Обновление конфигурации запуска
	
		
			
	
		
	
	
		
	
		
			All checks were successful
		
		
	
	
		
			
				
	
				Build / Build project (push) Successful in 6m54s
				
			
		
		
	
	
				
					
				
			
		
			All checks were successful
		
		
	
	Build / Build project (push) Successful in 6m54s
				
			- Добавлены сервисы запуска сервера и клиента - Добавлены обертки для запуска сервера и клиента - Добавлена общая конфигурация для сервера и клиента - Возможность использования пользовательской конфигурации из под /etc/wstunnel/wstunnel.conf для запускаемых сервисов
This commit is contained in:
		
							parent
							
								
									717ba11294
								
							
						
					
					
						commit
						a164df6604
					
				
					 6 changed files with 628 additions and 1 deletions
				
			
		
							
								
								
									
										236
									
								
								files/wstunnel-client
									
										
									
									
									
										Executable file
									
								
							
							
						
						
									
										236
									
								
								files/wstunnel-client
									
										
									
									
									
										Executable file
									
								
							|  | @ -0,0 +1,236 @@ | |||
| #!/bin/bash | ||||
| 
 | ||||
| # Script to launch wstunnel client using parameters from the [client] section of a configuration file | ||||
| 
 | ||||
| # Configuration file paths | ||||
| PRIMARY_CONFIG="/etc/wstunnel/wstunnel.conf" | ||||
| FALLBACK_CONFIG="/usr/share/defaults/etc/wstunnel/wstunnel.conf" | ||||
| 
 | ||||
| # Determine which configuration file to use | ||||
| CONFIG_FILE="" | ||||
| if [ -f "$PRIMARY_CONFIG" ]; then | ||||
|     CONFIG_FILE="$PRIMARY_CONFIG" | ||||
| elif [ -f "$FALLBACK_CONFIG" ]; then | ||||
|     CONFIG_FILE="$FALLBACK_CONFIG" | ||||
| else | ||||
|     echo "Error: Configuration file not found at '$PRIMARY_CONFIG' or '$FALLBACK_CONFIG'." | ||||
|     exit 1 | ||||
| fi | ||||
| 
 | ||||
| # Check if a configuration file is provided as an argument (overrides default paths) | ||||
| if [ $# -eq 1 ]; then | ||||
|     CONFIG_FILE="$1" | ||||
|     if [ ! -f "$CONFIG_FILE" ]; then | ||||
|         echo "Error:Specified configuration file '$CONFIG_FILE' not found." | ||||
|         exit 1 | ||||
|     fi | ||||
| fi | ||||
| 
 | ||||
| # Initialize variables for wstunnel client parameters | ||||
| SERVER_ADDRESS="" | ||||
| LOCAL_TO_REMOTE=() | ||||
| REMOTE_TO_LOCAL=() | ||||
| NO_COLOR="" | ||||
| SOCKET_SO_MARK="" | ||||
| CONNECTION_MIN_IDLE="" | ||||
| NB_WORKER_THREADS="" | ||||
| CONNECTION_RETRY_MAX_BACKOFF="" | ||||
| LOG_LEVEL="" | ||||
| TLS_SNI_OVERRIDE="" | ||||
| TLS_SNI_DISABLE="" | ||||
| TLS_VERIFY_CERTIFICATE="" | ||||
| HTTP_PROXY="" | ||||
| HTTP_PROXY_LOGIN="" | ||||
| HTTP_PROXY_PASSWORD="" | ||||
| HTTP_UPGRADE_PATH_PREFIX="" | ||||
| HTTP_UPGRADE_CREDENTIALS="" | ||||
| WEBSOCKET_PING_FREQUENCY="" | ||||
| WEBSOCKET_MASK_FRAME="" | ||||
| HTTP_HEADERS=() | ||||
| HTTP_HEADERS_FILE="" | ||||
| TLS_CERTIFICATE="" | ||||
| TLS_PRIVATE_KEY="" | ||||
| DNS_RESOLVER=() | ||||
| DNS_RESOLVER_PREFER_IPV4="" | ||||
| 
 | ||||
| # Function to trim whitespace | ||||
| trim() { | ||||
|     local var="$1" | ||||
|     var="${var#"${var%%[![:space:]]*}"}" # Remove leading whitespace | ||||
|     var="${var%"${var##*[![:space:]]}"}" # Remove trailing whitespace | ||||
|     echo -n "$var" | ||||
| } | ||||
| 
 | ||||
| # Parse the [client] section of the INI file | ||||
| current_section="" | ||||
| while IFS='=' read -r key value; do | ||||
|     # Skip empty lines and comments | ||||
