replace sniproxy with nginx

Seji64 · Apr 2, 2024 · 2f3f7ff · 2f3f7ff
1 parent ba78e05
commit 2f3f7ff
Show file tree

Hide file tree

Showing 8 changed files with 82 additions and 115 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -20,51 +20,47 @@ ENV SPOOF_ALL_DOMAINS=false
 ENV DNYDNS_CRON_SCHEDULE="*/15 * * * *"
 
 # HEALTHCHECKS
-HEALTHCHECK --interval=30s --timeout=3s CMD (pgrep "dnsdist" > /dev/null && pgrep "sniproxy" > /dev/null) || exit 1
+HEALTHCHECK --interval=30s --timeout=3s CMD (pgrep "dnsdist" > /dev/null && pgrep "nginx" > /dev/null) || exit 1
 
 # Expose Ports
 EXPOSE 5300/udp
-EXPOSE 80/tcp
-EXPOSE 443/tcp
+EXPOSE 8080/tcp
+EXPOSE 8443/tcp
 EXPOSE 8083/tcp
 
 RUN echo "I'm building for $TARGETPLATFORM"
 
 # Update Base
 RUN apk update && apk upgrade
 
+# Create Users
+RUN addgroup snidust && adduser -D -H -G snidust snidust
+
 # Install needed packages and clean up
-RUN apk add --no-cache tini dnsdist curl bash gnupg procps ca-certificates openssl dog lua5.4-filesystem ipcalc libcap && rm -rf /var/cache/apk/*
+RUN apk add --no-cache tini dnsdist curl bash gnupg procps ca-certificates openssl dog lua5.4-filesystem ipcalc libcap nginx nginx-mod-stream && rm -rf /var/cache/apk/*
 
 # Setup Folder(s)
 RUN mkdir -p /etc/dnsdist/conf.d && \
     mkdir -p /etc/snidust/ && \
     mkdir -p /etc/sniproxy/
 
-# Download and install sniproxy
-RUN ARCH=$(case ${TARGETPLATFORM:-linux/amd64} in \
-    "linux/amd64")   echo "amd64"  ;; \
-    "linux/arm/v7")  echo "arm"   ;; \
-    "linux/arm64")   echo "arm64" ;; \
-    *)               echo ""        ;; esac) \
-  && echo "ARCH=$ARCH" \
-  && curl -sSL https://github.com/mosajjal/sniproxy/releases/download/v2.0.4/sniproxy-v2.0.4-linux-${ARCH}.tar.gz | tar xvz \
-  && chmod +x sniproxy && install sniproxy /usr/local/bin && setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/sniproxy && rm sniproxy
-
 # Copy Files
 COPY configs/dnsdist/dnsdist.conf.template /etc/dnsdist/dnsdist.conf.template
 COPY configs/dnsdist/conf.d/00-SniDust.conf /etc/dnsdist/conf.d/00-SniDust.conf
+COPY configs/nginx/nginx.conf /etc/nginx/nginx.conf
 COPY domains.d /etc/snidust/domains.d
-COPY configs/sniproxy/config.yaml /etc/sniproxy/config.yaml
 
 COPY entrypoint.sh /entrypoint.sh
 COPY generateACL.sh /generateACL.sh
 COPY dynDNSCron.sh /dynDNSCron.sh
 
-RUN addgroup snidust && adduser -D -H -G snidust snidust
+
 
 RUN chown -R snidust:snidust /etc/dnsdist/ && \
-    chown -R snidust:snidust /etc/sniproxy/ && \
+    chown -R snidust:snidust /etc/nginx/ && \
+    chown -R snidust:snidust /var/log/nginx/ && \
+    chown -R snidust:snidust /var/lib/nginx/ && \
+    chown -R snidust:snidust /run/nginx/ && \
     chmod +x /entrypoint.sh && \
     chmod +x /generateACL.sh && \
     chmod +x dynDNSCron.sh

diff --git a/README.md b/README.md
@@ -22,22 +22,22 @@ You will need a VPS or a Root Server where you can install [Docker](https://www.
 
 ```
 ## run this in your terminal or use your webbrowser
-curl https://ifconfig.me
+curl https://ifconfig.co
 ```
 For this **example**  lets assume your public ip (of your *client*) is `10.111.123.7`
 Since version `v1.0.8` you can also use DynDNS. In this case just use your DynDNS domain eg. `myDynDNSDomain.no-ip.com`
 
