#!/bin/bash if [ "$1" = "xxx" ]; then echo "请填写站名简称和编号" # 在这里可以添加其他需要执行的命令 exit 1 # 结束执行 fi # 项目名称 proj=$1 # 透传编号 if [ "$2" -ge 10 ]; then port=$2 else port="0$2" fi # 授权docker sudo usermod -aG docker zhili # 判断组网服务 create_one=false if ! sudo docker ps -q -f name="one" | grep -q .; then create_one=true else read -p "One容器已经存在,是否删除? (y/n): " confirm_one # 判断用户的回答 if [ "$confirm_one" == "y" ] || [ "$confirm_one" == "Y" ]; then sudo docker rm -f one create_one=true fi fi if $create_one; then DIR="/opt/zerotier-one" if [ -d "$DIR" ]; then # 如果目录存在,则删除 sudo rm -rf "$DIR" fi sudo mkdir "$DIR" sudo docker run -d --restart always --name one --device /dev/net/tun --net host --cap-add NET_ADMIN --cap-add SYS_ADMIN -v /opt/zerotier-one:/var/lib/zerotier-one registry.cn-chengdu.aliyuncs.com/jaikuai/zerotier-one:1.12 sleep 3 sudo rm -f /opt/zerotier-one/planet && sudo wget http://git.fast-fun.cn:92/ruili-station/readme/raw/master/planet -P /opt/zerotier-one sudo docker restart one sudo docker exec one zerotier-cli join 2eb45e6989f9a0d2 member_id=$(sudo docker exec one zerotier-cli status) access_token="c15b57c30df2efede131f460e84a80d8c008bb3365031a175d3efe42105ba6f9" dingtalk_api="https://oapi.dingtalk.com/robot/send?access_token=$access_token" message="告警:新的站需要组网 $member_id, 需要指定位 http://10.10.64.1:9443/ 站点编号: $proj " curl -H "Content-Type: application/json" -d "{\"msgtype\": \"text\", \"text\": {\"content\": \"$message\"},\"at\": {\"atMobiles\": [\"13452319860\"]}}" $dingtalk_api fi # 联网端口 create_ha=false if ! sudo docker ps -q -f name="ha" | grep -q .; then create_ha=true else read -p "Ha容器已经存在,是否删除? (y/n): " confirm_ha # 判断用户的回答 if [ "$confirm_ha" == "y" ] || [ "$confirm_ha" == "Y" ]; then sudo docker rm -f ha create_ha=true fi fi if $create_one; then sudo docker run -d -p 6667:6667 -p 20-21:20-21 -p 21100-21110:21100-21110 -p 554:554 -p 10166:10166 -p 98:98 -p 200:200 --name=ha --restart=always nas.fast-fun.cn:5000/zk/ha:0.21 fi # 联网端口 create_ptr=false if ! sudo docker ps -q -f name="portainer_agent" | grep -q .; then create_ptr=true else read -p "Ptr容器已经存在,是否删除? (y/n): " confirm_ptr # 判断用户的回答 if [ "$confirm_ptr" == "y" ] || [ "$confirm_ptr" == "Y" ]; then sudo docker rm -f ha create_ptr=true fi fi if $create_ptr; then sudo docker run -d \ -p 9001:9001 \ --name portainer_agent \ --restart=always \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /var/lib/docker/volumes:/var/lib/docker/volumes \ portainer/agent:2.19.1 fi # 判断内网穿透服务 create_frpc=false if ! sudo docker ps -q -f name="frpc" | grep -q .; then create_frpc=true else read -p "frpc容器已经存在,是否删除? (y/n): " confirm_frpc # 判断用户的回答 if [ "$confirm_frpc" == "y" ] || [ "$confirm_frpc" == "Y" ]; then sudo docker rm -f frpc create_frpc=true fi fi # 1. 