├── .gitignore ├── README.md ├── UNLICENSE ├── dante ├── Dockerfile ├── README.md ├── entrypoint.sh └── files │ ├── conf │ ├── dante.conf │ ├── dante6.conf │ ├── group │ ├── login.defs │ ├── passwd │ └── shadow │ └── scripts │ ├── add │ ├── chp │ ├── del │ └── list ├── docker-compose.yml ├── etc └── .keepme └── noc.png /.gitignore: -------------------------------------------------------------------------------- 1 | *\~ 2 | *.swp 3 | etc/.pwd.lock 4 | etc/resolv.conf 5 | etc/hosts 6 | etc/hostname 7 | etc/group- 8 | etc/group 9 | etc/passwd- 10 | etc/passwd 11 | etc/shadow- 12 | etc/shadow 13 | etc/login.defs 14 | 15 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Dockerized Dante socks5 proxy for telegram. Alpine version 2 | ========================================================== 3 | 4 | Features 5 | -------- 6 | * Docker, Docker Compose 7 | * User management scripts 8 | * Only telegram usage restrictions 9 | * Try to autodetect interface and IPv6 support 10 | 11 | Requirements 12 | ------------ 13 | 14 | * [Docker](https://www.docker.com/docker-community) for virtual containers 15 | * [Docker Compose](https://docs.docker.com/compose/) - a tool for defining and running multi-container Docker applications 16 | 17 | For nuts 18 | -------- 19 | 20 | * PayPal https://www.paypal.me/schors 21 | * Yandex.Money http://yasobe.ru/na/schors 22 | * BTC:17V94QS4vaBwec1Qwqp2ow5b3tbrRGGcne 23 | 24 | Very simple usage 25 | ----------------- 26 | 27 | ```console 28 | docker pull schors/tgdante2 29 | docker run -d --net=host --restart unless-stopped -e PORT=1080 -e USER=user0 -e PASS=secret0 --name tgdante schors/tgdante2 30 | ``` 31 | 32 | Usage with Docker Hub image 33 | --------------------------- 34 | 35 | ```console 36 | # pull docker image 37 | docker pull schors/tgdante2 38 | # create directory for permanent username database 39 | mkdir etc 40 | # start container 41 | docker run -d -v $PWD/etc:/etc --net=host --restart unless-stopped --name tgdante schors/tgdante2 42 | # manage users 43 | docker run --rm -ti -v $PWD/etc:/etc --net=host schors/tgdante2 /scripts/add user1 secret1 44 | docker run --rm -ti -v $PWD/etc:/etc --net=host schors/tgdante2 /scripts/chp user1 secret2 45 | docker run --rm -ti -v $PWD/etc:/etc --net=host schors/tgdante2 /scripts/list 46 | docker run --rm -ti -v $PWD/etc:/etc --net=host schors/tgdante2 /scripts/del user1 47 | # another method (via docker exec) 48 | docker exec -ti tgdante /scripts/add user2 secret3 49 | ``` 50 | Please note that `-v $PWD/etc` is necessary for persistent user database 51 | 52 | Access test 53 | ----------- 54 | 55 | ```console 56 | curl -x socks5://user2:secret2@localhost:1080 https://web.telegram.org 57 | ``` 58 | 59 | Environment variables 60 | --------------------- 61 | 62 | * USER,PASS - create USER with PASSword 63 | * PORT - listen on PORT. Default: 1080 64 | * INTERFACE - outgoing interface name or IP. Default: autodetect 65 | * WORKERS - preforked workers. Default: 10 66 | * IP6 - something, if needed. Default: autodetect 67 | 68 | Links 69 | ----- 70 | 71 | * [Telegram](https://telegram.org/) Messenger 72 | * [Dante](https://www.inet.no/dante/index.html) A free SOCKS server 73 | 74 | * [Restless Phil](https://2018.schors.spb.ru) Restless Phil (tm) 75 | * [Roscomnadzor](http://rkn.gov.ru) The Federal Service for Supervision of Communications, Information Technology, and Mass Media 76 | 77 | 78 | --- 79 | [![UNLICENSE](noc.png)](UNLICENSE) 80 | -------------------------------------------------------------------------------- /UNLICENSE: -------------------------------------------------------------------------------- 1 | This is free and unencumbered software released into the public domain. 2 | 3 | Anyone is free to copy, modify, publish, use, compile, sell, or 4 | distribute this software, either in source code form or as a compiled 5 | binary, for any purpose, commercial or non-commercial, and by any 6 | means. 