usbharu
/
warp-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update docker; rm haproxy

This commit is contained in:
seiry 2023-04-10 22:25:52 +08:00
parent d4255a0404
commit 22ac9cd74d
No known key found for this signature in database
GPG Key ID: 1F392C1EF1F7DCB8
4 changed files with 9 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
Dockerfile
View File

@ -1,18 +1,19 @@
ARG DEBIAN_RELEASE=buster
ARG DEBIAN_RELEASE=bullseye
FROM docker.io/debian:$DEBIAN_RELEASE-slim
ARG DEBIAN_RELEASE
COPY pubkey.gpg entrypoint.sh /
COPY entrypoint.sh /
ENV DEBIAN_FRONTEND noninteractive
RUN true && \
apt update && \
apt install -y gnupg ca-certificates libcap2-bin haproxy && \
apt-key add /pubkey.gpg && \
echo "deb http://pkg.cloudflareclient.com/ $DEBIAN_RELEASE main" > /etc/apt/sources.list.d/cloudflare-client.list && \
apt install -y gnupg ca-certificates curl && \
curl https://pkg.cloudflareclient.com/pubkey.gpg | gpg --yes --dearmor --output /usr/share/keyrings/cloudflare-warp-archive-keyring.gpg && \
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/cloudflare-warp-archive-keyring.gpg] https://pkg.cloudflareclient.com/ $DEBIAN_RELEASE main" | tee /etc/apt/sources.list.d/cloudflare-client.list && \
apt update && \
apt install cloudflare-warp -y && \
apt install cloudflare-warp -y --no-install-recommends && \
apt remove -y curl ca-certificates && \
apt clean -y && \
rm -rf /var/lib/apt/lists/* && \
chmod +x /entrypoint.sh
COPY haproxy.cfg /etc/haproxy/haproxy.cfg
EXPOSE 40000/tcp
ENTRYPOINT [ "/entrypoint.sh" ]

3
entrypoint.sh
View File

@ -6,9 +6,8 @@ while ! warp-cli --accept-tos register; do
>&2 echo "Awaiting warp-svc become online..."
done
warp-cli --accept-tos set-mode proxy
warp-cli --accept-tos set-proxy-port 40001
warp-cli --accept-tos set-proxy-port 40000
warp-cli --accept-tos connect
warp-cli enable
haproxy -f /etc/haproxy/haproxy.cfg
) &

40
haproxy.cfg
View File

@ -1,40 +0,0 @@
global
stats timeout 30s
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
# An alternative list with additional directives can be obtained from
# https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3
defaults
log global
#option httplog
option dontlognull
timeout connect 5000
timeout client 0
timeout server 0
timeout tunnel 0
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend warp
mode tcp
bind :40000
use_backend warp
backend warp
server warp 127.0.0.1:40001

29
pubkey.gpg
View File

@ -1,29 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGC6fSgBEADcsLdt3UbcPFzge7+ukvBtvHpgMZ8y36LxNCfjClbZjioRGwg2
78mQdDSj1YBoQNVUtKV/6A1aFe9XJp5Hn40TM/CbI8RneKH9kUUyMqHWwjClAV8S
dVa7FxgTTapN23bYAnxb0Z0yGfZTdDhTBjLG5OcH/59SNhzY9r2ToR5VjHhMGPV0
qsQMfuknhSwbNCJLyQSEgh0vZKy4qdQOLCWEhZ0wccNQONXPcgIKw4nPCZubMI5P
SJEaEL4RPJiacOFdkkWq7NOeU81L5YdwTKghIiC0LAw37/5PTkbu8tCAt3gnkbag
UZQZW9FrKDuRQEJuBduFuMZBEtWTGqsAcOfrOT2pRahu953frHHhnv2/HohTGfM4
PA9agFZlFXYMyxZvZr5VVQF8DSiq8h9iVJsrpdDaXeFniR6S8UkDFEVMEIzu5Zbu
gTCe9ByZMnCz6L/KQrBf+v+FtEGxm82EBfxP1MWmh6hfRBhG4MsideUFfdxoazcl
erItXSsufMuzetItT+AL4KQKpo1wygOk2cqBeqk16imUp8LFH27NiYDi80AvmGw+
08k/UWAGuuZE+MqZhRGP4Xhc+IDJjiUj1qzj05Zg5kmbCZHwNujHMgTDIc41BkFU
vcPDtadMEVNtU+O5WSoulJhVa+lcxiwqYBf4gbefUXyWRaEpY41aFQ2ITQARAQAB
tDZDbG91ZGZsYXJlIFBhY2thZ2UgUmVwb3NpdG9yeSA8c3VwcG9ydEBjbG91ZGZs
YXJlLmNvbT6JAlgEEwEIAEIWIQRnWaAqqcyol4MXMWBECPYng1uKywUCYLp9KAIb
AwUJA8JnAAULCQgHAgMiAgEGFQoJCAsCBBYCAwECHgcCF4AACgkQRAj2J4NbissH
YRAAy50sq5fFhyzregc+FPz9NPbagr/IlKheaJqninrDORHMgm+4zKtZaKegjpJR
qh+jpvh2Lcfkgb/oXeg9SASvopt0jUfs+y6kfnYviFSySZrJGPFGCi5qliZOrFGm
0B4dP4hiYa1cdt3pyscTu9O+yZIMxpIgx06L9SGrn3sg6uEuCjoQHFYjPFSSdomm
iYGzPQQoI75gnkorctWy0E49DqipzAtpk7S9kS+pS/O9C+/YBcxs3iMVCbuB9mId
xB24LAvcBF1lZUWrtd6Y3xxNdgLx1JqSRREyqh0safgtko736HUBTjCjve3cJryO
3WGNmT+9+2YS3MbZMJw/HLaUaadByfZbe8ERRWGZBK85Iu4SDEJXtqyoAIgbaIrS
QiWKggmQvJ/JkO3gZbpJV7zG4wYYVZ+qDPV8N+PXsDbNQAXsQ2FLMKCJcDSHVWdV
xYc9aatqrei2kB+3u/1N4vzX02wL20yg5OQ2oPdceXOYqVG6BQlb/u6ivunhbxM+
Y5bRWb2aT/2Ry52djxqsj+08KaL/ybjshjWITyLCVJA19Cg2JtSqOpZ8z1ED5h8A
BS7vkeayWQ8osLCrVJaveAOvm94xf+ZptRCDrYbmzeyXWGS8qB33DRHEPGNzoGMJ
wtEpBPfxh46uL2knvuFefJtxdoTttBko+S1wYQ5LHdaFFmI=
=OiPd
-----END PGP PUBLIC KEY BLOCK-----