我想使用Pro Custodibus,但我的 wireguard 服务器位于 docker 容器上(https://github.com/linuxserver/docker-wireguard)。如何配置 PRo custodibus 来加载和管理wireguard 数据?
问问题
111 次
1 回答
0
您必须使用 WireGuard 将 Pro Custodibus 代理烘焙到容器中。
这是一个 Dockerfile:
# Dockerfile
FROM ghcr.io/linuxserver/wireguard
ENV DEBIAN_FRONTEND noninteractive
RUN \
apt-get update && \
apt-get install -y libsodium23 python3-pip && \
rm -rf /var/lib/apt/lists/*
RUN \
mkdir -p /etc/services.d/procustodibus-agent && \
echo \
'#!/usr/bin/with-contenv bash\n' \
'exec procustodibus-agent --loop=120 --config=/config/procustodibus.conf\n' \
> /etc/services.d/procustodibus-agent/run && \
gpg --keyserver keys.openpgp.org --recv-keys EFC1AE969DD8159F
RUN \
cd /tmp && \
curl -O https://ad.custodib.us/agents/procustodibus-agent-latest.tar.gz && \
curl https://ad.custodib.us/agents/procustodibus-agent-latest.tar.gz.sig | \
gpg --verify - procustodibus-agent-latest.tar.gz && \
tar xf procustodibus-agent-latest.tar.gz && \
pip3 install procustodibus-agent-*/ && \
rm -rf /tmp/*
它:
- 使用linuxserver/wireguard作为其基础(它又基于 Ubuntu 20.04,加上s6作为进程管理器)
- 使用 pip 安装 Pro Custodibus 代理依赖项:libsodium 和 python3
- 配置 s6 以将 Pro Custodibus 代理作为服务运行(使用 /config 目录作为代理的配置文件)
- 下载、验证和安装 Pro Custodibus 代理
如果将此 Dockerfile 构建为容器,则可以运行它来代替通常的 linuxserver/wireguard 容器。
例如,如果您有一个 docker-compose.yml,如下所示:
# docker-compose.yml
---
version: "2.1"
services:
wireguard:
build: .
container_name: wireguard
cap_add:
- NET_ADMIN
- SYS_MODULE
environment:
- PUID=1000
- PGID=1000
- TZ=Etc/UTC
volumes:
- ./config:/config
- /lib/modules:/lib/modules
ports:
- 51820:51820/udp
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
您将 WireGuard 和 Pro Custodibus 配置文件放在与configDockerfile 和 docker-compose.yml 文件相同级别的目录中,然后运行docker-compose up:
$ tree
.
├── docker-compose.yml
├── Dockerfile
└── config
├── procustodibus.conf
├── procustodibus-setup.conf
└── wg0.conf
$ sudo docker-compose up
Creating network "docker-wireguard_default" with the default driver
Building wireguard
Step 1/5 : FROM ghcr.io/linuxserver/wireguard
...
Successfully built e4b8b8e8f2e3
Successfully tagged docker-wireguard_wireguard:latest
WARNING: Image for service wireguard was built because it did not already exist. To rebuild this image you must use `docker-compose build` or `docker-compose up --build`.
Creating wireguard ... done
Attaching to wireguard
wireguard | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
...
wireguard | [#] ip link set mtu 1420 up dev wg0
编辑 2021-11-10:现在有一个预构建的 Docker 映像,其中包括带有 WireGuard 的 Pro Custodibus 代理:docker.io/procustodibus/agent。
您可以将它与docker-compose.yml如下文件一起使用:
# docker-compose.yml
version: '3'
services:
wireguard:
image: procustodibus/agent
cap_add:
- NET_ADMIN
ports:
- 51820:51820/udp
volumes:
- ./config:/etc/wireguard
您将 WireGuard 和 Pro Custodibus 配置文件放在文件的同级config目录中的位置docker-compose.yml:
$ tree
.
├── docker-compose.yml
└── config
├── procustodibus.conf
├── procustodibus-setup.conf
└── wg0.conf
并docker-compose up从该目录运行:
$ sudo docker-compose up
Creating network "wireguard_default" with the default driver
Creating wireguard_wireguard_1 ... done
Attaching to wireguard_wireguard_1
wireguard_1 |
wireguard_1 | * /proc is already mounted
...
wireguard_1 | * Starting WireGuard interface wg0 ...[#] ip link add wg0 type wireguard
...
wireguard_1 | * Starting procustodibus-agent ... [ ok ]
有关更多示例,请参见https://www.procustodibus.com/blog/2021/11/wireguard-containers/。
于 2021-06-03T20:51:00.550 回答