 ### Get your IP of your Server
 
 ```
-curl https://ifconfig.me
+curl https://ifconfig.co
 ```
 For this **example** lets assume your public ip (of your *server*) is `10.111.123.8`
 
 ### Run SniDust on your Server
 
 ```
-docker run -d --name snidust -e ALLOWED_CLIENTS="127.0.0.1, 10.111.123.7, myDynDNSDomain.no-ip.com" -e EXTERNAL_IP=10.111.123.8 -p 443:443 -p 80:80 -p 53:5300/udp ghcr.io/seji64/snidust:main
+docker run -d --name snidust -e ALLOWED_CLIENTS="127.0.0.1, 10.111.123.7, myDynDNSDomain.no-ip.com" -e EXTERNAL_IP=10.111.123.8 -p 443:8443 -p 80:8080 -p 53:5300/udp ghcr.io/seji64/snidust:main
 ```
 
 Or if you use docker compose:
@@ -48,12 +48,12 @@ services:
     snidust:
         container_name: snidust
         environment:
-            - ALLOWED_CLIENTS=127.0.0.1, 10.111.123.7, myDynDNSDomain.no-ip.com
-            - EXTERNAL_IP=10.111.123.8
+            - 'ALLOWED_CLIENTS=127.0.0.1, 10.111.123.7, myDynDNSDomain.no-ip.com'
+            - 'EXTERNAL_IP=10.111.123.8'
             - SPOOF_ALL_DOMAINS=false # Set to true (case sensitive!) if you want to spoof ALL domains.
         ports:
-            - 443:443
-            - 80:80
+            - 443:8443
+            - 80:8080
             - 53:5300/udp
         image: 'ghcr.io/seji64/snidust:main'
 ```
@@ -136,7 +136,7 @@ Create a file with the name `99-custom.lst`. Insert all your custom domains in t
 #### Mount it
 
