-
Notifications
You must be signed in to change notification settings - Fork 258
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #190 from geebee/master
Docker builds for tunnel core server
- Loading branch information
Showing
5 changed files
with
149 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
Server | ||
psiphond | ||
psiphond.config | ||
serverEntry.dat |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
FROM alpine:latest | ||
|
||
MAINTAINER Psiphon Inc. <info@psiphon.ca> | ||
LABEL Description="Alpine Linux based Psiphon Tunnel-Core Server" Vendor="Psiphon Inc." Version="1.0" | ||
|
||
RUN apk add --update \ | ||
bash \ | ||
ca-certificates \ | ||
&& rm -rf /var/cache/apk/* | ||
|
||
RUN mkdir -p /opt/psiphon | ||
|
||
ADD ["psiphond", "psiphond.config", "/opt/psiphon/"] | ||
|
||
WORKDIR /opt/psiphon | ||
|
||
ENTRYPOINT ["./psiphond", "--config", "psiphond.config", "run"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
FROM alpine:latest | ||
|
||
ENV GOLANG_VERSION 1.6.2 | ||
ENV GOLANG_SRC_URL https://golang.org/dl/go$GOLANG_VERSION.src.tar.gz | ||
|
||
RUN set -ex \ | ||
&& apk add --no-cache \ | ||
bash \ | ||
ca-certificates \ | ||
gcc \ | ||
git \ | ||
musl-dev \ | ||
openssl \ | ||
go \ | ||
\ | ||
&& export GOROOT_BOOTSTRAP="$(go env GOROOT)" \ | ||
\ | ||
&& wget -q "$GOLANG_SRC_URL" -O golang.tar.gz \ | ||
&& tar -C /usr/local -xzf golang.tar.gz \ | ||
&& rm golang.tar.gz \ | ||
&& cd /usr/local/go/src \ | ||
&& ./make.bash | ||
|
||
ENV GOPATH /go | ||
ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH | ||
|
||
RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 777 "$GOPATH" | ||
WORKDIR $GOPATH |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,17 +1,74 @@ | ||
Psiphon Tunnel Core Server README | ||
================================================================================ | ||
## Psiphon Tunnel Core Server README | ||
|
||
Overview | ||
-------------------------------------------------------------------------------- | ||
### Overview | ||
The `Server`/`psiphond` program and the `github.com/Psiphon-Labs/psiphon-tunnel-core/psiphon/server` package contain an experimental Psiphon server stack. | ||
|
||
The `Server` program and the `github.com/Psiphon-Labs/psiphon-tunnel-core/psiphon/server` package contain an experimental Psiphon server stack. | ||
Functionality is based on the [production server stack](https://bitbucket.org/psiphon/psiphon-circumvention-system/src/tip/Server/) but only a small subset is implemented. Currently, this stack supports the `SSH` and `OSSH` protocols and has a minimal web server to support the API calls the tunnel-core client requires. | ||
|
||
Functionality is based on the (production server stack)[https://bitbucket.org/psiphon/psiphon-circumvention-system/src/tip/Server/] but only a small subset is implemented. Currently, this stack supports the `SSH` protocol and has a minimal web server to support the API calls the tunnel-core client requires. | ||
### Build | ||
Prerequisites: | ||
- Go 1.6.2 or later | ||
|
||
Usage | ||
-------------------------------------------------------------------------------- | ||
Build Steps: | ||
- Get dependencies: `go get -d -v ./...` | ||
- Build: `go build -o psiphond main.go` (will generate a binary named `psiphond` for Linux/OSX or `psiphond.exe` for Windows) | ||
|
||
* Execute `Server generate` to generate a server configuration, including new key material and credentials. This will emit a config file and a server entry file. | ||
* Note: `generate` does not yet take input parameters, so for now you must edit code if you must change the server IP address or ports. | ||
* Execute `Server run` to run the server stack using the generated configuration. | ||
* Copy the contents of the server entry file to the client (e.g., the `TargetServerEntry` config field in the tunnel-core client) to connect to the server. | ||
#### MUSL `libc` build (for Alpine Linux on Docker) | ||
Prerequisites: | ||
- Go 1.6.2 or later | ||
- Docker 1.10 or later | ||
- MUSL libc toolchain | ||
|
||
##### Building MUSL | ||
1. Clone the latest source (master is stable): `git clone git://git.musl-libc.org/musl` | ||
2. Change into the musl directory: `cd musl` | ||
3. Configure the build environment: `./configure` | ||
4. Build the libraries and toolchain binaries: `make` | ||
5. Install: `sudo make install` | ||
- Installs to `/usr/local/musl` by default, change by passing `--prefix <path>` as a flag to the configure script in step 3 | ||
|
||
##### Building the binary with MUSL for Docker | ||
Build Steps: | ||
- Get dependencies: `GOOS=linux GOARCH=amd64 go get -d -v ./...` | ||
