Skip to content

Commit

Permalink
Make docker-compose not configurable (#445)
Browse files Browse the repository at this point in the history
* Make docker-compose not configurable

* Fix typo in word `ovpn` (instead of `opvn`)

* Move `config/examples` to `examples/config`

* Also move in docs

* Move `docker-compose.yml` to `example/` and return old `docker-compose`
  • Loading branch information
PerchunPak authored Mar 27, 2022
1 parent 98f2129 commit 19aee58
Show file tree
Hide file tree
Showing 10 changed files with 105 additions and 15 deletions.
4 changes: 4 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -40,3 +40,7 @@ db1000n
md5sum.txt

.history

# OpenVPN data
/openvpn/*.ovpn
/openvpn/auth.txt
4 changes: 2 additions & 2 deletions docs/advanced-docs/configuration.md
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ The config is expected to be in json format and has following configuration valu
- `request.path` - `[string]` url path to use (passed directly to go `http.NewRequest`)
- `request.body` - `[object]` http payload to use (passed directly to go `http.NewRequest`)
- `request.headers` - `[object]` key-value map of http headers
- `request.cookies` - `[object]` key-value map of http cookies (you can still set cookies directly via the header with `cookie_string` template function or statically, see `config/examples/advanced/ddos-guard.yaml` for an example)
- `request.cookies` - `[object]` key-value map of http cookies (you can still set cookies directly via the header with `cookie_string` template function or statically, see `examples/config/advanced/ddos-guard.yaml` for an example)
- `client` - `[object]` http client config for the job
- `client.tls_config` - `[object]` tls config for transport (InsecureSkipVerify is true by default)
- `client.proxy_urls` - `[array]` comma-separated list of string urls for proxies to use (chosen randomly for each request)
Expand All @@ -90,7 +90,7 @@ Warning: `packetgen` requires root privileges to run
- `connection` - `[object]` raw ip connection parameters
- `connection.name` - `[string]` name of the network to use. can be `ip4:tcp`, `ip6:tcp`, `ip4:udp`, `ip6:udp`, or anything else supported by the go runtime
- `connection.address` - `[string]` address of the interface used to send packets (on the attacking machine)
- `packet` - `[object]` packet configuration parameters. see `config/examples/advanced/packetgen-*` for usage examples as there are just too many params to put them here. I'll only describe the general structure of the packet
- `packet` - `[object]` packet configuration parameters. see `examples/config/advanced/packetgen-*` for usage examples as there are just too many params to put them here. I'll only describe the general structure of the packet
- `packet.link` - `[layer]` tcp/ip level 1 (OSI level 2) configuration. currently only supports ethernet serialization but go runtime doesn't have a way to send custom ethernet frames so it's not advised to use it
- `packet.network` - `[layer]` tcp/ip level 2 (OSI level 3) configuration. supports `ipv4` and `ipv6` protocols. see `src/core/packetgen/network.go` for all the available options
- `packet.transport` - `[layer]` tcp/ip level 3 (OSI level 4) configuration. supports `tcp` and `udp` protocols. see `src/core/packetgen/transport.go` for all the available options
Expand Down
19 changes: 14 additions & 5 deletions docs/advanced-docs/docker-vpn.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,21 @@
In case of using a dedicated VPS that has banned public IP, a container with OpenVPN client can be deployed inside the same network as db1000n is in.
One of the easy ways to set it up is through the docker-compose.

`docker-compose.yml`
There are few `docker-compose` examples, see `examples/docker`. Documentation you can find below:

```yaml
{% include "../../docker-compose.yml" %}
### Static Docker Compose

`openvpn/auth.txt`:

```text
<your username for OpenVPN>
<your password for OpenVPN>
```

Also place your `*.ovpn` file into `openvpn/` directory. You can set multiple configuration files and one of them will be used.

### Old Docker Compose

`openvpn/provider01.txt`:

```text
Expand All @@ -30,11 +39,11 @@ Also place your `provider01.endpoint01.conf`, `provider01.endpoint02.conf` and `
## Start

```sh
docker-compose up -d
docker-compose -f examples/docker/your_docker_file.yml up -d
```

