Make it possible to overwrite port/secret/tag from docker command-line

8dd45117 · Сергей Прохоров · 34eb21dc · 8dd45117 · 8dd45117 · 8dd45117
Unverified Commit 8dd45117 authored Feb 16, 2019 by Сергей Прохоров
Show whitespace changes
Inline Side-by-side

Showing with 107 additions and 21 deletions

Dockerfile Dockerfile +3 -4

README.md README.md +48 -16

sys.config.example config/sys.config.example +3 -1

start.sh start.sh +53 -0

No files found.
--- a/Dockerfile
+++ b/Dockerfile
@@ -22,9 +22,8 @@ RUN apk add --no-cache openssl && \
    apk add --no-cache ncurses-libs && \
    apk add --no-cache dumb-init
-RUN mkdir -p /opt
+RUN mkdir -p /opt /var/log/mtproto-proxy
-RUN mkdir -p /var/log/mtproto-proxy
+COPY start.sh /bin/start.sh
 COPY --from=builder /build/mtproto_proxy/_build/prod/rel/mtp_proxy /opt/mtp_proxy
-ENTRYPOINT ["/usr/bin/dumb-init", "--"]
+ENTRYPOINT ["/usr/bin/dumb-init", "--", "/bin/start.sh"]
-CMD ["/opt/mtp_proxy/bin/mtp_proxy", "foreground"]
--- a/README.md
+++ b/README.md
@@ -12,14 +12,34 @@ Features
 * Secure-only mode (only allow connections with 'dd'-secrets). See `allowed_protocols` option.
 * Multiple ports with unique secret and promo tag for each port
 * Automatic configuration reload (no need for restarts once per day)
-* Most of the configuration options might be updated without service restart
+* Most of the configuration options can be updated without service restart
 * Very high performance - can handle tens of thousands connections! Scales to all CPU cores.
-* Small codebase compared to oficial one
+* Small codebase compared to official one
 * A lots of metrics could be exported (optional)
 How to start - docker
 ---------------------
+### To run with default settings
+```bash
+docker run -d --network=host seriyps/mtproto-proxy
+```
+### To run on single port with custom port, secret and ad-tag
+```bash
+docker run -d --network=host seriyps/mtproto-proxy -p 443 -s d0d6e111bada5511fcce9584deadbeef -t dcbe8f1493fa4cd9ab300891c0b5b326
+```
+Where
+* `-p 443` proxy port
+* `-s d0d6e111bada5511fcce9584deadbeef` proxy secret (don't append `dd`! it should be 32 chars long!)
+* `-t dcbe8f1493fa4cd9ab300891c0b5b326` ad-tag that you get from [@MTProxybot](https://t.me/MTProxybot)
+### To run with custom config-file
 1. Get the code `git clone https://github.com/seriyps/mtproto_proxy.git && cd mtproto_proxy/`
 2. Copy config templates `cp config/{vm.args.example,prod-vm.args}; cp config/{sys.config.example,prod-sys.config}`
 3. Edit configs. See [Settings](#settings).
@@ -30,10 +50,10 @@ Installation via docker can work well for small setups (10-20k connections), but
 for more heavily-loaded setups it's recommended to install proxy directly into
 your server's OS (see below).
-How to start without docker - quick
+How to start OS-install - quick
 -----------------------------------
-```
+```bash
 sudo apt install erlang-nox erlang-dev build-essential
 git clone https://github.com/seriyps/mtproto_proxy.git
 cd mtproto_proxy/
@@ -46,13 +66,13 @@ sudo systemctl enable mtproto-proxy
 sudo systemctl start mtproto-proxy
 ```
-How to start without docker - detailed
+How to start OS-install - detailed
 --------------------------------------
 ### Install deps (ubuntu 18.04)
-```
+```bash
 sudo apt install erlang-nox erlang-dev build-essential
 ```
@@ -62,7 +82,7 @@ or use [kerl](https://github.com/kerl/kerl).
 ### Get the code:
-```
+```bash
 git clone https://github.com/seriyps/mtproto_proxy.git
 cd mtproto_proxy/
 ```
@@ -73,7 +93,7 @@ see [Settings](#settings).
 ### Build and install
-```
+```bash
 make && sudo make install
 ```
@@ -84,9 +104,19 @@ This will:
 * create a directory for logs in `/var/log/mtproto-proxy`
 * Configure ulimit of max open files and `CAP_NET_BIND_SERVICE` by systemd
-### Start and enable start on system start-up
+### Try to start in foreground mode
