From fcfeaa627a30c28e8dc01958019e707199e732f6 Mon Sep 17 00:00:00 2001 From: reonokiy Date: Sat, 17 May 2025 02:14:05 +0800 Subject: [PATCH] test --- .forgejo/workflows/build-docker-images.yaml | 53 +++++++++++++++++ docker-compose.yaml | 19 +++---- templates/sing-box-reality-server/Dockerfile | 19 +++++++ .../sing-box-reality-server.json | 57 +++++++++++++++++++ templates/sing-box-reality-server/start.sh | 3 + 5 files changed, 141 insertions(+), 10 deletions(-) create mode 100644 .forgejo/workflows/build-docker-images.yaml create mode 100644 templates/sing-box-reality-server/Dockerfile create mode 100644 templates/sing-box-reality-server/sing-box-reality-server.json create mode 100755 templates/sing-box-reality-server/start.sh diff --git a/.forgejo/workflows/build-docker-images.yaml b/.forgejo/workflows/build-docker-images.yaml new file mode 100644 index 0000000..56f21e6 --- /dev/null +++ b/.forgejo/workflows/build-docker-images.yaml @@ -0,0 +1,53 @@ +name: Build and Push Docker Image + +on: + push: + branches: [main] + tags: ["v*"] + pull_request: + branches: [main] + workflow_dispatch: + +jobs: + build: + runs-on: ubuntu-24.04 + + steps: + - name: Checkout repository + uses: https://github.com/actions/checkout@v3 + + - name: Set up QEMU + uses: https://github.com/docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + uses: https://github.com/docker/setup-buildx-action@v2 + + - name: Log in to GitHub Container Registry + if: github.event_name != 'pull_request' + uses: https://github.com/docker/login-action@v2 + with: + registry: git.nokiy.net + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract Docker metadata + id: meta + uses: https://github.com/docker/metadata-action@v4 + with: + images: git.nokiy.net/${{ github.repository }} + tags: | + type=ref,event=branch + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=sha,format=short + + - name: Build and push Docker image + uses: https://github.com/docker/build-push-action@v4 + with: + context: templates/sing-box-reality-server + platforms: linux/amd64,linux/arm64 + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max diff --git a/docker-compose.yaml b/docker-compose.yaml index 983776b..422a1b1 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -1,16 +1,15 @@ services: sing-box: - image: ghcr.io/sagernet/sing-box:v1.12.0-alpha.9 + build: + context: templates/sing-box-reality-server + dockerfile: Dockerfile restart: always container_name: sing-box + environment: + PROJECT_ID: ${PROJECT_ID} + INFISICAL_API_URL: https://infisical.nokiy.net/api + INFISICAL_SECRET_ENV: ${INFISICAL_SECRET_ENV:-prod} + INFISICAL_MACHINE_CLIENT_ID: ${INFISICAL_MACHINE_CLIENT_ID} + INFISICAL_MACHINE_CLIENT_SECRET: ${INFISICAL_MACHINE_CLIENT_SECRET} ports: - 443:443 - - 127.0.0.1:10800:8080 - volumes: - - ./singbox.json:/etc/sing-box/config.json:ro - command: -D /var/lib/sing-box -c /etc/sing-box/config.json run - - warp: - image: ghcr.io/aleskxyz/warp-svc:v1.5.0 - restart: always - container_name: warp diff --git a/templates/sing-box-reality-server/Dockerfile b/templates/sing-box-reality-server/Dockerfile new file mode 100644 index 0000000..3157bf2 --- /dev/null +++ b/templates/sing-box-reality-server/Dockerfile @@ -0,0 +1,19 @@ +FROM ghcr.io/sagernet/sing-box:v1.12.0-beta.14 + +RUN apk add --no-cache curl + +RUN curl -1sLf \ + 'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.alpine.sh' | bash \ + && apk add infisical + +RUN curl -L https://github.com/a8m/envsubst/releases/download/v1.2.0/envsubst-`uname -s`-`uname -m` -o envsubst \ + && chmod +x envsubst \ + && mv envsubst /usr/local/bin + +COPY ./sing-box-reality-server.json /etc/sing-box/config.template.json + +COPY ./start.sh /usr/local/bin/start.sh + +ENTRYPOINT ["/usr/bin/env"] + +CMD ["/usr/local/bin/start.sh"] diff --git a/templates/sing-box-reality-server/sing-box-reality-server.json b/templates/sing-box-reality-server/sing-box-reality-server.json new file mode 100644 index 0000000..ac20fa3 --- /dev/null +++ b/templates/sing-box-reality-server/sing-box-reality-server.json @@ -0,0 +1,57 @@ +{ + "log": { + "level": "info", + "timestamp": true + }, + "dns": { + "servers": [ + { + "tag": "dns:cloudflare", + "type": "h3", + "server": "1.1.1.1", + "server_port": 443 + } + ] + }, + "ntp": { + "enabled": true, + "server": "pool.ntp.org", + "server_port": 123, + "interval": "60m" + }, + "inbounds": [ + { + "type": "vless", + "tag": "in:vless", + "listen": "::", + "listen_port": 443, + "users": [ + { + "uuid": "${UUID}", + "flow": "xtls-rprx-vision" + } + ], + "tls": { + "enabled": true, + "server_name": "${DOMAIN}", + "reality": { + "enabled": true, + "handshake": { + "server": "${DOMAIN}", + "server_port": 443 + }, + "private_key": "${PRIVATE_KEY}", + "short_id": [ + "${SHORT_ID}" + ] + } + } + } + ], + "outbounds": [ + { + "type": "direct", + "tag": "out:direct" + } + ] +} diff --git a/templates/sing-box-reality-server/start.sh b/templates/sing-box-reality-server/start.sh new file mode 100755 index 0000000..b8ad99f --- /dev/null +++ b/templates/sing-box-reality-server/start.sh @@ -0,0 +1,3 @@ +#!/bin/sh +export INFISICAL_TOKEN=$(infisical login --method=universal-auth --client-id=$INFISICAL_MACHINE_CLIENT_ID --client-secret=$INFISICAL_MACHINE_CLIENT_SECRET --plain --silent) +exec infisical run --token $INFISICAL_TOKEN --projectId $PROJECT_ID --env $INFISICAL_SECRET_ENV --domain $INFISICAL_API_URL --command "envsubst < /etc/sing-box/config.template.json > /etc/sing-box/config.json && sing-box run -c /etc/sing-box/config.json"