## Stop

```sh
docker-compose down
docker-compose -f examples/docker/your_docker_file.yml down
```
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
16 changes: 8 additions & 8 deletions docker-compose.yml → examples/docker/old-docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ services:
restart: unless-stopped
volumes:
- /dev/net:/dev/net:z
- ./openvpn/:/data/vpn:z
- ../../openvpn/:/data/vpn:z
sysctls:
- net.ipv6.conf.all.disable_ipv6=1
environment:
Expand Down Expand Up @@ -48,7 +48,7 @@ services:
restart: unless-stopped
volumes:
- /dev/net:/dev/net:z
- ./openvpn/:/data/vpn:z
- ../../openvpn/:/data/vpn:z
sysctls:
- net.ipv6.conf.all.disable_ipv6=1
environment:
Expand Down Expand Up @@ -76,7 +76,7 @@ services:
restart: unless-stopped
volumes:
- /dev/net:/dev/net:z
- ./openvpn/:/data/vpn:z
- ../../openvpn/:/data/vpn:z
sysctls:
- net.ipv6.conf.all.disable_ipv6=1
environment:
Expand All @@ -102,7 +102,7 @@ services:
labels:
autoheal: "true"
volumes:
- ./config:/ko-app/config:z
- ../../config:/ko-app/config:z
environment:
UPDATER_DESTINATION_CONFIG: "/ko-app/config/config.json"
UPDATER_MODE: true
Expand All @@ -127,7 +127,7 @@ services:
COUNTRY_LIST: "Country"
CONFIG: "/ko-app/config/config.json"
volumes:
- ./config:/ko-app/config:z
- ../../config:/ko-app/config:z

# this Docker container will use VPN 02
# it will use config.json created by 'updater' container above
Expand All @@ -149,7 +149,7 @@ services:
COUNTRY_LIST: "Country, Another Country"
CONFIG: "/ko-app/config/config.json"
volumes:
- ./config:/ko-app/config:z
- ../../config:/ko-app/config:z

# this Docker container will use VPN 03
# it will download config itself and won't access shared volume so those options are undefined here
Expand All @@ -169,6 +169,6 @@ services:

secrets:
provider01_secret:
file: ./openvpn/provider01.txt
file: ../../openvpn/provider01.txt
provider02_secret:
file: ./openvpn/provider02.txt
file: ../../openvpn/provider02.txt
77 changes: 77 additions & 0 deletions examples/docker/static-docker-compose.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
version: "3.9"

services:
# creates privileged container
autoheal:
container_name: autoheal
image: willfarrell/autoheal:1.2.0
restart: always
privileged: true
volumes:
- /var/run/docker.sock:/var/run/docker.sock:Z

# creates OpenVPN Docker container to provider one of randomly picked .ovpn file
ovpn:
image: ghcr.io/wfg/openvpn-client:2.1.0
cap_add:
- NET_ADMIN
security_opt:
- label:disable
restart: unless-stopped
volumes:
- /dev/net:/dev/net:z
- ../../openvpn/:/data/vpn:z
sysctls:
- net.ipv6.conf.all.disable_ipv6=1
environment:
KILL_SWITCH: "on"
HTTP_PROXY: "off"
VPN_AUTH_SECRET: ovpn_secret
VPN_CONFIG_PATTERN: "*.ovpn" # this will match country01.ovpn, country02.ovpn etc
secrets:
- ovpn_secret
labels:
autoheal: "true"
healthcheck:
test: ["CMD", "nslookup", "google.com", "8.8.8.8"]
timeout: 10s
interval: 30s
retries: 3

# run db1000n in updater mode, which will fetch configuration bypassing VPN and store it in shared volume
updater:
image: ghcr.io/arriven/db1000n
restart: unless-stopped
labels:
autoheal: "true"
volumes:
- ../../config:/ko-app/config:z
environment:
UPDATER_DESTINATION_CONFIG: "/ko-app/config/config.json"
UPDATER_MODE: true

# this container will use VPN
# it will use config.json created by 'updater' container above
# this is set by specifying same volume and -c config/config.json
programm:
image: ghcr.io/arriven/db1000n
restart: unless-stopped
depends_on:
ovpn:
condition: service_healthy
updater:
condition: service_started
network_mode: "service:ovpn"
labels:
autoheal: "true"
environment:
STRICT_COUNTRY_CHECK: "true"
# set single or multiple countries to check IP against and exit container if IP matches country OR IP cannot be determined
COUNTRY_LIST: "Country"
CONFIG: "/ko-app/config/config.json"
volumes:
- ../../config:/ko-app/config:z

secrets:
ovpn_secret:
file: ../../openvpn/auth.txt

0 comments on commit 19aee58

Please sign in to comment.