From 2fca458bd05847e07fcca54ee4d91fc893f386f1 Mon Sep 17 00:00:00 2001 From: PassiveLemon Date: Mon, 16 Dec 2024 18:14:02 -0500 Subject: [PATCH 1/2] Image building instructions and README touch-ups --- .gitignore | 2 +- README.md | 7 ++++--- docker/README.md | 13 ++++++++++--- 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/.gitignore b/.gitignore index 6e386d5..5e9c044 100644 --- a/.gitignore +++ b/.gitignore @@ -30,7 +30,7 @@ src/certs/* src/rules/* src/README.md docker/ContainerTester.sh -docker/ImagePublisher.sh +docker/docker-compose.yaml src/mod/acme/test/stackoverflow.pem /tools/dns_challenge_update/code-gen/acmedns /tools/dns_challenge_update/code-gen/lego diff --git a/README.md b/README.md index 5d02072..b9f3140 100644 --- a/README.md +++ b/README.md @@ -137,7 +137,8 @@ If you already have an upstream reverse proxy server in place with permission ma ./zoraxy -noauth=true ``` -*Note: For security reasons, you should only enable no-auth if you are running Zoraxy in a trusted environment or with another authentication management proxy in front.* +> [!WARNING] +> For security reasons, you should only enable no-auth if you are running Zoraxy in a trusted environment or with another authentication management proxy in front.* ## Screenshots @@ -157,7 +158,7 @@ This project also compatible with [ZeroTier](https://www.zerotier.com/). However To use Zoraxy with ZeroTier, assuming you already have a valid license, install ZeroTier on your host and then run Zoraxy in sudo mode (or Run As Administrator if you are on Windows). The program will automatically grab the authtoken in the correct location on your host. -If you prefer not to run Zoraxy in sudo mode or you have some weird installation profile, you can also pass in the ZeroTier auth token using the following flags:: +If you prefer not to run Zoraxy in sudo mode or you have some weird installation profile, you can also pass in the ZeroTier auth token using the following flags: ```bash ./zoraxy -ztauth="your_zerotier_authtoken" -ztport=9993 @@ -178,7 +179,7 @@ Web SSH currently only supports Linux based OSes. The following platforms are su ### Loopback Connection -Loopback web SSH connection, by default, is disabled. This means that if you are trying to connect to an address like 127.0.0.1 or localhost, the system will reject your connection for security reasons. To enable loopback for testing or development purpose, use the following flags to override the loopback checking: +Loopback web SSH connections, by default, are disabled. This means that if you are trying to connect to an address like 127.0.0.1 or localhost, the system will reject your connection for security reasons. To enable loopback for testing or development purpose, use the following flags to override the loopback checking: ```bash ./zoraxy -sshlb=true diff --git a/docker/README.md b/docker/README.md index 583c701..96e27d2 100644 --- a/docker/README.md +++ b/docker/README.md @@ -9,7 +9,7 @@ If you are attempting to access your service from outside your network, make sure to forward ports 80 and 443 to the Zoraxy host to allow web traffic. If you know how to do this, great! If not, find the manufacturer of your router and search on how to do that. There are too many to be listed here. Read more about it from [whatismyip](https://www.whatismyip.com/port-forwarding/). -In the examples below, make sure to update `/path/to/zoraxy/config/` with your actual path. If a path is not provided, a Docker volume will be created at the location but it is recommended to store the data at a defined host location. +In the examples below, make sure to update `/path/to/zoraxy/config/`. If a path is not provided, a Docker volume will be created at the location but it is recommended to store the data at a defined host location or a named Docker volume. Once setup, access the webui at `http://:8000` to configure Zoraxy. Change the port in the URL if you changed the management port. @@ -26,7 +26,6 @@ docker run -d \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /etc/localtime:/etc/localtime \ -e