 ```bash
-docker run --name snidust -e ALLOWED_CLIENTS="127.0.0.1, 10.111.123.7" -e EXTERNAL_IP=10.111.123.8 -p 443:443 -p 80:80 -p 53:5300/udp -v ~/99-custom.lst:/etc/snidust/domains.d/99-custom.lst:ro ghcr.io/seji64/snidust:main
+docker run --name snidust -e ALLOWED_CLIENTS="127.0.0.1, 10.111.123.7" -e EXTERNAL_IP=10.111.123.8 -p 443:8443 -p 80:8080 -p 53:5300/udp -v ~/99-custom.lst:/etc/snidust/domains.d/99-custom.lst:ro ghcr.io/seji64/snidust:main
 ```
 
 Or if you use docker-compose:
@@ -150,8 +150,8 @@ services:
             - 'ALLOWED_CLIENTS=127.0.0.1, 10.111.123.7'
             - EXTERNAL_IP=10.111.123.8
         ports:
-            - '443:443'
-            - '80:80'
+            - '443:8443'
+            - '80:8080'
             - '53:5300/udp'
         volumes:
             - '~/99-custom.lst:/etc/snidust/domains.d/99-custom.lst:ro'
@@ -188,8 +188,8 @@ services:
             - 'ALLOWED_CLIENTS_FILE=/tmp/myacls.acl'
             - EXTERNAL_IP=10.111.123.8
         ports:
-            - '443:443'
-            - '80:80'
+            - '443:8443'
+            - '80:8080'
             - '53:5300/udp'
         volumes:
             - '~/myacls.acl:/tmp/myacls.acl:ro'

diff --git a/configs/dnsdist/conf.d/00-SniDust.conf b/configs/dnsdist/conf.d/00-SniDust.conf
@@ -57,7 +57,7 @@ function ReloadACL(dq)
     dq.dh:setQR(true)
 
     infolog("[INFO] [SniDust] *** Reloading ACL... ***")
-    os.execute("/generateACL.sh && touch /tmp/reload_sni_proxy && PID_SNIPROXY=$(pidof sniproxy) && kill -HUP $PID_SNIPROXY")
+    os.execute("/generateACL.sh && /usr/sbin/nginx -s reload")
     setACLFromFile("/etc/dnsdist/allowedClients.acl")
     infolog("[INFO] [SniDust] *** ACL reload complete! ***")
 

diff --git a/configs/nginx/nginx.conf b/configs/nginx/nginx.conf
@@ -0,0 +1,42 @@
+load_module '/usr/lib/nginx/modules/ngx_stream_module.so';
+worker_processes  auto;
+worker_rlimit_nofile 35000;
+events {
+    worker_connections  15000;
+    multi_accept off;
+}
+
+http {
+
+     access_log /var/log/nginx/access.log;
+     error_log /var/log/nginx/error.log;
+     server {
+            listen 8080 default_server;
+            listen [::]:8080 default_server;
+            resolver 8.8.8.8 ipv6=off;
+            include /etc/nginx/allowedClients.conf;
+            location / {
+                proxy_pass http://$host$request_uri;
+            }
+    }
+
+}
+
+
+stream {
+   log_format basic '$remote_addr [$time_local] '
+                     '$protocol $status $bytes_sent $bytes_received '
+                     '$session_time';
+
+   access_log /var/log/nginx/access.log basic;
+   error_log  /var/log/nginx/error.log error;
+
+   server {
+        resolver 1.1.1.1 ipv6=off;
+        listen 8443;
+        include /etc/nginx/allowedClients.conf;
+        ssl_preread on;
+        proxy_connect_timeout 5s;
+        proxy_pass $ssl_preread_server_name:443;
+    }
+}
diff --git a/configs/sniproxy/config.yaml b/configs/sniproxy/config.yaml
diff --git a/dynDNSCron.sh b/dynDNSCron.sh
@@ -11,8 +11,7 @@ else
   echo "[ERROR] [DnyDNSCron] Failed to reload DnsDist ACL config!"
 fi
 
-touch /tmp/reload_sni_proxy
-echo "[INFO] [DnyDNSCron] Reloading/Restarting Sniproxy..."
-PID_SNIPROXY=$(pidof sniproxy)
-kill -HUP $PID_SNIPROXY
-echo "[INFO] [DnyDNSCron] Sniproxy successfully reloaded/restarted"
+
+echo "[INFO] [DnyDNSCron] reloading nginx..."
+/usr/sbin/nginx -s reload
+echo "[INFO] [DnyDNSCron] ngix successfully reloaded"
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -28,7 +28,7 @@ source generateACL.sh
 set -e
 
 
-echo "[INFO] Generating DNSDist Configs..."
+echo "[INFO] Generating DNSDist Config..."
 /bin/bash /etc/dnsdist/dnsdist.conf.template > /etc/dnsdist/dnsdist.conf
 
 if [ "$DYNDNS_CRON_ENABLED" = true ];
@@ -41,16 +41,9 @@ fi
 echo "[INFO] Starting DNSDist..."
 /usr/bin/dnsdist -C /etc/dnsdist/dnsdist.conf --supervised --disable-syslog --uid snidust --gid snidust &
 
-echo "[INFO] Starting sniproxy"
-(until /usr/local/bin/sniproxy --config "/etc/sniproxy/config.yaml"; do
-    if [ -f "/tmp/reload_sni_proxy" ];
-    then
-      # ignore => restarted by cron
-      rm -f /tmp/reload_sni_proxy
-    else
-      echo "[WARN] sniproxy crashed with exit code $?. Restarting..." >&2
-    fi
-    sleep 1
-done) &
+
+echo "[INFO] Starting nginx.."
+nginx
+
 echo "[INFO] Using $EXTERNAL_IP - Point your DNS settings to this address"
 wait -n
diff --git a/generateACL.sh b/generateACL.sh
@@ -37,8 +37,12 @@ fi
 
 if [ -f "/etc/dnsdist/allowedClients.acl" ];
 then
+  echo "" > etc/nginx/allowedClients.conf
   while read -r line
   do
-      echo "$line,allow" >> /etc/sniproxy/allowedClients.acl
+      echo "allow $line;" >> /etc/nginx/allowedClients.conf
   done < "/etc/dnsdist/allowedClients.acl"
+  echo "deny  all;" >> /etc/nginx/allowedClients.conf
+else
+  touch /etc/nginx/allowedClients.conf
 fi