From 221b38ff9050711130261b1938d30d1a6076a503 Mon Sep 17 00:00:00 2001 From: nd4y <106557904+nd4y@users.noreply.github.com> Date: Tue, 3 Dec 2024 02:24:02 +0300 Subject: [PATCH] =?UTF-8?q?=D0=94=D0=BE=D0=B1=D0=B0=D0=B2=D0=B8=D0=BB=20?= =?UTF-8?q?=D0=BA=D0=BE=D0=BD=D1=82=D0=B5=D0=B9=D0=BD=D0=B5=D1=80=20=D1=81?= =?UTF-8?q?=20VPN=20=D1=81=D0=B5=D1=80=D0=BE=D0=B2=D0=B5=D1=80=D0=BE=D0=BC?= =?UTF-8?q?=20Pritunl=20+=20=D0=BE=D0=B1=D0=BD=D0=BE=D0=B2=D0=B8=D0=BB=20?= =?UTF-8?q?=D0=B2=D1=81=D0=B5=20=D0=B8=D1=81=D0=BF=D0=BE=D0=BB=D1=8C=D0=B7?= =?UTF-8?q?=D1=83=D0=B5=D0=BC=D1=8B=D0=B5=20image=20+=20=D1=83=D0=BF=D1=80?= =?UTF-8?q?=D0=BE=D1=81=D1=82=D0=B8=D0=BB=20=D1=80=D0=B0=D0=B7=D0=B2=D0=B5?= =?UTF-8?q?=D1=80=D1=82=D1=8B=D0=B2=D0=B0=D0=BD=D0=B8=D0=B5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .env | 3 + .gitattributes | 1 - .github/FUNDING.yml | 2 - .gitignore | 1 + README.md | 73 +++++-------- build/certs/ca.crt.pem | 31 ++++++ build/certs/tls.crt.pem | 31 ++++++ build/certs/tls.key.pem | 52 +++++++++ build/fpm.dockerfile | 4 + {mounts/nginx => build}/html/.htaccess | 0 {mounts/nginx => build}/html/custom.css | 0 {mounts/nginx => build}/html/enterprise.css | 0 .../nginx => build}/html/enterprise_plus.css | 0 {mounts/nginx => build}/html/index.php | 0 {mounts/nginx => build}/html/logo.png | Bin {mounts/nginx => build}/html/logo.xcf | Bin {mounts/nginx => build}/html/premium.css | 0 {mounts/nginx/conf => build}/nginx.conf | 0 build/nginx.dockerfile | 6 ++ build/pritunl.dockerfile | 11 ++ docker-compose.yml | 84 ++++++++++++--- mounts/nginx/certs/ca.crt.pem | 31 ------ mounts/nginx/certs/tls.crt.pem | 30 ------ mounts/nginx/certs/tls.key.pem | 52 --------- setup.py | 102 ------------------ 25 files changed, 237 insertions(+), 277 deletions(-) create mode 100644 .env delete mode 100644 .gitattributes delete mode 100644 .github/FUNDING.yml create mode 100644 .gitignore create mode 100644 build/certs/ca.crt.pem create mode 100644 build/certs/tls.crt.pem create mode 100644 build/certs/tls.key.pem create mode 100644 build/fpm.dockerfile rename {mounts/nginx => build}/html/.htaccess (100%) rename {mounts/nginx => build}/html/custom.css (100%) rename {mounts/nginx => build}/html/enterprise.css (100%) rename {mounts/nginx => build}/html/enterprise_plus.css (100%) rename {mounts/nginx => build}/html/index.php (100%) rename {mounts/nginx => build}/html/logo.png (100%) rename {mounts/nginx => build}/html/logo.xcf (100%) rename {mounts/nginx => build}/html/premium.css (100%) rename {mounts/nginx/conf => build}/nginx.conf (100%) create mode 100644 build/nginx.dockerfile create mode 100644 build/pritunl.dockerfile delete mode 100644 mounts/nginx/certs/ca.crt.pem delete mode 100644 mounts/nginx/certs/tls.crt.pem delete mode 100644 mounts/nginx/certs/tls.key.pem delete mode 100755 setup.py diff --git a/.env b/.env new file mode 100644 index 0000000..ea5c538 --- /dev/null +++ b/.env @@ -0,0 +1,3 @@ +PRITUNL_IMAGE_TAG=ghcr.io/jippi/docker-pritunl:1.32.3805.95-jammy +NGINX_IMAGE_TAG=nginx:1.27 +FPM_IMAGE_TAG=php:8.3-fpm \ No newline at end of file diff --git a/.gitattributes b/.gitattributes deleted file mode 100644 index 486a232..0000000 --- a/.gitattributes +++ /dev/null @@ -1 +0,0 @@ -*.zip filter=lfs diff=lfs merge=lfs -text diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml deleted file mode 100644 index 27c9c34..0000000 --- a/.github/FUNDING.yml +++ /dev/null @@ -1,2 +0,0 @@ -github: simonmicro -patreon: simonmicro diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..bf94914 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +mounts/* diff --git a/README.md b/README.md index 68fe5c1..2441ebc 100644 --- a/README.md +++ b/README.md @@ -1,78 +1,57 @@ ### Назначение -Адаптация проекта https://github.com/simonmicro/Pritunl-Fake-API для развертывания API сервера Pritunl на том же сервере, где запущен VPN сервер Pritunl. +Адаптация проекта https://github.com/simonmicro/Pritunl-Fake-API для развертывания Pritunl + Pritunl FakeAPI с помощью Docker Compose ### Как это работает -1. В Docker запускается вебсервер с FakeAPI сервера лицензирования Pritunl -2. В конфигурационных файлах Pritunl подменяется адрес API сервера лиценизирования Pritunl на `pritunl-fakeapi.local` -3. В /etc/hosts вносится запись `127.0.0.1 pritunl-fakeapi.local` -4. Используются самоподписанные сертификаты для обеспечения TLS между Pritunl и FakeAPI сервером лицензирования +1. В контейнерах Docker запускаются: + 1. `pritunl-server` сам VPN