Rank: 1

1^# 跳轉到 » 正序看帖

字體大小: tT

發表於 2020-1-23 14:58 | 只看該作者

Phicomm T1 armbian(haproxy+ocserv+v2ray)

本帖最後由 yiucsw 於 2020-2-25 20:56 編輯

改 T1 運行multiple apps, 相信S912 比較好。（可以選不要買T1，太少人用）
1) build 本地 image - 減少image空間: alpine base, remove bash.
2）docker-compose 代替 docker run...
- system - portainer, jellyfin (plex, emby 不支持）
- base - haproxy, lighttpd, v2ray, ocserv
3) config file 放到 etc directory, image 內沒有config file. run time 才加進去。

yiucsw

新手上路

Rank: 1

12^#

發表於 2020-2-26 03:02 | 只看該作者

在 armbian BBR 加速

echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf

TOP

yiucsw

新手上路

Rank: 1

11^#

發表於 2020-2-26 02:35 | 只看該作者

本帖最後由 yiucsw 於 2020-2-26 02:45 編輯

docker-compose.xml

version: '2'
services:
  ocserv:
image: yourname/ocserv
container_name: ocserv
volumes:
   - /root/docker-ocserv/etc:/etc/ocserv
   - /root/docker-ocserv/ssl:/etc/ocserv/ssl:ro
ports:
   - 4443:4443
expose:
   - 4443
devices:
   - /dev/net/tun:/dev/net/tun
cap_add:
   - NET_ADMIN
restart: always

  v2ray:
image: yourname/v2ray
container_name: v2ray
volumes:
   - /root/docker-v2ray/etc:/etc/v2ray:rw
ports:
   - 8443:8443
expose:
   - 8443
restart: always

  lighttpd:
image: yourname/lighttpd
depends_on:
   - v2ray
container_name: lighttpd
volumes:
   - /root/docker-lighttpd/etc:/etc/lighttpd:ro
   - /root/docker-lighttpd/ssl:/ssl:ro
   - /root/docker-lighttpd/htdocs:/var/www/localhost/htdocs
ports:
   - 2443:2443
   - 80:80
expose:
   - 2443
   - 80
restart: always

  haproxy:
image: yourname/haproxy
depends_on:
   - lighttpd
container_name: haproxy
volumes:
   - /root/docker-haproxy/etc/haproxy.cfg:/etc/haproxy/haproxy.cfg:ro
ports:
   - 443:443
expose:
   - 443
restart: always

TOP

yiucsw

新手上路

Rank: 1

10^#

發表於 2020-2-26 02:31 | 只看該作者

chmod +x for all entrypoint.sh
docker build . -t yourname/yourservice

TOP

yiucsw

新手上路

Rank: 1

9^#

發表於 2020-2-26 02:10 | 只看該作者

本帖最後由 yiucsw 於 2020-2-26 03:24 編輯

Dockerfile for haproxy

FROM haproxy:alpine

RUN set -exo pipefail \
&& apk add --no-cache \
rsyslog curl bash \
&& mkdir -p /etc/rsyslog.d \
&& touch /var/log/haproxy.log \
&& ln -sf /dev/stdout /var/log/haproxy.log

# Include our custom entrypoint that will the the job of lifting
# rsyslog alongside haproxy.
COPY ./etc/docker-entrypoint.sh /
COPY ./etc/rsyslog.conf /etc/rsyslog.d/

# Set our custom entrypoint as the image's default entrypoint
ENTRYPOINT ["/docker-entrypoint.sh"]

CMD ["-f", "/etc/haproxy/haproxy.cfg"]

haproxy.conf anyconnect client 是没有SNI

global
      maxconn 2000
      log 127.0.0.1 local0 warning

defaults
      log global
      mode tcp
      option tcplog
option dontlognull
      retries 3

frontend www-https
bind :::443
tcp-request inspect-delay 5s
tcp-request content capture req.ssl_sni len 20
acl tls req.ssl_hello_type 1
use_backend server-web if tls { req.ssl_sni -i yourserver.dynu.net }
default_backend server-vpn

backend server-vpn
mode tcp
option ssl-hello-chk
server ocserv ocserv:4443 send-proxy-v2

backend server-web
      server server-web lighttpd:2443 check

TOP

yiucsw

新手上路

Rank: 1

8^#

發表於 2020-2-26 02:06 | 只看該作者

Dockerfile for ocserv

FROM ubuntu:latest
RUN apt-get update && apt-get -y install unzip gnutls-bin bash iptables curl oc$
echo "Asia/Shanghai" > /etc/timezone

WORKDIR /etc/ocserv

COPY etc/entrypoint.sh /entrypoint.sh

ENTRYPOINT ["/entrypoint.sh"]
VOLUME /etc/ocserv/
CMD ["ocserv","-d 10", "-c", "/etc/ocserv/ocserv.conf", "-f"]

TOP

yiucsw

新手上路

Rank: 1

7^#

發表於 2020-2-26 01:43 | 只看該作者

Dockefile for lighttpd

FROM alpine

# Install packages
RUN apk add --update --no-cache \
lighttpd \
lighttpd-mod_webdav \
openssl \
bash \
curl && \
rm -rf /var/cache/apk/*

COPY htdocs/index.html /var/www/localhost/htdocs/

HEALTHCHECK --interval=3m --timeout=5s \
CMD curl -f http://localhost/ || exit 1

ENTRYPOINT ["lighttpd", "-D", "-f","/etc/lighttpd/lighttpd.conf"]

docker build . -tag yourname/lighttpd

複製代碼

TOP

yiucsw

新手上路

Rank: 1

6^#

發表於 2020-2-26 01:33 | 只看該作者

本帖最後由 yiucsw 於 2020-2-26 02:08 編輯

Dockerfile for v2ray

FROM ubuntu:latest as builder
RUN apt-get update
RUN apt-get install curl -y
RUN curl -L -o /tmp/go.sh https://install.direct/go.sh
RUN chmod +x /tmp/go.sh
RUN /tmp/go.sh

