1 سال پیش · 2b0d64673b
--- a/init-per.sh
+++ b/init-per.sh
@@ -0,0 +1,143 @@
 
				+#!/bin/bash
			
 
				+# 项目名称
			
 
				+proj=$1
			
 
				+# 透传编号
			
 
				+port=$2
			
 
				+# 判断内网穿透服务
			
 
				+create_frpc=false
			
 
				+if ! sudo docker ps -q -f name="frpc" | grep -q .; then
			
 
				+    create_frpc=true
			
 
				+else
			
 
				+    read -p "frpc容器已经存在,是否删除？ (y/n): " confirm_frpc
			
 
				+    # 判断用户的回答
			
 
				+    if [ "$confirm_frpc" == "y" ] || [ "$confirm_frpc" == "Y" ]; then
			
 
				+        sudo docker rm -f frpc
			
 
				+        create_frpc=true
			
 
				+    fi
			
 
				+fi
			
 
				+# 1. 视频NRV录像机穿透
			
 
				+# 2. VPN穿透
			
 
				+# 3. SSH穿透,仅供阿里云内网使用
			
 
				+if $create_frpc; then
			
 
				+if [ ! -e "frpc.ini" ]; then
			
 
				+cat <<EOF > frpc.ini
			
 
				+[common]
			
 
				+server_addr = 120.27.243.131
			
 
				+server_port = 7000
			
 
				+
			
 
				+[nvr-$proj]
			
 
				+type = tcp
			
 
				+local_ip = 192.168.3.200
			
 
				+local_port = 554 
			
 
				+remote_port = 1190$port
			
 
				+
			
 
				+[vpn-$proj]
			
 
				+type = udp
			
 
				+local_ip = 0.0.0.0
			
 
				+local_port = 1010$port
			
 
				+remote_port = 1010$port
			
 
				+
			
 
				+[ssh-$proj]
			
 
				+type = tcp
			
 
				+local_ip = 0.0.0.0
			
 
				+local_port = 22
			
 
				+remote_port = 2200$port
			
 
				+
			
 
				+[ptr-$proj]
			
 
				+type = tcp
			
 
				+local_ip = 0.0.0.0
			
 
				+local_port = 9001
			
 
				+remote_port = 2900$port
			
 
				+
			
 
				+[node-$proj]
			
 
				+type = tcp
			
 
				+local_ip = 0.0.0.0
			
 
				+local_port = 9100
			
 
				+remote_port = 2300$port
			
 
				+EOF
			
 
				+fi
			
 
				+cat <<EOF > Dockerfile
			
 
				+FROM snowdreamtech/frpc:0.50.0
			
 
				+COPY frpc.ini /etc/frp/frpc.ini
			
 
				+EOF
			
 
				+sudo docker build -t frpc .
			
 
				+rm -rf frpc.ini Dockerfile
			
 
				+sudo docker run --name frpc --restart always --network host -d frpc
			
 
				+fi
			
 
				+
			
 
				+# VPN搭建
			
 
				+# 判断内网穿透服务
			
 
				+create_vpn=false
			
 
				+if ! sudo docker ps -q -f name="vpn" | grep -q .; then
			
 
				+    create_vpn=true
			
 
				+else
			
 
				+    read -p "VPN容器已经存在,是否删除？ (y/n): " confirm_vpn
			
 
				+    # 判断用户的回答
			
 
				+    if [ "$confirm_vpn" == "y" ] || [ "$confirm_vpn" == "Y" ]; then
			
 
				+        sudo docker rm -f vpn
			
 
				+        sudo docker volume rm openvpn
			
 
				+        create_vpn=true
			
 
				+    fi
			
 
				+fi
			
 
				+if $create_vpn; then
			
 
				+sudo docker volume create --name openvpn
			
 
				+
			
 
				+if ! grep -q "net.ipv6.conf.default.forwarding=1" /etc/sysctl.conf; then
			
 
				+  sudo echo net.ipv6.conf.default.forwarding=1 >> /etc/sysctl.conf
			
 
				+  sudo echo net.ipv6.conf.all.forwarding=1 >> /etc/sysctl.conf
			
 
				+  sudo sysctl -p
			
 
				+fi
			
 
				+
			
 
				+ip -o link show | awk -F': ' '{print $2}' | while read interface; do
			
 
				+    # 处理192.168.3网段的网卡
			
 
				+    mac=$(ip link show dev "$interface" | awk '/link\/ether/ {print $2}')
			
