From c0c7fda89120978272c6405320ee8fceca7bbb11 Mon Sep 17 00:00:00 2001 From: PaperDragon-SH <2678885646@qq.com> Date: Wed, 30 Aug 2023 14:59:54 +0800 Subject: [PATCH 1/4] docker support --- Dockerfile | 28 ++++++++++++++++++++++++++++ README.md | 24 ++++++++++++++++++++++++ docker/entrypoint.sh | 29 +++++++++++++++++++++++++++++ 3 files changed, 81 insertions(+) create mode 100644 Dockerfile create mode 100644 docker/entrypoint.sh diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..59479b6 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,28 @@ +#################################################################################################### +## Builder +#################################################################################################### +FROM rust:latest AS builder + +WORKDIR /worker +COPY ./ . +RUN cargo build --release --target x86_64-unknown-linux-gnu + + +#################################################################################################### +## Final image +#################################################################################################### +FROM ubuntu:latest +WORKDIR /app + +ENV TUN=tun0 +ENV PROXY= +ENV DNS=virtual +ENV MODE=auto +ENV BYPASS_IP= + +RUN apt update && apt install -y iproute2 curl && apt clean all + +COPY --from=builder /worker/target/x86_64-unknown-linux-gnu/release/tun2proxy /usr/bin/tun2proxy +COPY --from=builder /worker/docker/entrypoint.sh /app + +ENTRYPOINT ["/app/entrypoint.sh"] diff --git a/README.md b/README.md index 4b245e0..0c19917 100644 --- a/README.md +++ b/README.md @@ -108,6 +108,30 @@ Currently, tun2proxy supports HTTP, SOCKS4/SOCKS4a and SOCKS5. A proxy is suppli URL format. For example, an HTTP proxy at `1.2.3.4:3128` with a username of `john.doe` and a password of `secret` is supplied as `--proxy http://john.doe:secret@1.2.3.4:3128`. This works analogously to curl's `--proxy` argument. +## Docker Support + +```bash +docker run -d \ + -e PROXY=PROXY_TYPE://PROXY_IP:PROXY_PORT \ + -v /dev/net/tun:/dev/net/tun \ + --sysctl net.ipv6.conf.all.disable_ipv6=0 \ + --sysctl net.ipv6.conf.default.disable_ipv6=0 \ + --cap-add NET_ADMIN \ + --name tun2proxy \ + image:tags +``` + +Provide a network to another worker container. (share netns). + +```bash +docker run -it \ + -d \ + --network "container:tun2proxy" \ + worker-example:tags +``` + + + ## Configuration Tips ### DNS When DNS resolution is performed by a service on your machine or through a server in your local network, DNS resolution diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh new file mode 100644 index 0000000..a923180 --- /dev/null +++ b/docker/entrypoint.sh @@ -0,0 +1,29 @@ +#!/bin/bash + + +run() { + if [ -n "$BYPASS_IP" ]; then + BYPASS_IP="--bypass-ip $BYPASS_IP" + fi + + if [ -n "$DNS" ]; then + DNS="--dns $DNS" + fi + + if [ -n "$MODE" ]; then + MODE="--setup $MODE" + fi + + if [ -n "$PROXY" ]; then + PROXY="--proxy $PROXY" + fi + + if [ -n "$TUN" ]; then + TUN="--tun $TUN" + fi + + exec tun2proxy $TUN $PROXY $DNS $MODE $BYPASS_IP +} + + +run || echo "Runing ERROR!!" From fc4d29dd2e410461e6edcf09abd58e3a2d201a5d Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Sun, 1 Oct 2023 19:19:42 +0200 Subject: [PATCH 2/4] Make Docker entrypoint executable --- docker/entrypoint.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 docker/entrypoint.sh diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh old mode 100644 new mode 100755 From d75488f1d863ab4ef604e16e323b842890a592d9 Mon Sep 17 00:00:00 2001 From: "B. Blechschmidt" Date: Sun, 1 Oct 2023 19:37:33 +0200 Subject: [PATCH 3/4] Improve Docker support description --- README.md | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 0c19917..691c7eb 100644 --- a/README.md +++ b/README.md @@ -109,6 +109,13 @@ URL format. For example, an HTTP proxy at `1.2.3.4:3128` with a username of `joh supplied as `--proxy http://john.doe:secret@1.2.3.4:3128`. This works analogously to curl's `--proxy` argument. ## Docker Support +Tun2proxy can serve as a proxy for