chchang
/
hugo_backup
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5659782624'
${ noResults }
hugo_backup/public/post/init-script-in-openwrt-to-s.../index.html

691 lines
22 KiB
Raw Blame History Escape

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

<!DOCTYPE html>
<html lang="en-us">
<head><meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<script type="application/ld+json">
{
"@context" : "http://schema.org",
"@type" : "BlogPosting",
"mainEntityOfPage": {
"@type": "WebPage",
"@id": "https:\/\/h.cowbay.org"
},
"articleSection" : "post",
"name" : "Init Script in Openwrt to Start Leproxy\/在openwrt 新增自動啟動leproxy的script",
"headline" : "Init Script in Openwrt to Start Leproxy\/在openwrt 新增自動啟動leproxy的script",
"description" : "\u003cp\u003e最近在逐步的把舊有的VPN Router 汰換掉改用wireguard 來作 full mesh site-to-site VPN\u003c\/p\u003e\n\u003cp\u003e不過這是另外的故事了\u0026hellip;\u003c\/p\u003e\n\u003cp\u003e在把wireguard VPN 都搞定之後,才發現原來 openwrt 的 uhttpd 要加上 letsencrypt 的免費憑證有點難搞\u003c\/p\u003e\n\u003cp\u003e網路上大部分都介紹用 acme.sh ,我是有測試出來啦\u003c\/p\u003e\n\u003cp\u003e但是跟網路上的方法不太一樣了新增了滿多步驟的覺得很麻煩\u003c\/p\u003e\n\u003cp\u003e想到向來愛用的 leproxy ,既然是 golang 開發的又是open source\u003c\/p\u003e\n\u003cp\u003e就拿來compile 給openwrt router 用用看\u003c\/p\u003e\n\u003cp\u003e想不到還真的可以 golang 真是棒!\u003c\/p\u003e\n\u003cp\u003e不過也還是要順手改一些openwrt 東西才行\u003c\/p\u003e\n\u003cp\u003e還是簡單作個筆記好了\u003c\/p\u003e",
"inLanguage" : "en",
"author" : "Eric Chang",
"creator" : "Eric Chang",
"publisher": "Eric Chang",
"accountablePerson" : "Eric Chang",
"copyrightHolder" : "Eric Chang",
"copyrightYear" : "2021",
"datePublished": "2021-09-29 14:38:10 \u002b0800 CST",
"dateModified" : "2021-09-29 14:38:10 \u002b0800 CST",
"url" : "https:\/\/h.cowbay.org\/post\/init-script-in-openwrt-to-start-leproxy\/",
"wordCount" : "312",
"image" : "https://h.cowbay.orghttps://h.cowbay.org/images/post-default-8.jpg"",
"keywords" : [ ""openwrt"","Blog" ]
}
</script>
<title>Init Script in Openwrt to Start Leproxy/在openwrt 新增自動啟動leproxy的script </title>
<meta name="description" content="some articles about job,food,passion sisters" />
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="robots" content="all,follow">
<meta name="googlebot" content="index,follow,snippet,archive">
<link rel="stylesheet" id="ct-tracks-google-fonts-css" href="https://fonts.googleapis.com/css?family=Raleway%3A400%2C700&amp;subset=latin%2Clatin-ext&amp;ver=4.7.2" type="text/css" media="all">
<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.3.1/css/all.css" integrity="sha384-mzrmE5qonljUremFsqc01SB46JvROS7bZs3IO2EmfFsd15uHvIt+Y8vEf7N7fWAU" crossorigin="anonymous">
<link href="https://h.cowbay.org/css/style.css?v=1646184926" rel="stylesheet" id="theme-stylesheet" type='text/css' media='all'>
<link href="https://h.cowbay.org/css/custom.css?v=1646184926" rel="stylesheet" type='text/css' media='all'>
<link rel="shortcut icon" href="https://h.cowbay.org/img/favicon.ico" type="image/x-icon">
<link rel="icon" href="https://h.cowbay.org/img/favicon.ico" type="image/x-icon">
<script type="application/javascript">
var doNotTrack = false;
if (!doNotTrack) {
window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)};ga.l=+new Date;
ga('create', 'UA-138954876-1', 'auto');
ga('send', 'pageview');
}
</script>
<script async src='https://www.google-analytics.com/analytics.js'></script>
</head>
<body class="post-template-default single single-post single-format-standard ct-body singular singular-post not-front standard">
<div id="overflow-container" class="overflow-container">
<a class="skip-content" href="#main">Skip to content</a>
<header id="site-header" class="site-header" role="banner">