- Build: `GOOS=linux GOARCH=amd64 CC=/usr/local/musl/bin/musl-gcc go build --ldflags '-linkmode external -extldflags "-static"' -o psiphond main.go` (will generate a statically linked binary named `psiphond`) | ||
|
||
**NOTE**: If you have ever used a _GNU libc_ based build of this project, you will need to append the `-a` flag to your `go build` command in order to force rebuilding of previously built libraries. Additionally, compiling with the _GNU libc_ again (after having compiled with _MUSL libc_) will also require the `-a` flag. | ||
|
||
Updated build command: `GOOS=linux GOARCH=amd64 CC=/usr/local/musl/bin/musl-gcc go build -a --ldflags '-linkmode external -extldflags "-static"' -o psiphond main.go` | ||
|
||
##### Building the binary with MUSL in Docker | ||
|
||
You may also use the `Dockerfile-binary-builder` docker file to create an image that will be able to build the binary for you without installing MUSL and cross-compiling locally. | ||
|
||
1. Build the image: `docker build -f Dockerfile-binary-builder -t psiphond-builder .` | ||
2. Run the build via the image: `cd .. && docker run --rm -v $(pwd):/go/src/github.com/Psiphon-Labs/psiphon-tunnel-core psiphond-builder /bin/bash -c 'cd /go/src/github.com/Psiphon-Labs/psiphon-tunnel-core/Server && ./make.bash'; cd -` | ||
3. Change the owner (if desired) of the `psiphond` binary. The permissions are `777`/`a+rwx`, but the owner and group will both be `root`. Functionally, this should not matter at all. | ||
|
||
##### Generate a configuration file | ||
1. Use the command `./psiphond --help` to get a list of flags to pass to the `generate` sub-command | ||
2. Run: `./psiphond --newConfig psiphond.config --ipaddress 0.0.0.0 --protocol SSH:22 --protocol OSSH:53 --web 80 generate` (IP address `0.0.0.0` is used due to how docker handles services bound to the loopback device) | ||
3. Remove the value for the `SyslogFacility` key (eg: `sed -i 's/"SyslogFacility": "user"/"SyslogFacility": ""/' psiphond.config`) | ||
4. Remove the value for the `Fail2BanFormat` key (eg: `sed -i 's/"Fail2BanFormat": "Authentication failure for psiphon-client from %s"/"Fail2BanFormat": ""/' psiphond.config`) | ||
|
||
##### Create the Docker image: | ||
1. Run the command: `docker build --no-cache=true -t psiphond .` (this may take some time to complete) | ||
- Subsequent updates can be built without the `--no-cache=true` flag to speed up builds | ||
2. Once completed, verify that you see an image named `psiphond` when running: `docker images` | ||
|
||
### Usage | ||
- Execute `./psiphond generate` to generate a server configuration, including new key material and credentials. This will emit a config file and a server entry file. | ||
- Note: `generate` does not yet take input parameters, so for now you must edit code if you must change the server IP address or ports. | ||
- Execute `./psiphond run` to run the server stack using the generated configuration. | ||
- Copy the contents of the server entry file to the client (e.g., the `TargetServerEntry` config field in the tunnel-core client) to connect to the server. | ||
|
||
#### Run the docker image | ||
Run the docker container built above as follows: `docker run -d --name psiphond-1 -p 10053:53 -p 10022:22 -p 10080:80 psiphond` | ||
|
||
This will start a daemonized container, running the tunnel core server named `psiphond-1`, with `host:container` port mappings: | ||
- 10053:53 | ||
- 10022:22 | ||
- 10080:80 | ||
|
||
The container can be stopped by issuing the command `docker stop psiphond-1`. It will send the server a `SIGTERM`, followed by a `SIGKILL` if it is still running after a grace period | ||
|
||
The container logs can be viewed/tailed/etc via the `docker logs psiphond-1` command and the various flags the `logs` subcommand allows |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
#!/usr/bin/env sh | ||
|
||
set -e | ||
|
||
BASE_DIR=$( cd "$(dirname "$0")" ; pwd -P ) | ||
cd $BASE_DIR | ||
|
||
if [ ! -f make.bash ]; then | ||
echo "make.bash must be run from $GOPATH/src/github.com/Psiphon-Labs/psiphon-tunnel-core/Server" | ||
exit 1 | ||
fi | ||
|
||
build_for_linux () { | ||
echo "Getting project dependencies (via go get) for Linux. Parameter is: '$1'" | ||
GOOS=linux GOARCH=amd64 go get -d -v ./... | ||
if [ $? != 0 ]; then | ||
echo "...'go get' failed, exiting" | ||
exit $? | ||
fi | ||
|
||
GOOS=linux GOARCH=amd64 go build --ldflags '-linkmode external -extldflags "-static"' -o psiphond main.go | ||
if [ $? != 0 ]; then | ||
echo "...'go build' failed, exiting" | ||
exit $? | ||
fi | ||
chmod 777 psiphond | ||
|
||
} | ||
|
||
build_for_linux | ||
echo "Done" |