+This step is optional, but it can be usefull to test if everything works as expected
+```bash
+./start.sh
 ```
+try to run `./start.sh -h` to learn some useful options.
+### Start in background and enable start on system start-up
+```bash
 sudo systemctl enable mtproto-proxy
 sudo systemctl start mtproto-proxy
 ```
@@ -97,13 +127,13 @@ Done! Proxy is up and ready to serve now!
 Stop:
-```
+```bash
 sudo systemctl stop mtproto-proxy
 ```
 Uninstall:
-```
+```bash
 sudo systemctl stop mtproto-proxy
 sudo systemctl disable mtproto-proxy
 sudo make uninstall
@@ -130,9 +160,11 @@ Secret key and proxy URL will be printed on start.
 The easiest way to update config right now is to edit `config/prod-sys.config`
 and then re-install proxy by
-```
+```bash
 sudo make uninstall && make && sudo make install
 ```
 There are other ways as well. It's even possible to update configuration options
 without service restart / without downtime, but it's a bit trickier.
@@ -140,7 +172,7 @@ without service restart / without downtime, but it's a bit trickier.
 To change default settings, change `mtproto_proxy` section of `prod-sys.config` as:
-```
+```erlang
 {mtproto_proxy,
  %% see src/mtproto_proxy.app.src for examples.
  %% DO NOT EDIT src/mtproto_proxy.app.src!!!
@@ -164,7 +196,7 @@ To change default settings, change `mtproto_proxy` section of `prod-sys.config`
 You can start proxy on many IP addresses or ports with different secrets/ad tags.
 To do so, just add more configs to `ports` section, separated by comma, eg:
-```
+```erlang
 {mtproto_proxy,
  %% see src/mtproto_proxy.app.src for examples.
  %% DO NOT EDIT src/mtproto_proxy.app.src!!!
@@ -194,7 +226,7 @@ Each section should have unique `name`!
 It might be useful in Iran, where proxies are detected by DPI.
 You should disable all protocols other than `mtp_secure` by providing `allowed_protocols` option:
-```
+```erlang
  {mtproto_proxy,
   [
    {allowed_protocols, [mtp_secure]},
@@ -209,6 +241,6 @@ Helpers
 Number of connections
-```
+```erlang
 /opt/mtp_proxy/bin/mtp_proxy eval 'lists:sum([proplists:get_value(all_connections, L) || {_, L} <- ranch:info()]).'
 ```
--- a/config/sys.config.example
+++ b/config/sys.config.example
@@ -38,5 +38,7 @@
       %% Rotate when file size is 100MB+
       {size, 104857600}
      ]}
-    ]}]}
+    ]}]},
+ {sasl,
+  [{errlog_type, error}]}
 ].
--- a/start.sh
+++ b/start.sh
+#!/bin/sh
+# Script that helps to overwrite port/secret/ad tag from command line without changing config-files
+CMD="/opt/mtp_proxy/bin/mtp_proxy foreground"
+THIS=$0
+usage() {
+    echo "Usage:"
+    echo "To run with settings from config/prod-sys.config:"
+    echo "${THIS}"
+    echo "To start in single-port mode configured from command-line:"
+    echo "${THIS} -p <port> -s <secret> -t <ad tag>"
+}
+error() {
+    echo "ERROR: ${1}"
+    usage
+    exit 1
+}
+NUM_OPTS=0
+PORT=""
+SECRET=""
+TAG=""
+while getopts "p:s:t:h" o; do
+    case "${o}" in
+        p)
+            PORT=${OPTARG}
+            test ${PORT} -gt 0 -a ${PORT} -lt 65535 || error "Invalid port value: ${PORT}"
+            ;;
+        s)
+            SECRET=${OPTARG}
+            [ -n "`echo $SECRET | grep -x '[[:xdigit:]]\{32\}'`" ] || error "Invalid secret. Should be 32 chars of 0-9 a-f"
+            ;;
+        t)
+            TAG=${OPTARG}
+            [ -n "`echo $TAG | grep -x '[[:xdigit:]]\{32\}'`" ] || error "Invalid tag. Should be 32 chars of 0-9 a-f"
+            ;;
+        h)
+            usage
+            exit 0
+    esac
+    NUM_OPTS=$((NUM_OPTS + 1))
+done
+if [ $NUM_OPTS -eq 0 ]; then
+    exec $CMD
+elif [ $NUM_OPTS -eq 3 ]; then
+    exec $CMD -mtproto_proxy ports "[#{name => mtproto_proxy, port => $PORT, secret => <<\"$SECRET\">>, tag => <<\"$TAG\">>}]"
+else
+    error "Not enough options: -p '${PORT}' -s '${SECRET}' -t '${TAG}'"
+fi