<div class='top-navigation'>
<div class='container'>
<div id="menu-secondary" class="menu-container menu-secondary" role="navigation">
<button id="toggle-secondary-navigation" class="toggle-secondary-navigation"><i class="fas fa-plus"></i></button>
<div class="menu">
<ul id="menu-secondary-items" class="menu-secondary-items">
<li class="menu-item menu-item-type-taxonomy menu-item-object-category">
<a href="/categories/ansible">ansible</a>
</li>
<li class="menu-item menu-item-type-taxonomy menu-item-object-category">
<a href="/categories/linux">linux</a>
</li>
<li class="menu-item menu-item-type-taxonomy menu-item-object-category">
<a href="/categories/proxmox">proxmox</a>
</li>
<li class="menu-item menu-item-type-taxonomy menu-item-object-category">
<a href="/categories/ps">ps</a>
</li>
<li class="menu-item menu-item-type-taxonomy menu-item-object-category">
<a href="/categories/%E7%A2%8E%E5%BF%B5">碎念</a>
</li>
<li class="menu-item menu-item-type-taxonomy menu-item-object-category">
<a href="/categories/%E7%AD%86%E8%A8%98">筆記</a>
</li>
<li class="menu-item menu-item-type-taxonomy menu-item-object-category">
<a href="/categories/%E7%BE%A4%E6%9A%89">群暉</a>
</li>
<li class="menu-item menu-item-type-taxonomy menu-item-object-category">
<a href="/categories/%E9%9B%9C%E5%BF%B5">雜念</a>
</li>
</ul>
</div>
</div>
<ul class="social-media-icons">
<li>
<a href="full%20Social%20profile%20url%20in%20facebook" data-animate-hover="pulse" class="facebook" target="_blank">
<i class="fab fa-facebook-square" title="facebook"></i>
<span class="screen-reader-text">facebook</span>
</a>
</li>
<li>
<a href="full%20profile%20url%20in%20googleplus" data-animate-hover="pulse" class="gplus" target="_blank">
<i class="fab fa-google-plus-g" title="googleplus"></i>
<span class="screen-reader-text">googleplus</span>
</a>
</li>
<li>
<a href="chang0206" data-animate-hover="pulse" class="twitter" target="_blank">
<i class="fab fa-twitter-square" title="twitter"></i>
<span class="screen-reader-text">twitter</span>
</a>
</li>
<li>
<a href="chang0206" data-animate-hover="pulse" class="instagram" target="_blank">
<i class="fab fa-instagram" title="instagram"></i>
<span class="screen-reader-text">instagram</span>
</a>
</li>
<li>
<a href="mailto:mc@hotshraingmy.info" data-animate-hover="pulse" class="email">
<i class="fas fa-envelope" title="email"></i>
<span class="screen-reader-text">email</span>
</a>
</li>
<li>
<a href="full%20profile%20url%20in%20linkedin" data-animate-hover="pulse" class="linkedin" target="_blank">
<i class="fab fa-linkedin-in" title="linkedin"></i>
<span class="screen-reader-text">linkedin</span>
</a>
</li>
<li>
<a href="full%20profile%20url%20in%20stackoverflow" data-animate-hover="pulse" class="stackoverflow" target="_blank">
<i class="fab fa-stack-overflow" title="stackoverflow"></i>
<span class="screen-reader-text">stackoverflow</span>
</a>
</li>
<li>
<a href="changchichung" data-animate-hover="pulse" class="github" target="_blank">
<i class="fab fa-github" title="github"></i>
<span class="screen-reader-text">github</span>
</a>
</li>
<li>
<a href="full%20profile%20url%20in%20pinterest" data-animate-hover="pulse" class="pinterest" target="_blank">
<i class="fab fa-pinterest" title="pinterest"></i>
<span class="screen-reader-text">pinterest</span>
</a>
</li>
<li>
<a href="https://h.cowbay.org/index.xml" data-animate-hover="pulse" class="rss" target="_blank">
<i class="fas fa-rss" title="rss"></i>
<span class="screen-reader-text">rss</span>
</a>
</li>
</ul></div>
</div>
<div class="container">
<div id="title-info" class="title-info">
<div id='site-title' class='site-title'>
<a href="/"> MC部落 </a>
