dokril/vpn-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity
Files
master
vpn-proxy/scripts/install-macos-client.sh
Dmitriy Petrov f914c28bc5
All checks were successful
Build and Deploy Gateway / build-and-push (push) Successful in 10s
Details
Build and Deploy Gateway / deploy (push) Successful in 0s
Details
fix: detect macos client port conflicts
2026-05-19 16:51:40 +03:00

305 lines
7.8 KiB
Bash
Executable File
Raw Permalink Blame History

#!/usr/bin/env bash
set -euo pipefail
INSTALL_DIR="${VPN_PROXY_INSTALL_DIR:-$HOME/.vpn-proxy-client}"
REPO_URL="${VPN_PROXY_REPO_URL:-https://git.dokops.ru/dokril/vpn-proxy.git}"
BRANCH="${VPN_PROXY_BRANCH:-master}"
COMPOSE_FILE="docker-compose.client.yml"
DEFAULT_PROXY_PORT="8080"
REQUESTED_PROXY_PORT="${VPN_PROXY_CLIENT_PORT:-}"
REQUESTED_UI_PORT="${VPN_PROXY_CLIENT_UI_PORT:-${CLIENT_UI_PORT:-}}"
CLIENT_CONTAINER_NAME="vpn-proxy-client"
log() {
printf '[vpn-proxy-client] %s\n' "$*"
}
die() {
printf '[vpn-proxy-client] error: %s\n' "$*" >&2
exit 1
}
need() {
command -v "$1" >/dev/null 2>&1 || die "$1 is required"
}
is_valid_port() {
case "$1" in
''|*[!0-9]*) return 1 ;;
esac
[ "$1" -ge 1024 ] && [ "$1" -le 65535 ]
}
ask_proxy_port() {
local value=""
if [ -n "$REQUESTED_PROXY_PORT" ]; then
if ! is_valid_port "$REQUESTED_PROXY_PORT"; then
die "VPN_PROXY_CLIENT_PORT must be a port from 1024 to 65535"
fi
printf '%s\n' "$REQUESTED_PROXY_PORT"
return 0
fi
if [ -r /dev/tty ]; then
while true; do
printf 'Proxy port for local apps [%s]: ' "$DEFAULT_PROXY_PORT" >/dev/tty
IFS= read -r value </dev/tty || value=""
value="${value:-$DEFAULT_PROXY_PORT}"
if is_valid_port "$value"; then
printf '%s\n' "$value"
return 0
fi
printf 'Enter a port from 1024 to 65535.\n' >/dev/tty
done
fi
if ! is_valid_port "$DEFAULT_PROXY_PORT"; then
die "VPN_PROXY_CLIENT_PORT must be a port from 1024 to 65535"
fi
printf '%s\n' "$DEFAULT_PROXY_PORT"
}
port_range_end() {
local start="$1"
local end="$((start + 10))"
if [ "$end" -gt 65535 ]; then
end=65535
fi
printf '%s\n' "$end"
}
published_port_conflicts() {
local port="$1"
local line
while IFS= read -r line; do
[ -n "$line" ] || continue
case "$line" in
"${CLIENT_CONTAINER_NAME}"$'\t'*) ;;
*) printf '%s\n' "$line" ;;
esac
done < <(docker ps --filter "publish=${port}" --format '{{.Names}} {{.Ports}}')
}
proxy_port_conflicts() {
local start="$1"
local end
local port
local conflicts
end="$(port_range_end "$start")"
for port in $(seq "$start" "$end"); do
conflicts="$(published_port_conflicts "$port")"
if [ -n "$conflicts" ]; then
printf 'port %s: %s\n' "$port" "$conflicts"
fi
done
}
assert_proxy_port_available() {
local port="$1"
local conflicts
conflicts="$(proxy_port_conflicts "$port")"
if [ -z "$conflicts" ]; then
return 0
fi
printf '[vpn-proxy-client] proxy port range %s-%s is already used:\n%s\n' \
"$port" "$(port_range_end "$port")" "$conflicts" >&2
die "choose another proxy port with VPN_PROXY_CLIENT_PORT=<port> or stop the conflicting container"
}
assert_single_port_available() {
local label="$1"
local port="$2"
local conflicts
conflicts="$(published_port_conflicts "$port")"
if [ -z "$conflicts" ]; then
return 0
fi
printf '[vpn-proxy-client] %s port %s is already used:\n%s\n' \
"$label" "$port" "$conflicts" >&2
die "choose another ${label} port or stop the conflicting container"
}
first_free_port() {
local start="$1"
local port
for port in $(seq "$start" 65535); do
if [ -z "$(published_port_conflicts "$port")" ]; then
printf '%s\n' "$port"
return 0
fi
done
return 1
}
choose_ui_port() {
local value="$1"
local suggested
if ! is_valid_port "$value"; then
die "CLIENT_UI_PORT must be a port from 1024 to 65535"
fi
if [ -z "$(published_port_conflicts "$value")" ]; then
printf '%s\n' "$value"
return 0
fi
if [ -n "$REQUESTED_UI_PORT" ] || [ ! -r /dev/tty ]; then
assert_single_port_available "UI" "$value"
fi
suggested="$(first_free_port "$((value + 1))" || true)"
suggested="${suggested:-3457}"
while true; do
printf 'UI port %s is busy. Choose UI port [%s]: ' "$value" "$suggested" >/dev/tty
