Add shadowsocks

2019-03-20 21:21:05 +01:00 · 2019-03-20 21:21:05 +01:00 · 0c9087b84c
commit 0c9087b84c
parent 3255e9e727
5 changed files with 51 additions and 1 deletions
--- a/ansible/etc/nftables.conf.j2
+++ b/ansible/etc/nftables.conf.j2
@ -18,7 +18,7 @@ table inet filter {
                ip protocol icmp icmp type { echo-request, destination-unreachable, router-advertisement, time-exceeded, parameter-problem } accept

                # activate the following line to accept common local services
-                tcp dport { 80, 443, {{ ansible_port }}, {{ gitlab_ssh_port }} } ct state new accept
+                tcp dport { 80, 443, {{ ssh_port }}, {{ gitlab_ssh_port }}, {{ shadowsocks_port }} } ct state new accept

                # count and drop any other traffic
                counter drop
--- a/ansible/secrets.def.yml
+++ b/ansible/secrets.def.yml
@ -20,6 +20,9 @@ default_ssh_port:
 # GitLab
 gitlab_ssh_port:

+# Shadowsocks
+shadowsocks_port:
+
 # Postfix
 postfix_smtp_server:
 postfix_smtp_port:
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -10,6 +10,7 @@ volumes:
  letsencrypt:
  runner_0_etc:
  runner_0_home:
+  shadowsocks:

 services:

@ -133,3 +134,16 @@ services:
      - ./proxy/nginx-conf.d:/etc/nginx/conf.d:ro
      - letsencrypt:/etc/letsencrypt
    restart: always
+
+    # -------------------------------------------------------------------------
+    # Shadowsocks server.
+    # -------------------------------------------------------------------------
+
+    shadowsocks:
+      container_name: shadowsocks
+      build: shadowsocks
+      image: registry.wojciechkozlowski.eu/wojtek/loki/shadowsocks
+      ports:
+        - 7698:7698
+      volumes:
+        - shadowsocks:/var/shadowsocks
--- a/shadowsocks/Dockerfile
+++ b/shadowsocks/Dockerfile
@ -0,0 +1,15 @@
+FROM debian
+
+ENV DEBIAN_FRONTEND noninteractive
+RUN apt-get update && apt-get -y upgrade
+
+RUN apt-get -y install shadowsocks
+
+ENV SS_VOL /var/shadowsocks
+RUN mkdir $SS_VOL
+ADD config.json $SS_VOL
+
+EXPOSE 7698
+VOLUME ["$SS_VOL"]
+
+CMD ["sh", "-c", "/usr/bin/ssserver -c $SS_VOL/shadowsocks.json"]
--- a/shadowsocks/config.json
+++ b/shadowsocks/config.json
@ -0,0 +1,18 @@
+{
+    "server":"0.0.0.0",
+    "server_ipv6":"[::]",
+    "server_port":7698,
+    "local_address":"127.0.0.1",
+    "local_port":1080,
+    "password":"z",
+    "timeout":120,
+    "method":"aes-256-cfb",
+    "protocol":"$auth_sha1_v4_compatible",
+    "protocol_param":"",
+    "obfs":"http_simple_compatible",
+    "obfs_param":"",
+    "redirect":"",
+    "dns_ipv6":false,
+    "fast_open":false,
+    "workers":1
+}