|     if [[ -z "$key" || "$key" =~ ^\s*# || "$key" =~ ^\s*\; ]]; then | ||||
|         continue | ||||
|     fi | ||||
| 
 | ||||
|     # Check for section headers | ||||
|     if [[ "$key" =~ ^\s*\[.*\]\s*$ ]]; then | ||||
|         current_section=$(echo "$key" | sed 's/^\s*\[\(.*\)\]\s*$/\1/') | ||||
|         continue | ||||
|     fi | ||||
| 
 | ||||
|     # Process only the [client] section | ||||
|     if [ "$current_section" != "client" ]; then | ||||
|         continue | ||||
|     fi | ||||
| 
 | ||||
|     # Trim whitespace from key and value | ||||
|     key=$(trim "$key") | ||||
|     value=$(trim "$value") | ||||
| 
 | ||||
|     # Skip if value is empty | ||||
|     if [ -z "$value" ]; then | ||||
|         continue | ||||
|     fi | ||||
| 
 | ||||
|     # Map INI keys to wstunnel client parameters | ||||
|     case "$key" in | ||||
|         server_address) | ||||
|             SERVER_ADDRESS="$value" | ||||
|             ;; | ||||
|         local_to_remote) | ||||
|             # Split comma-separated values into array | ||||
|             IFS=',' read -ra ltr_array <<< "$value" | ||||
|             for ltr in "${ltr_array[@]}"; do | ||||
|                 LOCAL_TO_REMOTE+=("$(trim "$ltr")") | ||||
|             done | ||||
|             ;; | ||||
|         remote_to_local) | ||||
|             # Split comma-separated values into array | ||||
|             IFS=',' read -ra rtl_array <<< "$value" | ||||
|             for rtl in "${rtl_array[@]}"; do | ||||
|                 REMOTE_TO_LOCAL+=("$(trim "$rtl")") | ||||
|             done | ||||
|             ;; | ||||
|         no_color) | ||||
|             NO_COLOR="$value" | ||||
|             ;; | ||||
|         socket_so_mark) | ||||
|             SOCKET_SO_MARK="$value" | ||||
|             ;; | ||||
|         connection_min_idle) | ||||
|             CONNECTION_MIN_IDLE="$value" | ||||
|             ;; | ||||
|         nb_worker_threads) | ||||
|             NB_WORKER_THREADS="$value" | ||||
|             ;; | ||||
|         connection_retry_max_backoff) | ||||
|             CONNECTION_RETRY_MAX_BACKOFF="$value" | ||||
|             ;; | ||||
|         log_level) | ||||
|             LOG_LEVEL="$value" | ||||
|             ;; | ||||
|         tls_sni_override) | ||||
|             TLS_SNI_OVERRIDE="$value" | ||||
|             ;; | ||||
|         tls_sni_disable) | ||||
|             TLS_SNI_DISABLE="$value" | ||||
|             ;; | ||||
|         tls_verify_certificate) | ||||
|             TLS_VERIFY_CERTIFICATE="$value" | ||||
|             ;; | ||||
|         http_proxy) | ||||
|             HTTP_PROXY="$value" | ||||
|             ;; | ||||
|         http_proxy_login) | ||||
|             HTTP_PROXY_LOGIN="$value" | ||||
|             ;; | ||||
|         http_proxy_password) | ||||
|             HTTP_PROXY_PASSWORD="$value" | ||||
|             ;; | ||||
|         http_upgrade_path_prefix) | ||||
|             HTTP_UPGRADE_PATH_PREFIX="$value" | ||||
|             ;; | ||||
|         http_upgrade_credentials) | ||||
|             HTTP_UPGRADE_CREDENTIALS="$value" | ||||
|             ;; | ||||
|         websocket_ping_frequency) | ||||
|             WEBSOCKET_PING_FREQUENCY="$value" | ||||
|             ;; | ||||
|         websocket_mask_frame) | ||||
|             WEBSOCKET_MASK_FRAME="$value" | ||||
|             ;; | ||||
|         http_headers) | ||||
|             # Split comma-separated values into array | ||||
|             IFS=',' read -ra headers_array <<< "$value" | ||||
|             for header in "${headers_array[@]}"; do | ||||
