-
Notifications
You must be signed in to change notification settings - Fork 112
/
Copy pathentrypoint.sh
executable file
·79 lines (67 loc) · 2.71 KB
/
entrypoint.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
#!/bin/bash
# exit when any command fails
set -e
# create a tun device if not exist
# allow passing device to ensure compatibility with Podman
if [ ! -e /dev/net/tun ]; then
sudo mkdir -p /dev/net
sudo mknod /dev/net/tun c 10 200
sudo chmod 600 /dev/net/tun
fi
# start dbus
sudo mkdir -p /run/dbus
if [ -f /run/dbus/pid ]; then
sudo rm /run/dbus/pid
fi
sudo dbus-daemon --config-file=/usr/share/dbus-1/system.conf
# start the daemon
sudo warp-svc --accept-tos &
# sleep to wait for the daemon to start, default 2 seconds
sleep "$WARP_SLEEP"
# if /var/lib/cloudflare-warp/reg.json not exists, setup new warp client
if [ ! -f /var/lib/cloudflare-warp/reg.json ]; then
# if /var/lib/cloudflare-warp/mdm.xml not exists or REGISTER_WHEN_MDM_EXISTS not empty, register the warp client
if [ ! -f /var/lib/cloudflare-warp/mdm.xml ] || [ -n "$REGISTER_WHEN_MDM_EXISTS" ]; then
warp-cli registration new && echo "Warp client registered!"
# if a license key is provided, register the license
if [ -n "$WARP_LICENSE_KEY" ]; then
echo "License key found, registering license..."
warp-cli registration license "$WARP_LICENSE_KEY" && echo "Warp license registered!"
fi
fi
# connect to the warp server
warp-cli --accept-tos connect
else
echo "Warp client already registered, skip registration"
fi
# disable qlog if DEBUG_ENABLE_QLOG is empty
if [ -z "$DEBUG_ENABLE_QLOG" ]; then
warp-cli --accept-tos debug qlog disable
else
warp-cli --accept-tos debug qlog enable
fi
# if WARP_ENABLE_NAT is provided, enable NAT and forwarding
if [ -n "$WARP_ENABLE_NAT" ]; then
# switch to warp mode
echo "[NAT] Switching to warp mode..."
warp-cli --accept-tos mode warp
warp-cli --accept-tos connect
# wait another seconds for the daemon to reconfigure
sleep "$WARP_SLEEP"
# enable NAT
echo "[NAT] Enabling NAT..."
sudo nft add table ip nat
sudo nft add chain ip nat WARP_NAT { type nat hook postrouting priority 100 \; }
sudo nft add rule ip nat WARP_NAT oifname "CloudflareWARP" masquerade
sudo nft add table ip mangle
sudo nft add chain ip mangle forward { type filter hook forward priority mangle \; }
sudo nft add rule ip mangle forward tcp flags syn tcp option maxseg size set rt mtu
sudo nft add table ip6 nat
sudo nft add chain ip6 nat WARP_NAT { type nat hook postrouting priority 100 \; }
sudo nft add rule ip6 nat WARP_NAT oifname "CloudflareWARP" masquerade
sudo nft add table ip6 mangle
sudo nft add chain ip6 mangle forward { type filter hook forward priority mangle \; }
sudo nft add rule ip6 mangle forward tcp flags syn tcp option maxseg size set rt mtu
fi
# start the proxy
gost $GOST_ARGS