</div>
</div>
<button id="toggle-navigation" class="toggle-navigation">
<i class="fas fa-bars"></i>
</button>
<div id="menu-primary-tracks" class="menu-primary-tracks"></div>
<div id="menu-primary" class="menu-container menu-primary" role="navigation">
<p class="site-description">Whats the Worst That Could Happen?</p>
<div class="menu">
<ul id="menu-primary-items" class="menu-primary-items">
<li class='menu-item menu-item-type-custom menu-item-object-custom '>
<a href="https://h.cowbay.org/">Home</a>
</li>
<li class='menu-item menu-item-type-post_type menu-item-object-page '>
<a href="https://h.cowbay.org/about/">About</a>
</li>
<li class='menu-item menu-item-type-post_type menu-item-object-page '>
<a href="https://h.cowbay.org/contact/">Get in touch</a>
</li>
</ul>
</div>
</div>
</div>
</header>
<div id="main" class="main" role="main">
<div id="loop-container" class="loop-container">
<div class="post type-post status-publish format-standard has-post-thumbnail hentry category-design tag-design tag-standard-2 tag-tagalicious tag-travel entry full-without-featured odd excerpt-1">
<div class='featured-image lazy lazy-bg-image' data-background="https://h.cowbay.org/images/post-default-8.jpg">
</div>
<div class="entry-meta">
<span class="date">29 September</span> <span> / </span>
<span class="author">
<a href="https://github.com/changchichung" title="Posts by Eric Chang" rel="author">Eric Chang</a>
</span>
<span class="category">
<span> / </span>
<a href="/categories/%E7%AD%86%E8%A8%98">筆記</a>
</span>
</div>
<div class='entry-header'>
<h1 class='entry-title'> Init Script in Openwrt to Start Leproxy/在openwrt 新增自動啟動leproxy的script</h1>
</div>
<div class="entry-container">
<div class="entry-content">
<article>
<p>最近在逐步的把舊有的VPN Router 汰換掉改用wireguard 來作 full mesh site-to-site VPN</p>
<p>不過這是另外的故事了&hellip;</p>
<p>在把wireguard VPN 都搞定之後,才發現原來 openwrt 的 uhttpd 要加上 letsencrypt 的免費憑證有點難搞</p>
<p>網路上大部分都介紹用 acme.sh ,我是有測試出來啦</p>
<p>但是跟網路上的方法不太一樣了,新增了滿多步驟的,覺得很麻煩</p>
<p>想到向來愛用的 leproxy ,既然是 golang 開發的又是open source</p>
<p>就拿來compile 給openwrt router 用用看</p>
<p>想不到還真的可以, golang 真是棒!</p>
<p>不過也還是要順手改一些openwrt 東西才行</p>
<p>還是簡單作個筆記好了</p>
<h4 id="compile-leproxy-for-arm64">compile leproxy for arm64</h4>
<p>當然要先確認好自己的環境有沒有裝了golang 可以用來編譯,這部分就不多提了。</p>
<h5 id="下載並編譯-leproxy">下載並編譯 leproxy</h5>
<pre><code>git clone https://github.com/artyom/leproxy
cd leproxy
GOOS=linux GOARCH=arm64 go build .
mv leproxy leproxy.arm64
</code></pre><h5 id="copy-leproxyarm64-to-router">copy leproxy.arm64 to router</h5>
<pre><code>scp leproxy.arm64 root@192.168.0.254:/root/leproxy.arm64
</code></pre><h4 id="接著-ssh-登入-router-作相關設定">接著 ssh 登入 router 作相關設定</h4>
<p>ssh <a href="mailto:root@192.168.0.254">root@192.168.0.254</a></p>
<h5 id="建立etcleproxymappingyml">建立/etc/leproxy/mapping.yml</h5>
<pre><code>mkdir -p /etc/leproxy
vim /etc/leproxy/mapping.yml
</code></pre><p>內容大概長這樣,一次可以不止一行
然後要注意 hqvpnrouter.abc.com 這個域名要先存在 A 記錄並指向這臺 router</p>
<pre><code>hqvpnrouter.abc.com: 192.168.0.254:81
</code></pre><p>前面是這臺機器的hostname , leproxy 會用這個hostname 去申請免費的憑證
後面是要把hqvpnrouter.abc.com 的要求轉到哪裡?這邊就是轉到本機(192.168.0.254)的 81 port</p>
<h5 id="修改-uhttpd-config">修改 uhttpd config</h5>
<p>因為leproxy 會佔用 80 ,443 兩個port
所以要把 uhttpd 改去別的port 工作
順便把 https 的設定拿掉讓leproxy 去煩惱</p>
<pre><code># HTTP listen addresses, multiple allowed
list listen_http 0.0.0.0:81
list listen_http [::]:81
# HTTPS listen addresses, multiple allowed
#list listen_https 0.0.0.0:443
#list listen_https [::]:443
# Redirect HTTP requests to HTTPS if possible
option redirect_https 0
</code></pre><p>然後先重啟 uhttpd</p>
<pre><code>/etc/init.d/uhttpd restart
</code></pre><p>看看 uhttpd 是不是已經改到 port 81</p>
