Phicomm T1 armbian(haproxy+ocserv+v2ray)
[i=s] 本帖最後由 yiucsw 於 2020-2-25 20:56 編輯 [/i][size=1]改 T1 運行multiple apps, 相信S912 比較好。(可以選不要買T1,太少人用)
1) build 本地 image - 減少image空間: alpine base, remove bash.
2)docker-compose 代替 docker run...
- system - portainer, jellyfin (plex, emby 不支持)
- base - haproxy, lighttpd, v2ray, ocserv
3) config file 放到 etc directory, image 內沒有config file. run time 才加進去。[/size] [i=s] 本帖最後由 yiucsw 於 2020-2-25 20:57 編輯 [/i]
[size=1]
下載 armbian
不能用eoan version(不支持), bulleye(不能安裝3party)
[quote]https://yadi.sk/d/srrtn6kpnsKz2/Linux/ARMBIAN/20.02/20200205
Armbian_20.02.0-rc1.037_Aml-s9xxx_bionic_current_5.5.0-rc6_20200205.img[/quote][/size]
[size=1]不能用eoan version(不支持). 拷貝到USB[code]diskutil unmountDisk /dev/disk2
sudo dd if=./Armbian_20.02.0-rc1.037_Aml-s9xxx_bionic_current_5.5.0-rc6_20200205.img of=/dev/rdisk2 bs=1m
sudo mkdir /Volumes/BOOT
sudo mount -w -t msdos /dev/disk2s1 /Volumes/BOOT
cd /Volumes/BOOT
sed -i -e 's/meson-g12b-odroid-n2.dtb/meson-gxm-q201.dtb/' /Volumes/BOOT/uEnv.txt[/code]在應用選選reboot 到 外置。
[size=1][quote]login Root enter "1234" 2次, 改新密碼。
在屏幕上找T1 IP 地址。
[size=1][quote]ssh root@T1 ip address.
armbian-config[/quote][/size]
[size=1][quote]
Network
-Disable IPV6
-Install Bluetooth (for Bluetooth keyboard/mouse)
-Advance to modify to static ip address.
-Softy
- 3rd party - Docker[/quote][/size]
改 eth0 到 Static ip
sudo nano /etc/network/interfaces
i [i=s] 本帖最後由 yiucsw 於 2020-2-25 20:19 編輯 [/i]
[size=1]docker compose[code]sudo apt-get install python-dev python-pip libffi-dev libevent-dev
pip install --upgrade setuptools
python -m pip install --upgrade pip
python -m pip install docker-compose[/code][/size]
* 不能用python3
SFTP is directly supported with sshd. 不用安裝vsftpd [i=s] 本帖最後由 yiucsw 於 2020-2-26 02:38 編輯 [/i]
[size=1]SSL certification generated from acme DNS for dynu
generate API key
[quote][url]https://www.dynu.com/en-US/ControlPanel/APICredentials[/url][/quote]
in OAuth2 : copy clientid & secret[code]
# install acme.sh
curl https://get.acme.sh | sh
#close ssh session and reopen it for acme.sh function
export Dynu_ClientId="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
export Dynu_Secret="yyyyyyyyyyyyyyyyyyyyyyyyy"
acme.sh --issue --dns dns_dynu -d your.tls-server.net
retrieve the certificate for lighttpd (which need combine two file)
acme.sh --install-cert -d your.tls-server.net \
--key-file /root/ssl/server.key \
--cert-file /root/ssl/server.crt \
--fullchain-file /root/ssl/fullchain.crt \
--reloadcmd "cat /root/ssl/server.crt /root/ssl/server.key > /root/ssl/server.pem;"
[/code][/size] [i=s] 本帖最後由 yiucsw 於 2020-2-26 01:05 編輯 [/i]
[size=1]docker-system.yml file compose file for portainer and jellyfin[code]docker-compose -f docker-system.yml -p n1system up -d[/code]Docker-system.yml
[quote]version: '2'
services:
jellyfin:
image: linuxserver/jellyfin
container_name: jellyfin
environment:
- PUID=1000
- PGID=1000
- TZ=Asia/HongKong
volumes:
- /media/usb0/your_movie_dir:/data/movies
- /root/docker-jellyfin/etc:/config
ports:
- 8096:8096
expose:
- 8096
restart: unless-stopped
portainer:
image: portainer/portainer
container_name: portainer
command: -H unix:///var/run/docker.sock
restart: always
ports:
- 9000:9000
- 8000:8000
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- portainer_data:/data
volumes:
portainer_data:[/quote]
to shutdown or restart[code]docker-compose -f docker-system.yml -p n1system down[/code][/size]
http://T1_ip_address:8096 for jellyfin
http://T1_ip_address:8000 for portainer [i=s] 本帖最後由 yiucsw 於 2020-2-26 02:08 編輯 [/i]
Dockerfile for v2ray
[size=1]
[quote]FROM ubuntu:latest as builder
RUN apt-get update
RUN apt-get install curl -y
RUN curl -L -o /tmp/go.sh [url]https://install.direct/go.sh[/url]
