the warp client
+  warp-cli register && echo "Warp client registered!"
+  # if a license key is provided, register the license
+  if [ -n "$WARP_LICENSE_KEY" ]; then
+    echo "License key found, registering license..."
+    warp-cli set-license "$WARP_LICENSE_KEY" && echo "Warp license registered!"
+  fi
+}
+
+function wait_for_warp_ready() {
+
+  echo -e "\n\n------------------------------"
+  echo "Waiting for WARP service..."
+  echo -e "------------------------------\n\n"
+
+  sleep 1
+
+  while true; do
+
+    if ! warp-cli status >/dev/null 2>&1; then
+
+      sleep 1
+      continue
+
+    fi
+
+    break
+
+  done
+
+  echo -e "\n\n------------------------------"
+  echo "WARP service started!"
+  echo -e "------------------------------\n\n"
+}
+
+function run_after_warp_ready() {
+  wait_for_warp_ready
+  register_if_need
+  warp-cli set-mode warp
+  warp-cli connect
+}
+
+#########################################################
+
+start_nanoproxy_if_need
+run_after_warp_ready &
+warp-svc | grep -v INFO