other Docker containers. To make use of that feature, first build the image: + +```bash +docker build -t tun2proxy . +``` + +Next, start a container from the tun2proxy image: ```bash docker run -d \ @@ -118,20 +125,18 @@ docker run -d \ --sysctl net.ipv6.conf.default.disable_ipv6=0 \ --cap-add NET_ADMIN \ --name tun2proxy \ - image:tags + tun2proxy ``` -Provide a network to another worker container. (share netns). +You can then provide the running container's network to another worker container by sharing the network namespace: ```bash docker run -it \ -d \ --network "container:tun2proxy" \ - worker-example:tags + ubuntu:latest ``` - - ## Configuration Tips ### DNS When DNS resolution is performed by a service on your machine or through a server in your local network, DNS resolution From c1ea5f1af2772318addc6745106e2e0da09cfd79 Mon Sep 17 00:00:00 2001 From: ssrlive <30760636+ssrlive@users.noreply.github.com> Date: Tue, 3 Oct 2023 11:39:06 +0800 Subject: [PATCH 4/4] rename bypass_ip to bypass (#66) --- README.md | 2 +- docker/entrypoint.sh | 2 +- src/lib.rs | 6 +++--- src/main.rs | 12 ++++++------ src/tun2proxy.rs | 2 +- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 691c7eb..db598a7 100644 --- a/README.md +++ b/README.md @@ -99,7 +99,7 @@ Options: --dns-addr DNS resolver address [default: 8.8.8.8] -6, --ipv6-enabled IPv6 enabled -s, --setup Routing and system setup [possible values: auto] - --bypass-ip Public proxy IP used in routing setup which should bypassing the tunnel + -b, --bypass Public proxy IP used in routing setup which should bypassing the tunnel -v, --verbosity Verbosity level [default: info] [possible values: off, error, warn, info, debug, trace] -h, --help Print help -V, --version Print version diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index a923180..f0e9e5c 100755 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -3,7 +3,7 @@ run() { if [ -n "$BYPASS_IP" ]; then - BYPASS_IP="--bypass-ip $BYPASS_IP" + BYPASS_IP="--bypass $BYPASS_IP" fi if [ -n "$DNS" ]; then diff --git a/src/lib.rs b/src/lib.rs index 85e9768..537f0c2 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -102,7 +102,7 @@ pub struct Options { dns_over_tcp: bool, dns_addr: Option, ipv6_enabled: bool, - bypass_ip: Option, + bypass: Option, } impl Options { @@ -137,8 +137,8 @@ impl Options { self } - pub fn with_bypass_ip(mut self, ip: Option) -> Self { - self.bypass_ip = ip; + pub fn with_bypass(mut self, ip: Option) -> Self { + self.bypass = ip; self } } diff --git a/src/main.rs b/src/main.rs index dfaae3d..404c341 100644 --- a/src/main.rs +++ b/src/main.rs @@ -42,8 +42,8 @@ struct Args { setup: Option, /// Public proxy IP used in routing setup which should bypassing the tunnel - #[arg(long, value_name = "IP")] - bypass_ip: Option, + #[arg(short, long, value_name = "IP")] + bypass: Option, /// Verbosity level #[arg(short, long, value_name = "level", value_enum, default_value = "info")] @@ -116,22 +116,22 @@ fn main() -> ExitCode { } }; - let bypass_tun_ip = match args.bypass_ip { + let bypass_tun_ip = match args.bypass { Some(addr) => addr, None => args.proxy.addr.ip(), }; - options = options.with_bypass_ip(Some(bypass_tun_ip)); + options = options.with_bypass(Some(bypass_tun_ip)); let block = || -> Result<(), Error> { #[cfg(target_os = "linux")] { let mut setup: Setup; if args.setup == Some(ArgSetup::Auto) { - let bypass_tun_ip = match args.bypass_ip { + let bypass_tun_ip = match args.bypass { Some(addr) => addr, None => args.proxy.addr.ip(), }; - setup = Setup::new(&args.tun, &bypass_tun_ip, get_default_cidrs(), args.bypass_ip.is_some()); + setup = Setup::new(&args.tun, &bypass_tun_ip, get_default_cidrs(), args.bypass.is_some()); setup.configure()?; diff --git a/src/tun2proxy.rs b/src/tun2proxy.rs index f23d3dd..6ae46ba 100644 --- a/src/tun2proxy.rs +++ b/src/tun2proxy.rs @@ -1154,7 +1154,7 @@ impl<'a> TunToProxy<'a> { count += 1; } Err(err) => { - println!("Failed to send exit signal: \"{}\"", err); + log::error!("Failed to send exit signal: \"{}\"", err); break; } }