7 | 8 | In jurisdictions that recognize copyright laws, the author or authors 9 | of this software dedicate any and all copyright interest in the 10 | software to the public domain. We make this dedication for the benefit 11 | of the public at large and to the detriment of our heirs and 12 | successors. We intend this dedication to be an overt act of 13 | relinquishment in perpetuity of all present and future rights to this 14 | software under copyright law. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 17 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 18 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 19 | IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR 20 | OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, 21 | ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR 22 | OTHER DEALINGS IN THE SOFTWARE. 23 | 24 | For more information, please refer to 25 | -------------------------------------------------------------------------------- /dante/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.6 2 | 3 | LABEL maintainer="" 4 | 5 | ENV DANTE_VER 1.4.2 6 | ENV DANTE_URL https://www.inet.no/dante/files/dante-$DANTE_VER.tar.gz 7 | ENV DANTE_SHA 4c97cff23e5c9b00ca1ec8a95ab22972813921d7fbf60fc453e3e06382fc38a7 8 | ENV DANTE_FILE dante.tar.gz 9 | ENV DANTE_TEMP dante 10 | ENV DANTE_DEPS linux-pam-dev curl gcc g++ make 11 | ENV WORKERS "10" 12 | ENV PORT "1080" 13 | 14 | RUN set -x \ 15 | # Runtime dependencies 16 | && apk --no-cache add \ 17 | bash apg \ 18 | # Build dependencies 19 | && apk add --no-cache -t .build-deps $DANTE_DEPS \ 20 | && mkdir -p $DANTE_TEMP \ 21 | && cd $DANTE_TEMP \ 22 | && curl -sSL $DANTE_URL -o $DANTE_FILE \ 23 | && echo "$DANTE_SHA *$DANTE_FILE" | sha256sum -c \ 24 | && tar xzf $DANTE_FILE --strip 1 \ 25 | && ac_cv_func_sched_setscheduler=no ./configure \ 26 | --prefix=/usr \ 27 | --sysconfdir=/etc \ 28 | --localstatedir=/var \ 29 | --disable-client \ 30 | --disable-pidfile \ 31 | --without-libwrap \ 32 | --without-pam \ 33 | --without-bsdauth \ 34 | --without-gssapi \ 35 | --without-krb5 \ 36 | --without-upnp \ 37 | && make && make install \ 38 | # Clean up 39 | && cd .. \ 40 | && rm -rf $DANTE_TEMP \ 41 | && apk del --purge .build-deps \ 42 | && rm -rf /var/cache/apk/* /tmp/* 43 | 44 | ADD files / 45 | ADD entrypoint.sh /entrypoint.sh 46 | 47 | EXPOSE ${PORT} 48 | 49 | CMD /entrypoint.sh sockd 50 | 51 | -------------------------------------------------------------------------------- /dante/README.md: -------------------------------------------------------------------------------- 1 | Features 2 | -------- 3 | * User management scripts 4 | * Only telegram usage restrictions 5 | * Try to autodetect interface and IPv6 support 6 | 7 | Very simple usage 8 | ----------------- 9 | 10 | ```console 11 | docker pull schors/tgdante2 12 | docker run -d --net=host --restart unless-stopped -e PORT=1080 -e USER=user0 -e PASS=secret0 --name tgdante schors/tgdante2 13 | ``` 14 | 15 | Usage with Docker Hub image 16 | --------------------------- 17 | 18 | ```console 19 | # pull docker image 20 | docker pull schors/tgdante2 21 | # create directory for permanent username database 22 | mkdir etc 23 | # start container 24 | docker run -d -v $PWD/etc:/etc --net=host --restart unless-stopped --name tgdante schors/tgdante2 25 | # manage users 26 | docker run --rm -ti -v $PWD/etc:/etc --net=host schors/tgdante2 /scripts/add user1 secret1 27 | docker run --rm -ti -v $PWD/etc:/etc --net=host schors/tgdante2 /scripts/chp user1 secret2 28 | docker run --rm -ti -v $PWD/etc:/etc --net=host schors/tgdante2 /scripts/list 29 | docker run --rm -ti -v $PWD/etc:/etc --net=host schors/tgdante2 /scripts/del user1 30 | # another method (via docker exec) 31 | docker exec -ti tgdante /scripts/add user2 secret3 32 | ``` 33 | 34 | Please note that `-v $PWD/etc` is necessary for persistent user database 35 | 36 | Access test 37 | ----------- 38 | 39 | ```console 40 | curl -x socks5://user2:secret2@localhost:1080 https://web.telegram.org 41 | ``` 42 | 43 | Environment variables 44 | --------------------- 45 | 46 | * USER,PASS - create USER with PASSword 47 | * PORT - listen on PORT. Default: 1080 48 | * INTERFACE - outgoing interface name or IP. Default: autodetect 49 | * WORKERS - preforked workers. Default: 10 50 | * IP6 - something, if needed. Default: autodetect 51 | 52 | For nuts 53 | -------- 54 | 55 | * PayPal https://www.paypal.me/schors 56 | * Yandex.Money http://yasobe.ru/na/schors 57 | * BTC:17V94QS4vaBwec1Qwqp2ow5b3tbrRGGcne 58 | 59 | Links 60 | ----- 61 | 62 | * [Telegram](https://telegram.org/) Messenger 63 | * [Dante](https://www.inet.no/dante/index.html) A free SOCKS server 64 | * [Restless Phil](https://2018.schors.spb.ru) Restless Phil (tm) 65 | * [Roscomnadzor](http://rkn.gov.ru) The Federal Service for Supervision of Communications, Information Technology, and Mass Media 66 | 67 | 68 | --- 69 | [![UNLICENSE](https://github.com/schors/tgdante2/raw/master/noc.png)](https://raw.githubusercontent.com/schors/tgdante2/master/UNLICENSE) 70 | -------------------------------------------------------------------------------- /dante/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -e 4 | 5 | for i in "passwd" "group" "shadow" "login.defs"; do 6 | if [ ! -f "/etc/${i}" ]; then 7 | cp "/conf/${i}" "/etc/${i}" 8 | fi 9 | done 10 | 11 | if [ x"${WORKERS}" = "x" ]; then 12 | WORKERS="10" 13 | fi 14 | 15 | CFGFILE="/conf/dante.conf" 16 | if [ x"${IP6}" = "x" ]; then 17 | IP6=`ip -6 r | grep '^default' || echo ""` 18 | if [ x"${IP6}" != "x" ]; then 19 | CFGFILE="/conf/dante6.conf" 20 | fi 21 | fi 22 | 23 | if [ x"${INTERFACE}" = "x" ]; then 24 | INTERFACE=`ip r | grep '^default' | grep -o 'dev[ ]*[^ ]*' | grep -o '[^ ]*$' || echo ""` 25 | fi 26 | if [ x"${INTERFACE}" != "x" ]; then 27 | sed -i 's/external\:.*$/external: '"${INTERFACE}"'/' "${CFGFILE}" 28 | fi 29 | 30 | if [ x"${PORT}" != "x" ]; then 31 | # internal: 0.0.0.0 port = 1080 32 | sed -i 's/\(internal\:.*port[ ]*=[ ]*\)[^ ]*\(.*\)$/\1'"${PORT}"'\2/' "${CFGFILE}" 33 | echo "${PORT}" > /tmp/dante_port 34 | fi 35 | 36 | if [ x"${USER}" != "x" -a x"${PASS}" != "x" ]; then 37 | echo "${USER} ${PASS}" 38 | if ! getent passwd "${USER}"; then 39 | adduser -D -H -S "${USER}" 40 | fi 41 | echo "${USER}:${PASS}" | chpasswd -c SHA256 42 | fi 43 | 44 | exec "sockd" "-f" "${CFGFILE}" "-N" "${WORKERS}" 45 | 46 | 47 | -------------------------------------------------------------------------------- /dante/files/conf/dante.conf: -------------------------------------------------------------------------------- 1 | #logging 2 | logoutput: stderr 3 | #debug: 1 4 | 5 | #server address specification 6 | internal: 0.0.0.0 port = 1080 7 | external: eth0 8 | 9 | #server identities (not needed on solaris) 10 | user.privileged: root 11 | user.notprivileged: nobody 12 | 13 | 14 | #authentication methods 15 | clientmethod: none 16 | socksmethod: username 17 | 18 | 19 | # allow any client connection 20 | client pass { 21 | from: 0.0.0.0/0 port 1-65535 to: 0.0.0.0/0 22 | log: connect disconnect error 23 | } 24 | 25 | # deny proxied to lo 26 | socks block { 27 | from: 0.0.0.0/0 to: 127.0.0.0/8 28 | log: error 29 | } 30 | 31 | # deny binding 32 | socks block { 33 | from: 0.0.0.0/0 to: 0.0.0.0/0 34 | command: bind 35 | log: error 36 | } 37 | 38 | #91.108.4.0/22 39 | #91.108.8.0/22 40 | #91.108.12.0/22 41 | #91.108.16.0/22 42 | #91.108.56.0/22 43 | #91.108.56.0/23 44 | #91.108.56.0/24 45 | #149.154.160.0/20 46 | #149.154.160.0/22 47 | #149.154.164.0/22 48 | #149.154.168.0/22 49 | #149.154.168.0/23 50 | #149.154.170.0/23 51 | socks pass { 52 | from: 0.0.0.0/0 to: 91.108.4.0/22 53 | log: connect disconnect error 54 | socksmethod: username 55 | } 56 | socks pass { 57 | from: 0.0.0.0/0 to: 91.108.8.0/22 58 | log: connect disconnect error 59 | socksmethod: username 60 | } 61 | socks pass { 62 | from: 0.0.0.0/0 to: 91.108.12.0/22 63 | log: connect disconnect error 64 | socksmethod: username 65 | } 66 | socks pass { 67 | from: 0.0.0.0/0 to: 91.108.16.0/22 68 | log: connect disconnect error 69 | socksmethod: username 70 | } 71 | socks pass { 72 | from: 0.0.0.0/0 to: 91.108.56.0/22 73 | log: connect disconnect error 74 | socksmethod: username 75 | } 76 | socks pass { 77 | from: 0.0.0.0/0 to: 149.154.160.0/20 78 | log: connect disconnect error 79 | socksmethod: username 80 | } 81 | socks pass { 82 | from: 0.0.0.0/0 to: 149.154.164.0/20 83 | log: connect disconnect error 84 | socksmethod: username 85 | } 86 | socks pass { 87 | from: 0.0.0.0/0 to: 149.154.168.0/20 88 | log: connect disconnect error 89 | socksmethod: username 90 | } 91 | socks pass { 92 | from: 0.0.0.0/0 to: 149.154.170.0/20 93 | log: connect disconnect error 94 | socksmethod: username 95 | } 96 | socks pass { 97 | from: 0/0 to: .telegram.org 98 | log: connect disconnect error 99 | socksmethod: username 100 | } 101 | socks pass { 102 | from: 0/0 to: .t.me 103 | log: connect disconnect error 104 | socksmethod: username 105 | } 106 | 107 | # deny the rest 108 | socks block { 109 | from: 0.0.0.0/0 to: 0.0.0.0/0 110 | log: error 111 | } 112 | -------------------------------------------------------------------------------- /dante/files/conf/dante6.conf: -------------------------------------------------------------------------------- 1 | #logging 2 | logoutput: stderr 3 | #debug: 1 4 | 5 | #server address specification 6 | internal: 0.0.0.0 port = 1080 7 | internal: :: port = 1080 8 | external: eth0 9 | 10 | #server identities (not needed on solaris) 11 | user.privileged: root 12 | user.notprivileged: nobody 13 | 14 | #authentication methods 15 | clientmethod: none 16 | socksmethod: username 17 | 18 | 19 | # allow any client connection 20 | client pass { 21 | from: 0/0 port 1-65535 to: 0/0 22 | log: connect disconnect error 23 | } 24 | 25 | 26 | # deny proxied to lo 27 | socks block { 28 | from: 0.0.0.0/0 to: 127.0.0.0/8 29 | log: error 30 | } 31 | socks block { 32 | from: ::/0 to: ::1/128 33 | log: error 34 | } 35 | 36 | # deny binding 37 | socks block { 38 | from: 0/0 to: 0/0 39 | command: bind 40 | log: error 41 | } 42 | 43 | #91.108.4.0/22 44 | #91.108.8.0/22 45 | #91.108.12.0/22 46 | #91.108.16.0/22 47 | #91.108.56.0/22 48 | #91.108.56.0/23 49 | #91.108.56.0/24 50 | #149.154.160.0/20 51 | #149.154.160.0/22 52 | #149.154.164.0/22 53 | #149.154.168.0/22 54 | #149.154.168.0/23 55 | #149.154.170.0/23 56 | socks pass { 57 | from: 0.0.0.0/0 to: 91.108.4.0/22 58 | log: connect disconnect error 59 | socksmethod: username 60 | } 61 | socks pass { 62 | from: 0.0.0.0/0 to: 91.108.8.0/22 63 | log: connect disconnect error 64 | socksmethod: username 65 | } 66 | socks pass { 67 | from: 0.0.0.0/0 to: 91.108.12.0/22 68 | log: connect disconnect error 69 | socksmethod: username 70 | } 71 | socks pass { 72 | from: 0.0.0.0/0 to: 91.108.16.0/22 73 | log: connect disconnect error 74 | socksmethod: username 75 | } 76 | socks pass { 77 | from: 0.0.0.0/0 to: 91.108.56.0/22 78 | log: connect disconnect error 79 | socksmethod: username 80 | } 81 | socks pass { 82 | from: 0.0.0.0/0 to: 149.154.160.0/20 83 | log: connect disconnect error 84 | socksmethod: username 85 | } 86 | socks pass { 87 | from: 0.0.0.0/0 to: 149.154.164.0/20 88 | log: connect disconnect error 89 | socksmethod: username 90 | } 91 | socks pass { 92 | from: 0.0.0.0/0 to: 149.154.168.0/20 93 | log: connect disconnect error 94 | socksmethod: username 95 | } 96 | socks pass { 97 | from: 0.0.0.0/0 to: 149.154.170.0/20 98 | log: connect disconnect error 99 | socksmethod: username 100 | } 101 | socks pass { 102 | from: 0/0 to: .telegram.org 103 | log: connect disconnect error 104 | socksmethod: username 105 | } 106 | socks pass { 107 | from: 0/0 to: .t.me 108 | log: connect disconnect error 109 | socksmethod: username 110 | } 111 | #2001:67c:4e8::/48 112 | #2001:b28:f23d::/48 113 | #2001:b28:f23e::/48 114 | #2001:b28:f23f::/48 115 | socks pass { 116 | from: ::/0 to: 2001:67c:4e8::/48 117 | log: connect disconnect error 118 | socksmethod: username 119 | } 120 | socks pass { 121 | from: ::/0 to: 2001:b28:f23d::/48 122 | log: connect disconnect error 123 | socksmethod: username 124 | } 125 | socks pass { 126 | from: ::/0 to: 2001:b28:f23e::/48 127 | log: connect disconnect error 128 | socksmethod: username 129 | } 130 | socks pass { 131 | from: ::/0 to: 2001:b28:f23f::/48 132 | log: connect disconnect error 133 | socksmethod: username 134 | } 135 | 136 | 137 | # deny the rest 138 | socks block { 139 | from: 