-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdeploy
executable file
·114 lines (91 loc) · 2.75 KB
/
deploy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
#!/usr/bin/env bash
#
# Generate fly.toml for a new app and deploy the bridge.
set -Eeuo pipefail
command -v jq >/dev/null || {
echo "ERROR: 'jq' not found, please install it."
exit 1
}
command -v flyctl >/dev/null || {
echo "ERROR: 'flyctl' not found, please install it."
exit 1
}
# EMAIL is mandatory.
export email="${EMAIL}"
# REGION is optional. See `flyctl platform regions` for the full list.
export region="${REGION:-fra}"
# fly.toml should not exist.
if [[ -e 'fly.toml' ]]; then
echo 'ERROR: fly.toml already exists.'
exit 1
fi
# Generate random app name.
export app="bridge-$(tr -dc '0-9a-z' </dev/urandom | dd bs=8 count=1 2>/dev/null)"
echo "If something goes wrong, run 'flyctl apps destroy ${app}' and start again."
echo
# Create app, allocate IP address, create volume.
flyctl launch --name "${app}" --region "${region}" --image thetorproject/obfs4-bridge:latest --no-deploy
config="${app}-fly.toml"
mv fly.toml "${config}"
flyctl ips allocate-v4 --config "${config}"
flyctl volumes create fly_obfs4 --region "${region}" --size 1 --config "${config}"
# Read IPv4 address.
export addr="$(flyctl ips list --json --config "${config}" |
jq --raw-output '.[] | select(.Type == "v4") | .Address')"
# Generate both ports in one go to make sure they are not equal.
ports="$(shuf -i 1024-65535 -n 2)"
export or_port="$(echo "${ports}" | head -n1)"
export pt_port="$(echo "${ports}" | tail -n1)"
# References:
# https://community.torproject.org/relay/setup/bridge/docker/
# https://helpmanual.io/man5/torrc/
cat <<EOF >"${config}"
app = "${app}"
kill_signal = "SIGINT"
kill_timeout = 5
[build]
image = "thetorproject/obfs4-bridge:latest"
[env]
EMAIL = "${email}"
OR_PORT = """${addr}:${or_port} NoListen
ORPort 0.0.0.0:${or_port} NoAdvertise"""
PT_PORT = "${pt_port}"
OBFS4_ENABLE_ADDITIONAL_VARIABLES = "1"
OBFS4V_AccountingMax = "33 GBytes"
OBFS4V_AccountingRule = "out"
OBFS4V_AccountingStart = "month 1 00:00"
[mounts]
source = "fly_obfs4"
destination = "/var/lib/tor"
[[services]]
internal_port = ${or_port}
processes = ["app"]
protocol = "tcp"
[services.concurrency]
hard_limit = 25
soft_limit = 20
type = "connections"
[[services.ports]]
port = ${or_port}
[[services.tcp_checks]]
grace_period = "1s"
interval = "15s"
restart_limit = 0
timeout = "2s"
[[services]]
# The PT port must be defined second for the get-bridge-line script to work.
internal_port = ${pt_port}
processes = ["app"]
protocol = "tcp"
[[services.ports]]
port = ${pt_port}
[[services.tcp_checks]]
grace_period = "1s"
interval = "15s"
restart_limit = 0
timeout = "2s"
EOF
# Deploy
flyctl deploy --config "${config}"
echo
echo "Run 'CONFIG="${config}" ./show-bridge-line' to display the client configuration."