1. 适配 docker 执行脚本：增加 IP Region 配置

lin1810 · Jul 27, 2024 · d4084e1 · d4084e1
1 parent 3ca8e9b
commit d4084e1
Show file tree

Hide file tree

Showing 7 changed files with 25 additions and 20 deletions.
diff --git a/NT-Server/src/main/java/net/shihome/nt/server/common/IpRegionFilter.java b/NT-Server/src/main/java/net/shihome/nt/server/common/IpRegionFilter.java
@@ -3,6 +3,7 @@
 import io.netty.channel.ChannelHandlerContext;
 import io.netty.handler.ipfilter.AbstractRemoteAddressFilter;
 import org.apache.commons.lang.ArrayUtils;
+import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -16,12 +17,15 @@ public class IpRegionFilter extends AbstractRemoteAddressFilter<InetSocketAddres
     private final IpRegionUtils regionUtils;
     private final String[] allowList;
 
-    public IpRegionFilter(IpRegionUtils regionUtils, String[] allowList) {
+    public IpRegionFilter(IpRegionUtils regionUtils, String allowList) {
         this.regionUtils = regionUtils;
-        if (!ArrayUtils.isEmpty(allowList)) {
-            Arrays.sort(allowList, String::compareTo);
+        String[] split = null;
+        if (StringUtils.isNotEmpty(allowList))
+        {
+            split = StringUtils.split(allowList, "|");
+            Arrays.sort(split, String::compareTo);
         }
-        this.allowList = allowList;
+        this.allowList = split;
     }
 
     @Override

diff --git a/NT-Server/src/main/java/net/shihome/nt/server/config/ServerInstance.java b/NT-Server/src/main/java/net/shihome/nt/server/config/ServerInstance.java
@@ -9,7 +9,7 @@ public class ServerInstance {
   private int permits = -1;
   private int permitsTimeoutInSecond = 15;
   private int slidingWindowSize = 10;
-  private String[] accessIpRegion;
+  private String accessIpRegion;
 
   public int getPermitsTimeoutInSecond() {
     return permitsTimeoutInSecond;
@@ -63,11 +63,11 @@ public boolean isEnableConnectionLog() {
     return enableConnectionLog;
   }
 
-  public String[] getAccessIpRegion() {
+  public String getAccessIpRegion() {
     return accessIpRegion;
   }
 
-  public void setAccessIpRegion(String[] accessIpRegion) {
+  public void setAccessIpRegion(String accessIpRegion) {
     this.accessIpRegion = accessIpRegion;
   }
 

diff --git a/NT-Server/src/main/java/net/shihome/nt/server/config/ServerProperties.java b/NT-Server/src/main/java/net/shihome/nt/server/config/ServerProperties.java
@@ -18,7 +18,7 @@ public class ServerProperties {
    * ip2region.xdb path
    */
   private File ipRegionPath;
-  private String[] accessIpRegion;
+  private String accessIpRegion;
   private String serverKeyPassword;
   private File caPath;
   private double writeLimit = 0;
@@ -35,11 +35,11 @@ public void setIpRegionPath(File ipRegionPath) {
     this.ipRegionPath = ipRegionPath;
   }
 
-  public String[] getAccessIpRegion() {
+  public String getAccessIpRegion() {
     return accessIpRegion;
   }
 
-  public void setAccessIpRegion(String[] accessIpRegion) {
+  public void setAccessIpRegion(String accessIpRegion) {
     this.accessIpRegion = accessIpRegion;
   }
 

diff --git a/config/dev/NT-Server/application.yml b/config/dev/NT-Server/application.yml
@@ -6,19 +6,15 @@ nt:
 #    server-cert-path: /tmp/server.crt
 #    server-key-path: /tmp/pkcs8_server.key
 #    server-key-password:
-#    ip-region-path: /tmp/ip2region.xdb  # https://gitee.com/lionsoul/ip2region/blob/master/data/ip2region.xdb
+    ip-region-path: /tmp/ip2region.xdb  # https://gitee.com/lionsoul/ip2region/blob/master/data/ip2region.xdb
+    access-ip-region: 中国|0
     instance-list:
       - instance-name: remote.ssh
         port: 922
-#        access-ip-region:
-#          - 中国
+        access-ip-region: 中国
       - instance-name: remote.https
         port: 9443
-#        access-ip-region:
-#          - 中国
-#    access-ip-region:
-#      - 中国
-#      - 0 #内网 IP
+        access-ip-region: 中国
 #logging:
 #  level:
 #    net.shihome.nt.server.tcp: DEBUG
diff --git a/docker_build/Server/application.yml b/docker_build/Server/application.yml
@@ -5,6 +5,7 @@ nt:
     ca-path: ${CERT_PATH}/ca.crt
     server-cert-path: ${CERT_PATH}/server.crt
     server-key-path: ${CERT_PATH}/server_pkcs8.key
+    ip-region-path: ${BASE_PATH}/ip2region.xdb
 #    server-key-password:
 #logging:
 #  level:

diff --git a/docker_build/Server/entrypoint.sh b/docker_build/Server/entrypoint.sh
@@ -26,13 +26,14 @@ usage() { local RC="${1:-0}"
     echo "Usage: ${0##*/} [-opt] [command]
 Options (fields in '[]' are optional, '<>' are required):
     -h          This help
-    -i \"<name;port>[;slidingWindowSize]\"
+    -i \"<name;port>[;slidingWindowSize][;allList]\"
                 Configure a tunnel
                 required arg: \"<name>;<port>\"
                 <name> tunnel name
                 <port> tunnel bind port
                 NOTE: for the default value, just leave blank
                 [slidingWindowSize] default:'10'
+                [all IP Region List split by delim char '|']
 " >&2
     exit $RC
 }
@@ -43,13 +44,16 @@ Options (fields in '[]' are optional, '<>' are required):
 #   port) tunnel bind port
 #   slidingWindowSize) Integer, default:'10'
 # Return: result
-addInstance() { local name="$1" port="$2" slidingWindowSize="${3:-""}"  \
+addInstance() { local name="$1" port="$2" slidingWindowSize="${3:-""}" allowList="${4:-""}"  \
                 file=$CONFIG_PATH/application-instance.yml
     echo "      - instance-name: $name" >>$file
     echo "        port: $port" >>$file
     if [ -n "$slidingWindowSize" ]; then
         echo "        sliding-window-size: $slidingWindowSize" >>$file
     fi
+    if [ -n "$allowLis" ]; then
+            echo "        access-ip-region: $allowList" >>$file
+        fi
     echo "" >>$file
 }
 

diff --git a/docker_build/Server/ip2region.xdb b/docker_build/Server/ip2region.xdb