<pre><code>[200~root@HQ_VPN_ROUTER:~# netstat -antlp
netstat: showing only processes with your user ID
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:81 0.0.0.0:* LISTEN 1491/uhttpd
tcp 0 0 10.2.3.2:53 0.0.0.0:* LISTEN 3540/dnsmasq
</code></pre><p>這時候就可以用以下指令來測試leproxy 是不是可以正常運作</p>
<p>cacheDir 是會被用來存放leproxy 取得的免費憑證,必須要先存在系統中
或者是要存放在 /tmp , /root 也都可以</p>
<pre><code>/root/leproxy.arm64 -map /etc/leproxy/mapping.yml -email chchang@abc.com -cacheDir /etc/acme/
</code></pre><h5 id="修改-firewall-config">修改 firewall config</h5>
<p>加入底下這段</p>
<pre><code>config redirect
option dest_port '443'
option src 'wan'
option name 'https for leproxy'
option src_dport '443'
option target 'DNAT'
option dest_ip '192.168.0.254'
option dest 'lan'
list proto 'tcp'
</code></pre><p>重啟 firewall</p>
<p>這時候應該可以用 <a href="https://vpnrouter.abc.com">https://vpnrouter.abc.com</a> 的方式來開啟這臺router 的管理界面</p>
<h4 id="建立-init-script">建立 init script</h4>
<p>在 /etc/init.d 中新增一個檔案叫 leproxy</p>
<p>內容如下</p>
<pre><code>#!/bin/sh /etc/rc.common
# Example script
# Copyright (C) 2007 OpenWrt.org
START=99
start() {
echo &quot;leproxy starting&quot;
/root/leproxy.arm64 -map /etc/leproxy/mapping.yml -email chchang@abc.com -cacheDir /etc/acme/ &gt; /dev/null 2&gt;&amp;1 &amp;
}
stop () {
echo &quot;leproxy stopping&quot;
killall leproxy.arm64
}
</code></pre><h5 id="改一下file-permission">改一下file permission</h5>
<pre><code>chmod u+rwx /etc/init.d/leproxy
</code></pre><h5 id="設定開機自動啟動">設定開機自動啟動</h5>
<pre><code>/etc/init.d/leproxy enable
</code></pre><h5 id="啟動leproxy">啟動leproxy</h5>
<pre><code>/etc/init.d/leproxy restart
</code></pre><p>開啟 <a href="https://vpnrouter.abc.com">https://vpnrouter.abc.com</a> 再做一次確認</p>
</article>
</div>
<div class='entry-meta-bottom'>
<div class="entry-categories"><p><span>Categories</span>
<a href="/categories/%E7%AD%86%E8%A8%98" title="View all posts in 筆記">筆記</a>
</p>
</div>
<div class="entry-tags"><p><span>Tags</span>
<a href="/tags/openwrt" title="View all posts tagged openwrt">openwrt</a>
</p></div> </div>
<div class="author-meta">
<div class="author">
<img alt='Eric Chang' src="https://www.gravatar.com/avatar/23f8ed94e007297499ac8df1641b3ff5?s=100&d=identicon" class='avatar avatar-72 photo' height='72' width='72'>
<span>
Written by:<a href="https://github.com/changchichung" title="Posts by Eric Chang" rel="author">Eric Chang</a> </span>
</div>
<div class="bio">
<p>塵世裡一個迷途小書僮</p>
<a class="facebook" target="_blank"
href="full%20Social%20profile%20url%20in%20facebook">
<i class="fab fa-facebook-f"
title="facebook icon"></i>
</a>
<a class="googleplus" target="_blank"
href="full%20profile%20url%20in%20googleplus">
<i class="fab fa-google-plus-g"
title="googleplus icon"></i>
</a>
<a class="twitter" target="_blank"
href="chang0206">
<i class="fab fa-twitter-square"
title="twitter icon"></i>
</a>
<a class="linkedin" target="_blank"
href="full%20profile%20url%20in%20linkedin">
<i class="fab fa-linkedin"
title="linkedin icon"></i>
</a>
<a class="email" target="_blank"
href="mailto:mc@hotshraingmy.info">
<i class="fas fa-envelope"
title="email icon"></i>
</a>
<a class="instagram" target="_blank"
href="chang0206">
<i class="fab fa-instagram"
title="instagram icon"></i>
</a>
<a class="stackoverflow" target="_blank"
href="full%20profile%20url%20in%20stackoverflow">
<i class="fab fa-stack-overflow"
title="stackoverflow icon"></i>
</a>
<a class="github" target="_blank"
href="changchichung">
<i class="fab fa-github"
title="github icon"></i>
</a>
<a class="pinterest" target="_blank"
href="full%20profile%20url%20in%20pinterest">
<i class="fab fa-pinterest"
title="pinterest icon"></i>
</a>
