forked from ab77/netflix-proxy
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathbuild.sh
More file actions
executable file
·187 lines (156 loc) · 6.02 KB
/
build.sh
File metadata and controls
executable file
·187 lines (156 loc) · 6.02 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
#!/bin/bash
# Note, this script assumes Ubuntu Linux and it will most likely fail on any other distribution.
# bomb on any error
set -e
# default timeout
timeout=3
# change to working directory
root="/opt/netflix-proxy"
# obtain the interface with the default gateway
int=$(ip route | grep default | awk '{print $5}')
# obtain IP address of the Internet facing interface
ipaddr=$(ip addr show dev $int | grep inet | grep -v inet6 | awk '{print $2}' | grep -Po '[0-9]{1,3}+\.[0-9]{1,3}+\.[0-9]{1,3}+\.[0-9]{1,3}+(?=\/)')
extip=$($(which dig) +short myip.opendns.com @resolver1.opendns.com)
# obtain client (home) ip address
clientip=$(echo $SSH_CONNECTION | awk '{print $1}')
# get the current date
date=$(/bin/date +'%Y%m%d')
# display usage
usage() {
echo "Usage: $0 [-r 0|1] [-b 0|1] [-c <ip>] [-i 0|1] [-d 0|1] [-t 0|1]" 1>&2; \
printf "\t-r\tenable (1) or disable (0) DNS recursion (default: 1)\n"; \
printf "\t-b\tgrab docker images from repository (0) or build locally (1) (default: 0)\n"; \
printf "\t-c\tspecify client-ip instead of being taken from ssh_connection\n"; \
printf "\t-i\tskip iptables steps\n"; \
printf "\t-d\tskip Docker steps\n"; \
printf "\t-t\tskip testing steps\n"; \
exit 1;
}
# process options
while getopts ":r:b:c:i:d:t:" o; do
case "${o}" in
r)
r=${OPTARG}
((r == 0|| r == 1)) || usage
;;
b)
b=${OPTARG}
((b == 0|| b == 1)) || usage
;;
c)
c=${OPTARG}
;;
i)
i=${OPTARG}
((i == 0|| i == 1)) || usage
;;
d)
d=${OPTARG}
((d == 0|| d == 1)) || usage
;;
t)
t=${OPTARG}
((t == 0|| t == 1)) || usage
;;
*)
usage
;;
esac
done
shift $((OPTIND-1))
if [[ -z "${r}" ]]; then
r=1
fi
if [[ -z "${b}" ]]; then
b=0
fi
if [[ -n "${c}" ]]; then
clientip="${c}"
fi
if [[ -z "${i}" ]]; then
i=0
fi
if [[ -z "${d}" ]]; then
d=0
fi
if [[ -z "${t}" ]]; then
t=0
fi
# diagnostics info
echo "clientip="$clientip "ipaddr="$ipaddr "extip"=$extip "-r"=${r} "-b"=${b} "-i"=${i} "-d"=${d}
# prepare BIND config
if [[ ${r} == 0 ]]; then
printf "disabling DNS recursion...\n"
printf "\t\tallow-recursion { none; };\n\t\trecursion no;\n\t\tadditional-from-auth no;\n\t\tadditional-from-cache no;\n" | sudo tee ${root}/docker-bind/named.recursion.conf
else
printf "WARNING: enabling DNS recursion...\n"
printf "\t\tallow-recursion { trusted; };\n\t\trecursion yes;\n\t\tadditional-from-auth yes;\n\t\tadditional-from-cache yes;\n" | sudo tee ${root}/docker-bind/named.recursion.conf
fi
# switch to working directory
pushd ${root}
if [[ ${i} == 0 ]]; then
# configure iptables
sudo iptables -N FRIENDS
sudo iptables -A FRIENDS -s $clientip/32 -j ACCEPT
sudo iptables -A FRIENDS -j DROP
sudo iptables -N ALLOW
sudo iptables -A INPUT -j ALLOW
sudo iptables -A FORWARD -j ALLOW
sudo iptables -A ALLOW -p icmp -j ACCEPT
sudo iptables -A ALLOW -i lo -j ACCEPT