0.0.0.0/0 to: 0.0.0.0/0 140 | log: error 141 | } 142 | socks block { 143 | from: ::/0 to: ::/0 144 | log: error 145 | } 146 | 147 | -------------------------------------------------------------------------------- /dante/files/conf/group: -------------------------------------------------------------------------------- 1 | root:x:0: 2 | nogroup:x:65534: 3 | -------------------------------------------------------------------------------- /dante/files/conf/login.defs: -------------------------------------------------------------------------------- 1 | # 2 | # /etc/login.defs - Configuration control definitions for the login package. 3 | # 4 | # Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH. 5 | # If unspecified, some arbitrary (and possibly incorrect) value will 6 | # be assumed. All other items are optional - if not specified then 7 | # the described action or option will be inhibited. 8 | # 9 | # Comment lines (lines beginning with "#") and blank lines are ignored. 10 | # 11 | # Modified for Linux. --marekm 12 | 13 | # REQUIRED for useradd/userdel/usermod 14 | # Directory where mailboxes reside, _or_ name of file, relative to the 15 | # home directory. If you _do_ define MAIL_DIR and MAIL_FILE, 16 | # MAIL_DIR takes precedence. 17 | # 18 | # Essentially: 19 | # - MAIL_DIR defines the location of users mail spool files 20 | # (for mbox use) by appending the username to MAIL_DIR as defined 21 | # below. 22 | # - MAIL_FILE defines the location of the users mail spool files as the 23 | # fully-qualified filename obtained by prepending the user home 24 | # directory before $MAIL_FILE 25 | # 26 | # NOTE: This is no more used for setting up users MAIL environment variable 27 | # which is, starting from shadow 4.0.12-1 in Debian, entirely the 28 | # job of the pam_mail PAM modules 29 | # See default PAM configuration files provided for 30 | # login, su, etc. 31 | # 32 | # This is a temporary situation: setting these variables will soon 33 | # move to /etc/default/useradd and the variables will then be 34 | # no more supported 35 | MAIL_DIR /var/mail 36 | #MAIL_FILE .mail 37 | 38 | # 39 | # Enable logging and display of /var/log/faillog login failure info. 40 | # This option conflicts with the pam_tally PAM module. 41 | # 42 | FAILLOG_ENAB yes 43 | 44 | # 45 | # Enable display of unknown usernames when login failures are recorded. 46 | # 47 | # WARNING: Unknown usernames may become world readable. 48 | # See #290803 and #298773 for details about how this could become a security 49 | # concern 50 | LOG_UNKFAIL_ENAB no 51 | 52 | # 53 | # Enable logging of successful logins 54 | # 55 | LOG_OK_LOGINS no 56 | 57 | # 58 | # Enable "syslog" logging of su activity - in addition to sulog file logging. 59 | # SYSLOG_SG_ENAB does the same for newgrp and sg. 60 | # 61 | SYSLOG_SU_ENAB yes 62 | SYSLOG_SG_ENAB yes 63 | 64 | # 65 | # If defined, all su activity is logged to this file. 66 | # 67 | #SULOG_FILE /var/log/sulog 68 | 69 | # 70 | # If defined, file which maps tty line to TERM environment parameter. 71 | # Each line of the file is in a format something like "vt100 tty01". 72 | # 73 | #TTYTYPE_FILE /etc/ttytype 74 | 75 | # 76 | # If defined, login failures will be logged here in a utmp format 77 | # last, when invoked as lastb, will read /var/log/btmp, so... 78 | # 79 | FTMP_FILE /var/log/btmp 80 | 81 | # 82 | # If defined, the command name to display when running "su -". For 83 | # example, if this is defined as "su" then a "ps" will display the 84 | # command is "-su". If not defined, then "ps" would display the 85 | # name of the shell actually being run, e.g. something like "-sh". 86 | # 87 | SU_NAME su 88 | 89 | # 90 | # If defined, file which inhibits all the usual chatter during the login 91 | # sequence. If a full pathname, then hushed mode will be enabled if the 92 | # user's name or shell are found in the file. If not a full pathname, then 93 | # hushed mode will be enabled if the file exists in the user's home directory. 94 | # 95 | HUSHLOGIN_FILE .hushlogin 96 | #HUSHLOGIN_FILE /etc/hushlogins 97 | 98 | # 99 | # *REQUIRED* The default PATH settings, for superuser and normal users. 