Git Product home page Git Product logo

ztncui-aio's Introduction

ztncui-aio

Current Version: 20240503-1.12.2-0.8.14

From ztncui author

Say a huge thank you to their work!

ZeroTier network controller user interface in a Docker container

This is to build a Docker image that contains ZeroTier One and ztncui to set up a standalone ZeroTier network controller with a web user interface in a container.

Follow us on alt @key_networks on Twitter

Licensed Under GNU GPLv3

Build yourself

We support aarch64 (arm64/v8), amd64 by default.

Armv7(means armhf) might work, but is not tested.

Others are unsupported.

$ git clone https://github.com/kmahyyg/ztncui-aio
$ docker build . --build-arg OVERLAY_S6_ARCH=<one of aarch64,x86_64> -t ghcr.io/kmahyyg/ztncui-aio:latest

Why not directly detect CPU arch? Some kernel may use non-standard expression of architecture.

Change NODEJS_MAJOR variable in Dockerfile to use different nodejs version.

Never use node_lts.x as your installation script of nodejs whose version might changed without further notice due to time shift.

Usage

Golang auto-mkworld (already embedded in docker image)

This feature allows you to generate a planet file without using C code and compiler.

Also, due to limitation of IPC of Zerotier-One UI and multiple issues, we do NOT support customized port, you can ONLY use port 9993/udp here.

Set the following environment variable when create the container, and according to your needs:

MANDATORY Name Explanation Default Value
no AUTOGEN_PLANET If set to 1, will use this node identity to generate a planet file and put to httpfs folder to serve it outside. If set to 2, will use config in /etc/zt-mkworld/mkworld.config.json. If set to 0, will do nothing. 0

The reference config file can be found on ztnodeid/assets/mkworld.conf.json.

You could also define yourself, and check the stdout output to get C header of customized planet. After that, you will find the custom planet file under http file server root and also ca certificate.

The configuration JSON can be understand like this:

{
    "rootNodes": [   // array of node, can be multiple
        {
            "comments": "amsterdam official",   // node object, comment, will auto generate if AUTOGEN_PLANET=1
            "identity": "992fcf1db7:0:206ed59350b31916f749a1f85dffb3a8787dcbf83b8c6e9448d4e3ea0e3369301be716c3609344a9d1533850fb4460c50af43322bcfc8e13d3301a1f1003ceb6",  
            // node identity.public ^^ , if node is not initialized, will initialize at the container start
            "endpoints": [
                "195.181.173.159/443",   // node service location, in format: ip/port, will auto generate if AUTOGEN_PLANET=1
                "2a02:6ea0:c024::/443"   // must be less than or equal to two endpoints, one for IPv4, one for IPv6. if you have multiple IP, set multiple node with different identity.
            ]
        }
    ],
    "signing": [
        "previous.c25519",   // planet signing key, if not exist, will generate
        "current.c25519"   // same, used for iteration and update
    ],
    "output": "planet.custom",   // output filename
    "plID": 0,    // planet numeric ID, if you don't know, do not modify, and set plRecommend to true
    "plBirth": 0,  // planet creation timestamp, if you don't know, do not modify, and set plRecommend to true
    "plRecommend": true  // set plRecommend to true, auto-recommend plID, plBirth value. For more details, read mkworld source code in zerotier-one official repo
}

Docker image

$ git clone https://github.com/kmahyyg/ztncui-aio # to get a copy of denv file, otherwise make your own
$ docker pull ghcr.io/kmahyyg/ztncui-aio
$ docker run -d -p3443:3443 -p3180:3180 -p9993:9993/udp \
    -v /mydata/ztncui:/opt/key-networks/ztncui/etc \
    -v /mydata/zt1:/var/lib/zerotier-one \
    -v /mydata/zt-mkworld-conf:/etc/zt-mkworld \
    --env-file ./denv <CHANGE THIS FILE ACCORDING TO NEXT PART> \
    --restart always \
    --cap-add=NET_ADMIN --device /dev/net/tun:/dev/net/tun \
    --name ztncui \
    ghcr.io/kmahyyg/ztncui-aio # /mydata above is the data folder that you use to save the supporting files

Supported Configuration using local persistent storage

For ZTNCUI: https://github.com/key-networks/ztncui

Set the following environment variable when create the container, and according to your needs:

