feat: 添加管理员登录

GavinTan · May 17, 2024 · c6faa54 · c6faa54
1 parent 472bb86
commit c6faa54
Show file tree

Hide file tree

Showing 4 changed files with 72 additions and 30 deletions.
diff --git a/README.md b/README.md
@@ -1,35 +1,29 @@
 # openvpn
 
-**docker版[openvpn](https://hub.docker.com/r/yyxx/openvpn)，支持web管理。**
-
-openvpn安全与加密相关配置参考于[openvpn-install](https://github.com/angristan/openvpn-install)。
-
-
-
-> 客户端配置文件在web管理客户端里生成支持在线下载，默认启用账号验证可在管理VPN账号选择启用或者关闭。
+**docker 版[openvpn](https://hub.docker.com/r/yyxx/openvpn)，支持 web 管理。**
 
+openvpn 安全与加密相关配置参考于[openvpn-install](https://github.com/angristan/openvpn-install)。
 
+> 提示：web->管理->客户端里生成下载客户端配置文件，web->管理->VPN 账号里管理添加账号，默认启用账号验证可在 VPN 账号里开启或关闭。
+>
+> 注意：默认生成的 server.conf 配置文件里 push "redirect-gateway def1 bypass-dhcp"是禁用的，如果需要客户端所有流量都走 openvpn 请把配置文件里 push 前面注释去掉。
 
 ![20220930173030](https://raw.githubusercontent.com/GavinTan/files/master/picgo/20220930173030.png)
 
-
-
 ![20220930173103](https://raw.githubusercontent.com/GavinTan/files/master/picgo/20220930173103.png)
 
-
-
 ## Quick Start
 
-- 安装docker-compose
+- 安装 docker-compose
 
-  ~~~bash
+  ```bash
   curl -SL https://github.com/docker/compose/releases/download/v2.11.2/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose
   chmod +x /usr/local/bin/docker-compose
-  ~~~
-  
-- 创建docker-compose.yml
+  ```
+
+- 创建 docker-compose.yml
 
-  ~~~yaml
+  ```yaml
   version: "3.9"
   services:
     openvpn:
@@ -39,22 +33,22 @@ openvpn安全与加密相关配置参考于[openvpn-install](https://github.com/
       ports:
         - "1194:1194/udp"
         - "8833:80"
+      environment:
+        - ADMIN_USERNAME=admin
+        - ADMIN_PASSWORD=admin
       volumes:
         - ./data:/data
         - /etc/localtime:/etc/localtime:ro
-  ~~~
-  
+  ```
+
 - 初始化生成证书配置文件
 
-  ~~~bash 
+  ```bash
   docker-compose run --rm openvpn --init
-  ~~~
+  ```
 
-- 运行openvpn
+- 运行 openvpn
 
-  ~~~bash
+  ```bash
   docker-compose up -d
-  ~~~
-
-
-
+  ```
diff --git a/build/Dockerfile b/build/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.18.4
+FROM alpine:3.19.1
 
 RUN apk add --no-cache easy-rsa openvpn iptables bash supervisor
 RUN ln -s /usr/share/easy-rsa/easyrsa /usr/local/bin
@@ -19,8 +19,11 @@ ENV OVPN_MAXCLIENTS=200
 ENV OVPN_PROTO=udp
 ENV OVPN_PORT=1194
 ENV OVPN_MANAGE_PORT=7505
-ENV OVPN_AUTH_API=http://127.0.0.1/login
+ENV AUTH_API=http://127.0.0.1/login
+ENV OVPN_AUTH_API=http://127.0.0.1/ovpn/login
 ENV GIN_MODE=release
+ENV ADMIN_USERNAME=admin
+ENV ADMIN_PASSWORD=admin
 
 EXPOSE 1194/udp 80
 

diff --git a/build/docker-entrypoint.sh b/build/docker-entrypoint.sh
@@ -60,7 +60,10 @@ status $OVPN_DATA/openvpn-status.log
 duplicate-cn
 management 127.0.0.1 $OVPN_MANAGE_PORT
 verb 2
-setenv auth_api ${OVPN_AUTH_API:-http://127.0.0.1/login}
+setenv ovpn_data ${OVPN_DATA:-/data}
+setenv auth_api ${AUTH_API:-http://127.0.0.1/login}
+setenv ovpn_auth_api ${OVPN_AUTH_API:-http://127.0.0.1/ovpn/login}
+setenv auth_token $(echo "$ADMIN_USERNAME:$ADMIN_PASSWORD" | openssl enc -e -aes-256-cbc -a -pbkdf2 -k $SECRET_KEY)
 EOF
 }
 
@@ -77,6 +80,44 @@ run_server(){
     /usr/sbin/openvpn $OVPN_DATA/server.conf
 }
 
+checkEnvUpdateConfig(){
+    source $OVPN_DATA/.vars
+
+    config=$OVPN_DATA/server.conf
+    auth_api=$(grep '^setenv auth_api' $config | cut -d' ' -f3)
+    ovpn_auth_api=$(grep '^setenv ovpn_auth_api' $config | cut -d' ' -f3)
+    auth_token=$(grep '^setenv auth_token' $config | cut -d' ' -f3)
+    AUTH_TOKEN=$(echo "$ADMIN_USERNAME:$ADMIN_PASSWORD" | openssl enc -e -aes-256-cbc -a -pbkdf2 -k $SECRET_KEY)
+
+
+    if [ "$auth_api" != "$AUTH_API" ]; then
+        if [ -z "$auth_api" ]; then
+            echo "setenv auth_api $AUTH_API" >> $config
+        else
+            sed -i "s|^setenv auth_api .*|setenv auth_api $AUTH_API|" $config 
+        fi
+    fi
+
+    if [ "$ovpn_auth_api" != "$OVPN_AUTH_API" ]; then
+        if [ -z "$ovpn_auth_api" ]; then
+            echo "setenv ovpn_auth_api $OVPN_AUTH_API" >> $config
+        else
+            sed -i "s|^setenv ovpn_auth_api .*|setenv ovpn_auth_api $OVPN_AUTH_API|" $config
+        fi
+    fi
+
+    set +e
+    decrypt_auth_token=$(echo "$auth_token" | openssl enc -d -aes-256-cbc -a -pbkdf2 -k $SECRET_KEY)
+    if [ "$decrypt_auth_token" != "$ADMIN_USERNAME:$ADMIN_PASSWORD" ]; then
+        if [ -z "$auth_token" ]; then
+            echo "setenv auth_token $AUTH_TOKEN" >> $config
+        else
+            sed -i "s|^setenv auth_token .*|setenv auth_token $AUTH_TOKEN|" $config
+        fi
+    fi
+    set -e
+}
+
 cidr2mask(){
     local i
     local subnetmask=""
@@ -169,6 +210,7 @@ case $1 in
         exit 0
     ;;
     "/usr/sbin/openvpn")
+        checkEnvUpdateConfig
         run_server
     ;;
     "/usr/bin/supervisord")

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -7,6 +7,9 @@ services:
     ports:
       - "1194:1194/udp"
       - "8833:80"
+    environment:
+      - ADMIN_USERNAME=admin
+      - ADMIN_PASSWORD=admin
     volumes:
       - ./data:/data
       - /etc/localtime:/etc/localtime:ro