FROM alpine:latest

COPY --from=builder /usr/bin/v2ray/v2ray /usr/bin/v2ray/
COPY --from=builder /usr/bin/v2ray/v2ctl /usr/bin/v2ray/
COPY --from=builder /usr/bin/v2ray/geoip.dat /usr/bin/v2ray/
COPY --from=builder /usr/bin/v2ray/geosite.dat /usr/bin/v2ray/

RUN set -ex && \
apk --no-cache add ca-certificates bash curl && \
mkdir /var/log/v2ray/ &&\
chmod +x /usr/bin/v2ray/v2ctl && \
chmod +x /usr/bin/v2ray/v2ray

ENV PATH /usr/bin/v2rayPATH

CMD ["v2ray", "-config=/etc/v2ray/v2ray.json"]

TOP

yiucsw

新手上路

Rank: 1

5^#

發表於 2020-2-26 00:58 | 只看該作者

本帖最後由 yiucsw 於 2020-2-26 01:05 編輯

docker-system.yml file compose file for portainer and jellyfin

docker-compose -f docker-system.yml -p n1system up -d

複製代碼

Docker-system.yml

version: '2'
services:
  jellyfin:
image: linuxserver/jellyfin
container_name: jellyfin
environment:
   - PUID=1000
   - PGID=1000
   - TZ=Asia/HongKong
volumes:
   - /media/usb0/your_movie_dir:/data/movies
   - /root/docker-jellyfin/etc:/config
ports:
   - 8096:8096
expose:
   - 8096
restart: unless-stopped

  portainer:
image: portainer/portainer
container_name: portainer
command: -H unix:///var/run/docker.sock
restart: always
ports:
   - 9000:9000
   - 8000:8000
volumes:
   - /var/run/docker.sock:/var/run/docker.sock
   - portainer_data:/data

volumes:
  portainer_data:

to shutdown or restart

docker-compose -f docker-system.yml -p n1system down

複製代碼

http://T1_ip_address:8096 for jellyfin
http://T1_ip_address:8000 for portainer

TOP

yiucsw

新手上路

Rank: 1

4^#

發表於 2020-2-25 23:58 | 只看該作者

本帖最後由 yiucsw 於 2020-2-26 02:38 編輯

SSL certification generated from acme DNS for dynu
generate API key

https://www.dynu.com/en-US/ControlPanel/APICredentials

in OAuth2 : copy clientid & secret

# install acme.sh
curl https://get.acme.sh | sh
#close ssh session and reopen it for acme.sh function
export Dynu_ClientId="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
export Dynu_Secret="yyyyyyyyyyyyyyyyyyyyyyyyy"
acme.sh --issue --dns dns_dynu -d your.tls-server.net
retrieve the certificate for lighttpd (which need combine two file)
acme.sh --install-cert -d your.tls-server.net \
--key-file /root/ssl/server.key \
--cert-file /root/ssl/server.crt \
--fullchain-file /root/ssl/fullchain.crt \
--reloadcmd "cat /root/ssl/server.crt /root/ssl/server.key > /root/ssl/server.pem;"

複製代碼

TOP

yiucsw

新手上路

Rank: 1

3^#

發表於 2020-1-23 20:59 | 只看該作者

本帖最後由 yiucsw 於 2020-2-25 20:19 編輯

docker compose

sudo apt-get install python-dev python-pip libffi-dev libevent-dev
pip install --upgrade setuptools
python -m pip install --upgrade pip
python -m pip install docker-compose

複製代碼

* 不能用python3
SFTP is directly supported with sshd. 不用安裝vsftpd

TOP

yiucsw

新手上路

Rank: 1

2^#

發表於 2020-1-23 20:50 | 只看該作者

本帖最後由 yiucsw 於 2020-2-25 20:57 編輯

下載 armbian
不能用eoan version(不支持), bulleye(不能安裝3party)

https://yadi.sk/d/srrtn6kpnsKz2/Linux/ARMBIAN/20.02/20200205
Armbian_20.02.0-rc1.037_Aml-s9xxx_bionic_current_5.5.0-rc6_20200205.img

不能用eoan version(不支持). 拷貝到USB

diskutil unmountDisk /dev/disk2
sudo dd if=./Armbian_20.02.0-rc1.037_Aml-s9xxx_bionic_current_5.5.0-rc6_20200205.img of=/dev/rdisk2 bs=1m
sudo mkdir /Volumes/BOOT
sudo mount -w -t msdos /dev/disk2s1 /Volumes/BOOT
cd /Volumes/BOOT
sed -i -e 's/meson-g12b-odroid-n2.dtb/meson-gxm-q201.dtb/' /Volumes/BOOT/uEnv.txt

複製代碼

在應用選選reboot 到外置。

login Root enter "1234" 2次, 改新密碼。
在屏幕上找T1 IP 地址。
[quote]ssh root@T1 ip address.
armbian-config

Network
-Disable IPV6
-Install Bluetooth (for Bluetooth keyboard/mouse)
-Advance to modify to static ip address.
-Softy
- 3rd party - Docker

改 eth0 到 Static ip
sudo nano /etc/network/interfaces
i

TOP

返回列表

Phicomm T1 armbian(haproxy+ocserv+v2ray)

[收藏此主題] [關注此主題的新回復]

[通過 QQ、MSN 分享給朋友]