|                 HTTP_HEADERS+=("$(trim "$header")") | ||||
|             done | ||||
|             ;; | ||||
|         http_headers_file) | ||||
|             HTTP_HEADERS_FILE="$value" | ||||
|             ;; | ||||
|         tls_certificate) | ||||
|             TLS_CERTIFICATE="$value" | ||||
|             ;; | ||||
|         tls_private_key) | ||||
|             TLS_PRIVATE_KEY="$value" | ||||
|             ;; | ||||
|         dns_resolver) | ||||
|             DNS_RESOLVER+=("$value") | ||||
|             ;; | ||||
|         dns_resolver_prefer_ipv4) | ||||
|             DNS_RESOLVER_PREFER_IPV4="$value" | ||||
|             ;; | ||||
|     esac | ||||
| done < "$CONFIG_FILE" | ||||
| 
 | ||||
| # Build the wstunnel client command | ||||
| CMD=("wstunnel" "client") | ||||
| 
 | ||||
| # Add server address (required argument) | ||||
| if [ -z "$SERVER_ADDRESS" ]; then | ||||
|     echo "Error: server_address is required in the [client] section of the configuration file." | ||||
|     exit 1 | ||||
| fi | ||||
| CMD+=("$SERVER_ADDRESS") | ||||
| 
 | ||||
| # Add optional parameters | ||||
| for ltr in "${LOCAL_TO_REMOTE[@]}"; do | ||||
|     CMD+=("-L" "$ltr") | ||||
| done | ||||
| for rtl in "${REMOTE_TO_LOCAL[@]}"; do | ||||
|     CMD+=("-R" "$rtl") | ||||
| done | ||||
| [ "$NO_COLOR" = "true" ] && CMD+=("--no-color" "true") | ||||
| [ -n "$SOCKET_SO_MARK" ] && CMD+=("--socket-so-mark" "$SOCKET_SO_MARK") | ||||
| [ -n "$CONNECTION_MIN_IDLE" ] && CMD+=("--connection-min-idle" "$CONNECTION_MIN_IDLE") | ||||
| [ -n "$CONNECTION_RETRY_MAX_BACKOFF" ] && CMD+=("--connection-retry-max-backoff" "$CONNECTION_RETRY_MAX_BACKOFF") | ||||
| [ -n "$LOG_LEVEL" ] && CMD+=("--log-lvl" "$LOG_LEVEL") | ||||
| [ -n "$TLS_SNI_OVERRIDE" ] && CMD+=("--tls-sni-override" "$TLS_SNI_OVERRIDE") | ||||
| [ "$TLS_SNI_DISABLE" = "true" ] && CMD+=("--tls-sni-disable") | ||||
| [ "$TLS_VERIFY_CERTIFICATE" = "true" ] && CMD+=("--tls-verify-certificate") | ||||
| [ -n "$HTTP_PROXY" ] && CMD+=("--http-proxy" "$HTTP_PROXY") | ||||
| [ -n "$HTTP_PROXY_LOGIN" ] && CMD+=("--http-proxy-login" "$HTTP_PROXY_LOGIN") | ||||
| [ -n "$HTTP_PROXY_PASSWORD" ] && CMD+=("--http-proxy-password" "$HTTP_PROXY_PASSWORD") | ||||
| [ -n "$HTTP_UPGRADE_PATH_PREFIX" ] && CMD+=("--http-upgrade-path-prefix" "$HTTP_UPGRADE_PATH_PREFIX") | ||||
| [ -n "$HTTP_UPGRADE_CREDENTIALS" ] && CMD+=("--http-upgrade-credentials" "$HTTP_UPGRADE_CREDENTIALS") | ||||
| [ -n "$WEBSOCKET_PING_FREQUENCY" ] && CMD+=("--websocket-ping-frequency" "$WEBSOCKET_PING_FREQUENCY") | ||||
| [ "$WEBSOCKET_MASK_FRAME" = "true" ] && CMD+=("--websocket-mask-frame") | ||||
| for header in "${HTTP_HEADERS[@]}"; do | ||||
|     CMD+=("--http-headers" "$header") | ||||
| done | ||||
| [ -n "$HTTP_HEADERS_FILE" ] && CMD+=("--http-headers-file" "$HTTP_HEADERS_FILE") | ||||
| [ -n "$TLS_CERTIFICATE" ] && CMD+=("--tls-certificate" "$TLS_CERTIFICATE") | ||||
| [ -n "$TLS_PRIVATE_KEY" ] && CMD+=("--tls-private-key" "$TLS_PRIVATE_KEY") | ||||
| for resolver in "${DNS_RESOLVER[@]}"; do | ||||
|     CMD+=("--dns-resolver" "$resolver") | ||||
| done | ||||
| [ "$DNS_RESOLVER_PREFER_IPV4" = "true" ] && CMD+=("--dns-resolver-prefer-ipv4") | ||||
| 
 | ||||
| # Set environment variable for nb_worker_threads if specified | ||||
| if [ -n "$NB_WORKER_THREADS" ]; then | ||||
|     export TOKIO_WORKER_THREADS="$NB_WORKER_THREADS" | ||||
| fi | ||||
| 
 | ||||
| # Print the command for debugging | ||||
| echo "Using configuration file: $CONFIG_FILE" | ||||
| 
 | ||||
| # Execute the wstunnel client command | ||||
| exec "${CMD[@]}" | ||||
							
