添加黑名单镜像

.github/workflows/private.yml

@@ -0,0 +1,67 @@
+name: private
+
+on:
+  schedule:
+  # 每半年3号，2:56执行一次，以同步官方
+  - cron: '56 2 3 */6 *'
+  push:
+    #branches: [ master ]
+    paths:
+    - private/Dockerfile
+  pull_request:
+    branches: [ master ]
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - uses: actions/checkout@v2
+
+      # 设置 QEMU 以支持多个平台
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+
+      # 设置 buildx
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      # 配置缓存
+      - name: Cache Docker layers
+        uses: actions/cache@v2
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+      
+      # 登录 dockerhub
+      - name: Login to Docker Hub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      # 编译并推送到 dockerhub
+      - name: Build and push
+        uses: docker/build-push-action@v2
+        with:
+          context: private
+          file: Dockerfile
+          platforms: linux/amd64,linux/arm64,linux/arm/v7
+          push: true
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new
+          tags: |
+            ryjer/opentracker:private
+            ryjer/opentracker:20210823-private
+      
+      # 处理缓存无限增大问题的临时修复，以防出现问题。（等待github官方修复）
+      #- name: Move cache
+        #run: |
+          #rm -rf /tmp/.buildx-cache
+          #mv /tmp/.buildx-cache-new /tmp/.buildx-cache

alpine/Dockerfile

@@ -9,12 +9,14 @@ RUN apk add gcc \
 	cvs \
 	zlib-dev
 
+# 下载依赖库 libowfat 和 opentracker，设置opentracker特性：不公开详细信息、允许通告ip、关闭fullscrape
 RUN cvs -d :pserver:[email protected]:/cvs -z9 co libowfat \
     && cd libowfat \
     && make -j4 \
     && cd .. \
     && git clone git://erdgeist.org/opentracker \
     && cd opentracker \
+    && sed -i '/FEATURES+=-DWANT_RESTRICT_STATS$/s/^#//' Makefile \
     && sed -i '/FEATURES+=-DWANT_IP_FROM_QUERY_STRING$/s/^#//' Makefile \
     && sed -i '/^FEATURES+=-DWANT_FULLSCRAPE$/s/^/#/' Makefile
     && make -j4

private/Dockerfile

@@ -0,0 +1,47 @@
+FROM alpine as build
+
+WORKDIR /src
+
+RUN apk add gcc \
+	g++ \
+	make \
+	git \
+	cvs \
+	zlib-dev
+
+# 下载依赖库 libowfat 和 opentracker，设置opentracker特性：支持ipv6、支持黑名单、不公开详细信息、允许通告ip、关闭fullscrape
+RUN cvs -d :pserver:[email protected]:/cvs -z9 co libowfat \
+    && cd libowfat \
+    && make -j4 \
+    && cd .. \
+    && git clone git://erdgeist.org/opentracker \
+    && cd opentracker \
+    && sed -i '/#FEATURES+=-DWANT_V6$/s/^#//' Makefile \
+    && sed -i '/#FEATURES+=-DWANT_ACCESSLIST_BLACK$/s/^#//' Makefile \
+    && sed -i '/#FEATURES+=-DWANT_IP_FROM_QUERY_STRING$/s/^#//' Makefile \
+    && sed -i '/#FEATURES+=-DWANT_RESTRICT_STATS$/s/^#//' Makefile \
+    && sed -i '/^FEATURES+=-DWANT_FULLSCRAPE$/s/^/#/' Makefile
+    && make -j4
+
+FROM alpine
+
+# XDG目录规范
+ENV XDG_CONFIG_HOME=/config
+
+COPY --from=build /src/opentracker/opentracker /bin/opentracker
+
+# 安装 curl 用于健康检查使用，创建配置目录
+RUN apk add --no-cache curl \
+    && mkdir -p ${XDG_CONFIG_HOME}
+
+# 暴露配置卷路径
+VOLUME ["${XDG_CONFIG_HOME}"]
+
+COPY ./opentracker.conf ${XDG_CONFIG_HOME}/opentracker.conf
+COPY ./whitelist	${XDG_CONFIG_HOME}/whitelist
+COPY ./blacklist	${XDG_CONFIG_HOME}/blacklist
+
+EXPOSE 6969/tcp 
+EXPOSE 6969/udp
+
+CMD ["/bin/opentracker", "-f", "/config/opentracker.conf"]