</div>
</div>
</div>
</div>
<section id="comments" class="comments">
<div id="disqus_thread"></div>
<script type="application/javascript">
var disqus_config = function () {
};
(function() {
if (["localhost", "127.0.0.1"].indexOf(window.location.hostname) != -1) {
document.getElementById('disqus_thread').innerHTML = 'Disqus comments not available by default when the website is previewed locally.';
return;
}
var d = document, s = d.createElement('script'); s.async = true;
s.src = '//' + "h-cowbay-org-1" + '.disqus.com/embed.js';
s.setAttribute('data-timestamp', +new Date());
(d.head || d.body).appendChild(s);
})();
</script>
<noscript>Please enable JavaScript to view the <a href="https://disqus.com/?ref_noscript">comments powered by Disqus.</a></noscript>
<a href="https://disqus.com" class="dsq-brlink">comments powered by <span class="logo-disqus">Disqus</span></a>
</section>
</div>
</div>
<footer id="site-footer" class="site-footer" role="contentinfo">
<h1>
<a href=""> MC部落 </a>
</h1>
<p class="site-description">Whats the Worst That Could Happen?</p>
<div id="menu-footer" class="menu-container menu-footer" role="navigation">
<div class="menu">
<ul id="menu-footer-items" class="menu-footer-items">
</ul>
</div> </div>
<ul class="social-media-icons">
<li>
<a class="facebook" target="_blank"
href="full%20Social%20profile%20url%20in%20facebook" >
<i class="fab fa-facebook-f" title="facebook"></i>
<span class="screen-reader-text">facebook</span>
</a>
</li>
<li>
<a class="googleplus" target="_blank"
href="full%20profile%20url%20in%20googleplus" >
<i class="fab fa-google-plus-g" title="googleplus"></i>
<span class="screen-reader-text">googleplus</span>
</a>
</li>
<li>
<a href="chang0206" class="twitter" target="_blank">
<i class="fab fa-twitter-square" title="twitter"></i>
<span class="screen-reader-text">twitter</span>
</a>
</li>
<li>
<a href="chang0206" class="instagram" target="_blank">
<i class="fab fa-instagram" title="instagram"></i>
<span class="screen-reader-text">instagram</span>
</a>
</li>
<li>
<a href="mailto:mc@hotshraingmy.info" class="email">
<i class="fas fa-envelope" title="email"></i>
<span class="screen-reader-text">email</span>
</a>
</li>
<li>
<a href="full%20profile%20url%20in%20linkedin" class="linkedin" target="_blank">
<i class="fab fa-linkedin-in" title="linkedin"></i>
<span class="screen-reader-text">linkedin</span>
</a>
</li>
<li>
<a href="full%20profile%20url%20in%20stackoverflow" class="stackoverflow" target="_blank">
<i class="fab fa-stack-overflow" title="stackoverflow"></i>
<span class="screen-reader-text">stackoverflow</span>
</a>
</li>
<li>
<a href="changchichung" class="github" target="_blank">
<i class="fab fa-github" title="github"></i>
<span class="screen-reader-text">github</span>
</a>
</li>
<li>
<a href="full%20profile%20url%20in%20pinterest" class="pinterest" target="_blank">
<i class="fab fa-pinterest" title="pinterest"></i>
<span class="screen-reader-text">pinterest</span>
</a>
</li>
<li>
<a href="https://h.cowbay.org/index.xml" data-animate-hover="pulse" class="rss" target="_blank">
<i class="fas fa-rss" title="rss"></i>
<span class="screen-reader-text">rss</span>
</a>
</li>
</ul> <div class="design-credit">
<p>© 2018 Göran Svensson</p>
<p>Nederburg Hugo Theme by <a href="https://appernetic.io">Appernetic</a>.</p>
<p>A port of Tracks by Compete Themes.</p>
</div>
</footer>
</div>
<script src="https://h.cowbay.org/js/jquery.min.js"></script>
<script src="https://h.cowbay.org/js/jquerymigrate.js"></script>
<script src="https://h.cowbay.org/js/production.min.js?v=1646184926"></script>
</body>
</html>
Reference in new issue View Git Blame Copy Permalink