								
								
									
										12
									
								
								files/wstunnel-client.service
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										12
									
								
								files/wstunnel-client.service
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,12 @@ | |||
| [Unit] | ||||
| Description=wstunnel client service | ||||
| After=network.target | ||||
| 
 | ||||
| [Service] | ||||
| Type=simple | ||||
| Restart=always | ||||
| RestartSec=1 | ||||
| ExecStart=/usr/bin/wstunnel-client | ||||
| 
 | ||||
| [Install] | ||||
| WantedBy=multi-user.target | ||||
							
								
								
									
										200
									
								
								files/wstunnel-server
									
										
									
									
									
										Executable file
									
								
							
							
						
						
									
										200
									
								
								files/wstunnel-server
									
										
									
									
									
										Executable file
									
								
							|  | @ -0,0 +1,200 @@ | |||
| #!/bin/bash | ||||
| 
 | ||||
| # Script to launch wstunnel server using parameters from the [server] section of a configuration file | ||||
| 
 | ||||
| # Configuration file paths | ||||
| PRIMARY_CONFIG="/etc/wstunnel/wstunnel.conf" | ||||
| FALLBACK_CONFIG="/usr/share/defaults/etc/wstunnel/wstunnel.conf" | ||||
| 
 | ||||
| # Determine which configuration file to use | ||||
| CONFIG_FILE="" | ||||
| if [ -f "$PRIMARY_CONFIG" ]; then | ||||
|     CONFIG_FILE="$PRIMARY_CONFIG" | ||||
| elif [ -f "$FALLBACK_CONFIG" ]; then | ||||
|     CONFIG_FILE="$FALLBACK_CONFIG" | ||||
| else | ||||
|     echo "Error: Configuration file not found at '$PRIMARY_CONFIG' or '$FALLBACK_CONFIG'." | ||||
|     exit 1 | ||||
| fi | ||||
| 
 | ||||
| # Check if a configuration file is provided as an argument (overrides default paths) | ||||
| if [ $# -eq 1 ]; then | ||||
|     CONFIG_FILE="$1" | ||||
|     if [ ! -f "$CONFIG_FILE" ]; then | ||||
|         echo "Error: Specified configuration file '$CONFIG_FILE' not found." | ||||
|         exit 1 | ||||
|     fi | ||||
| fi | ||||
| 
 | ||||
| # Initialize variables for wstunnel server parameters | ||||
| BIND_ADDRESS="" | ||||
| SOCKET_SO_MARK="" | ||||
| WEBSOCKET_PING_FREQUENCY="" | ||||
| NO_COLOR="" | ||||
| WEBSOCKET_MASK_FRAME="" | ||||
| DNS_RESOLVER=() | ||||
| DNS_RESOLVER_PREFER_IPV4="" | ||||
| LOG_LEVEL="" | ||||
| RESTRICT_TO=() | ||||
| RESTRICT_HTTP_UPGRADE_PATH_PREFIX=() | ||||
| RESTRICT_CONFIG="" | ||||
| TLS_CERTIFICATE="" | ||||
| TLS_PRIVATE_KEY="" | ||||
| TLS_CLIENT_CA_CERTS="" | ||||
| HTTP_PROXY="" | ||||
| HTTP_PROXY_LOGIN="" | ||||
| HTTP_PROXY_PASSWORD="" | ||||
| REMOTE_TO_LOCAL_SERVER_IDLE_TIMEOUT="" | ||||
| NB_WORKER_THREADS="" | ||||
| 
 | ||||
| # Function to trim whitespace | ||||
| trim() { | ||||
|     local var="$1" | ||||
|     var="${var#"${var%%[![:space:]]*}"}" # Remove leading whitespace | ||||
|     var="${var%"${var##*[![:space:]]}"}" # Remove trailing whitespace | ||||
|     echo -n "$var" | ||||
| } | ||||
| 
 | ||||
| # Parse the [server] section of the INI file | ||||
| current_section="" | ||||
| while IFS='=' read -r key value; do | ||||
|     # Skip empty lines and comments | ||||
|     if [[ -z "$key" || "$key" =~ ^\s*# || "$key" =~ ^\s*\; ]]; then | ||||
|         continue | ||||
|     fi | ||||
| 
 | ||||
|     # Check for section headers | ||||
|     if [[ "$key" =~ ^\s*\[.*\]\s*$ ]]; then | ||||
|         current_section=$(echo "$key" | sed 's/^\s*\[\(.*\)\]\s*$/\1/') | ||||
|         continue | ||||
|     fi | ||||
| 
 | ||||
|     # Process only the [server] section | ||||
|     if [ "$current_section" != "server" ]; then | ||||
|         continue | ||||
|     fi | ||||
| 
 | ||||
|     # Trim whitespace from key and value | ||||
|     key=$(trim "$key") | ||||
|     value=$(trim "$value") | ||||
| 
 | ||||
|     # Skip if value is empty | ||||
|     if [ -z "$value" ]; then | ||||
|         continue | ||||
|     fi | ||||
| 
 | ||||
|     # Map INI keys to wstunnel server parameters | ||||
|     case "$key" in | ||||
|         bind_address) | ||||
|             BIND_ADDRESS="$value" | ||||
|             ;; | ||||
|         socket_so_mark) | ||||
|             SOCKET_SO_MARK="$value" | ||||
|             ;; | ||||
|         websocket_ping_frequency) | ||||
|             WEBSOCKET_PING_FREQUENCY="$value" | ||||
|             ;; | ||||
|         no_color) | ||||
|             NO_COLOR="$value" | ||||
|             ;; | ||||
|         websocket_mask_frame) | ||||