sudo iptables -A ALLOW -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
sudo iptables -A ALLOW -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A ALLOW -p tcp -m tcp --dport 80 -j FRIENDS
sudo iptables -A ALLOW -p tcp -m tcp --dport 443 -j FRIENDS
sudo iptables -A ALLOW -p tcp -m tcp --dport 43867 -j FRIENDS
sudo iptables -A ALLOW -p udp -m udp --dport 53 -j FRIENDS
sudo iptables -A ALLOW -j REJECT --reject-with icmp-host-prohibited
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections
sudo apt-get -y install iptables-persistent
$(which grep) -vi docker /etc/iptables/rules.v4 > /tmp/rules.v4 && cp /tmp/rules.v4 /etc/iptables/rules.v4 && rm /tmp/rules.v4
$(which grep) -vi docker /etc/iptables/rules.v6 > /tmp/rules.v6 && cp /tmp/rules.v6 /etc/iptables/rules.v6 && rm /tmp/rules.v6
# socialise Docker with iptables-persistent: https://groups.google.com/forum/#!topic/docker-dev/4SfOwCOmw-E
if [ ! -f "/etc/init/docker.conf.bak" ]; then
$(which sed) -i.bak 's/start on (local-filesystems and net-device-up IFACE!=lo)/start on (local-filesystems and net-device-up IFACE!=lo and started iptables-persistent)/' /etc/init/docker.conf
fi
if [ ! -f "/etc/init.d/iptables-persistent.bak" ]; then
$(which sed) -i.bak '/load_rules$/{N;s/load_rules\n\t;;/load_rules\n\tinitctl emit -n started JOB=iptables-persistent\n\t;;/}' /etc/init.d/iptables-persistent && \
$(which sed) -i'' 's/stop)/stop)\n\tinitctl emit stopping JOB=iptables-persistent/' /etc/init.d/iptables-persistent
fi
fi
echo "Updating db.override with ipaddr"=$extip "and date="$date
sudo $(which sed) -i "s/127.0.0.1/${extip}/g" data/db.override
sudo $(which sed) -i "s/YYYYMMDD/${date}/g" data/db.override
if [[ ${d} == 0 ]]; then
if [[ "${b}" == "1" ]]; then
echo "Building docker containers"
sudo $(which docker) build -t bind docker-bind
sudo $(which docker) build -t sniproxy docker-sniproxy
echo "Starting Docker containers (local)"
sudo $(which docker) run --name bind -d -v ${root}/data:/data --net=host -t bind
sudo $(which docker) run --name sniproxy -d -v ${root}/data:/data --net=host -t sniproxy
else
echo "Starting Docker containers (from repository)"
sudo $(which docker) run --name bind -d -v ${root}/data:/data --net=host -t ab77/bind
sudo $(which docker) run --name sniproxy -d -v ${root}/data:/data --net=host -t ab77/sniproxy
fi
fi
# add upstart scripts
if [ -d "/etc/init" ]; then
sudo cp ./upstart/* /etc/init/
fi
# add systemd scripts
if [ -d "/etc/systemd/system" ]; then
sudo cp ./systemd/* /etc/systemd/system/
fi
if [[ ${t} == 0 ]]; then
echo "Testing DNS"
$(which dig) +time=$timeout netflix.com @$extip || $(which dig) +time=$timeout netflix.com @$ipaddr
echo "Testing proxy"
echo "GET /" | $(which timeout) $timeout $(which openssl) s_client -servername netflix.com -connect $extip:443 || echo "GET /" | $(which timeout) $timeout $(which openssl) s_client -servername netflix.com -connect $ipaddr:443
fi
# change back to original directory
popd
echo "Change your DNS to" $extip "and start watching Netflix out of region."
echo "Done!"