basic docker setup

yankeeblower · Feb 24, 2023 · fb75037 · fb75037
1 parent f317941
commit fb75037
Show file tree

Hide file tree

Showing 3 changed files with 62 additions and 11 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,11 @@
+FROM ubuntu:focal
+ENV APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=DontWarn
+ENV DEBIAN_FRONTEND=noninteractive
+ENV TZ="Europe/London"
+
+RUN apt -y update \
+    && apt -y install curl dante-server wireguard-tools iproute2 procps iptables openresolv kmod gnupg net-tools \
+    && apt clean && rm -rf /var/lib/apt/lists/*
+
+COPY entrypoint.sh /run/entrypoint.sh
+ENTRYPOINT ["/run/entrypoint.sh"]
diff --git a/README.md b/README.md
@@ -29,21 +29,15 @@ Test it
 
 ``` bash
 
-#Host
-curl -4 --proxy socks5h://127.0.0.1:9091 https://www.cloudflare.com/cdn-cgi/trace 
-curl -6 --proxy socks5h://127.0.0.1:9091 https://www.cloudflare.com/cdn-cgi/trace 
+# Host
+curl --proxy socks5h://127.0.0.1:9091 https://www.cloudflare.com/cdn-cgi/trace 
 
-# or connect to container
-docker exec -it warp_socks /bin/bash
-curl -4 --proxy socks5h://127.0.0.1:9091 https://www.cloudflare.com/cdn-cgi/trace 
-curl -6 --proxy socks5h://127.0.0.1:9091 https://www.cloudflare.com/cdn-cgi/trace 
-
-# See `warp=on` means success.
+# See`warp=on` means success. 
 ```
 
 #### Advanced
 
-It will also recognize the prepared `warp.conf` and `danted.conf` if they are located in `~/wireguard/`.
+It will also recognize the prepared `wgcf-profile.conf` and `danted.conf` if they are located in `~/wireguard/`.
 
 ``` bash
 docker run --privileged --restart=always -itd \
@@ -53,7 +47,7 @@ docker run --privileged --restart=always -itd \
     --cap-add NET_ADMIN --cap-add SYS_MODULE \
     -p 9091:9091 \
     -v /lib/modules:/lib/modules \
-    -v ~/wireguard/:/etc/wireguard/:ro \
+    -v ~/wireguard/:/opt/wireguard/:ro \
     monius/Docker-Warp-Socks
 ```
 

diff --git a/entrypoint.sh b/entrypoint.sh
@@ -0,0 +1,46 @@
+#!/bin/bash
+set -e
+
+IFACE=$(ip route show | grep default | awk '{print $5}')
+IPv4=$(ip -4 address show dev "$IFACE" | awk '/inet/{print $2}' | cut -d/ -f1)
+IPv6=$(ip -6 address show dev "$IFACE" | awk '/inet/{print $2}' | cut -d/ -f1)
+
+if [ ! -e "/opt/wgcf-profile.conf" ]; then
+	curl -fsSL git.io/wgcf.sh | bash
+	wgcf register --accept-tos && wgcf generate && mv wgcf-profile.conf /opt
+	sed -i "/\[Interface\]/a PostDown = ip -6 rule delete from ${IPv6}  lookup main" /opt/wgcf-profile.conf
+	sed -i "/\[Interface\]/a PostUp = ip -6 rule add from ${IPv6} lookup main" /opt/wgcf-profile.conf
+	sed -i "/\[Interface\]/a PostDown = ip -4 rule delete from ${IPv4} lookup main" /opt/wgcf-profile.conf
+	sed -i "/\[Interface\]/a PostUp = ip -4 rule add from ${IPv4} lookup main" /opt/wgcf-profile.conf
+fi
+
+if [ ! -e "/etc/wireguard/warp.conf" ]; then
+    cp /opt/wgcf-profile.conf /etc/wireguard/warp.conf
+fi
+
+if [ ! -e "/opt/danted.conf" ]; then
+	cat > /opt/danted.conf <<-EOF
+		logoutput: stderr
+		internal: ${IFACE} port = 9091
+		external: warp
+
+		user.unprivileged: nobody
+
+		socksmethod: none
+		clientmethod: none
+
+		client pass {
+			from: 0.0.0.0/0 to: 0.0.0.0/0
+			log: error
+		}
+
+		socks pass {
+			from: 0.0.0.0/0 to: 0.0.0.0/0
+		}
+	EOF
+fi
+
+wg-quick up warp && /usr/sbin/danted -f /opt/danted.conf -D
+
+curl --proxy socks5h://"${IPv4}":9091 https://www.cloudflare.com/cdn-cgi/trace 
+exec "$@"