100 | # 101 | # (they are minimal, add the rest in the shell startup files) 102 | ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 103 | ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games 104 | 105 | # 106 | # Terminal permissions 107 | # 108 | # TTYGROUP Login tty will be assigned this group ownership. 109 | # TTYPERM Login tty will be set to this permission. 110 | # 111 | # If you have a "write" program which is "setgid" to a special group 112 | # which owns the terminals, define TTYGROUP to the group number and 113 | # TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign 114 | # TTYPERM to either 622 or 600. 115 | # 116 | # In Debian /usr/bin/bsd-write or similar programs are setgid tty 117 | # However, the default and recommended value for TTYPERM is still 0600 118 | # to not allow anyone to write to anyone else console or terminal 119 | 120 | # Users can still allow other people to write them by issuing 121 | # the "mesg y" command. 122 | 123 | TTYGROUP tty 124 | TTYPERM 0600 125 | 126 | # 127 | # Login configuration initializations: 128 | # 129 | # ERASECHAR Terminal ERASE character ('\010' = backspace). 130 | # KILLCHAR Terminal KILL character ('\025' = CTRL/U). 131 | # UMASK Default "umask" value. 132 | # 133 | # The ERASECHAR and KILLCHAR are used only on System V machines. 134 | # 135 | # UMASK is the default umask value for pam_umask and is used by 136 | # useradd and newusers to set the mode of the new home directories. 137 | # 022 is the "historical" value in Debian for UMASK 138 | # 027, or even 077, could be considered better for privacy 139 | # There is no One True Answer here : each sysadmin must make up his/her 140 | # mind. 141 | # 142 | # If USERGROUPS_ENAB is set to "yes", that will modify this UMASK default value 143 | # for private user groups, i. e. the uid is the same as gid, and username is 144 | # the same as the primary group name: for these, the user permissions will be 145 | # used as group permissions, e. g. 022 will become 002. 146 | # 147 | # Prefix these values with "0" to get octal, "0x" to get hexadecimal. 148 | # 149 | ERASECHAR 0177 150 | KILLCHAR 025 151 | UMASK 022 152 | 153 | # 154 | # Password aging controls: 155 | # 156 | # PASS_MAX_DAYS Maximum number of days a password may be used. 157 | # PASS_MIN_DAYS Minimum number of days allowed between password changes. 158 | # PASS_WARN_AGE Number of days warning given before a password expires. 159 | # 160 | PASS_MAX_DAYS 99999 161 | PASS_MIN_DAYS 0 162 | PASS_WARN_AGE 7 163 | 164 | # 165 | # Min/max values for automatic uid selection in useradd 166 | # 167 | UID_MIN 1000 168 | UID_MAX 60000 169 | # System accounts 170 | #SYS_UID_MIN 100 171 | #SYS_UID_MAX 999 172 | 173 | # 174 | # Min/max values for automatic gid selection in groupadd 175 | # 176 | GID_MIN 1000 177 | GID_MAX 60000 178 | # System accounts 179 | #SYS_GID_MIN 100 180 | #SYS_GID_MAX 999 181 | 182 | # 183 | # Max number of login retries if password is bad. This will most likely be 184 | # overriden by PAM, since the default pam_unix module has it's own built 185 | # in of 3 retries. However, this is a safe fallback in case you are using 186 | # an authentication module that does not enforce PAM_MAXTRIES. 187 | # 188 | LOGIN_RETRIES 5 189 | 190 | # 191 | # Max time in seconds for login 192 | # 193 | LOGIN_TIMEOUT 60 194 | 195 | # 196 | # Which fields may be changed by regular users using chfn - use 197 | # any combination of letters "frwh" (full name, room number, work 198 | # phone, home phone). If not defined, no changes are allowed. 199 | # For backward compatibility, "yes" = "rwh" and "no" = "frwh". 200 | # 201 | CHFN_RESTRICT rwh 202 | 203 | # 204 | # Should login be allowed if we can't cd to the home directory? 205 | # Default in no. 206 | # 207 | DEFAULT_HOME yes 208 | 209 | # 210 | # If defined, this command is run when removing a user. 211 | # It should remove any at/cron/print jobs etc. owned by 212 | # the user to be removed (passed as the first argument). 