docker init

.dockerignore

@@ -0,0 +1,28 @@
+**/__pycache__
+**/*venv
+**/.classpath
+**/.dockerignore
+**/.env
+**/.git
+**/.gitignore
+**/.project
+**/.settings
+**/.toolstarget
+**/.vs
+**/.vscode
+**/*.*proj.user
+**/*.dbmdl
+**/*.jfm
+**/charts
+**/docker-compose*
+**/compose*
+**/Dockerfile*
+**/node_modules
+**/npm-debug.log
+**/obj
+**/secrets.dev.yaml
+**/values.dev.yaml
+*.db
+.python-version
+LICENSE
+README.md

Dockerfile

@@ -0,0 +1,54 @@
+FROM --platform=linux/amd64 registry.cn-hangzhou.aliyuncs.com/browser/python:3.8.19-2
+LABEL maintainer="Browser <[email protected]>"
+
+# 设置环境变量
+# 防止 python 将 pyc 文件写入硬盘
+ENV PYTHONDONTWRITEBYTECODE=1
+# 防止 python 缓冲 (buffering) stdout 和 stderr, 以便更容易地进行容器日志记录
+ENV PYTHONUNBUFFERED=1
+
+WORKDIR /opt/openvpn-cms-flask
+
+COPY . .
+
+# vpn init script
+RUN cp -r /opt/openvpn-cms-flask/bin/*  /usr/local/bin/  \
+    && chmod a+x /usr/local/bin/* \
+    && cp /opt/openvpn-cms-flask/app/scripts/cmd/* /usr/local/bin/ \
+    && sed -i s/127.0.0.1/mysql/g /usr/local/bin/connect.sh \
+    && sed -i s/127.0.0.1/mysql/g /usr/local/bin/disconnect.sh \
+    && chmod 755 -R /usr/local/bin/
+
+# python
+RUN set -ex \
+    && yum install -y gcc GeoIP GeoIP-devel net-tools  \
+    && pip3 install --no-cache-dir -r requirements.txt  -i https://pypi.tuna.tsinghua.edu.cn/simple \
+    && sed -i s/localhost/mysql/g  /opt/openvpn-cms-flask/app/config/secure.py
+
+# openvpn
+RUN set -ex \
+    && yum install -y epel-release \
+    && yum install -y openvpn  easy-rsa  expect zip unzip net-tools telnet mysql netcat \
+    && yum clean all
+
+
+# arp script
+#ADD cronfile /etc/cron.d/arp-cron
+
+RUN set -ex \
+    && rm -rf /etc/localtime \
+    && ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
+
+#    && chmod 0644 /etc/cron.d/arp-cron \
+#    && touch /var/log/cron.log \
+#    && env | grep -v "no_proxy" >> /etc/environment \
+
+VOLUME ["/etc/openvpn"]
+VOLUME ["/opt/vpnuser"]
+
+# 暴露端口
+EXPOSE 5000
+EXPOSE 11940/udp
+
+CMD ["vpn_run"]
+

Makefile

@@ -0,0 +1,16 @@
+#all: build push
+#
+#build:
+#	docker buildx build --platform linux/arm64,linux/amd64  -t registry.cn-hangzhou.aliyuncs.com/browser/openvpn-cms-flask:v1.2.0 -f Dockerfile .  --push
+#
+#.PHONY: all build
+
+all: build push
+
+build:
+	docker build --pull --platform linux/amd64 -t registry.cn-hangzhou.aliyuncs.com/browser/openvpn-cms-flask:v1.2.7 .
+
+push:
+	docker push registry.cn-hangzhou.aliyuncs.com/browser/openvpn-cms-flask:v1.2.7
+
+.PHONY: all build push

app/scripts/ovpn_env.sh

@@ -0,0 +1,2 @@
+declare -x OVPN_SERVER=172.16.64.0/20
+declare -x OVPN_NATDEVICE=eth0

bin/vpn_init

@@ -0,0 +1,38 @@
+#!/bin/bash
+
+# Initialize the EasyRSA PKI
+
+IP=$1
+VPN_SERVER=${IP:=127.0.0.1}
+
+cp -r /usr/share/easy-rsa  /etc/openvpn/ \
+&& cp -r /opt/openvpn-cms-flask/app/scripts/vars /etc/openvpn/easy-rsa/3.0/ \
+&& cp /opt/openvpn-cms-flask/app/scripts/server.conf  /etc/openvpn/ \
+&& sed -i s/\#dev\ tun/dev\ tun/g /etc/openvpn/server.conf \
+&& sed -i s/dev\ tap/\#dev\ tap/g /etc/openvpn/server.conf \
+&& cp /opt/openvpn-cms-flask/app/scripts/ovpn_env.sh /etc/openvpn/ \
+&& cp /opt/openvpn-cms-flask/app/scripts/*.expect /etc/openvpn/easy-rsa/3.0/  \
+&& chmod +x /etc/openvpn/easy-rsa/3.0/*.expect \
+&& cd /etc/openvpn/easy-rsa/3.0 \
+&& ./easyrsa init-pki \
+&& ./easyrsa --batch build-ca  nopass \
+&& ./easyrsa gen-dh \
+&& ./easyrsa build-server-full openvpnserver nopass \
+&& openvpn --genkey --secret ta.key \
+&& ./easyrsa gen-crl \
+&& chmod 666 pki/crl.pem \
+&& mkdir -p  /var/log/openvpn \
+&& mkdir -p /opt/vpnuser \
+&& mkdir -p /etc/openvpn/easy-rsa/3/pki/package \
+&& cp pki/ca.crt pki/package/ \
+&& cp ta.key pki/package/ \
+&& cp /opt/openvpn-cms-flask/app/scripts/client.ovpn pki/package/ \
+&& sed -i s/\#dev\ tun/dev\ tun/g pki/package/client.ovpn \
+&& sed -i s/dev\ tap/\#dev\ tap/g pki/package/client.ovpn \
+&& sed -i s/openvpn.example.com/$VPN_SERVER/g pki/package/client.ovpn
+
+cd /opt/openvpn-cms-flask \
+&& sleep 3 \
+&& python add_super.py
+
+echo "Initialization complete"

