| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237 |
- #!/bin/bash
- if [ "$1" = "xxx" ]; then
- echo "请填写站名简称和编号"
- # 在这里可以添加其他需要执行的命令
- exit 1 # 结束执行
- fi
- # 项目名称
- proj=$1
- # 透传编号
- if [ "$2" -ge 100 ]; then
- port=$2
- elif [ "$2" -ge 10 ]; then
- port="0$2"
- else
- port="00$2"
- fi
- # 授权docker
- sudo usermod -aG docker zhili
- # 判断组网服务
- create_one=false
- if ! sudo docker ps -q -f name="one" | grep -q .; then
- create_one=true
- else
- read -p "One容器已经存在,是否删除? (y/n): " confirm_one
- # 判断用户的回答
- if [ "$confirm_one" == "y" ] || [ "$confirm_one" == "Y" ]; then
- sudo docker rm -f one
- create_one=true
- fi
- fi
- if $create_one; then
- DIR="/opt/zerotier-one"
- if [ -d "$DIR" ]; then
- # 如果目录存在,则删除
- sudo rm -rf "$DIR"
- fi
- sudo mkdir "$DIR"
- sudo docker run -d --restart always --name one --device /dev/net/tun --net host --cap-add NET_ADMIN --cap-add SYS_ADMIN -v /opt/zerotier-one:/var/lib/zerotier-one registry.cn-chengdu.aliyuncs.com/jaikuai/zerotier-one:1.12
- sleep 3
- sudo rm -f /opt/zerotier-one/planet && sudo wget http://git.fast-fun.cn:92/ruili-station/readme/raw/master/planet -P /opt/zerotier-one
- sudo docker restart one
- sudo docker exec one zerotier-cli join 2eb45e6989f9a0d2
- member_id=$(sudo docker exec one zerotier-cli status)
- access_token="c15b57c30df2efede131f460e84a80d8c008bb3365031a175d3efe42105ba6f9"
- dingtalk_api="https://oapi.dingtalk.com/robot/send?access_token=$access_token"
- message="告警:新的站需要组网 $member_id, 需要指定位 http://10.10.64.1:9443/ 站点编号: $proj "
- curl -H "Content-Type: application/json" -d "{\"msgtype\": \"text\", \"text\": {\"content\": \"$message\"},\"at\": {\"atMobiles\": [\"13452319860\"]}}" $dingtalk_api
- fi
- # 联网端口
- create_ha=false
- if ! sudo docker ps -q -f name="ha" | grep -q .; then
- create_ha=true
- else
- read -p "Ha容器已经存在,是否删除? (y/n): " confirm_ha
- # 判断用户的回答
- if [ "$confirm_ha" == "y" ] || [ "$confirm_ha" == "Y" ]; then
- sudo docker rm -f ha
- create_ha=true
- fi
- fi
- if $create_one; then
- sudo docker run -d -p 6667:6667 -p 20-21:20-21 -p 21100-21110:21100-21110 -p 554:554 -p 10166:10166 -p 98:98 -p 200:200 --name=ha --restart=always nas.fast-fun.cn:5000/zk/ha:0.22
- fi
- # 联网端口
- create_ptr=false
- if ! sudo docker ps -q -f name="portainer_agent" | grep -q .; then
- create_ptr=true
- else
- read -p "Ptr容器已经存在,是否删除? (y/n): " confirm_ptr
- # 判断用户的回答
- if [ "$confirm_ptr" == "y" ] || [ "$confirm_ptr" == "Y" ]; then
- sudo docker rm -f ha
- create_ptr=true
- fi
- fi
- if $create_ptr; then
- sudo docker run -d \
- -p 9001:9001 \
- --name portainer_agent \
- --restart=always \
- -v /var/run/docker.sock:/var/run/docker.sock \
- -v /var/lib/docker/volumes:/var/lib/docker/volumes \
- nas.fast-fun.cn:5000/portainer/agent:2.19.1
- fi
- # 判断内网穿透服务
- create_frpc=false
- if ! sudo docker ps -q -f name="frpc" | grep -q .; then
- create_frpc=true
- else
- read -p "frpc容器已经存在,是否删除? (y/n): " confirm_frpc
- # 判断用户的回答
- if [ "$confirm_frpc" == "y" ] || [ "$confirm_frpc" == "Y" ]; then
- sudo docker rm -f frpc
- create_frpc=true
- fi
- fi
- # 1. 视频NRV录像机穿透
- # 2. VPN穿透
- # 3. SSH穿透,仅供阿里云内网使用
- if $create_frpc; then
- if [ ! -e "frpc.ini" ]; then
- cat <<EOF > frpc.ini
- [common]
- server_addr = 120.27.243.131
- server_port = 7000
- [nvr-$proj]
- type = tcp
- local_ip = 192.168.3.200
- local_port = 554
- remote_port = 12$port
- [vpn-$proj]
- type = udp
- local_ip = 0.0.0.0
- local_port = 10$port
- remote_port = 10$port
- [ssh-$proj]
- type = tcp
- local_ip = 0.0.0.0
- local_port = 22
- remote_port = 22$port
- [ptr-$proj]
- type = tcp
- local_ip = 0.0.0.0
- local_port = 9001
- remote_port = 29$port
- [node-$proj]
- type = tcp
- local_ip = 0.0.0.0
- local_port = 9100
- remote_port = 23$port
- EOF
- fi
- cat <<EOF > Dockerfile
- FROM nas.fast-fun.cn:5000/snowdreamtech/frpc:0.50.0
- COPY frpc.ini /etc/frp/frpc.ini
- EOF
- sudo docker build -t frpc .