сервер + установленная в контейнере MongoDB + 2. `pritunl-fakeapi-nginx` Реализация API сервера лицензирования Pritunl + 3. `pritunl-fakeapi-fpm` Реализация API сервера лицензирования Pritunl +2. В docker compose подменяется адреса серверов лицензирования `app.pritunl.com` и `auth.pritunl.com` на адрес контейнера с nginx +3. Генерируются сертификат CA и серверные сертификаты для доменных имен `app.pritunl.com` и `auth.pritunl.com`. CA сертификат добавляется в доверенные в контейнере `pritunl-server`. Серверные сертификаты добавляются в качестве серверных в контейнер `pritunl-fakeapi-nginx` +4. Используются сгенерированные самоподписанные сертификаты для обеспечения TLS между Pritunl и FakeAPI сервером лицензирования -### Протестировано на версиях -- Ubuntu Server 22.04 LTS pritunl/now 1.32.3552.76-0ubuntu1~jammy -- Ubuntu Server 20.04 LTS pritunl/now 1.32.3504.68-0ubuntu1~focal +### Протестировано +Только использование OpenVPN клиента. Работа с официальным клиентом Pritunl не тестировалась. -при использовании клиента OpenVPN. Использование официального клиента Pritunl не тестировалось. ### Требования -1. Версия ОС и пакета из списка [Протестировано на версиях](#протестировано-на-версиях) -2. Установленный Docker и Docker Compose в соотвествии с документацией https://docs.docker.com/engine/install/ubuntu/#install-using-the-repository . Пакеты docker.io и docker-compose не поддерживаются. -3. Пользователь с доступом к Docker без sudo `sudo usermod -aG docker ${USER}` -4. Установленный Pritunl с бесплатной лицензией -5. Порт веб интерфейса Pritunl сменен со стандартного 443 на любой свободный, кроме 80 и 443 +1. Установленный Docker и Docker Compose в соотвествии с документацией https://docs.docker.com/engine/install/ubuntu/#install-using-the-repository . Пакеты docker.io и docker-compose не поддерживаются. +2. Пользователь с доступом к Docker без sudo `sudo usermod -aG docker ${USER}` ### Установка -1. (Рекомендуется) зафиксировать версию Pritunl -``` -sudo apt-mark hold pritunl* -``` -2. Клонировать репозиторий /opt/pritunl-fakeapi . Можно использовать любой путь на сервере. /opt/pritunl-fakeapi используется в примерах команд ниже. +1. Клонировать репозиторий /opt/pritunl-fakeapi . Можно использовать любой путь на сервере. /opt/pritunl-fakeapi используется в примерах команд ниже. ``` sudo mkdir /opt/pritunl-fakeapi -p && \ sudo chown ${USER}:${USER} /opt/pritunl-fakeapi && \ git clone https://github.com/nd4y/Pritunl-Fake-API.git /opt/pritunl-fakeapi ``` -3. (Рекомендуется) сгенерировать сертификаты удостоверяющего центра и сервера. (команды для выпуска сертификатов протестированы на OpenSSL 1.1.1w (Debian 10) и OpenSSL 1.1.1f (Ubuntu 22.04 LTS) - 1. Перейти в каталог и удалить имеющиеся сертификаты `cd /opt/pritunl-fakeapi/mounts/nginx/certs && rm -f *.pem` +2. Рекомендуется сгенерировать сертификаты удостоверяющего центра и сервера. Вы можете использовать уже сгененированные сертификаты из этого репозитория, однако, это может негативно отразиться на безопастности решения. Рекомендуется генерировать новые сертификаты для каждой инсталляции. Команды для выпуска сертификатов протестированы на OpenSSL 1.1.1w (Debian 11) и OpenSSL 1.1.1f (Ubuntu 22.04 LTS). + 1. Перейти в каталог и удалить имеющиеся сертификаты `cd /opt/pritunl-fakeapi/build/certs && rm -f *.pem` 2. Выпустить сертификат удостоверяющго центра ``` openssl req -x509 -newkey rsa:4096 -keyout ca.key.pem -out ca.crt.pem -sha256 -days 3650 -nodes -subj "/CN=Self-Signed Root Certification Authority" ``` 3. Выпустить запрос на сертификат сервера ``` - openssl req -newkey rsa:4096 -nodes -days 3650 -keyout tls.key.pem -out tls.req.pem -subj "/CN=Self-Signed Server Certificate" -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:pritunl-fakeapi.local")) + openssl req -newkey rsa:4096 -nodes -days 3650 -keyout tls.key.pem -out tls.req.pem -subj "/CN=Self-Signed Server Certificate" -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:app.pritunl.com,DNS:auth.pritunl.com")) ``` 4. Подписать запрос на сертификат сервера сертификатом удоствоверяющего центра ``` - openssl x509 -req -in tls.req.pem -CA ca.crt.pem -CAkey ca.key.pem -out tls.crt.pem -CAcreateserial -days 3650 -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:pritunl-fakeapi.local")) + openssl x509 -req -in tls.req.pem -CA ca.crt.pem -CAkey ca.key.pem -out tls.crt.pem -CAcreateserial -days 3650 -extensions SAN -extfile <(printf "[SAN]\nsubjectAltName=DNS:app.pritunl.com,DNS:auth.pritunl.com") ``` 