MANDATORY Name Explanation Default Value
YES NODE_ENV https://pugjs.org/api/express.html production
no HTTPS_HOST HTTPS_HOST NO DEFAULT, MEANS DISABLED
no HTTPS_PORT HTTPS_PORT NO DEFAULT, MEANS DISABLED
no HTTP_PORT HTTP_PORT 3000
no HTTP_ALL_INTERFACES Listen on all interfaces, useful for reverse proxy, HTTP only NO DEFAULT

Note: If you do NOT set HTTP_ALL_INTERFACES, the 3000 port will only get listened inside container, means 127.0.0.1:3000 by default.

This application does NOT have a built-in protection mechanism against brute-force attack, you should NOT directly expose it on the internet.

And you should ALWAYS NOT use a weak password.

Set the following environment variable when create the container, and according to your needs:

MANDATORY Name Explanation Default Value
no MYDOMAIN generate TLS certs on the fly (if not exists) ztncui.docker.test
no ZTNCUI_PASSWD generate admin password on the fly (if not exists) password
YES MYADDR your ip address, public ip address preferred, will auto-detect if not set NO DEFAULT

WARNING: IF YOU DO NOT SET PASSWORD, YOU HAVE TO USE docker container logs <CONTAINER_NAME / CONTAINER_ID> to get your random password. This is a gatekeeper.

To reset password of ztncui: delete file under /mydata/ztncui/passwd and set the environment variable to the password you want, then re-create the container. After application has been initialized, the password should ONLY be changed from the web page.

Public File Server

MANDATORY Name Explanation Default Value
no PLANET_RETR_PUBLIC File server listened globally or only local NO DEFAULT

If PLANET_RETR_PUBLIC is set, then file server will listen on 0.0.0.0, otherwise, 127.0.0.1 . This image exposed an http server at port 3180, you could save file in /mydata/ztncui/httpfs/ to serve it. (You could use this to build your own root server and distribute planet file, even though, that won't hurt you, I still suggest to set a protection for both http servers in front.)

Chinese users only

This script use https:///ip.sb for public IP detection purpose, which is blocked in some area of China Mainland. Under this circumstance, the program will try to detect public IP using ifconfig tool and might lead to unwanted result, to prevent this, make sure you set MYADDR environment variable when docker container is up.

This repo (https://github.com/kmahyyg/ztncui-aio) only accept Issues and PRs in English. Other languages will be closed directly without any further notice. If you come from some non-English countries, use Google Translate, and state that at the beginning of the text body.

ztncui-aio's People

Contributors

dependabot[bot] avatar key-networks avatar kmahyyg avatar pjv avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar

ztncui-aio's Issues

ztncui docker has no arm64 version

I'm trying to git clone and docker build . -t keynetworks/ztncui the response is as follows, my machine is oracle arm
2023-04-27 01:01:29,696 INFO supervisord started with pid 1
2023-04-27 01:01:30,699 INFO spawned: 'ztone' with pid 7
2023-04-27 01:01:30,701 INFO spawned: 'ztncui' with pid 8
2023-04-27 01:01:30,703 INFO spawned: 'ztplaserv' with pid 9
2023-04-27 01:01:32,436 INFO exited: ztncui (exit status 1; not expected)
2023-04-27 01:01:33,440 INFO spawned: 'ztncui' with pid 61
2023-04-27 01:01:33,805 INFO exited: ztncui (exit status 1; not expected)
2023-04-27 01:01:35,809 INFO spawned: 'ztncui' with pid 78
2023-04-27 01:01:36,155 INFO exited: ztncui (exit status 1; not expected)
2023-04-27 01:01:39,160 INFO spawned: 'ztncui' with pid 95
2023-04-27 01:01:39,514 INFO exited: ztncui (exit status 1; not expected)

[ci] artifact process

  • Downloaded artifact does not have any extension. Change upload name with .tar suffix
  • Arm64 does not implement export tar, amd64 does. Must export under any circumstances.

Zerotier and gosu upgrade

Hi @kmahyyg,

Can you explain how to use this repo to generate an image of ztncui that includes zerotier version 1.6.5 (and any further updates to zerotier)?