|             WEBSOCKET_MASK_FRAME="$value" | ||||
|             ;; | ||||
|         dns_resolver) | ||||
|             DNS_RESOLVER+=("$value") | ||||
|             ;; | ||||
|         dns_resolver_prefer_ipv4) | ||||
|             DNS_RESOLVER_PREFER_IPV4="$value" | ||||
|             ;; | ||||
|         log_level) | ||||
|             LOG_LEVEL="$value" | ||||
|             ;; | ||||
|         restrict_to) | ||||
|             # Split comma-separated values into array | ||||
|             IFS=',' read -ra restrict_array <<< "$value" | ||||
|             for restrict in "${restrict_array[@]}"; do | ||||
|                 RESTRICT_TO+=("$(trim "$restrict")") | ||||
|             done | ||||
|             ;; | ||||
|         restrict_http_upgrade_path_prefix) | ||||
|             # Split comma-separated values into array | ||||
|             IFS=',' read -ra prefix_array <<< "$value" | ||||
|             for prefix in "${prefix_array[@]}"; do | ||||
|                 RESTRICT_HTTP_UPGRADE_PATH_PREFIX+=("$(trim "$prefix")") | ||||
|             done | ||||
|             ;; | ||||
|         restrict_config) | ||||
|             RESTRICT_CONFIG="$value" | ||||
|             ;; | ||||
|         tls_certificate) | ||||
|             TLS_CERTIFICATE="$value" | ||||
|             ;; | ||||
|         tls_private_key) | ||||
|             TLS_PRIVATE_KEY="$value" | ||||
|             ;; | ||||
|         tls_client_ca_certs) | ||||
|             TLS_CLIENT_CA_CERTS="$value" | ||||
|             ;; | ||||
|         http_proxy) | ||||
|             HTTP_PROXY="$value" | ||||
|             ;; | ||||
|         http_proxy_login) | ||||
|             HTTP_PROXY_LOGIN="$value" | ||||
|             ;; | ||||
|         http_proxy_password) | ||||
|             HTTP_PROXY_PASSWORD="$value" | ||||
|             ;; | ||||
|         remote_to_local_server_idle_timeout) | ||||
|             REMOTE_TO_LOCAL_SERVER_IDLE_TIMEOUT="$value" | ||||
|             ;; | ||||
|         nb_worker_threads) | ||||
|             NB_WORKER_THREADS="$value" | ||||
|             ;; | ||||
|     esac | ||||
| done < "$CONFIG_FILE" | ||||
| 
 | ||||
| # Build the wstunnel server command | ||||
| CMD=("wstunnel" "server") | ||||
| 
 | ||||
| # Add bind address (required argument) | ||||
| if [ -z "$BIND_ADDRESS" ]; then | ||||
|     echo "Error: bind_address is required in the [server] section of the configuration file." | ||||
|     exit 1 | ||||
| fi | ||||
| CMD+=("$BIND_ADDRESS") | ||||
| 
 | ||||
| # Add optional parameters | ||||
| [ -n "$SOCKET_SO_MARK" ] && CMD+=("--socket-so-mark" "$SOCKET_SO_MARK") | ||||
| [ -n "$WEBSOCKET_PING_FREQUENCY" ] && CMD+=("--websocket-ping-frequency" "$WEBSOCKET_PING_FREQUENCY") | ||||
| [ "$NO_COLOR" = "true" ] && CMD+=("--no-color" "true") | ||||
| [ "$WEBSOCKET_MASK_FRAME" = "true" ] && CMD+=("--websocket-mask-frame") | ||||
| for resolver in "${DNS_RESOLVER[@]}"; do | ||||
|     CMD+=("--dns-resolver" "$resolver") | ||||
| done | ||||
| [ "$DNS_RESOLVER_PREFER_IPV4" = "true" ] && CMD+=("--dns-resolver-prefer-ipv4") | ||||
| [ -n "$LOG_LEVEL" ] && CMD+=("--log-lvl" "$LOG_LEVEL") | ||||
| for restrict in "${RESTRICT_TO[@]}"; do | ||||
|     CMD+=("--restrict-to" "$restrict") | ||||
| done | ||||
| for prefix in "${RESTRICT_HTTP_UPGRADE_PATH_PREFIX[@]}"; do | ||||
|     CMD+=("--restrict-http-upgrade-path-prefix" "$prefix") | ||||
| done | ||||
| [ -n "$RESTRICT_CONFIG" ] && CMD+=("--restrict-config" "$RESTRICT_CONFIG") | ||||
| [ -n "$TLS_CERTIFICATE" ] && CMD+=("--tls-certificate" "$TLS_CERTIFICATE") | ||||
| [ -n "$TLS_PRIVATE_KEY" ] && CMD+=("--tls-private-key" "$TLS_PRIVATE_KEY") | ||||
| [ -n "$TLS_CLIENT_CA_CERTS" ] && CMD+=("--tls-client-ca-certs" "$TLS_CLIENT_CA_CERTS") | ||||
| [ -n "$HTTP_PROXY" ] && CMD+=("--http-proxy" "$HTTP_PROXY") | ||||
| [ -n "$HTTP_PROXY_LOGIN" ] && CMD+=("--http-proxy-login" "$HTTP_PROXY_LOGIN") | ||||
| [ -n "$HTTP_PROXY_PASSWORD" ] && CMD+=("--http-proxy-password" "$HTTP_PROXY_PASSWORD") | ||||
| [ -n "$REMOTE_TO_LOCAL_SERVER_IDLE_TIMEOUT" ] && CMD+=("--remote-to-local-server-idle-timeout" "$REMOTE_TO_LOCAL_SERVER_IDLE_TIMEOUT") | ||||
| 
 | ||||
| # Set environment variable for nb_worker_threads if specified | ||||
| if [ -n "$NB_WORKER_THREADS" ]; then | ||||
|     export TOKIO_WORKER_THREADS="$NB_WORKER_THREADS" | ||||
| fi | ||||
| 
 | ||||
| # Print the command for debugging | ||||
| echo "Using configuration file: $CONFIG_FILE" | ||||
| 
 | ||||
| # Execute the wstunnel server command | ||||
| exec "${CMD[@]}" | ||||
							
