diff --git a/internal/controller/maker/hsnet.go b/internal/controller/maker/hsnet.go index 7f33860..24c2053 100644 --- a/internal/controller/maker/hsnet.go +++ b/internal/controller/maker/hsnet.go @@ -28,9 +28,7 @@ ExecStartPre=-/usr/local/bin/k0s ctr -n hs-net container rm hs-net ExecStart=/usr/local/bin/k0s ctr -n hs-net run \ --net-host \ --privileged \ - --cgroup host \ --env LD_LIBRARY_PATH=/yizhisec/hs_net \ - --env RUSTFLAGS="-C target-cpu=nehalem" \ --env RUST_BACKTRACE=1 \ --mount type=bind,src=/etc/localtime,dst=/etc/localtime,options=rbind:ro \ --mount type=bind,src=/etc/hosts,dst=/etc/hosts,options=rbind:ro \ @@ -43,6 +41,8 @@ ExecStart=/usr/local/bin/k0s ctr -n hs-net run \ --mount type=bind,src=/yizhisec/hs_net/conf,dst=/etc/hs_net,options=rbind:rw \ hub.yizhisec.com/hybridscope/hsnet:release_2.1.0-std hs-net +# --cgroup host \ +# --env RUSTFLAGS="-C target-cpu=nehalem" \ # 重启策略 Restart=on-failure RestartSec=5s diff --git a/internal/controller/maker/proxy.go b/internal/controller/maker/proxy.go new file mode 100644 index 0000000..d7ef52e --- /dev/null +++ b/internal/controller/maker/proxy.go @@ -0,0 +1,86 @@ +package maker + +import ( + "context" + "os" + "path/filepath" + + "gitea.loveuer.com/yizhisec/pkg3/logger" + "yizhisec.com/hsv2/forge/internal/opt" + "yizhisec.com/hsv2/forge/pkg/downloader" +) + +// make proxy for 8443, 443 +// by caddy, managed by systemd +// steps: +// 1. download caddy release binary: url(https://artifactory.yizhisec.com:443/artifactory/filestore/hsv2/bin/caddy) +// 2. generate caddyfile +// 3. generate systemd service file +func (m *maker) Proxy(ctx context.Context) error { + const ( + binURL = "https://artifactory.yizhisec.com:443/artifactory/filestore/hsv2/bin/caddy" + caddyfileTpl = `:8443 { + reverse_proxy __UPSTREAM_8443__ +} + +:443 { + reverse_proxy __UPSTREAM_443__ +}` + systemdSvc = `[Unit] +Description=YiZhiSec Caddy Reverse Proxy +After=network.target + +[Service] +Type=simple +User=root +ExecStart=/usr/local/bin/caddy run --config /etc/caddy/Caddyfile +StandardOutput=journal +StandardError=journal +Nice=-20 +Restart=always +RestartSec=15 + +[Install] +WantedBy=multi-user.target` + ) + + location := filepath.Join(opt.Cfg.Make.Dir, "dependency", "proxy") + + logger.Info("☑️ maker.Proxy: 开始构建 caddy 反向代理...") + logger.Debug("☑️ maker.Proxy: 创建目录 %s", location) + if err := os.MkdirAll(location, 0755); err != nil { + logger.Debug("❌ maker.Proxy: 创建目录失败: %v", err) + return err + } + logger.Debug("✅ maker.Proxy: 创建目录 %s 成功", location) + + logger.Debug("☑️ maker.Proxy: 下载 caddy 二进制..., url = %s, dest = %s", binURL, filepath.Join(location, "caddy")) + if err := downloader.Download( + ctx, + binURL, + filepath.Join(location, "caddy"), + downloader.WithInsecureSkipVerify(), + downloader.WithFileMode(0755), + ); err != nil { + logger.Debug("❌ maker.Proxy: 下载 caddy 失败, url = %s, err = %v", binURL, err) + return err + } + logger.Debug("✅ maker.Proxy: 下载 caddy 成功, url = %s", binURL) + + logger.Debug("☑️ maker.Proxy: 写入 Caddyfile 文件..., dest = %s", filepath.Join(location, "Caddyfile")) + if err := os.WriteFile(filepath.Join(location, "Caddyfile"), []byte(caddyfileTpl), 0644); err != nil { + logger.Debug("❌ maker.Proxy: 写入 Caddyfile 失败, dest = %s, err = %v", filepath.Join(location, "Caddyfile"), err) + return err + } + logger.Debug("✅ maker.Proxy: 写入 Caddyfile 文件成功, dest = %s", filepath.Join(location, "Caddyfile")) + + logger.Debug("☑️ maker.Proxy: 写入 caddy.service 文件..., dest = %s", filepath.Join(location, "caddy.service")) + if err := os.WriteFile(filepath.Join(location, "caddy.service"), []byte(systemdSvc), 0644); err != nil { + logger.Debug("❌ maker.Proxy: 写入 caddy.service 失败, dest = %s, err = %v", filepath.Join(location, "caddy.service"), err) + return err + } + logger.Debug("✅ maker.Proxy: 写入 caddy.service 文件成功, dest = %s", filepath.Join(location, "caddy.service")) + + logger.Info("✅ maker.Proxy: 构建 caddy 反向代理成功!!!") + return nil +}