IFS= read -r value </dev/tty || value=""
value="${value:-$suggested}"
if is_valid_port "$value" && [ -z "$(published_port_conflicts "$value")" ]; then
printf '%s\n' "$value"
return 0
fi
printf 'Enter a free port from 1024 to 65535.\n' >/dev/tty
done
}
assert_ui_outside_proxy_range() {
if [ "$UI_PORT" -ge "$PROXY_PORT" ] && [ "$UI_PORT" -le "$PROXY_PORT_END" ]; then
die "UI port ${UI_PORT} overlaps proxy port range ${PROXY_PORT}-${PROXY_PORT_END}"
fi
}
wait_for_client_ui() {
local ui_port="${UI_PORT:-3456}"
local ui_url="http://127.0.0.1:${ui_port}/api/state"
local attempt
for attempt in $(seq 1 30); do
if curl -fsS "$ui_url" >/dev/null 2>&1; then
return 0
fi
sleep 1
done
printf '\n[vpn-proxy-client] client did not become ready at %s\n' "$ui_url" >&2
printf '[vpn-proxy-client] docker compose status:\n' >&2
docker compose -f "$COMPOSE_FILE" ps >&2 || true
printf '\n[vpn-proxy-client] recent service logs:\n' >&2
docker compose -f "$COMPOSE_FILE" logs --tail=120 vpn-proxy-client >&2 || true
die "client UI is not ready; see Docker status and logs above"
}
set_env_value() {
local key="$1"
local value="$2"
local tmp
tmp="$(mktemp)"
if [ -f .env ] && grep -q "^${key}=" .env; then
awk -v key="$key" -v value="$value" '
BEGIN { prefix = key "=" }
index($0, prefix) == 1 { print key "=" value; next }
{ print }
' .env > "$tmp"
else
[ -f .env ] && cat .env > "$tmp"
printf '%s=%s\n' "$key" "$value" >> "$tmp"
fi
mv "$tmp" .env
}
get_env_value() {
local key="$1"
[ -f .env ] || return 0
awk -v key="$key" '
BEGIN { prefix = key "=" }
index($0, prefix) == 1 { print substr($0, length(prefix) + 1); exit }
' .env
}
if [[ "$(uname -s)" != "Darwin" ]]; then
die "this installer is intended for macOS"
fi
need git
need docker
need curl
docker compose version >/dev/null 2>&1 || die "Docker Compose plugin is required"
docker info >/dev/null 2>&1 || die "Docker Desktop is not running"
if [[ -d "$INSTALL_DIR/.git" ]]; then
log "updating $INSTALL_DIR"
git -C "$INSTALL_DIR" fetch origin "$BRANCH"
git -C "$INSTALL_DIR" checkout "$BRANCH"
git -C "$INSTALL_DIR" pull --ff-only origin "$BRANCH"
else
log "cloning $REPO_URL#$BRANCH to $INSTALL_DIR"
mkdir -p "$(dirname "$INSTALL_DIR")"
git clone --branch "$BRANCH" "$REPO_URL" "$INSTALL_DIR"
fi
cd "$INSTALL_DIR"
if [[ ! -f .env && -f .env.example ]]; then
cp .env.example .env
fi
PROXY_PORT="$(ask_proxy_port)"
assert_proxy_port_available "$PROXY_PORT"
PROXY_PORT_END="$(port_range_end "$PROXY_PORT")"
UI_PORT="${REQUESTED_UI_PORT:-$(get_env_value CLIENT_UI_PORT)}"
UI_PORT="${UI_PORT:-3456}"
UI_PORT="$(choose_ui_port "$UI_PORT")"
assert_ui_outside_proxy_range
set_env_value APP_MODE client
set_env_value CLIENT_UI_PORT "$UI_PORT"
set_env_value CLIENT_PROXY_PORT "$PROXY_PORT"
set_env_value CLIENT_PROXY_PORT_START "$PROXY_PORT"
set_env_value CLIENT_PROXY_PORT_END "$PROXY_PORT_END"
set_env_value PROXY_PORT "$PROXY_PORT"
log "UI port: http://127.0.0.1:${UI_PORT}"
log "proxy port: 127.0.0.1:${PROXY_PORT} (reserved range ${PROXY_PORT}-${PROXY_PORT_END})"
log "building and starting Docker client"
docker compose -f "$COMPOSE_FILE" up -d --build
wait_for_client_ui
cat <<EOF
VPN Proxy Client is running.
UI:
http://127.0.0.1:${UI_PORT}
Proxy:
HTTP/SOCKS5 127.0.0.1:${PROXY_PORT}
UI can switch proxy port within the Docker-published ${PROXY_PORT}-${PROXY_PORT_END} range.
Useful commands:
cd ~/.vpn-proxy-client
docker compose -f docker-compose.client.yml logs -f
docker compose -f docker-compose.client.yml restart
docker compose -f docker-compose.client.yml down
Optional macOS system proxy example:
networksetup -setwebproxy Wi-Fi 127.0.0.1 ${PROXY_PORT}
networksetup -setsecurewebproxy Wi-Fi 127.0.0.1 ${PROXY_PORT}
networksetup -setsocksfirewallproxy Wi-Fi 127.0.0.1 ${PROXY_PORT}
Disable later:
networksetup -setwebproxystate Wi-Fi off
networksetup -setsecurewebproxystate Wi-Fi off
networksetup -setsocksfirewallproxystate Wi-Fi off
EOF
Reference in New Issue View Git Blame Copy Permalink