								
								
									
										12
									
								
								files/wstunnel-server.service
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										12
									
								
								files/wstunnel-server.service
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,12 @@ | |||
| [Unit] | ||||
| Description=wstunnel server service | ||||
| After=network.target | ||||
| 
 | ||||
| [Service] | ||||
| Type=simple | ||||
| Restart=always | ||||
| RestartSec=1 | ||||
| ExecStart=/usr/bin/wstunnel-server | ||||
| 
 | ||||
| [Install] | ||||
| WantedBy=multi-user.target | ||||
							
								
								
									
										159
									
								
								files/wstunnel.conf
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										159
									
								
								files/wstunnel.conf
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,159 @@ | |||
| [server] | ||||
| ; Address to bind the wstunnel server (ws:// for non-TLS, wss:// for TLS) | ||||
| ; Example: wss://0.0.0.0:8080 or ws://[::]:8080 | ||||
| bind_address = wss://0.0.0.0:8080 | ||||
| 
 | ||||
| ; (Linux only) Mark network packets with SO_MARK sockoption | ||||
| ; Requires root, sudo, or specific capabilities | ||||
| ; socket_so_mark = 123 | ||||
| 
 | ||||
| ; Frequency of websocket ping to clients (set to 0 to disable) | ||||
| websocket_ping_frequency = 30s | ||||
| 
 | ||||
| ; Disable color output in logs | ||||
| ; no_color = true | ||||
| 
 | ||||
| ; Enable masking of websocket frames (only for non-TLS ws://, adds overhead) | ||||
| ; websocket_mask_frame = false | ||||
| 
 | ||||
| ; DNS resolver(s) for domain name lookups | ||||
| ; Can specify multiple resolvers (e.g., dns://1.1.1.1, dns+https://1.1.1.1?sni=cloudflare-dns.com) | ||||
| ; Use system://0.0.0.0 for libc resolver | ||||
| ; dns_resolver = dns://1.1.1.1 | ||||
| 
 | ||||
| ; Prefer IPv4 over IPv6 for DNS resolution (useful for broken IPv6 connections) | ||||
| ; dns_resolver_prefer_ipv4 = false | ||||
| 
 | ||||
| ; Log verbosity level (TRACE, DEBUG, INFO, WARN, ERROR, OFF) | ||||
| log_level = INFO | ||||
| 
 | ||||
| ; Restrict connections to specific destination:port pairs | ||||
| ; Can specify multiple restrictions | ||||
| ; restrict_to = google.com:443, localhost:22 | ||||
| 
 | ||||
| ; Restrict websocket upgrade to specific path prefix (acts as a client authentication secret) | ||||
| ; restrict_http_upgrade_path_prefix = /custom/path | ||||
| 
 | ||||
| ; Path to YAML restriction config file (automatically reloaded on change) | ||||
| ; restrict_config = /path/to/restrict.yaml | ||||
| 
 | ||||
| ; Custom TLS certificate (PEM format, auto-reloaded on change) | ||||
| ; tls_certificate = /path/to/certificate.pem | ||||
| 
 | ||||
| ; Custom TLS private key (PEM, EC, or RSA, auto-reloaded on change) | ||||
| ; tls_private_key = /path/to/private_key.pem | ||||
| 
 | ||||
| ; Enable mTLS by specifying CA certificates for client authentication (PEM, auto-reloaded) | ||||
| ; tls_client_ca_certs = /path/to/ca_certs.pem | ||||
| 
 | ||||
| ; HTTP proxy to connect to clients (format: user:pass@host:port) | ||||
| ; http_proxy = user:pass@proxy.example.com:8080 | ||||
| 
 | ||||
| ; Override HTTP proxy login | ||||
| ; http_proxy_login = custom_login | ||||
| 
 | ||||
| ; Override HTTP proxy password | ||||
| ; http_proxy_password = custom_password | ||||
| 
 | ||||
| ; Idle timeout for remote-to-local server before unbinding (default: 3 minutes) | ||||
| remote_to_local_server_idle_timeout = 3m | ||||
| 
 | ||||
| ; Number of worker threads (set via environment variable TOKIO_WORKER_THREADS) | ||||
| ; Note: This flag is ignored in the command line, use environment variable instead | ||||
| ; nb_worker_threads = 4 | ||||
| 
 | ||||
| [client] | ||||
| ; Address of the wstunnel server (supports ws://, wss://, http://, https://) | ||||
| ; Example: wss://wstunnel.example.com or https://wstunnel.example.com | ||||
| server_address = wss://wstunnel.example.com | ||||
| 
 | ||||
| ; Local-to-remote forwarding rules (tcp, udp, socks5, stdio, unix) | ||||
| ; Can specify multiple rules | ||||
| ; Examples: | ||||