My port 3180 only has a.moon file and no planet file

My port 3180 only has a.moon file and no planet file

System versions are as follows

[root@mail zerotier-planet]# uname -s && uname -m
Linux
x86_64

Errors are as follows

FATAL: kernel too old
/tmp/patch.sh: line 14:    95 Aborted                 (core dumped) /tmp/mkmoonworld-x86_64 moon.json
+ mkdir /var/lib/zerotier-one/moons.d
+ cp 00000018a754dfe9.moon /var/lib/zerotier-one/moons.d
+ mv world.bin planet
mv: cannot stat 'world.bin': No such file or directory
+ cp -f planet /var/lib/zerotier-one/planet
cp: cannot stat 'planet': No such file or directory
+ cp 00000018a754dfe9.moon planet /opt/key-networks/ztncui/etc/myfs
cp: cannot stat 'planet': No such file or directory
++ cat /var/lib/zerotier-one/identity.public
++ cut -d : -f1
+ moon_id=18a754dfe9
+ echo -e 'Your ZeroTier moon id is \033[0;31m18a754dfe9\033[0m, you could orbit moon using \033[0;31m"zerotier-cli orbit 18a754dfe9 18a754dfe9"\033[0m'

Trying to fix PR #7

PR #7 noticed me a problem that nodesource installation script is changing across timelines.

And also, some statements should be added in README file.

Suggestion

Do you have any plan to have Central Network Management Portal API. features?

Default router override a.k.a full tunnel

In the docker run, there are several published ports including 9993/udp
The network works, but full tunnel a.k.a default router override doesn't.

How to make this work inside the container?

When I run docker with `--net=host1, it doesn't work at all, even though the network doesn't connect.

ztncui显示被连接的主机都在线,但是无法相连?

你好,首先抱歉不能使用英语描述问题:

最近,我在京东云的轻量服务器搭建本项目的docker 并且保证打开了9993/udp端口,另外两个终端使用生成的planet也在ztncui显示已经在线,同时这两个终端都作为路由,管理下面各自网段,但是奇怪的是,这两个网段中的网络并不能相互访问,同时我注意的到,这两个终端的接口信息是inet6,但是我的云主机用的ip是ipv4,同时私有planet也是基于ipv4制作的,这一现象不知道是否与该问题有关。

不吝赐教,谢谢

For Chinese who experience high QoS of UDP

Add this to your zerotier local home folder, save it to local.conf:

{
    "settings": {
        "primaryPort": 2123,
        "secondaryPort": 16384,
        "tertiaryPort": 2152
    }
}

This may break some UI. If you are under firewall, you might be not able to connect to your node forever. Use with caution.