视频NRV录像机穿透 # 2. VPN穿透 # 3. SSH穿透,仅供阿里云内网使用 if $create_frpc; then if [ ! -e "frpc.ini" ]; then cat < frpc.ini [common] server_addr = 120.27.243.131 server_port = 7000 [nvr-$proj] type = tcp local_ip = 192.168.3.200 local_port = 554 remote_port = 119$port [vpn-$proj] type = udp local_ip = 0.0.0.0 local_port = 101$port remote_port = 101$port [ssh-$proj] type = tcp local_ip = 0.0.0.0 local_port = 22 remote_port = 220$port [ptr-$proj] type = tcp local_ip = 0.0.0.0 local_port = 9001 remote_port = 290$port [node-$proj] type = tcp local_ip = 0.0.0.0 local_port = 9100 remote_port = 230$port EOF fi cat < Dockerfile FROM snowdreamtech/frpc:0.50.0 COPY frpc.ini /etc/frp/frpc.ini EOF sudo docker build -t frpc . rm -rf frpc.ini Dockerfile sudo docker run --name frpc --restart always --network host -d frpc fi # VPN搭建 # 判断内网穿透服务 create_vpn=false if ! sudo docker ps -q -f name="vpn" | grep -q .; then create_vpn=true else read -p "VPN容器已经存在,是否删除? (y/n): " confirm_vpn # 判断用户的回答 if [ "$confirm_vpn" == "y" ] || [ "$confirm_vpn" == "Y" ]; then sudo docker rm -f vpn sudo docker volume rm openvpn create_vpn=true fi fi if $create_vpn; then sudo docker volume create --name openvpn if ! grep -q "net.ipv6.conf.default.forwarding=1" /etc/sysctl.conf; then sudo echo net.ipv6.conf.default.forwarding=1 >> /etc/sysctl.conf sudo echo net.ipv6.conf.all.forwarding=1 >> /etc/sysctl.conf sudo sysctl -p fi ip -o link show | awk -F': ' '{print $2}' | while read interface; do # 处理192.168.3网段的网卡 mac=$(ip link show dev "$interface" | awk '/link\/ether/ {print $2}') ip=$(ip addr show dev "$interface" | awk '/inet (192\.168\.(3|6))/ {print $2}') if [ -n "$ip" ] && [ -n "$mac" ]; then subnet=$(echo "$ip" | awk -F'/' '{print $1}' | awk -F'.' '{print $1"."$2"."$3}') echo "网卡名称: $interface,MAC地址: $mac,IP地址: $(echo $ip | cut -d '/' -f 1), subnet: $subnet" sudo docker run -v openvpn:/etc/openvpn --privileged --rm jaikuai/openvpn-tap:1.0.1 ovpn_genconfig -u udp://120.27.243.131:101$port \ -t -B -D -d -b \ --bridge-name 'br0' \ --bridge-eth-if $interface \ --bridge-eth-ip $(echo $ip | cut -d '/' -f 1) \ --bridge-eth-subnet '255.255.255.0' \ --bridge-eth-broadcast "$subnet.255" \ --bridge-eth-mac $mac \ --bridge-eth-gateway "$subnet.1" \ --bridge-dhcp-start "$subnet.180" \ --bridge-dhcp-end "$subnet.189" if ip route | grep "default via $subnet.1 dev br0"; then # 如果存在,则删除路由 sudo ip route del default via $subnet.1 dev br0 echo "已删除指定路由." else echo "指定路由不存在." fi sudo sed -i "s/192.168.255.0/$subnet.0/g" /var/lib/docker/volumes/openvpn/_data/openvpn.conf fi done # 密码: qx123456 sudo docker run -v openvpn:/etc/openvpn --rm -it jaikuai/openvpn-tap:1.0.1 ovpn_initpki sudo docker run -v openvpn:/etc/openvpn --privileged --network host --cap-add=NET_ADMIN --restart=always --name vpn -d jaikuai/openvpn-tap:1.0.1 # 单网卡补充默认路由 # sudo ip route add default via 192.168.0.1 cat < vpn-user.sh #!/bin/sh user=\$1 array=(\${user//,/ }) for item in \${array[@]} do sudo docker run -v openvpn:/etc/openvpn --rm -it jaikuai/openvpn-tap:1.0.1 easyrsa build-client-full \$item-$proj nopass sudo docker run -v openvpn:/etc/openvpn --log-driver=none --rm jaikuai/openvpn-tap:1.0.1 ovpn_getclient \$item-$proj > \$item-$proj.ovpn done EOF sudo chmod a+x vpn-user.sh echo "# 执行 ./vpn-user.sh 即可生成客户端配置文件." echo "# bash vpn-user.sh hzw,jxt" fi sudo docker exec one zerotier-cli status