RUN chmod +x /tmp/go.sh
RUN /tmp/go.sh
FROM alpine:latest
COPY --from=builder /usr/bin/v2ray/v2ray /usr/bin/v2ray/
COPY --from=builder /usr/bin/v2ray/v2ctl /usr/bin/v2ray/
COPY --from=builder /usr/bin/v2ray/geoip.dat /usr/bin/v2ray/
COPY --from=builder /usr/bin/v2ray/geosite.dat /usr/bin/v2ray/
RUN set -ex && \
apk --no-cache add ca-certificates bash curl && \
mkdir /var/log/v2ray/ &&\
chmod +x /usr/bin/v2ray/v2ctl && \
chmod +x /usr/bin/v2ray/v2ray
ENV PATH /usr/bin/v2ray:$PATH
CMD ["v2ray", "-config=/etc/v2ray/v2ray.json"][/quote][/size] Dockefile for lighttpd
[size=1][quote]FROM alpine
# Install packages
RUN apk add --update --no-cache \
lighttpd \
lighttpd-mod_webdav \
openssl \
bash \
curl && \
rm -rf /var/cache/apk/*
COPY htdocs/index.html /var/www/localhost/htdocs/
HEALTHCHECK --interval=3m --timeout=5s \
CMD curl -f http://localhost/ || exit 1
ENTRYPOINT ["lighttpd", "-D", "-f","/etc/lighttpd/lighttpd.conf"][/quote][code]docker build . -tag yourname/lighttpd[/code][/size] Dockerfile for ocserv
[size=1][quote]FROM ubuntu:latest
RUN apt-get update && apt-get -y install unzip gnutls-bin bash iptables curl oc$
echo "Asia/Shanghai" > /etc/timezone
WORKDIR /etc/ocserv
COPY etc/entrypoint.sh /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]
VOLUME /etc/ocserv/
CMD ["ocserv","-d 10", "-c", "/etc/ocserv/ocserv.conf", "-f"][/quote][/size] [i=s] 本帖最後由 yiucsw 於 2020-2-26 03:24 編輯 [/i]
Dockerfile for haproxy
[size=1][quote]FROM haproxy:alpine
RUN set -exo pipefail \
&& apk add --no-cache \
rsyslog curl bash \
&& mkdir -p /etc/rsyslog.d \
&& touch /var/log/haproxy.log \
&& ln -sf /dev/stdout /var/log/haproxy.log
# Include our custom entrypoint that will the the job of lifting
# rsyslog alongside haproxy.
COPY ./etc/docker-entrypoint.sh /
COPY ./etc/rsyslog.conf /etc/rsyslog.d/
# Set our custom entrypoint as the image's default entrypoint
ENTRYPOINT ["/docker-entrypoint.sh"]
CMD ["-f", "/etc/haproxy/haproxy.cfg"][/quote]
haproxy.conf anyconnect client 是没有SNI
[quote]global
maxconn 2000
log 127.0.0.1 local0 warning
defaults
log global
mode tcp
option tcplog
option dontlognull
retries 3
frontend www-https
bind :::443
tcp-request inspect-delay 5s
tcp-request content capture req.ssl_sni len 20
acl tls req.ssl_hello_type 1
use_backend server-web if tls { req.ssl_sni -i yourserver.dynu.net }
default_backend server-vpn
backend server-vpn
mode tcp
option ssl-hello-chk
server ocserv ocserv:4443 send-proxy-v2
backend server-web
server server-web lighttpd:2443 check[/quote][/size] chmod +x for all entrypoint.sh
docker build . -t yourname/yourservice [i=s] 本帖最後由 yiucsw 於 2020-2-26 02:45 編輯 [/i]
[size=1]docker-compose.xml
[quote]version: '2'
services:
ocserv:
image: yourname/ocserv
container_name: ocserv
volumes:
- /root/docker-ocserv/etc:/etc/ocserv
- /root/docker-ocserv/ssl:/etc/ocserv/ssl:ro
ports:
- 4443:4443
expose:
- 4443
devices:
- /dev/net/tun:/dev/net/tun
cap_add:
- NET_ADMIN
restart: always
v2ray:
image: yourname/v2ray
container_name: v2ray
volumes:
- /root/docker-v2ray/etc:/etc/v2ray:rw
ports:
- 8443:8443
expose:
- 8443
restart: always
lighttpd:
image: yourname/lighttpd
depends_on:
- v2ray
container_name: lighttpd
volumes:
- /root/docker-lighttpd/etc:/etc/lighttpd:ro
- /root/docker-lighttpd/ssl:/ssl:ro
- /root/docker-lighttpd/htdocs:/var/www/localhost/htdocs
ports:
- 2443:2443
- 80:80
expose:
- 2443
- 80
restart: always
haproxy:
image: yourname/haproxy
depends_on:
- lighttpd
container_name: haproxy
volumes:
- /root/docker-haproxy/etc/haproxy.cfg:/etc/haproxy/haproxy.cfg:ro
ports:
- 443:443
expose:
- 443
restart: always[/quote][/size] [size=1]在 armbian BBR 加速
[quote]echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf[/quote][/size]
頁:
[1]