213 | # 214 | #USERDEL_CMD /usr/sbin/userdel_local 215 | 216 | # 217 | # Enable setting of the umask group bits to be the same as owner bits 218 | # (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is 219 | # the same as gid, and username is the same as the primary group name. 220 | # 221 | # If set to yes, userdel will remove the user´s group if it contains no 222 | # more members, and useradd will create by default a group with the name 223 | # of the user. 224 | # 225 | USERGROUPS_ENAB yes 226 | 227 | # 228 | # Instead of the real user shell, the program specified by this parameter 229 | # will be launched, although its visible name (argv[0]) will be the shell's. 230 | # The program may do whatever it wants (logging, additional authentification, 231 | # banner, ...) before running the actual shell. 232 | # 233 | # FAKE_SHELL /bin/fakeshell 234 | 235 | # 236 | # If defined, either full pathname of a file containing device names or 237 | # a ":" delimited list of device names. Root logins will be allowed only 238 | # upon these devices. 239 | # 240 | # This variable is used by login and su. 241 | # 242 | #CONSOLE /etc/consoles 243 | #CONSOLE console:tty01:tty02:tty03:tty04 244 | 245 | # 246 | # List of groups to add to the user's supplementary group set 247 | # when logging in on the console (as determined by the CONSOLE 248 | # setting). Default is none. 249 | # 250 | # Use with caution - it is possible for users to gain permanent 251 | # access to these groups, even when not logged in on the console. 252 | # How to do it is left as an exercise for the reader... 253 | # 254 | # This variable is used by login and su. 255 | # 256 | #CONSOLE_GROUPS floppy:audio:cdrom 257 | 258 | # 259 | # If set to "yes", new passwords will be encrypted using the MD5-based 260 | # algorithm compatible with the one used by recent releases of FreeBSD. 261 | # It supports passwords of unlimited length and longer salt strings. 262 | # Set to "no" if you need to copy encrypted passwords to other systems 263 | # which don't understand the new algorithm. Default is "no". 264 | # 265 | # This variable is deprecated. You should use ENCRYPT_METHOD. 266 | # 267 | #MD5_CRYPT_ENAB no 268 | 269 | # 270 | # If set to MD5 , MD5-based algorithm will be used for encrypting password 271 | # If set to SHA256, SHA256-based algorithm will be used for encrypting password 272 | # If set to SHA512, SHA512-based algorithm will be used for encrypting password 273 | # If set to DES, DES-based algorithm will be used for encrypting password (default) 274 | # Overrides the MD5_CRYPT_ENAB option 275 | # 276 | # Note: It is recommended to use a value consistent with 277 | # the PAM modules configuration. 278 | # 279 | ENCRYPT_METHOD SHA512 280 | 281 | # 282 | # Only used if ENCRYPT_METHOD is set to SHA256 or SHA512. 283 | # 284 | # Define the number of SHA rounds. 285 | # With a lot of rounds, it is more difficult to brute forcing the password. 286 | # But note also that it more CPU resources will be needed to authenticate 287 | # users. 288 | # 289 | # If not specified, the libc will choose the default number of rounds (5000). 290 | # The values must be inside the 1000-999999999 range. 291 | # If only one of the MIN or MAX values is set, then this value will be used. 292 | # If MIN > MAX, the highest value will be used. 293 | # 294 | # SHA_CRYPT_MIN_ROUNDS 5000 295 | # SHA_CRYPT_MAX_ROUNDS 5000 296 | 297 | ################# OBSOLETED BY PAM ############## 298 | # # 299 | # These options are now handled by PAM. Please # 300 | # edit the appropriate file in /etc/pam.d/ to # 301 | # enable the equivelants of them. 302 | # 303 | ############### 304 | 305 | #MOTD_FILE 306 | #DIALUPS_CHECK_ENAB 307 | #LASTLOG_ENAB 308 | #MAIL_CHECK_ENAB 309 | #OBSCURE_CHECKS_ENAB 310 | #PORTTIME_CHECKS_ENAB 311 | #SU_WHEEL_ONLY 312 | #CRACKLIB_DICTPATH 313 | #PASS_CHANGE_TRIES 314 | #PASS_ALWAYS_WARN 315 | #ENVIRON_FILE 316 | #NOLOGINS_FILE 317 | #ISSUE_FILE 318 | #PASS_MIN_LEN 319 | #PASS_MAX_LEN 320 | #ULIMIT 321 | #ENV_HZ 322 | #CHFN_AUTH 323 | #CHSH_AUTH 324 | #FAIL_DELAY 325 | 326 | ################# OBSOLETED ####################### 327 | # # 328 | # These options are no more handled by shadow. # 329 | # # 330 | # Shadow utilities will display a warning if they # 331 | # still appear. # 332 | # # 333 | ################################################### 334 | 335 | # CLOSE_SESSIONS 336 | # LOGIN_STRING 337 | # NO_PASSWORD_CONSOLE 338 | # QMAIL_DIR 339 | 340 | 341 | 342 | -------------------------------------------------------------------------------- /dante/files/conf/passwd: -------------------------------------------------------------------------------- 1 | root:x:0:0:root:/root:/bin/bash 2 | nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin 3 | -------------------------------------------------------------------------------- /dante/files/conf/shadow: -------------------------------------------------------------------------------- 1 | root:x:0:0:root:/root:/bin/bash 2 | nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin 3 | -------------------------------------------------------------------------------- /dante/files/scripts/add: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -e 4 | 5 | USER_NAME=${1} 6 | PASSWORD0=${2} 7 | 8 | if [ -f "/tmp/dante_port" ]; then 9 | PORT=`cat /tmp/dante_port` 10 | else 11 | PORT="1080" 12 | fi 13 | 14 | if [ x"$USER_NAME" = "x" ]; then 15 | echo "Usage:" 16 | echo "$0 USER [PASSWORD]" 17 | exit 1 18 | fi 19 | 20 | if [ x"${PASSWORD0}" = "x" ]; then 21 | PASSWORD=`apg -M NCL -m 16 -x 16 -n 1` 22 | else 23 | PASSWORD="${PASSWORD0}" 24 | fi 25 | 26 | if [ x"${PASSWORD}" = "x" ]; then 27 | echo "Usage:" 28 | echo "$0 USER [PASSWORD]" 29 | exit 1 30 | fi 31 | 32 | adduser -D -H -S "${USER_NAME}" 33 | echo "${USER_NAME}:${PASSWORD}" | chpasswd -c SHA256 34 | 35 | echo "tg://socks?&user=${USER_NAME}&pass=${PASSWORD}&port=${PORT}&server=" 36 | 37 | -------------------------------------------------------------------------------- /dante/files/scripts/chp: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -e 4 | 5 | 6 | USER_NAME=${1} 7 | PASSWORD0=${2} 8 | 9 | if [ -f "/tmp/dante_port" ]; then 10 | PORT=`cat /tmp/dante_port` 11 | else 12 | PORT="1080" 13 | fi 14 | 15 | if [ x"${USER_NAME}" = "x" ]; then 16 | echo "Usage:" 17 | echo "$0 USER [PASSWORD]" 18 | exit 1 19 | fi 20 | 21 | if [ x"${PASSWORD0}" = "x" ]; then 22 | PASSWORD=`apg -M NCL -m 16 -x 16 -n 1` 23 | else 24 | PASSWORD="${PASSWORD0}" 25 | fi 26 | 27 | if [ x"${PASSWORD}" = "x" ]; then 28 | echo "Usage:" 29 | echo "$0 USER [PASSWORD]" 30 | exit 1 31 | fi 32 | 33 | echo "${USER_NAME}:${PASSWORD}" | chpasswd -c SHA512 34 | 35 | echo "tg://socks?&user=${USER_NAME}&pass=${PASSWORD}&port=${PORT}&server=" 36 | 37 | -------------------------------------------------------------------------------- /dante/files/scripts/del: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -e 4 | 5 | USER_NAME=${1} 6 | 7 | if [ x"${USER_NAME}" = "x" ]; then 8 | echo "Usage:" 9 | echo "$0 USER" 10 | exit 1 11 | fi 12 | 13 | deluser "${USER_NAME}" 14 | 15 | -------------------------------------------------------------------------------- /dante/files/scripts/list: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -e 4 | 5 | getent passwd | grep -v '^root\:' | grep -v '^nobody\:' | grep -o '^[^\:]*' 6 | 7 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3.0' 2 | 3 | services: 4 | dante: 5 | build: 6 | context: dante 7 | dockerfile: Dockerfile 8 | hostname: dante 9 | container_name: dante2.local 10 | volumes: 11 | - ./etc:/etc 12 | ports: 13 | - "1080:1080" 14 | network_mode: "host" 15 | logging: 16 | driver: syslog 17 | options: 18 | tag: dante2 19 | restart: unless-stopped 20 | -------------------------------------------------------------------------------- /etc/.keepme: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/schors/tgdante2/f10db4f084c11e56f2ccb7375240d79986d6a9ea/etc/.keepme -------------------------------------------------------------------------------- /noc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/schors/tgdante2/f10db4f084c11e56f2ccb7375240d79986d6a9ea/noc.png --------------------------------------------------------------------------------