private/opentracker.conf

@@ -0,0 +1,127 @@
+# opentracker config file
+# opentracker 配置文件
+#
+
+# I)   Address opentracker will listen on, using both, tcp AND udp family
+#      (note, that port 6969 is implicite if ommitted).
+#      opentracker将要监听的服务端口，同时监听tcp和udp端口（注意，没有配置则会
+#      默认监听6969端口）
+#
+#      If no listen option is given (here or on the command line), opentracker
+#      listens on 0.0.0.0:6969 tcp and udp.
+#      如果这里没有给出监听端口配置，则opentracker会默认监听 0.0.0.0:6969 tcp
+#      和 udp 端口。即 6969/tcp 和 6969/udp 端口
+#
+#      The next variable determines if udp sockets are handled in the event
+#      loop (set it to 0, the default) or are handled in blocking reads in
+#      dedicated worker threads. You have to set this value before the
+#      listen.tcp_udp or listen.udp statements before it takes effect, but you
+#      can re-set it for each listen statement. Normally you should keep it at
+#      the top of the config file.
+#
+# listen.udp.workers 4
+#
+# listen.tcp_udp 0.0.0.0
+# listen.tcp_udp 192.168.0.1:80
+# listen.tcp_udp 10.0.0.5:6969
+#
+#      To only listen on tcp or udp family ports, list them this way:
+#      如果只想监听 tcp 或 udp 端口，向下面这样设置：
+#
+# listen.tcp 0.0.0.0
+# listen.udp 192.168.0.1:6969
+#
+#      Note, that using 0.0.0.0 for udp sockets may yield surprising results.
+#      An answer packet sent on that socket will not necessarily have the
+#      source address that the requesting client may expect, but any address
+#      on that interface.
+#
+
+# II)  If opentracker runs in a non-open mode, point it to files containing
+#      all torrent hashes that it will serve (shell option -w)
+#      如果 opentracker 运行在非开放模式（白名单模式），你需要将白名单种子的
+#      info hash 值填入白名单文件中，每行一条。并在下面指示白名单文件的路径
+#      （或者使用命令行选项 -w 指示）
+#
+# access.whitelist /path/to/whitelist
+#
+#      or, if opentracker was compiled to allow blacklisting (shell option -b)
+#      或者，如果opentracker编译时支持黑名单的话，使用以下选项指明黑名单文件所在
+#      路径（或者使用命令行选项 -b 指示）
+#
+access.blacklist /config/blacklist
+#
+#      It is pointless and hence not possible to compile black AND white
+#      listing, so choose one of those options at compile time. File format
+#      is straight forward: "<hex info hash>\n<hex info hash>\n..."
+#      白名单和黑名单配置文件内容应当每行一条16进制的 info hash 值，每行都要以换行
+#      结束，包括最后一行
+#
+#      If you do not want to grant anyone access to your stats, enable the
+#      WANT_RESTRICT_STATS option in Makefile and bless the ip addresses
+#      allowed to fetch stats here.
+#      如果你不想开放所有统计信息，可以在Makefile中启动 -WANT_RESTRICT_STATS
+#      选项。这将只允许以下配置的ip访问统计信息：
+#
+access.stats 127.0.0.1
+# access.stats 0::1
+#
+#      There is another way of hiding your stats. You can obfuscate the path
+#      to them. Normally it is located at /stats but you can configure it to
+#      appear anywhere on your tracker.
+#      还有另一种方式隐藏你的统计信息，那就是换一个api路径。通常使用 /stats 路径
+#      但你可以在下面配置另一个访问统计信息的路径：
+#
+# access.stats_path stats
+
+# III) Live sync uses udp multicast packets to keep a cluster of opentrackers
+#      synchronized. This option tells opentracker which port to listen for
+#      incoming live sync packets. The ip address tells opentracker, on which
+#      interface to join the multicast group, those packets will arrive.
+#      (shell option -i 192.168.0.1 -s 9696), port 9696 is default.
+#
+# livesync.cluster.listen 192.168.0.1:9696
+#
+#      Note that two udp sockets will be opened. One on ip address 0.0.0.0
+#      port 9696, that will join the multicast group 224.0.42.23 for incoming
+#      udp packets and one on ip address 192.168.0.1 port 9696 for outgoing
+#      udp packets.
+#
+#      As of now one and only one ip address must be given, if opentracker
+#      was built with the WANT_SYNC_LIVE feature.
+#
+
+# IV)  Sync between trackers running in a cluster is restricted to packets
+#      coming from trusted ip addresses. While source ip verification is far
+#      from perfect, the authors of opentracker trust in the correct
+#      application of tunnels, filters and LAN setups (shell option -A).
+#
+# livesync.cluster.node_ip 192.168.0.4
+# livesync.cluster.node_ip 192.168.0.5
+# livesync.cluster.node_ip 192.168.0.6
+#
+#      This is the admin ip address for old style (HTTP based) asynchronus
+#      tracker syncing.
+#
+# batchsync.cluster.admin_ip 10.1.1.1
+#
+
+# V)   Control privilege drop behaviour.
+#      Put in the directory opentracker will chroot/chdir to. All black/white
+#      list files must be put in that directory (shell option -d).
+#      配置 opentracker 的chroot/chdir 根路径，所有的白名单/黑名单文件都必须
+#      放在该路径下（命令行选项 -d）:
+#
+#
+# tracker.rootdir /usr/local/etc/opentracker
+#
+#      Tell opentracker which user to setuid to.
+#      告知opentracker的运行用户：
+#
+# tracker.user    nobody
+#
+
+# VI)  opentracker can be told to answer to a "GET / HTTP"-request with a
+#      redirect to another location (shell option -r).
+#
+# tracker.redirect_url https://your.tracker.local/