| ; - tcp://1212:google.com:443 (listen locally on port 1212, forward to google.com:443) | ||||
| ; - udp://1212:1.1.1.1:53?timeout_sec=10 (listen on UDP port 1212, forward to 1.1.1.1:53, timeout after 10s) | ||||
| ; - socks5://[::1]:1212?login=admin&password=admin (SOCKS5 proxy with authentication) | ||||
| ; - stdio://google.com:443 (forward stdio to google.com:443) | ||||
| ; - unix:///tmp/wstunnel.sock:google.com:443 (listen on Unix socket, forward to google.com:443) | ||||
| ; local_to_remote = tcp://1212:google.com:443 | ||||
| 
 | ||||
| ; Remote-to-local forwarding rules (tcp, udp, socks5, unix) | ||||
| ; Can specify multiple rules | ||||
| ; Examples: | ||||
| ; - tcp://1212:google.com:443 (server listens on port 1212, forwards to local google.com:443) | ||||
| ; - socks5://[::1]:1212 (server listens for SOCKS5, forwards dynamically to local) | ||||
| ; remote_to_local = tcp://1212:google.com:443 | ||||
| 
 | ||||
| ; Disable color output in logs | ||||
| ; no_color = true | ||||
| 
 | ||||
| ; (Linux only) Mark network packets with SO_MARK sockoption | ||||
| ; Requires root, sudo, or specific capabilities | ||||
| ; socket_so_mark = 123 | ||||
| 
 | ||||
| ; Maximum number of idle connections to keep open to the server | ||||
| connection_min_idle = 0 | ||||
| 
 | ||||
| ; Number of worker threads (set via environment variable TOKIO_WORKER_THREADS) | ||||
| ; Note: This flag is ignored in the command line, use environment variable instead | ||||
| ; nb_worker_threads = 4 | ||||
| 
 | ||||
| ; Maximum backoff time for retrying server connections | ||||
| connection_retry_max_backoff = 5m | ||||
| 
 | ||||
| ; Log verbosity level (TRACE, DEBUG, INFO, WARN, ERROR, OFF) | ||||
| log_level = INFO | ||||
| 
 | ||||
| ; Domain name for SNI during TLS handshake | ||||
| ; Required if behind a CDN like Cloudflare to match HTTP HOST header | ||||
| ; tls_sni_override = example.com | ||||
| 
 | ||||
| ; Disable sending SNI during TLS handshake | ||||
| ; tls_sni_disable = false | ||||
| 
 | ||||
| ; Enable TLS certificate verification (disabled by default, allows self-signed certs) | ||||
| ; tls_verify_certificate = false | ||||
| 
 | ||||
| ; HTTP proxy to connect to the server (format: user:pass@host:port) | ||||
| ; http_proxy = user:pass@proxy.example.com:8080 | ||||
| 
 | ||||
| ; Override HTTP proxy login | ||||
| ; http_proxy_login = custom_login | ||||
| 
 | ||||
| ; Override HTTP proxy password | ||||
| ; http_proxy_password = custom_password | ||||
| 
 | ||||
| ; HTTP upgrade path prefix for websocket upgrade request | ||||
| http_upgrade_path_prefix = v1 | ||||
| 
 | ||||
| ; Basic auth credentials for HTTP upgrade request (format: user:pass) | ||||
| ; http_upgrade_credentials = user:pass | ||||
| 
 | ||||
| ; Frequency of websocket pings to the server (set to 0 to disable) | ||||
| websocket_ping_frequency = 30s | ||||
| 
 | ||||
| ; Enable masking of websocket frames (only for non-TLS ws://, adds overhead) | ||||
| ; websocket_mask_frame = false | ||||
| 
 | ||||
| ; Custom headers for HTTP upgrade request (format: HEADER_NAME: HEADER_VALUE) | ||||
| ; Can specify multiple headers | ||||
| ; http_headers = X-Custom-Header: Value | ||||
| 
 | ||||
| ; File containing custom headers for HTTP upgrade request (format: HEADER_NAME: HEADER_VALUE per line) | ||||
| ; http_headers_file = /path/to/headers.txt | ||||
| 
 | ||||
| ; TLS certificate (PEM) for mTLS client authentication | ||||
| ; Automatically reloaded on change | ||||
| ; tls_certificate = /path/to/certificate.pem | ||||
| 
 | ||||
| ; TLS private key (PEM) for mTLS client authentication | ||||
| ; Automatically reloaded on change | ||||
| ; tls_private_key = /path/to/private_key.pem | ||||
| 
 | ||||
| ; DNS resolver(s) for domain name lookups | ||||
| ; Can specify multiple resolvers (e.g., dns://1.1.1.1, dns+https://1.1.1.1?sni=cloudflare-dns.com) | ||||
| ; Use system://0.0.0.0 for libc resolver | ||||
| ; dns_resolver = dns://1.1.1.1 | ||||
| 
 | ||||
| ; Prefer IPv4 over IPv6 for DNS resolution (useful for broken IPv6 connections) | ||||
| ; dns_resolver_prefer_ipv4 = false | ||||
							
