From e05be2133a5706af8994167103647627c7c292af Mon Sep 17 00:00:00 2001 From: wulabing Date: Sat, 18 Jun 2022 00:44:48 +0800 Subject: [PATCH] =?UTF-8?q?ss=5Fwhitelist=20V1.0=20[update]=20ss=5Fwhiteli?= =?UTF-8?q?st=20=E5=AE=8C=E5=96=84IPV6=E6=94=AF=E6=8C=81=20[update]=20?= =?UTF-8?q?=E9=87=8D=E5=A4=8D=E6=B7=BB=E5=8A=A0=E6=97=B6=E5=86=85=E5=AE=B9?= =?UTF-8?q?=E5=8C=85=E5=90=AB=E8=AF=B7=E6=B1=82=E5=A4=B4=EF=BC=88=E6=B2=A1?= =?UTF-8?q?=E4=BB=80=E4=B9=88=E7=94=A8=EF=BC=8C=E6=8E=92=E6=9F=A5=E9=97=AE?= =?UTF-8?q?=E9=A2=98=E6=97=B6=E5=8A=A0=E4=B8=8A=E7=9A=84=EF=BC=89=20[fix]?= =?UTF-8?q?=20=E4=BF=AE=E5=A4=8D=E6=97=A5=E5=BF=97=E6=96=87=E4=BB=B6?= =?UTF-8?q?=E4=B8=8D=E4=BC=9A=E8=BE=93=E5=87=BA=E8=87=B3=20stderr=20?= =?UTF-8?q?=E7=9A=84=E9=97=AE=E9=A2=98=20[fix]=20IPV6=E7=9B=91=E5=90=AC?= =?UTF-8?q?=E9=85=8D=E7=BD=AE=E9=94=99=E8=AF=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ss_whitelist/config/nginx.conf | 27 ++++++++++++++++----------- ss_whitelist/docker-compose.yml | 26 +++++++++++++++++++++++++- 2 files changed, 41 insertions(+), 12 deletions(-) diff --git a/ss_whitelist/config/nginx.conf b/ss_whitelist/config/nginx.conf index 7eedd62..37c6375 100644 --- a/ss_whitelist/config/nginx.conf +++ b/ss_whitelist/config/nginx.conf @@ -5,7 +5,7 @@ worker_rlimit_nofile 655350; pcre_jit on; -error_log logs/error.log; +#error_log logs/error.log; pid logs/nginx.pid; @@ -36,8 +36,10 @@ stream { } server { - listen [::]:7777; - listen [::]:7777 udp; + listen 7777; + listen 7777 udp; + listen [::]:7777 ipv6only=on; + listen [::]:7777 udp ipv6only=on; include allow.list; deny all; proxy_pass ss; @@ -81,25 +83,28 @@ http { error_page 500 502 503 504 /50x.html; server{ - listen [::]:80; + listen 80; + listen [::]:80 ipv6only=on; location / { auth_basic ""; auth_basic_user_file /etc/openresty/auth; add_header Content-Type text/plain; - real_ip_header proxy_protocol; - set_real_ip_from 0.0.0.0/8; - proxy_set_header X-Real-IP $proxy_protocol_addr; - proxy_set_header X-Forwarded-For $proxy_protocol_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; content_by_lua_block { - clientIP=ngx.var.remote_addr; - ngx.header.content_type = "text/plain;charset=UTF-8"; + clientIP=ngx.var.remote_addr + headers=ngx.req.get_headers() + ngx.header.content_type = "text/plain;charset=UTF-8" file = io.open("/etc/openresty/allow.list","a+") io.input(file) io.output(file) for line in file:lines() do if string.find(line,clientIP) then m = string.find(line,clientIP) - ngx.print("当前IP:"..clientIP.."已存在,无需添加") + ngx.print("当前IP:"..clientIP.."已存在,无需添加\n\n") + for k, v in pairs(headers) do + ngx.print(k..":"..v.."\n") + end end end if m == nil then diff --git a/ss_whitelist/docker-compose.yml b/ss_whitelist/docker-compose.yml index cd983e7..f3eeb8c 100644 --- a/ss_whitelist/docker-compose.yml +++ b/ss_whitelist/docker-compose.yml @@ -1,5 +1,15 @@ version: "3.9" services: + ipv6nat: + image: robbertkl/ipv6nat + container_name: ipv6nat + restart: unless-stopped + network_mode: host + privileged: true + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - /lib/modules:/lib/modules:ro + shadowsocks: image: shadowsocks/shadowsocks-libev:latest expose: @@ -8,9 +18,16 @@ services: environment: - METHOD=chacha20-ietf-poly1305 - PASSWORD=96166477-95b6-41a1-92c5-e33bce9694b0 +# - SERVER_ADDR=0.0.0.0 +# - SERVER_ADDR=::0 # no use for listen ipv6 (may be no env actually but in doc) + - DNS_ADDRS=2001:4860:4860::8888,2001:4860:4860::8844,8.8.8.8,1.1.1.1 + - ARGS= -s ::0 restart: always networks: - backend + depends_on: + - ipv6nat + openresty: image: openresty/openresty:latest ports: @@ -26,6 +43,13 @@ services: networks: - backend depends_on: + - ipv6nat - shadowsocks networks: - backend: \ No newline at end of file + backend: + enable_ipv6: true + driver: bridge + ipam: + driver: default + config: + - subnet: fd00:cafe:face::/48 \ No newline at end of file