ss_whitelist V1.0

[update] ss_whitelist 完善IPV6支持
[update] 重复添加时内容包含请求头（没什么用，排查问题时加上的）
[fix] 修复日志文件不会输出至 stderr 的问题
[fix] IPV6监听配置错误

ss_whitelist/config/nginx.conf

@@ -5,7 +5,7 @@ worker_rlimit_nofile 655350;
 
 pcre_jit on;
 
-error_log  logs/error.log;
+#error_log  logs/error.log;
 pid        logs/nginx.pid;
 
 
@@ -36,8 +36,10 @@ stream {
     }
 
     server {
-        listen [::]:7777;
+        listen 7777;
-        listen [::]:7777 udp;
+        listen 7777 udp;
+        listen [::]:7777 ipv6only=on;
+        listen [::]:7777 udp ipv6only=on;
         include allow.list;
         deny all;
         proxy_pass ss;
@@ -81,25 +83,28 @@ http {
     error_page 500 502 503 504 /50x.html;
 
     server{
-        listen [::]:80;
+        listen 80;
+        listen [::]:80 ipv6only=on;
         location / {
             auth_basic "";
             auth_basic_user_file /etc/openresty/auth;
             add_header Content-Type text/plain;
-            real_ip_header proxy_protocol;
+            proxy_set_header   X-Real-IP        $remote_addr;
-            set_real_ip_from 0.0.0.0/8;
+            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
-            proxy_set_header X-Real-IP       $proxy_protocol_addr;
-            proxy_set_header X-Forwarded-For $proxy_protocol_addr;
             content_by_lua_block {
-                clientIP=ngx.var.remote_addr;
+                clientIP=ngx.var.remote_addr
-                ngx.header.content_type = "text/plain;charset=UTF-8";
+                headers=ngx.req.get_headers()
+                ngx.header.content_type = "text/plain;charset=UTF-8"
                 file = io.open("/etc/openresty/allow.list","a+")
                 io.input(file)
                 io.output(file)
                 for line in file:lines() do
                     if string.find(line,clientIP) then
                         m = string.find(line,clientIP)
-                        ngx.print("当前IP:"..clientIP.."已存在，无需添加")
+                        ngx.print("当前IP:"..clientIP.."已存在，无需添加\n\n")
+                        for k, v in pairs(headers) do
+                           ngx.print(k..":"..v.."\n")
+                        end
                     end
                 end
                 if m == nil then

ss_whitelist/docker-compose.yml

@@ -1,5 +1,15 @@
 version: "3.9"
 services:
+  ipv6nat:
+    image: robbertkl/ipv6nat
+    container_name: ipv6nat
+    restart: unless-stopped
+    network_mode: host
+    privileged: true
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - /lib/modules:/lib/modules:ro
+
   shadowsocks:
     image: shadowsocks/shadowsocks-libev:latest
     expose:
@@ -8,9 +18,16 @@ services:
     environment:
       - METHOD=chacha20-ietf-poly1305
       - PASSWORD=96166477-95b6-41a1-92c5-e33bce9694b0
+#      - SERVER_ADDR=0.0.0.0
+#      - SERVER_ADDR=::0  # no use for listen ipv6 (may be no env actually but in doc)
+      - DNS_ADDRS=2001:4860:4860::8888,2001:4860:4860::8844,8.8.8.8,1.1.1.1
+      - ARGS= -s ::0
     restart: always
     networks:
       - backend
+    depends_on:
+      - ipv6nat
+
   openresty:
     image: openresty/openresty:latest
     ports:
@@ -26,6 +43,13 @@ services:
     networks:
       - backend
     depends_on:
+      - ipv6nat
       - shadowsocks
 networks:
-  backend:
+  backend:
+    enable_ipv6: true
+    driver: bridge
+    ipam:
+      driver: default
+      config:
+        - subnet: fd00:cafe:face::/48