docker build mistake Unable to complete build Ask for help

30.88 Setting up curl (7.74.0-1.3+deb11u11) ...
30.89 Setting up libbpf0:amd64 (1:0.3-2) ...
30.89 Setting up gpg (2.2.27-2+deb11u2) ...
30.90 Setting up gnupg-utils (2.2.27-2+deb11u2) ...
30.90 Setting up gpg-agent (2.2.27-2+deb11u2) ...
31.54 Setting up iproute2 (5.10.0-4) ...
31.66 Setting up gpgsm (2.2.27-2+deb11u2) ...
31.67 Setting up dirmngr (2.2.27-2+deb11u2) ...
31.84 Setting up gpg-wks-server (2.2.27-2+deb11u2) ...
31.85 Setting up gpg-wks-client (2.2.27-2+deb11u2) ...
31.86 Setting up gnupg (2.2.27-2+deb11u2) ...
31.86 Setting up gnupg2 (2.2.27-2+deb11u2) ...
31.87 Processing triggers for libc-bin (2.31-13+deb11u7) ...
31.88 Processing triggers for ca-certificates (20210119) ...
31.90 Updating certificates in /etc/ssl/certs...
32.53 0 added, 0 removed; done.
32.53 Running hooks in /etc/ca-certificates/update.d...
32.53 done.
32.58   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
32.58                                  Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100  6104  100  6104    0     0   3464      0  0:00:01  0:00:01 --:--:--  9957
34.37   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
34.37                                  Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100  624k  100  624k    0     0   323k      0  0:00:01  0:00:01 --:--:-- 1088k
36.31 tar (child): /tmp/s6-overlay-.tar.xz: Cannot open: No such file or directory
36.31 tar (child): Error is not recoverable: exiting now
36.31 tar: Child returned status 2
36.31 tar: Error is not recoverable: exiting now
------
Dockerfile:39
--------------------
  38 |     WORKDIR /tmp
  39 | >>> RUN apt update -y && \
  40 | >>>     apt install curl gnupg2 ca-certificates gzip xz-utils iproute2 unzip net-tools procps --no-install-recommends -y && \
  41 | >>>     curl -L -O https://github.com/just-containers/s6-overlay/releases/download/v3.1.3.0/s6-overlay-noarch.tar.xz && \
  42 | >>>     tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz && rm /tmp/s6-overlay-noarch.tar.xz && \
  43 | >>>     curl -L -O https://github.com/just-containers/s6-overlay/releases/download/v3.1.6.2/s6-overlay-$(uname -m).tar.xz && \
  44 | >>>     tar -C / -Jxpf /tmp/s6-overlay-$OVERLAY_S6_ARCH.tar.xz && rm /tmp/s6-overlay-$OVERLAY_S6_ARCH.tar.xz && \
  45 | >>>     groupadd -g 2222 zerotier-one && \
  46 | >>>     useradd -u 2222 -g 2222 zerotier-one && \
  47 | >>>     usermod -aG zerotier-one zerotier-one && \
  48 | >>>     usermod -aG zerotier-one root && \
  49 | >>>     curl -sL -o zt-one.sh https://install.zerotier.com && \
  50 | >>>     bash zt-one.sh && \
  51 | >>>     rm -f zt-one.sh && \
  52 | >>>     apt clean -y && \
  53 | >>>     rm -rf /var/lib/zerotier-one && \
  54 | >>>     rm -rf /var/lib/apt/lists/*
  55 |     
--------------------
ERROR: failed to solve: process "/bin/sh -c apt update -y &&     apt install curl gnupg2 ca-certificates gzip xz-utils iproute2 unzip net-tools procps --no-install-recommends -y &&     curl -L -O https://github.com/just-containers/s6-overlay/releases/download/v3.1.3.0/s6-overlay-noarch.tar.xz &&     tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz && rm /tmp/s6-overlay-noarch.tar.xz &&     curl -L -O https://github.com/just-containers/s6-overlay/releases/download/v3.1.6.2/s6-overlay-$(uname -m).tar.xz &&     tar -C / -Jxpf /tmp/s6-overlay-$OVERLAY_S6_ARCH.tar.xz && rm /tmp/s6-overlay-$OVERLAY_S6_ARCH.tar.xz &&     groupadd -g 2222 zerotier-one &&     useradd -u 2222 -g 2222 zerotier-one &&     usermod -aG zerotier-one zerotier-one &&     usermod -aG zerotier-one root &&     curl -sL -o zt-one.sh https://install.zerotier.com &&     bash zt-one.sh &&     rm -f zt-one.sh &&     apt clean -y &&     rm -rf /var/lib/zerotier-one &&     rm -rf /var/lib/apt/lists/*" did not complete successfully: exit code: 2
root@ubuntuserver2204:~/ztncui-aio# 

zerotier-one-1.6.2 is installed instead of 1.6.4

@kmahyyg I'm trying to build a new ztncui-aio based on v0.7.0 of ztncui, but for some reason I haven't been able to fathom, the runner installs zerotier-one-1.6.2. It only installs zerotier-one-1.6.4 if I enter the running container and manually apt update and apt install zerotier-one again.

I don't understand it because the runner starts with an apt update and ztone.sh has an apt update after installing the zt-sources-list. Do you have any ideas? Thanks.

aren't able to initiate

In Armbian, errors occurred, dockr logs showing:
s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service entryinit: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started
s6-sudoc: fatal: unable to get exit status from server: Operation timed out
s6-rc: warning: unable to start service entryinit: command exited 111

[20230427] ARM64 Support And Normal Update

  • User feedback for failure to be running on ARM64 machine. As said, according to partial logging, it seems that ztncui use pkg to pack the whole NodeJS to a compiled binary. However, as it requires argon2 hash via node-gyp, that might be failed during compilation on ARM64.
  • Sync upstream from ztncui
  • Sync upstream using latest zerotier-one
  • Change generator of zerotier node id using customized identity generator and mkworld generator, this could automate and deprecate legacy C method.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.