- rm -rf frpc.ini Dockerfile
- sudo docker run --name frpc --restart always --network host -d frpc
- fi
- # VPN搭建
- # 判断内网穿透服务
- create_vpn=false
- if ! sudo docker ps -q -f name="vpn" | grep -q .; then
- create_vpn=true
- else
- read -p "VPN容器已经存在,是否删除? (y/n): " confirm_vpn
- # 判断用户的回答
- if [ "$confirm_vpn" == "y" ] || [ "$confirm_vpn" == "Y" ]; then
- sudo docker rm -f vpn
- sudo docker volume rm openvpn
- create_vpn=true
- fi
- fi
- if $create_vpn; then
- sudo docker volume create --name openvpn
- if ! grep -q "net.ipv6.conf.default.forwarding=1" /etc/sysctl.conf; then
- sudo echo net.ipv6.conf.default.forwarding=1 >> /etc/sysctl.conf
- sudo echo net.ipv6.conf.all.forwarding=1 >> /etc/sysctl.conf
- sudo sysctl -p
- fi
- ip -o link show | awk -F': ' '{print $2}' | while read interface; do
- # 处理192.168.3网段的网卡
- mac=$(ip link show dev "$interface" | awk '/link\/ether/ {print $2}')
- ip=$(ip addr show dev "$interface" | awk '/inet (192\.168\.(3|5|6))/ {print $2}')
- if [ -n "$ip" ] && [ -n "$mac" ]; then
- subnet=$(echo "$ip" | awk -F'/' '{print $1}' | awk -F'.' '{print $1"."$2"."$3}')
- echo "网卡名称: $interface,MAC地址: $mac,IP地址: $(echo $ip | cut -d '/' -f 1), subnet: $subnet"
- sudo docker run -v openvpn:/etc/openvpn --privileged --rm nas.fast-fun.cn:5000/jaikuai/openvpn-tap:1.0.1 ovpn_genconfig -u udp://120.27.243.131:10$port \
- -t -B -D -d -b \
- --bridge-name 'br0' \
- --bridge-eth-if $interface \
- --bridge-eth-ip $(echo $ip | cut -d '/' -f 1) \
- --bridge-eth-subnet '255.255.255.0' \
- --bridge-eth-broadcast "$subnet.255" \
- --bridge-eth-mac $mac \
- --bridge-eth-gateway "$subnet.1" \
- --bridge-dhcp-start "$subnet.180" \
- --bridge-dhcp-end "$subnet.189"
- if ip route | grep "default via $subnet.1 dev br0"; then
- # 如果存在,则删除路由
- sudo ip route del default via $subnet.1 dev br0
- echo "已删除指定路由."
- else
- echo "指定路由不存在."
- fi
- sudo sed -i "s/192.168.255.0/$subnet.0/g" /var/lib/docker/volumes/openvpn/_data/openvpn.conf
- fi
- done
- # 密码: qx123456
- sudo docker run -v openvpn:/etc/openvpn --rm -it nas.fast-fun.cn:5000/jaikuai/openvpn-tap:1.0.1 ovpn_initpki
- sudo docker run -v openvpn:/etc/openvpn --privileged --network host --cap-add=NET_ADMIN --restart=always --name vpn -d nas.fast-fun.cn:5000/jaikuai/openvpn-tap:1.0.1
- # 单网卡补充默认路由
- # sudo ip route add default via 192.168.0.1
- cat <<EOF > vpn-user.sh
- #!/bin/sh
- user=\$1
- array=(\${user//,/ })
- for item in \${array[@]}
- do
- sudo docker run -v openvpn:/etc/openvpn --rm -it nas.fast-fun.cn:5000/jaikuai/openvpn-tap:1.0.1 easyrsa build-client-full \$item-$proj nopass
- sudo docker run -v openvpn:/etc/openvpn --log-driver=none --rm nas.fast-fun.cn:5000/jaikuai/openvpn-tap:1.0.1 ovpn_getclient \$item-$proj > \$item-$proj.ovpn
- done
- EOF
- sudo chmod a+x vpn-user.sh
- echo "# 执行 ./vpn-user.sh 即可生成客户端配置文件."
- echo "# bash vpn-user.sh hzw,jxt"
- fi
- sudo docker exec one zerotier-cli status
- # 读取路由器信息的定时任务
- curl https://sh.it5000.com/arp | bash
- sudo systemctl restart cron
|
