Rebuild vpn proxy around gateway mode

2026-05-08 16:04:38 +03:00
parent a3816cbedc
commit ef752d66bc
66 changed files with 1884 additions and 14734 deletions
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -0,0 +1,63 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+TPROXY_PORT="${TPROXY_PORT:-7895}"
+TPROXY_MARK="${TPROXY_MARK:-1}"
+TPROXY_TABLE="${TPROXY_TABLE:-100}"
+TPROXY_CHAIN="${TPROXY_CHAIN:-VPN_PROXY_TPROXY}"
+BYPASS_CIDRS="${BYPASS_CIDRS:-0.0.0.0/8 10.0.0.0/8 100.64.0.0/10 127.0.0.0/8 169.254.0.0/16 172.16.0.0/12 192.168.0.0/16 224.0.0.0/4 240.0.0.0/4}"
+
+log() {
+  printf '[gateway-entrypoint] %s\n' "$*"
+}
+
+ipt() {
+  iptables -w "$@"
+}
+
+cleanup_tproxy() {
+  log "cleanup tproxy rules"
+  ipt -t mangle -D PREROUTING -j "$TPROXY_CHAIN" 2>/dev/null || true
+  ipt -t mangle -F "$TPROXY_CHAIN" 2>/dev/null || true
+  ipt -t mangle -X "$TPROXY_CHAIN" 2>/dev/null || true
+  ip rule del fwmark "$TPROXY_MARK" table "$TPROXY_TABLE" 2>/dev/null || true
+  ip route flush table "$TPROXY_TABLE" 2>/dev/null || true
+}
+
+setup_tproxy() {
+  log "setup tproxy on port ${TPROXY_PORT}, mark ${TPROXY_MARK}, table ${TPROXY_TABLE}"
+  cleanup_tproxy
+
+  ip rule add fwmark "$TPROXY_MARK" table "$TPROXY_TABLE" 2>/dev/null || true
+  ip route replace local 0.0.0.0/0 dev lo table "$TPROXY_TABLE"
+
+  ipt -t mangle -N "$TPROXY_CHAIN"
+  ipt -t mangle -A "$TPROXY_CHAIN" -m mark --mark "$TPROXY_MARK" -j RETURN
+
+  for cidr in $BYPASS_CIDRS; do
+    ipt -t mangle -A "$TPROXY_CHAIN" -d "$cidr" -j RETURN
+  done
+
+  ipt -t mangle -A "$TPROXY_CHAIN" -p tcp -j TPROXY --on-port "$TPROXY_PORT" --tproxy-mark "$TPROXY_MARK/$TPROXY_MARK"
+  ipt -t mangle -A "$TPROXY_CHAIN" -p udp -j TPROXY --on-port "$TPROXY_PORT" --tproxy-mark "$TPROXY_MARK/$TPROXY_MARK"
+  ipt -t mangle -A PREROUTING -j "$TPROXY_CHAIN"
+}
+
+setup_tproxy
+
+node /app/src/server/index.js &
+APP_PID=$!
+
+shutdown() {
+  log "shutdown requested"
+  kill "$APP_PID" 2>/dev/null || true
+  wait "$APP_PID" 2>/dev/null || true
+  cleanup_tproxy
+}
+
+trap 'shutdown; exit 0' SIGTERM SIGINT
+
+wait "$APP_PID"
+STATUS=$?
+cleanup_tproxy
+exit "$STATUS"