5. Удалить файл приватного ключа удостоверяющего центра, файл запроса сертификата сервера и srl файл. ``` rm -f ca.key.pem tls.req.pem ca.crt.srl ``` + В каталоге `/opt/pritunl-fakeapi/build/certs` должны быть 3 файла: + 1. ca.crt.pem - Сертификат CA, выпустивший tls.crt.pem. При сборке копируется в контейнер `pritunl-server` + 2. tls.crt.pem - Сертификат, подписанный ca.crt.pem и имеющий в SAN DNS:app.pritunl.com,DNS:auth.pritunl.com . При сборке копируется в контейнер `pritunl-fakeapi-nginx` + 3. tls.key.pem - Закрытый ключ к сертификату подписанному ca.crt.pem и имеющий в SAN DNS:app.pritunl.com,DNS:auth.pritunl.com . При сборке копируется в контейнер `pritunl-fakeapi-nginx` -4. Отключить использование VPN сервером Pritunl порта 80/TCP +3. Запустить контейнеры ``` -sudo pritunl set app.redirect_server false +cd /opt/pritunl-fakeapi && docker compose up -d --build ``` -5. Запустить контейнеры -``` -cd /opt/pritunl-fakeapi && docker compose up -d -``` -6. Установить сертификат удостоверяющего центра в доверенные для Pritunl -``` -cat /opt/pritunl-fakeapi/mounts/nginx/certs/ca.crt.pem | sudo tee -a /usr/lib/pritunl/usr/lib/python3.9/site-packages/certifi/cacert.pem -``` -7. Добавить запись в /etc/hosts -``` -echo "127.0.0.1 pritunl-fakeapi.local" | sudo tee -a /etc/hosts -``` -8. Запустить скрипт setup.py -``` -chmod +x /opt/pritunl-fakeapi/setup.py && sudo /opt/pritunl-fakeapi/setup.py -``` -В скрипте выбрать [I]nstall и в качестве "new API endpoint" указать `pritunl-fakeapi.local` +4. Получить первичные логин и пароль для входа, выполнив команду `docker compose exec pritunl pritunl default-password` +5. Перейти в Web Interface Pritunl `http://SERVER_IP:80`, введя логин и пароль, полученные на предыдущем шаге, где SERVER_IP - IP адрес (или доменное имя) хоста, на который выполнялась установка. +6. В веб интерфейсе Pritunl активировать подписку, введя ключ активации `active ultimate` -9. Перезапустить Pritunl -``` -sudo systemctl restart pritunl -``` -10. В веб интерфейсе Pritunl активировать подписку, введя ключ активации `active ultimate` \ No newline at end of file diff --git a/build/certs/ca.crt.pem b/build/certs/ca.crt.pem new file mode 100644 index 0000000..12c1299 --- /dev/null +++ b/build/certs/ca.crt.pem @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFRzCCAy+gAwIBAgIUUFrsw42+OcJCcUTwaqnIQpYnjq8wDQYJKoZIhvcNAQEL +BQAwMzExMC8GA1UEAwwoU2VsZi1TaWduZWQgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1 +dGhvcml0eTAeFw0yNDEyMDIyMjUxMzBaFw0zNDExMzAyMjUxMzBaMDMxMTAvBgNV +BAMMKFNlbGYtU2lnbmVkIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC+x/clgusvFOV6TEQ4yvTDwXlJ +YOCFd9548dFUguYYvh/avRgstAPqykh34vWEbx+nNkqNeQtPU5D2Umz+uw9vsUL5 +0ILibJeR7pQP5o/UH380naTlqGrkXwj+o5im4QnV8valMb7zmIrNrqmI4uPy86UP +EpDXJC0JYKD8LEtC0nOoRbbcpBhrKumbwFOLCeM+t4r1HbRcpUpomTxSg4RR9uKk +qv3vvQaOnj07vncubr6k1Jlb/G3ytXV58y3Zym9/rjomfbrACrsrLS3QO0NlIHGe +M1IKWefbT1SFbg3BDX8X2I7qOxcZXovhcTCykklYyroJ8oGsagfalxnJSUzIMiTb +1G0+R6Pp//xyCnbXVKO+WU4i1tDuronFHR+5pLwVvzmVaWJA3yYlHvLfcbjnzFYM +05qw34ai/IM27geMjDGpy+EApibFqETIBLgmrV/A81zElPAObqppVTLUOdPCkNzF +Gx6++M+3UUz6Iq3Efhcv+zqW8zNJPwMCw0IKnbpodGXCIQBr/7t4ZY1qXXCHQDZq +FmnrBSG6JhDOsb9A6rjQhvshV2e4aqWrYT4jS9YFHGfNTSy9TNKByTpV3gbb9E5p +CPmElqWZzCi+Ut3tU8BX8e/2ky8rtNWWVDPzg3l7vrVRtXYgnLHOL8nGPnsHKv9r +1FVnojFZjS3hNH7D2QIDAQABo1MwUTAdBgNVHQ4EFgQUDCkdSHzC7aXzu9C3KtDT ++RnwZF8wHwYDVR0jBBgwFoAUDCkdSHzC7aXzu9C3KtDT+RnwZF8wDwYDVR0TAQH/ +BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFx2XgHNSMpmZQSIs2EYb5DVo0pZF +QjFlw4FJylSI8okxnkQEZHCAGzN4zM2U9hyZjSZKTnPL3uGgzn+YdzM2nVM6BsCy +DAoZn+ksJInKxfMgmX2c3T1cZN/sD7jEbiUuJfuthX1AdVCR1Bp5NkKwxy7VO8xE +RtO7zjnqGYb1ip64fJe48fRMSJnt4ZFUrOLC0ysu9qGk317Oiurg6AzWARvMxHHw +NwyWRWAtmoG7m5CEgrwQh0fzVC3tdgvo7MybV2dCYRCwGD0J+mDAzkctiAFUd5jh +u3KSnOkiXWb2VELB19KTxmdfkm993ikVs/0YrQXWIByqMHlJTdIVGdx38LcOvyel +QP7u47yYeT0Y62gOxOvE3GQtxjhinWHkgSWjIUN8jY+DEqO5o5t37epPmSLcOlwC +3IBPewtTZiA8tf2cByct/dDaozEhmHHdyWeM/F3+TMnfBl6bDjAAv/20UHy0Y8MR +KJRr76gkmASm5E+vhbc8pFmh/kA/Ofkd8s5iEC7sJtpREVimdJca4oAqlNPo2gcY +jd0Bn0cSk8r3zsw9QV0xASjjDFWNl/q/jkZMqbNaCnq6lrac0EP82RD8XQrK4S3U +I3jI1JIrdH+rNbDN4EZ9JuJDaBwR9ZG8IYb7136Sd7f71fUgDyVYxrTl9LiZzn1w +fxjsTZ7WmGv1ar8= +-----END CERTIFICATE----- diff --git a/build/certs/tls.crt.pem b/build/certs/tls.crt.pem new file mode 100644 index 0000000..7a6b3d6 --- /dev/null +++ b/build/certs/tls.crt.pem @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFWjCCA0KgAwIBAgIUNnxszI9lbHQvpRHMbcZ+/Vf4eaowDQYJKoZIhvcNAQEL +BQAwMzExMC8GA1UEAwwoU2VsZi1TaWduZWQgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1 +dGhvcml0eTAeFw0yNDEyMDIyMjUxNTBaFw0zNDExMzAyMjUxNTBaMCkxJzAlBgNV +BAMMHlNlbGYtU2lnbmVkIFNlcnZlciBDZXJ0aWZpY2F0ZTCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAKSWx99Fss9E2UIjVSFaihQABGXIkcIzL5LRvepa +EKtbhriGRXu05tVUp3SJmlyVi5ld95EwtNnrAZG8vdUXt9lZy6KEKdmeqEgpsJsR +vWJ9RVZ6lJNfjELU79Sc2v5vrIO7H4n5rme4Ad5qi6Y+AAuzfKV3Z6VcPi6v+N57 ++swwD9QOjwpqIuBNZBgA5ROLWJF4kTw75N/ELwx88XcQ55TMGVZcbBkpKjdqNX0M +PLyz/7INQHK1Wr5bm49rpumgfng8RSKBtRQyrxpTa1hWhFRpLJGjHaQBblkVqVct +6sjTvx5uJ1pyR5uw2riIy7h35NTLeG1FHSkpb+cl/3kfkZMwzVEf5Ah1ymuHi2Wh ++LFHa7Ux0hkFHnLnMCcQbJN3TxJWqAK9i24/gx+KYn0ujpuCGhAL5GpQf7R55Eb0 +qVe9XOIAoPSg9wkp6EHvbSR/+iUsJZTcnSQ5Dy2elDzpGLv5Q4kwuze0xaGwyWEm +Q9AwD6V6YB2oog9SDukF4hOHKsZsSNIDrJM7vF1PfNW1jFYl4i9Grz7raNLoVH5o +BET6/Voqw5QeyeyGP2radCfIg/RbjMkgZcJ34NTVRp0ootp+7Q1hRmFVebZJhwIm +uXEq7aZol1JU2MY/m8GgOZHL5MKp9U/dd72YFIpPwbER4ZySoycm1dzagdR8HVMM +hnn1AgMBAAGjcDBuMCwGA1UdEQQlMCOCD2FwcC5wcml0dW5sLmNvbYIQYXV0aC5w +cml0dW5sLmNvbTAdBgNVHQ4EFgQUUpBREp9DdWmsSOLB13NKkqyM6OgwHwYDVR0j +BBgwFoAUDCkdSHzC7aXzu9C3KtDT+RnwZF8wDQYJKoZIhvcNAQELBQADggIBAIKN +IfpffSYKrxe0MUo8LZvcXnMMzov3gEE2RF3eI7DT82QChBB0idtnHtK5uxr+tKwc +7B+PBAigRM8sfjNj7xoZaj8OlwRSTk51vQrOh42foQDW5F41LHV9mKunjVQakwr1 ++REcdlaJA4XqnXYWMtGEs/HziSyC+TkzPBzyJZY7JwDNCURxsZDQk7j1CRI/p6hJ +tUloxU+tfsA47DxuwOTQOokFlYgGBnnIjsuVC7OGodVa2qh4oJRPznUkZT+MWYMf +WpXYD55qHpyG69YKDc8oLfp+zJBggwHjnEVV542gIxe1S21D+1d6wf0VpTAivJsb +t2Vf4e7709LaPqNQIOQNlcL2Vg6m4yIhHE4V0ksepSqpA0oFDzViDdHnPGIo/3qH +p3TEPwl1HOy8Fz6MKykHQLtIHsr+zUF1wNV0p/zBLl29kubweEKwEKPRnsLDYmOn +d38YNggP/7p1bIYbl2O+vhF+qzc3AZhlycaZsfLGNmGSRy7SGvCgegsHR45URchb +wA9opvCxfJ7Oa+0DfxijVRjndCMuwSAWRLLBfHo/8ElVj/AdCj4TSGYlhIWWxgzj +HSmGw+C90zWnjoLM60s+qEs2R/IZW3Wd4kbF6i/+DR0vbGpD/JBIK2YO6fZJM54d +mt1IwwKWhEEwYkoPyyu1yfIlOP7ybp57D9vTYrxx +-----END CERTIFICATE----- diff --git a/build/certs/tls.key.pem b/build/certs/tls.key.pem new file mode 100644 index 0000000..28ebb3b --- /dev/null +++ b/build/certs/tls.key.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCklsffRbLPRNlC +I1UhWooUAARlyJHCMy+S0b3qWhCrW4a4hkV7tObVVKd0iZpclYuZXfeRMLTZ6wGR +vL3VF7fZWcuihCnZnqhIKbCbEb1ifUVWepSTX4xC1O/UnNr+b6yDux+J+a5nuAHe +aoumPgALs3yld2elXD4ur/jee/rMMA/UDo8KaiLgTWQYAOUTi1iReJE8O+TfxC8M +fPF3EOeUzBlWXGwZKSo3ajV9DDy8s/+yDUBytVq+W5uPa6bpoH54PEUigbUUMq8a +U2tYVoRUaSyRox2kAW5ZFalXLerI078ebidackebsNq4iMu4d+TUy3htRR0pKW/n +Jf95H5GTMM1RH+QIdcprh4tlofixR2u1MdIZBR5y5zAnEGyTd08SVqgCvYtuP4Mf +imJ9Lo6bghoQC+RqUH+0eeRG9KlXvVziAKD0oPcJKehB720kf/olLCWU3J0kOQ8t +npQ86Ri7+UOJMLs3tMWhsMlhJkPQMA+lemAdqKIPUg7pBeIThyrGbEjSA6yTO7xd +T3zVtYxWJeIvRq8+62jS6FR+aARE+v1aKsOUHsnshj9q2nQnyIP0W4zJIGXCd+DU +1UadKKLafu0NYUZhVXm2SYcCJrlxKu2maJdSVNjGP5vBoDmRy+TCqfVP3Xe9mBSK +T8GxEeGckqMnJtXc2oHUfB1TDIZ59QIDAQABAoICAAh3wHM+fv9Wa7YRIstbQODc +Cl3hNoyO/RrY4yQ4O4TRaeo68D631StzFkVy4efzArJiiP7lilxu0I8aroqU1I7g +ZY9oLM4HMWG7EVy9CikTyFo1Zsj5QLpcgbVG16aBANdrLGl5GM25xBDZGvOz22U+ +uAI8VS8HAqT8xTlPGB1iuKHAmP/ga4huOuDYRPDfObCMSy6V50XS7le+Yt7tFfkM +Eh6lFSOrQEKHGpbjJwnPWe+jamYsae2CwYtcrsL00KTndugaU8JlBCi+03ZBR0Af +hB0/DuKV90Mqj+KOGHb6G+pZIPmwiPob3HjjgtWsB3AiQsEebexk9x6lkBH/e4oJ +of/pxpjJL1bpBGipTQqrT0YBb+MV4dhK0RpDTfbjsfUpMTUibMYT5akHo8M8dDHk +klHhVKm0sK3kvjM5wXK8m57lLtI7IfVUg0scm4WfidotKLCpv+xMuR+DLZyKctUX +HpQ6hMP/Itfbx1BOay9YIdmwAg6vz1ARER4MGb1muJruDiGLgL8CgphQHQE68APV +79K/t0Hojg1GUbYzB4HZWYHIXSnNk0JDgCBSfNGf5Or/eLat2q6IfNQbHuI+OAHA ++Zr+RdAMef0il7S61HvpyseFC2s2+xtGseWjSa86yqGNW06jPyfE0hNvis7USlvC +25NCZPxOW1O1EczJGLKpAoIBAQDhCA8r0yWZvHSugt9l8lrq8mHXWjLhzI3pri9E +EaKkSMKBcCGI+OJHIMF3eafavfCp5UXmFq4vLCtQE16ozthnRi2AAJlkb9+VwcUC ++xXMBDw3Gp3jb/vKUIPf5sGJ3DCBafaw4phmWMPipI9YkIkj/69xXVuTW36iEKiC +/ekb219GMWqaFNxL7ipYLAf/28oYQ9X728Ji9pj28QdzQXSlnZiNE+gCicXmp9iW +5UZVoRNeWz7dMawncPqsP5D8d1YqX0ILXAnwJpfczOWWObGFLRUB1cKJWbyiKZlo +dJ2kBtvm/M3yoh5lcSEyUXJHLOyBprFqM7iMsEGfWKAH8PnNAoIBAQC7PU98Lf+r +syaYs1xnIn0h2GDya9z38/sl6GJ62fyGDGC2/bv9+Gs7znif9LS9OSH9EhOc1O0O +VbZYN9N6LGvIBmGICBhtDHOWuPASQ9budm9EgilVzF5sUi+15h/SKJeyHASlKer0 +PRJzMQ5WBjShVcTPASYf1Enbzo/8+c3enudkkrLQlOxjLznDuC/xKIG7JuecVMId +Dahd2S9XLpk5C8X0F8psnMqjvQQMPG/F3nbkbQjrT9imeGyzBZ2F6c5SDx2qn9qD +5o6AtRN4PmWPfdgesGIJ642DAsmyOxd2cNP9dm3x6UQqZK1X9UaMNI96ZsPT9jHK +6fWvw2aM47jJAoIBAQDGWhs9Tu16uHHFDRirPNfE9oclkpz9CRgh3WZOQpkw4+2G +uHbmzDJv7cB6dmJtXjUPHEfjiyRX8j/vYlNyynhXd7VNebm7nRzgXR8yBG3vGeCV +1cFMI342k4faSQVZZhvfRq6qteENfbqUQOcVcrlfYNWdQGQi3GgfpD1U0UizREeT +kKVdUXvo9fKfK5iVf3+AqfKpAMk0ABdOu6AMiKqv/NzlpaFA833cVSCFyWyYt9Vh +u14LDOipD131jEZZMzthN/v4FVWxN+NuPbE1HH+MWvOEXY4PEWlDKxXMy9XUKjOV +REqoTxwp4HEZcE8hy8hgc7U4XoSShh4hvbW5qkAVAoIBADbB4WLxmNm/1MPHgHhw +76NcQk3jGYYyBfq6EULYSS9yoz4gyj+lzMZ6xXASAmFsOfJmvPGam5Ebo+38tY3/ +O64Nn6xGoc4SXCNyBlNxH4QxgqzIXApJcDvBdU5+9ENjt6lQ5FLhBWNUEPc7G3Qw +8GdWS+416c5ZKRhtOlLDQ1+dnRIejMjPJKqE/yGr1ely7S2sXQOtDe+tNNXtVBjs ++cZjGQsfggVtfR2Rg4OIkS+Otbpr4LXgbf2RLkjUlZK6I6p/3S8u/JqibH5bdkwu +A0mJhhDDiIhaKNJtmErVWTE8IeL4JYMfst2q/76/blhGbsdfEloEn981uLIkNPNz +DXECggEBAKu6cMeiM7P07NdZ6Ylm5NAVSMvABRh2D1qac8+m4waDrnKUkhM+Ew9R +wpHfJc9oVN65OXouXvw8GT2e/EaaO+RLRXO3AfNyLcsqzJA3vnRubQQw/p4fCGJD +WYgdYYE9r3s+vBq1o+C7m8QDItuv0QHhGg2u86HSbcOCtwAaqvi6EVO7flX9bPAq +Vn43c+7Fja7cYDtBf6EfAC5mbv6IZB1rv0oxeMCtQqBCuBVuyDa0k8z6VsCEJRgi +vUbFT4WXgeTJX687YYmpgFs7JjaTmVKId1g6sa2DHnA985B38OrrFyVTVEgsBqk5 +wx0eiAK3j7cQmI0VYkGfGXP7NT5UOOw= +-----END PRIVATE KEY----- diff --git a/build/fpm.dockerfile b/build/fpm.dockerfile new file mode 100644 index 0000000..74fe296 --- /dev/null +++ b/build/fpm.dockerfile @@ -0,0 +1,4 @@ +ARG BASE_IMAGE +FROM $BASE_IMAGE + +COPY ./html /var/www/html diff --git a/mounts/nginx/html/.htaccess b/build/html/.htaccess similarity index 100% rename from mounts/nginx/html/.htaccess rename to build/html/.htaccess diff --git a/mounts/nginx/html/custom.css b/build/html/custom.css similarity index 100% rename from mounts/nginx/html/custom.css rename to build/html/custom.css diff --git a/mounts/nginx/html/enterprise.css b/build/html/enterprise.css similarity index 100% rename from mounts/nginx/html/enterprise.css rename to build/html/enterprise.css diff --git a/mounts/nginx/html/enterprise_plus.css b/build/html/enterprise_plus.css similarity index 100% rename from mounts/nginx/html/enterprise_plus.css rename to build/html/enterprise_plus.css diff --git a/mounts/nginx/html/index.php b/build/html/index.php similarity index 100% rename from mounts/nginx/html/index.php rename to build/html/index.php diff --git a/mounts/nginx/html/logo.png b/build/html/logo.png similarity index 100% rename from mounts/nginx/html/logo.png rename to build/html/logo.png diff --git a/mounts/nginx/html/logo.xcf b/build/html/logo.xcf similarity index 100% rename from mounts/nginx/html/logo.xcf rename to build/html/logo.xcf diff --git a/mounts/nginx/html/premium.css b/build/html/premium.css similarity index 100% rename from mounts/nginx/html/premium.css rename to build/html/premium.css diff --git a/mounts/nginx/conf/nginx.conf b/build/nginx.conf similarity index 100% rename from mounts/nginx/conf/nginx.conf rename to build/nginx.conf diff --git a/build/nginx.dockerfile b/build/nginx.dockerfile new file mode 100644 index 0000000..971ee45 --- /dev/null +++ b/build/nginx.dockerfile @@ -0,0 +1,6 @@ +ARG BASE_IMAGE +FROM $BASE_IMAGE + +COPY ./certs/tls.crt.pem ./certs/tls.key.pem /etc/nginx/certs/ +COPY ./nginx.conf /etc/nginx/nginx.conf +COPY ./html /var/www/html diff --git a/build/pritunl.dockerfile b/build/pritunl.dockerfile new file mode 100644 index 0000000..b7952c1 --- /dev/null +++ b/build/pritunl.dockerfile @@ -0,0 +1,11 @@ +ARG BASE_IMAGE +FROM $BASE_IMAGE + +# Install curl +ENV DEBIAN_FRONTEND=noninteractive +RUN apt update && apt install -y curl && rm -rf /var/lib/apt/lists/* + +# Copy FakeAPI CA certificate to python truststore +COPY ./certs/ca.crt.pem . + +RUN cat ca.crt.pem | tee -a /usr/lib/pritunl/usr/lib/python3.9/site-packages/certifi/cacert.pem; rm -f ca.crt.pem diff --git a/docker-compose.yml b/docker-compose.yml index 3643046..08d048e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,14 +1,30 @@ +networks: + pritunl-network: + driver: bridge + external: false + services: nginx: - image: nginx@sha256:0f04e4f646a3f14bf31d8bc8d885b6c951fdcf42589d06845f64d18aec6a3c4d + container_name: pritunl-fakeapi-nginx + build: + context: ./build + dockerfile: nginx.dockerfile + args: + BASE_IMAGE: ${NGINX_IMAGE_TAG} restart: always - volumes: - - "${PWD}/mounts/nginx/html:/var/www/html:ro" - - "${PWD}/mounts/nginx/certs:/etc/nginx/certs:ro" - - "${PWD}/mounts/nginx/conf/nginx.conf:/etc/nginx/nginx.conf" - ports: - - "80:80" - - "443:443" + privileged: false + environment: [] + volumes: [] + secrets: [] + networks: + pritunl-network: + aliases: + - app.pritunl.com + - auth.pritunl.com + ports: [] + depends_on: + fpm: + condition: service_started healthcheck: test: ["CMD", "curl", "-f", "http://localhost:80/"] interval: 10s @@ -17,10 +33,54 @@ services: start_period: 5s links: - fpm + fpm: - image: php:fpm@sha256:245576beb9a87cecac8027e92866d8ed37687023d1efea79a7fc34828d228797 + container_name: pritunl-fakeapi-fpm + build: + context: ./build + dockerfile: fpm.dockerfile + args: + BASE_IMAGE: ${FPM_IMAGE_TAG} restart: always - ports: - - ":9000" + privileged: false + environment: [] + volumes: [] + secrets: [] + networks: + pritunl-network: + ports: [] + depends_on: [] + healthcheck: + test: ["CMD-SHELL", "timeout 5 bash -c 'cat < /dev/null > /dev/tcp/localhost/9000' || exit 1"] + interval: 10s + timeout: 5s + retries: 3 + start_period: 1s + + pritunl: + container_name: pritunl-server + build: + context: ./build + dockerfile: pritunl.dockerfile + args: + BASE_IMAGE: ${PRITUNL_IMAGE_TAG} + privileged: true + restart: always + environment: [] volumes: - - "${PWD}/mounts/nginx/html:/var/www/html:ro" \ No newline at end of file + - ${PWD}/mounts/pritunl/mongodb:/var/lib/mongodb + - ${PWD}/mounts/pritunl/config/pritunl:/var/lib/pritunl + secrets: [] + + networks: + pritunl-network: + ports: + - '80:80' # WebUI + - '443:443' # WebUI + - '62001-62099:62001-60999/udp' # ovpn + healthcheck: + test: ["CMD", "curl", "-f", "-k", "-L", "http://localhost:80/"] + interval: 10s + timeout: 5s + retries: 3 + start_period: 5s \ No newline at end of file diff --git a/mounts/nginx/certs/ca.crt.pem b/mounts/nginx/certs/ca.crt.pem deleted file mode 100644 index 64991eb..0000000 --- a/mounts/nginx/certs/ca.crt.pem +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFRzCCAy+gAwIBAgIUUmbn9VW2/Yt5JsPXdN8SUE9AOvIwDQYJKoZIhvcNAQEL -BQAwMzExMC8GA1UEAwwoU2VsZi1TaWduZWQgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1 -dGhvcml0eTAeFw0yNDA2MTExNDMzNTNaFw0zNDA2MDkxNDMzNTNaMDMxMTAvBgNV -BAMMKFNlbGYtU2lnbmVkIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIi -MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQD5jz1tcASmQpMTsqWX+VzevSfo -v4dHo9YUipA60Zu8NR0x1hCoVJp42fChotfvzFbhKpDqoeE3eOYSi18y9GYx4gYV -vBsgBc6UoPOkbTB6brlf13fZOHSnfoWcEsXPSu71pXND3UWPn7gE5NsQs3UW+O6m -+dhn6w6cNpZc8/mtH3CwW+klaH3xw1XUe43TyzSM9M8KWBg7CIam7Ba64o2ubB0b -5otccqWcupLyE63ZGpaRn0a4RweCQfUERin5YSaed8fyY/mEte+bF4qNXqGksItv -sCAOI8+5mS7ckicawt+DHst53PnwstaZVDvtWADG6uQr0eV9knTmKJPk8EkpsdQr -bTCfBrfvh88kV5kDZi5prHVhTPTMdLkQNwFfZN5vqEfKHKB7AX+T0K4SNf4rvrDb -eqLQOvpcifX7y9khZ2n2HXFKzOUsy+LRVl95iwcfLetOFrefEi0z4II0t1glKPlz -8r09eSvQu5pLeeQZgnzB0zUDFGqPfY0coVCdSfQ+d7waNy/vZRhfhIhUCuj+u/Dw -KV0fQA9lkFND2hccXfS1tMcmQpGT/Jwdd83Y9vHKEcuigd0iemK0wYzO0xEF4WWt -zmkesMKZ+RAmUPUgjvbFXUvjZwoCvMSAoOOIlbBBe1wDMfxVeK3t/6WohDPqZpnp -H+zY5fz2c8wl4jeEvQIDAQABo1MwUTAdBgNVHQ4EFgQUwPDuKN4xNpMci7miVNiQ -b0wQCC8wHwYDVR0jBBgwFoAUwPDuKN4xNpMci7miVNiQb0wQCC8wDwYDVR0TAQH/ -BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAM/CVbY6qLfhPtWGFGiplqJ+yLR0I -x5+W3OEzt+z8kewFlBBGZkNr9t2m5BiwoegbsmD92popDTRY+ToveqYOaTFMSuCL -9ETNs4PH4f0LPJk66Pco8V+9MolG+QCjSPWr2fiPFycc+N/w/kgl8fCnRT7vU9rB -Kov9MXOfX9OIWbx3JkVaDmMLAoNyjVrctedWMy2PRLbMzJn0wOIKYDVcXl4MwnVy -1aMXUnsjHRQ+gxiQER89+IqKNhtPzZbz8gZtnpikXTPT7gcjQ7wJfooU5j0BeDDg -isQ6CUb9QtOXnZ5G5c6H0bbq/vNXCEOtjevN1BNVbzA4V9wISc2OayTBheqfgx7a -CzFgCCGzRyt4gfQdovKdNfhl0TEhXuSbqvX3RdDlVPM912gaKY9NIFt2Jb5lScS6 -2Lw9VVQ1cm+Wz/UQiId3v1wuQIwqNlOGsGVCb01JCAVorYGOGC5uY8gQq0+8x375 -9llC/CROYB9B8CEUAoYkcSsFxRfmE5hfyOemiq4hmSx89vHkpaQHaXV/ZxwG72A9 -PTSlgd4l1axW2XOtUzmrBddbdrKMFdUjWBAAGi87NkEMq8sGzsXQnBKIe7Doiau5 -Ml363nYCawY8jQOf4UO6ZtUhIjOgKECl7BiED7eotsphOIYH0daUF1E4EvZoydX7 -RU8CdysiQ0OM0Kk= ------END CERTIFICATE----- diff --git a/mounts/nginx/certs/tls.crt.pem b/mounts/nginx/certs/tls.crt.pem deleted file mode 100644 index 92f3bb2..0000000 --- a/mounts/nginx/certs/tls.crt.pem +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFDjCCAvagAwIBAgIUMIBPMbZBY9ZnJ+owpUTVnu/oHAEwDQYJKoZIhvcNAQEL -BQAwMzExMC8GA1UEAwwoU2VsZi1TaWduZWQgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1 -dGhvcml0eTAeFw0yNDA2MTExNDM0MDJaFw0zNDA2MDkxNDM0MDJaMCkxJzAlBgNV -BAMMHlNlbGYtU2lnbmVkIFNlcnZlciBDZXJ0aWZpY2F0ZTCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAOTDXbD3WRf/pWa158xYQpTWWgeW67YPXtRnkEBh -B0ztTCui4YbeSBL7y+CeGgfVE5XN+V0aAt0YAZvo5ffHzhd6HXgyhIObo0VHtX1s -P9I/Z9PbdxeOEuJXU0J/0lkAIuv7nhnxDy+qoJ8b01g7fuTvepGwHJZiZXDYiT7k -lb60tqg95JFsdQtMyZrHCYNcSQZK6AkRiouqbCQimYCO1N7SRtcgtaathFDAHTvk -Afne2SvGeO3rxVe5swoXGYjz2aQAPy7lfZgdYsRKPznwxNYPkXq8jx4Pxh0DsyQV -aHFjYRszIot/V8gVePzbDlE7JrpnPuzooMDPqASXkmjk9NDkpxhjmXPmTiOxa8c5 -QAVwB94C+VtHmUomHVAbmj0XM7YOxQDn8wVOeWi0nVj2LGptsSylePsrg242pGwi -83Z87emOEYzvDFFd2hReoHDz3Fp97X/xydyUawTRRx0RtM5Lljps3aGJlSiNIBiy -yQbTxoOmEFVGTOAnv0mG4y9tfttJKxZ0RNYnDKnUDfglfdL60zkBmZqM3XsivLlw -k8/lxgSWsK83iFRQHJ9/GB8wPjmpf5+9y6CZ3LS2ax+hY2IB/z2xYX1s4ZuCEx9N -dSiet1+ueyyax/YigBqqq+2MTiV9W1+1EPa0tQHIwOQQpfN99i7yzUlmFo2HRNhR -BjkzAgMBAAGjJDAiMCAGA1UdEQQZMBeCFXByaXR1bmwtZmFrZWFwaS5sb2NhbDAN -BgkqhkiG9w0BAQsFAAOCAgEAmtFS/A6XSHEZM/8DzOl/beQXtAvhHZGfEX4IFhTq -ov6mGbN5hmSOGaT6C/LrEp1Y6d/K0xlxQQu3t4sWnM+R7CwgBdP0NLEZxtbx+WOq -LZVpGH9+wBsk6flPtUFtcrI1z6YB6RebRvC6ZlzYfhoQpUub9aYHrGyV1F8aYy+d -cmFlQx3F++UG+m1/WVer7WVLUJAOwBfr2BoFdUne5d9Wkhdh8nYFztxpgkdqb8FO -p5g4XFV4fM2zxSwICJWbcwr5VLDGKc2YDuXI195XmHiaC19C0MPH3aJ4VmvPmBWp -eiG8kUtCHzYrXyRu35AlobweT/MIaO54RGHuSAGJ4a1BdU+41mhvheScu//+g5gS -oicR8PaAm6FGc4px8sCYlXxkvWEChOF6KiuwhAYr1kEWcy0UIeERm/h99nsjAzYw -+aQF6eJG9hRXw5DInCv0ll5QZqsQqxFwm7vkGpBLUK7b1Xcel3aPqrl/mhxDUrwi -pvygH3mlCZWx/F5J3Lv7u+toc2cWFQ3CpN0/aYkV/d16BjAiz+9V/is5OwSf02Nq -HrcBt9rUoTtM/vIffijhSxgT0zd5IxMkmtDqf+VrWa0Z1jU/cFdztk24aVxOFnPc -lTiqzzDRXUdiQ7uRcEDnw9E+nLi1fGbxa2GKTjdq+AxbaOOD95FHq3rlE65aMoB3 -B9E= ------END CERTIFICATE----- diff --git a/mounts/nginx/certs/tls.key.pem b/mounts/nginx/certs/tls.key.pem deleted file mode 100644 index a75ec84..0000000 --- a/mounts/nginx/certs/tls.key.pem +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDkw12w91kX/6Vm -tefMWEKU1loHluu2D17UZ5BAYQdM7UwrouGG3kgS+8vgnhoH1ROVzfldGgLdGAGb -6OX3x84Xeh14MoSDm6NFR7V9bD/SP2fT23cXjhLiV1NCf9JZACLr+54Z8Q8vqqCf -G9NYO37k73qRsByWYmVw2Ik+5JW+tLaoPeSRbHULTMmaxwmDXEkGSugJEYqLqmwk -IpmAjtTe0kbXILWmrYRQwB075AH53tkrxnjt68VXubMKFxmI89mkAD8u5X2YHWLE -Sj858MTWD5F6vI8eD8YdA7MkFWhxY2EbMyKLf1fIFXj82w5ROya6Zz7s6KDAz6gE -l5Jo5PTQ5KcYY5lz5k4jsWvHOUAFcAfeAvlbR5lKJh1QG5o9FzO2DsUA5/MFTnlo -tJ1Y9ixqbbEspXj7K4NuNqRsIvN2fO3pjhGM7wxRXdoUXqBw89xafe1/8cnclGsE -0UcdEbTOS5Y6bN2hiZUojSAYsskG08aDphBVRkzgJ79JhuMvbX7bSSsWdETWJwyp -1A34JX3S+tM5AZmajN17Iry5cJPP5cYElrCvN4hUUByffxgfMD45qX+fvcugmdy0 -tmsfoWNiAf89sWF9bOGbghMfTXUonrdfrnssmsf2IoAaqqvtjE4lfVtftRD2tLUB -yMDkEKXzffYu8s1JZhaNh0TYUQY5MwIDAQABAoICAQDe9G2e6SNjGVyZ4xY8eZTC -vLrYBMZMFWTl/N2BcU+NMQV4zfGh4Yg7QD7u9wgFtCy3ZxzvGUfLNfdzfaSMPqbl -CLYqDIpMPmb9QatnxxXYksVdnNrQET7kbBmQiUV4SoK+nefz/pY/bbvH9nWf27SL -6b76uLrT8qhNOC1jJ6OuTzBqfpADD8JvNfKTMANcjJf7UwwcsoTmJD3rZfFXc12S -oTw7tPx1q0126hZT5Z/raL8eQ/xeXdhi7HDLl8HiUU8/4KGz0iT7GUDGcFp43Ojq -fBfcmGOf992tL4rr0xWM1T+yI786V+0064CUZ+bnUpAnQjL48Kyj3n8xoowmQWc7 -TCdtIRP7R8slGIUHV0bJMVBgcVvZ2zuI601/5MvSrQFN5YNFUB4/KksG0HZXfRse -JXKjbM35lffIUGmeXK+2mW8dlH0ICgndKo5jdG3A8GsmgyA9a+bDlS/FBT5iQSHn -kmDXnM0M0cWLpA1zTiIhxjPwanAp5gG5QrmrYlgmBBUu2z/rTd3NQmqpzjJO3k7O -mV7OcD8XhNoqojRBqQW32PFuq6Ucmbal604bE6qAJuB2kQnV2WlPV3j9C4+DY84/ -Badt/ybiNVgzFciWfJWBt1D0YfDmYBXMpzBQckdVO2tYsbKseae3WWmDLh1IIPUY -NpSh38mrSb/XBD9qfRFJ+QKCAQEA/hmDgdA4Tkt1+0gXESeTqpIFbnh3yBlnXexL -OJcNMZJW9CaKSUbbVS2TV7vIfaXC/+OXwFPJfQfULvSjaPg74xAS/DYjW9sNF+5A -HdLb/0fYzNhLDc/vxHzfqjwAT/wR23d2oraHkYDqNzaPKiktU8MhtdPuow416ZDY -F/kcU+I781zVrHqBSPGjE4/9IG7pkFyzTENhwm+EOZVQSjguS65JoyO5+NRMkcit -5dmF/lK+ee+4HH3BkapJnFBTW01wgH77GHtBdbp3wYMzNPdioYXxud9Y0mhlOHYG -HUX4KUin5D+Lu1hrioi2/yuNS/XxUOcihcfHRSJ/pDXtZ+uTpwKCAQEA5nlYIqqX -LjDWrp++Ks3qJlmu39gDP6vcSzSue2yM38p1GbFHAwR0OyNbUI5X6KVj1y1Q7CVE -xpPAokQC2T47lBF035viXMTSmxun7g7amdToHB/OMbW0J+97otXfaK8uq+i+4qaU -dfm2lG6Ubtfv8Xi0dOemwp7c4rZR/qxqMSM/8rrfU/GtVZMwHE1FiYOvEkY8OOlq -NHw6ExXpnZrksDtELvICcJffMPF4hvtiwek/OpMKGwNYJS1Yopfh4iUVBU8LO6q0 -6JUUgYnXUl7ERC3kRlNi4fq7JF4ELGgc3sG1KQAyTirtM+is86QWVNxZCaUnD6BC -VBUQj1WbYPmPlQKCAQEA69yA7mF5smtnQ22CQ+Ept529PvLBtNKn2U358Lh9fbMp -1Y1ktWn5M9KPP1PGYaMZI29+L/9WOyGmOkPI3yn0ZOtJxCT4o03slHcJuuU8YnSt -cE+hM1v9YrTK5Hi3jYcciEwWqiimJFC2l7OkJm18bpDlXKMxktchAgH6JB6Oxeps -3ZQhnu1DzpLFXeY8/vsVAHSb1cGCH/plkRHhKlOF3agVIEKMYMWnoXbWvFEyiIUD -26nBi2jL4ctgcqE5DroOIKg9qVbXx1Dj0pNXV+X9/pKXc4I3L2/J7SPYvxlwpdmU -RlEaAjer8za+LpOdn5HWgtNZfzaW6LyCIMoR6XGJZwKCAQEAkD2xY0DQjSATvAZN -xgxJVucaAw32OoscvBSkfqpZIFZdI09H2iOXesuOAsSTUA7yhWDfHGvWt1ERZnya -K8w/DVQ/iRLOgLDN/jU4zEyPk2ckPTXKnmHR9oxzHF4uDB5XX0+y57bJg2xdUFhE -nXqXuNCKX//65iL2qwzgFDtj2oztIMTDsI24pa4QliXmN0Iq94ztc9DhnyeAUSGN -rA2cwo7VBWyBCmaCUOdPP2tlS2bnI4mS8YUOTXYr2tajkB0VItVtelJEFqv2wXu7 -PtoAi4sNKtZVNIjvRrtwcTpXlzI0Zwywbyt+eNZOJ82yDDo7n0W1RJpP6L+mNY6m -R/LoYQKCAQB1snQrgPc7Hp7F6Q0iZr9ALcvYxXo5V2qUlSJ91x0uEH+oN+C5kXkq -VsIsaCX8gpoYB46VYN4BwA5pgpTF+FvsVducKPGtgX7YTJBcisaXBiUu0TZibHpa -omaCsUX6M4b4LKoFi4K7BqFdMPANarfWksdR9mK+vIm6cHKI74TqPPYdDIFONJP6 -0uSTzydYG5tOPZokPAGT64jP9FWBrK+ry3KfDat2fOSkQ8qKgjD2P4wWMznqS7UM -HnzXUkFKXpzuG/h8vuT7Jms3nNlJ9xFE6R2bf5TfcmGlHq1eZthNvgobxGMf4m4/ -nRwpKtDIScnPoUXH1TyjLz9R75GFO5US ------END PRIVATE KEY----- diff --git a/setup.py b/setup.py deleted file mode 100755 index ed5c648..0000000 --- a/setup.py +++ /dev/null @@ -1,102 +0,0 @@ -#!