FASTGEOIP="true" \ - -e ZEROTIER="true" \ zoraxydocker/zoraxy:latest ``` @@ -48,7 +47,6 @@ services: - /etc/localtime:/etc/localtime environment: FASTGEOIP: "true" - ZEROTIER: "true" ``` ### Ports @@ -93,3 +91,12 @@ Variables are the same as those in [Start Parameters](https://github.com/tobychu > [!IMPORTANT] > Contrary to the Zoraxy README, Docker usage of the port flag should NOT include the colon. Ex: `-e PORT="8000"` for Docker run and `PORT: "8000"` for Docker compose. +### Building + +To build the Docker image: + - Check out the repository/branch. + - Copy the Zoraxy `src/` directory into the `docker/` (here) directory. + - Run the build command with `docker build -t zoraxy_build .` + - You can now use the image `zoraxy_build` + - If you wish to change the image name, then modify`zoraxy_build` in the previous step and then build again. + From 0ad84b34158b1997641c5dda3d77e51b67aa0ab0 Mon Sep 17 00:00:00 2001 From: PassiveLemon Date: Thu, 26 Dec 2024 16:17:02 -0500 Subject: [PATCH 2/2] Add 2 new flags --- docker/Dockerfile | 2 ++ docker/README.md | 2 ++ docker/entrypoint.sh | 9 +++++++-- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index bb87d4f..2099358 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -44,6 +44,7 @@ ENV ZEROTIER="false" ENV AUTORENEW="86400" ENV CFGUPGRADE="true" +ENV DB="auto" ENV DOCKER="true" ENV EARLYRENEW="30" ENV FASTGEOIP="false" @@ -52,6 +53,7 @@ ENV MDNSNAME="''" ENV NOAUTH="false" ENV PORT="8000" ENV SSHLB="false" +ENV UPDATE_GEOIP="false" ENV VERSION="false" ENV WEBFM="true" ENV WEBROOT="./www" diff --git a/docker/README.md b/docker/README.md index 96e27d2..dde85ac 100644 --- a/docker/README.md +++ b/docker/README.md @@ -73,6 +73,7 @@ Variables are the same as those in [Start Parameters](https://github.com/tobychu |:-|:-|:-| | `AUTORENEW` | `86400` (Integer) | ACME auto TLS/SSL certificate renew check interval. | | `CFGUPGRADE` | `true` (Boolean) | Enable auto config upgrade if breaking change is detected. | +| `DB` | `auto` (String) | Database backend to use (leveldb, boltdb, auto) Note that fsdb will be used on unsupported platforms like RISCV (default "auto"). | | `DOCKER` | `true` (Boolean) | Run Zoraxy in docker compatibility mode. | | `EARLYRENEW` | `30` (Integer) | Number of days to early renew a soon expiring certificate. | | `FASTGEOIP` | `false` (Boolean) | Enable high speed geoip lookup, require 1GB extra memory (Not recommend for low end devices). | @@ -81,6 +82,7 @@ Variables are the same as those in [Start Parameters](https://github.com/tobychu | `NOAUTH` | `false` (Boolean) | Disable authentication for management interface. | | `PORT` | `8000` (Integer) | Management web interface listening port | | `SSHLB` | `false` (Boolean) | Allow loopback web ssh connection (DANGER). | +| `UPDATE_GEOIP` | `false` (Boolean) | Download the latest GeoIP data and exit. | | `VERSION` | `false` (Boolean) | Show version of this server. | | `WEBFM` | `true` (Boolean) | Enable web file manager for static web server root folder. | | `WEBROOT` | `./www` (String) | Static web server root folder. Only allow change in start parameters. | diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index d39db70..106acc5 100644 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -1,7 +1,10 @@ #!/usr/bin/env bash update-ca-certificates -echo "CA certificates updated" +echo "CA certificates updated." + +zoraxy -update_geoip=true +echo "Updated GeoIP data." if [ "$ZEROTIER" = "true" ]; then if [ ! -d "/opt/zoraxy/config/zerotier/" ]; then @@ -9,13 +12,14 @@ if [ "$ZEROTIER" = "true" ]; then fi ln -s /opt/zoraxy/config/zerotier/ /var/lib/zerotier-one zerotier-one -d - echo "ZeroTier daemon started" + echo "ZeroTier daemon started." fi echo "Starting Zoraxy..." exec zoraxy \ -autorenew="$AUTORENEW" \ -cfgupgrade="$CFGUPGRADE" \ + -db="$DB" \ -docker="$DOCKER" \ -earlyrenew="$EARLYRENEW" \ -fastgeoip="$FASTGEOIP" \ @@ -24,6 +28,7 @@ exec zoraxy \ -noauth="$NOAUTH" \ -port=:"$PORT" \ -sshlb="$SSHLB" \ + -update_geoip="$UPDATE_GEOIP" \ -version="$VERSION" \ -webfm="$WEBFM" \ -webroot="$WEBROOT" \