								
								
									
										10
									
								
								package.yml
									
										
									
									
									
								
							
							
						
						
									
										10
									
								
								package.yml
									
										
									
									
									
								
							|  | @ -1,6 +1,6 @@ | |||
| name       : wstunnel | ||||
| version    : 10.2.0 | ||||
| release    : 2 | ||||
| release    : 3 | ||||
| source     : | ||||
|     - https://github.com/erebe/wstunnel/archive/refs/tags/v10.2.0.tar.gz : e5b29465c447c110e4f7d2c1e99a9e6e883f2ddaf6373459d1008607811e637d | ||||
| homepage   : https://github.com/erebe/wstunnel | ||||
|  | @ -18,3 +18,11 @@ build      : | | |||
|     %cargo_build --package wstunnel-cli | ||||
| install    : | | ||||
|     %cargo_install | ||||
| 
 | ||||
|     install -Dm00644 $pkgfiles/wstunnel-client.service $installdir/%libdir%/systemd/system/wstunnel-client.service | ||||
|     install -Dm00644 $pkgfiles/wstunnel-server.service $installdir/%libdir%/systemd/system/wstunnel-server.service | ||||
| 
 | ||||
|     install -Dm00644 $pkgfiles/wstunnel.conf /usr/share/defaults/etc/wstunnel/wstunnel.conf | ||||
| 
 | ||||
|     install -Dm00755 $pkgfiles/wstunnel-client $installdir/usr/bin/wstunnel-client | ||||
|     install -Dm00755 $pkgfiles/wstunnel-server $installdir/usr/bin/wstunnel-server | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue