├── .github └── workflows │ ├── main.yml │ └── submodule-sync.yml ├── .gitmodules ├── Dockerfile └── build_cert.sh /.github/workflows/main.yml: -------------------------------------------------------------------------------- 1 | name: Disable Checking ServerName 2 | 3 | on: 4 | workflow_dispatch: 5 | push: 6 | branches: 7 | - main 8 | pull_request: 9 | branches: [ main ] 10 | pull_request_target: 11 | types: [assigned, opened, synchronize, reopened] 12 | 13 | jobs: 14 | deploy: 15 | runs-on: ubuntu-latest 16 | steps: 17 | - uses: actions/checkout@v3 18 | with: 19 | submodules: true 20 | 21 | - name: modify 22 | run: | 23 | cd tailscale 24 | sed -i '/hi.ServerName != m.hostname/,+2d' cmd/derper/cert.go 25 | 26 | - name: Set up QEMU 27 | uses: docker/setup-qemu-action@v1 28 | 29 | - name: Set up Docker Buildx 30 | uses: docker/setup-buildx-action@v1 31 | 32 | - name: Login to DockerHub 33 | uses: docker/login-action@v2 34 | with: 35 | username: ${{ secrets.DOCKER_USERNAME }} 36 | password: ${{ secrets.DOCKER_PASSWORD }} 37 | 38 | - name: Login to ghcr.io 39 | uses: docker/login-action@v2 40 | with: 41 | registry: ghcr.io 42 | username: ${{ github.repository_owner }} 43 | password: ${{ secrets.GHCR_TOKEN }} 44 | 45 | # Runs a single command using the runners shell 46 | - name: Build and push Docker images to docker.io and ghcr.io 47 | uses: docker/build-push-action@v2 48 | with: 49 | file: 'Dockerfile' 50 | platforms: linux/amd64 51 | context: ./ 52 | push: true 53 | tags: | 54 | yangchuansheng/ip_derper:latest 55 | ghcr.io/yangchuansheng/ip_derper:latest 56 | -------------------------------------------------------------------------------- /.github/workflows/submodule-sync.yml: -------------------------------------------------------------------------------- 1 | name: 'Submodules Sync' 2 | 3 | on: 4 | schedule: 5 | - cron: "0 2 * * *" 6 | # Allows you to run this workflow manually from the Actions tab or through HTTP API 7 | workflow_dispatch: 8 | 9 | jobs: 10 | sync: 11 | name: 'Submodules Sync' 12 | runs-on: ubuntu-latest 13 | 14 | # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest 15 | defaults: 16 | run: 17 | shell: bash 18 | 19 | steps: 20 | # Checkout the repository to the GitHub Actions runner 21 | - name: Checkout 22 | uses: actions/checkout@v3 23 | with: 24 | token: ${{ secrets.CI_TOKEN }} 25 | submodules: true 26 | 27 | # Update references 28 | - name: Git Sumbodule Update 29 | run: | 30 | git pull --recurse-submodules 31 | git submodule update --remote --recursive 32 | 33 | - name: Commit update 34 | run: | 35 | git config --global user.name 'Git bot' 36 | git config --global user.email 'bot@noreply.github.com' 37 | git remote set-url origin https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }} 38 | git commit -am "Auto updated submodule references" && git push || echo "No changes to commit" 39 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "tailscale"] 2 | path = tailscale 3 | url = https://github.com/tailscale/tailscale 4 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM golang:latest AS builder 2 | 3 | LABEL org.opencontainers.image.source https://github.com/yangchuansheng/ip_derper 4 | 5 | WORKDIR /app 6 | 7 | ADD tailscale /app/tailscale 8 | 9 | # build modified derper 10 | RUN cd /app/tailscale/cmd/derper && \ 11 | CGO_ENABLED=0 /usr/local/go/bin/go build -buildvcs=false -ldflags "-s -w" -o /app/derper && \ 12 | cd /app && \ 13 | rm -rf /app/tailscale 14 | 15 | FROM ubuntu:20.04 16 | WORKDIR /app 17 | 18 | # ========= CONFIG ========= 19 | # - derper args 20 | ENV DERP_ADDR :443 21 | ENV DERP_HTTP_PORT 80 22 | ENV DERP_HOST=127.0.0.1 23 | ENV DERP_CERTS=/app/certs/ 24 | ENV DERP_STUN true 25 | ENV DERP_VERIFY_CLIENTS false 26 | # ========================== 27 | 28 | # apt 29 | RUN apt-get update && \ 30 | apt-get install -y openssl curl 31 | 32 | COPY build_cert.sh /app/ 33 | COPY --from=builder /app/derper /app/derper 34 | 35 | # build self-signed certs && start derper 36 | CMD bash /app/build_cert.sh $DERP_HOST $DERP_CERTS /app/san.conf && \ 37 | /app/derper --hostname=$DERP_HOST \ 38 | --certmode=manual \ 39 | --certdir=$DERP_CERTS \ 40 | --stun=$DERP_STUN \ 41 | --a=$DERP_ADDR \ 42 | --http-port=$DERP_HTTP_PORT \ 43 | --verify-clients=$DERP_VERIFY_CLIENTS 44 | -------------------------------------------------------------------------------- /build_cert.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | CERT_HOST=$1 4 | CERT_DIR=$2 5 | CONF_FILE=$3 6 | 7 | echo "[req] 8 | default_bits = 2048 9 | distinguished_name = req_distinguished_name 10 | req_extensions = req_ext 11 | x509_extensions = v3_req 12 | prompt = no 13 | 14 | [req_distinguished_name] 15 | countryName = XX 16 | stateOrProvinceName = N/A 17 | localityName = N/A 18 | organizationName = Self-signed certificate 19 | commonName = $CERT_HOST: Self-signed certificate 20 | 21 | [req_ext] 22 | subjectAltName = @alt_names 23 | 24 | [v3_req] 25 | subjectAltName = @alt_names 26 | 27 | [alt_names] 28 | IP.1 = $CERT_HOST 29 | " > "$CONF_FILE" 30 | 31 | mkdir -p "$CERT_DIR" 32 | openssl req -x509 -nodes -days 730 -newkey rsa:2048 -keyout "$CERT_DIR/$CERT_HOST.key" -out "$CERT_DIR/$CERT_HOST.crt" -config "$CONF_FILE" 33 | --------------------------------------------------------------------------------