 
				+    ip=$(ip addr show dev "$interface" | awk '/inet 192.168.3/ {print $2}')
			
 
				+    if [ -n "$ip" ] && [ -n "$mac" ]; then
			
 
				+        subnet=$(echo "$ip" | awk -F'/' '{print $1}' | awk -F'.' '{print $1"."$2"."$3}')
			
 
				+        echo "网卡名称: $interface，MAC地址: $mac，IP地址: $(echo $ip | cut -d '/' -f 1), subnet: $subnet"
			
 
				+        sudo docker run -v openvpn:/etc/openvpn --privileged --rm jaikuai/openvpn-tap ovpn_genconfig -u udp://120.27.243.131:1010$port \
			
 
				+        -t -B -D -d -b \
			
 
				+        --bridge-name 'br0' \
			
 
				+        --bridge-eth-if $interface \
			
 
				+        --bridge-eth-ip $(echo $ip | cut -d '/' -f 1) \
			
 
				+        --bridge-eth-subnet '255.255.255.0' \
			
 
				+        --bridge-eth-broadcast "$subnet.255" \
			
 
				+        --bridge-eth-mac $mac \
			
 
				+        --bridge-eth-gateway "$subnet.1" \
			
 
				+        --bridge-dhcp-start "$subnet.180" \
			
 
				+        --bridge-dhcp-end "$subnet.189"
			
 
				+        if ip route | grep "default via $subnet.1 dev br0"; then
			
 
				+            # 如果存在，则删除路由
			
 
				+            sudo ip route del default via $subnet.1 dev br0
			
 
				+            echo "已删除指定路由."
			
 
				+        else
			
 
				+            echo "指定路由不存在."
			
 
				+        fi
			
 
				+        sudo sed -i "s/192.168.255.0/$subnet.0/g" /var/lib/docker/volumes/openvpn/_data/openvpn.conf
			
 
				+    fi
			
 
				+done
			
 
				+
			
 
				+# 密码: qx123456
			
 
				+sudo docker run -v openvpn:/etc/openvpn --rm -it jaikuai/openvpn-tap ovpn_initpki
			
 
				+sudo docker run -v openvpn:/etc/openvpn --privileged --network host --cap-add=NET_ADMIN --restart=always --name vpn -d jaikuai/openvpn-tap
			
 
				+
			
 
				+# 单网卡补充默认路由 
			
 
				+# sudo ip route add default via 192.168.0.1
			
 
				+
			
 
				+cat <<EOF > vpn-user.sh
			
 
				+#!/bin/sh
			
 
				+
			
 
				+user=\$1
			
 
				+array=(\${user//,/ })
			
 
				+for item in \${array[@]}
			
 
				+do
			
 
				+    sudo docker run -v openvpn:/etc/openvpn --rm -it jaikuai/openvpn-tap easyrsa build-client-full \$item-$proj nopass
			
 
				+    sudo docker run -v openvpn:/etc/openvpn --log-driver=none --rm jaikuai/openvpn-tap ovpn_getclient \$item-$proj > \$item-$proj.ovpn
			
 
				+done
			
 
				+
			
 
				+EOF
			
 
				+
			
 
				+sudo chmod a+x vpn-user.sh
			
 
				+echo "# 执行 ./vpn-user.sh 即可生成客户端配置文件."
			
 
				+echo "# bash vpn-user.sh hzw,jxt"
			
 
				+fi
			
--- a/init.md
+++ b/init.md
@@ -0,0 +1,9 @@
 
				+### 1. docker配置
			
 
				+```
			
 
				+{
			
 
				+        "registry-mirrors":["https://auuzc4t8.mirror.aliyuncs.com"],
			
 
				+        "insecure-registries":["0.0.0.0/0"],
			
 
				+        "log-driver":"json-file",
			
 
				+        "log-opts": {"max-size":"1024m", "max-file":"3"}
			
 
				+}
			
 
				+```