bin/vpn_run

@@ -0,0 +1,60 @@
+#!/bin/bash
+
+# 脚本只要发生错误，就终止执行
+set -e
+
+# 参数组
+USER_ARGS=("${@}")
+ARGS=()
+
+# 参数检查重复
+function hasArg {
+    local element
+    for element in "${@:2}"; do
+        [ "${element}" == "${1}" ] && return 0
+    done
+    return 1
+}
+
+# 添加参数
+function addArg {
+    local arg="${1}"
+    [ $# -ge 1 ] && local val="${2}"
+    if ! hasArg "${arg}" "${USER_ARGS[@]}"; then
+        ARGS+=("${arg}")
+        [ $# -ge 1 ] && ARGS+=("${val}")
+    fi
+}
+
+# openvpn启动参数
+addArg "--config" "/etc/openvpn/server.conf"
+
+# tun
+mkdir -p /dev/net
+if [ ! -c /dev/net/tun ]; then
+    mknod /dev/net/tun c 10 200
+fi
+
+
+function setup_iptables {
+    iptables -t nat -A POSTROUTING -s $OVPN_SERVER -o $OVPN_NATDEVICE -j MASQUERADE 2>/dev/null
+}
+
+source "/etc/openvpn/ovpn_env.sh"
+setup_iptables
+
+if [ $# -ge 1 ] ;then
+  # shellcheck disable=SC2145
+  echo "Running 'openvpn ${ARGS[@]} ${USER_ARGS[@]}'"
+  # shellcheck disable=SC2068
+  exec openvpn ${ARGS[@]} ${USER_ARGS[@]}
+else
+  # start openvpn-cms-flask
+  sleep 5
+  python starter.py > /opt/openvpn-cms-flask/logs/openvpn-cms-flask.log   2>&1  &
+  # shellcheck disable=SC2068
+  exec openvpn ${ARGS[@]}
+fi
+
+
+

cronfile

@@ -0,0 +1 @@
+*/10 * * * *  sh  /usr/local/bin/add_arp.sh

docker-compose.yml

@@ -0,0 +1,62 @@
+services:
+  openvpn-cms-vue:
+    image: registry.cn-hangzhou.aliyuncs.com/browser/openvpn-cms-vue:v1.1.0
+    container_name: openvpn-cms-vue
+    volumes:
+      - ./service/nginx/logs:/var/log/nginx
+    ports:
+      - "8000:8000"
+    links:
+      - openvpn-cms-flask
+    restart: always
+    networks:
+      - openvpn
+    depends_on:
+      - openvpn-cms-flask
+
+  openvpn-cms-flask:
+    image: registry.cn-hangzhou.aliyuncs.com/browser/openvpn-cms-flask:v1.2.7
+    container_name: openvpn-cms-flask
+    volumes:
+      - ./service/openvpn/data:/etc/openvpn
+      - ./service/openvpn/log:/var/log/openvpn
+      - ./service/vpnuser:/opt/vpnuser
+      - ./logs:/opt/openvpn-cms-flask/logs
+    ports:
+      - "5000:5000"
+      - "11940:11940/udp"
+    links:
+      - mysql
+    restart: always
+    cap_add:
+      - NET_ADMIN
+    networks:
+      - openvpn
+    depends_on:
+      - mysql
+
+  mysql:
+    image: registry.cn-hangzhou.aliyuncs.com/browser/mysql:8.0.21
+    restart: unless-stopped
+    container_name: mysql
+    volumes:
+      - ./service/mysql/data:/var/lib/mysql
+    command:
+      --default-authentication-plugin=mysql_native_password
+      --character-set-server=utf8mb4
+      --collation-server=utf8mb4_general_ci
+      --explicit_defaults_for_timestamp=true
+      --lower_case_table_names=1
+    environment:
+      MYSQL_ROOT_PASSWORD: "openvpn"
+      MYSQL_DATABASE: "openvpn"
+      TZ: Asia/Shanghai
+    privileged: true
+    ports:
+      - "3306:3306"
+    networks:
+      - openvpn
+
+networks:
+  openvpn:
+    driver: bridge