/usr/bin/env python3 -import os -import glob -import time -import base64 -import argparse - -originalApiServer = 'app.pritunl.com' -originalAuthServer = 'auth.pritunl.com' -defaultApiServer = 'pritunl-api.simonmicro.de' -searchIn = [*glob.glob('/usr/lib/python3*'), '/usr/lib/pritunl/', '/usr/share/pritunl/www/', '/usr/lib/pritunl/', '/usr/share/pritunl/www/'] - -print(" ____ _ _ _ _____ _ _ ____ ___ ") -print(" | _ \ _ __(_) |_ _ _ _ __ | | | ___|_ _| | _____ / \ | _ \_ _|") -print(" | |_) | '__| | __| | | | '_ \| | | |_ / _` | |/ / _ \ / _ \ | |_) | | ") -print(" | __/| | | | |_| |_| | | | | | | _| (_| | < __/ / ___ \| __/| | ") -print(" |_| |_| |_|\__|\__,_|_| |_|_| |_| \__,_|_|\_\___| /_/ \_\_| |___|") -print(" ") - -sel = None -interactive = True -parser = argparse.ArgumentParser() -parser.add_argument('--install', type=str, default='DEFAULT', nargs='?', help='Do not ask and install new API endpoint.') -parser.add_argument('--reset', type=str, default='DEFAULT', nargs='?', help='Do not ask and remove new API endpoint.') -parser.add_argument('--api-server', type=str, default=defaultApiServer, help='Set new API server.') -args = parser.parse_args() - -newApiServer = args.api_server if args.api_server.strip() != '' else defaultApiServer -if args.install != 'DEFAULT': - interactive = False - newApiServer = args.install if args.install is not None else newApiServer - sel = 'I' -if args.reset != 'DEFAULT': - interactive = False - newApiServer = args.reset if args.reset is not None else newApiServer - sel = 'R' - -if interactive: - while sel not in ['I', 'R', 'B', 'Q']: - sel = input('[I]nstall, [R]eset, [B]uy Pritunl, [Q]uit? ').upper() - print() - -def doTheReplace(fromApiStr, toApiStr, fromAuthStr, toAuthStr): - print(f'Okay. We will change "{fromApiStr}" to "{toApiStr}" and "{fromAuthStr}" to "{toAuthStr}" now...') - numFiles = 0 - for i in range(len(searchIn)): - print(f'[{i+1}/{len(searchIn)}] Replacing in {searchIn[i]}...') - for p, d, f in os.walk(searchIn[i]): - for ff in f: - try: - fh = open(os.path.join(p, ff), 'r') - lines = fh.read() - fh.close() - newLines = lines.replace(fromApiStr, toApiStr) - newLines = newLines.replace(fromAuthStr, toAuthStr) - # Special case for changes from c1772d9b3268f91de409ad552e3d4d54d5ae1125 - newLines = newLines.replace(base64.b64encode(f'https://{fromApiStr}/subscription'.encode()).decode(), base64.b64encode(f'https://{toApiStr}/subscription'.encode()).decode()) - if newLines != lines: - numFiles += 1 - fh = open(os.path.join(p, ff), 'w') - fh.writelines(newLines) - fh.close() - except UnicodeDecodeError: - # Brrr - binary files... - pass - print(f'Modified {numFiles} files in {len(searchIn)} paths.') - -if sel == 'I': - if interactive: - print(f'By default, the Pritunl API endpoint is hosted at "{originalApiServer}".') - print(f'In case you want to use your own instance, you also have to support HTTPS!') - print(f'Note, that the SSO implementation of Pritunl is hosted at their servers (closed source) and will just be "disabled".') - ownApiServer = input(f'Please enter the new API endpoint [{newApiServer}]: ') - if ownApiServer == '': - ownApiServer = newApiServer - else: - ownApiServer = newApiServer - doTheReplace(originalApiServer, ownApiServer, originalAuthServer, ownApiServer + '/auth/') - print('Please make sure to restart the Pritunl daemon now and please support the developer.') -elif sel == 'R': - if interactive: - print(f'To properly revert any changes to your Pritunl server, this script must exactly know what (custom) API endpoint you have choosen.') - ownApiServer = input(f'Please enter the current API endpoint [{newApiServer}]: ') - if ownApiServer == '': - ownApiServer = newApiServer - print('Make sure to REMOVE ANY FAKED SUBSCRIPTION KEY (by not entering an other command - just remove them). You have now 30 seconds time to hit CTRL+C and do this.') - time.sleep(30) - else: - ownApiServer = newApiServer - doTheReplace(ownApiServer, originalApiServer, ownApiServer + '/auth/', originalAuthServer) - print('Please make sure to restart the Pritunl daemon now.') -elif sel == 'B': - print('Sure thing, buddy... Why did you try to use this?') - print('Visit https://pritunl.com/ for you own license!') - try: - import webbrowser - webbrowser.open('https://pritunl.com/') - print('Let me help you...') - except: - pass -elif sel == 'Q': - print('Bye!')