EpicMorg/docker-scripts
2
1
Fork 0
mirror of https://github.com/EpicMorg/docker-scripts.git synced 2024-10-16 23:36:58 +03:00
Code Issues Projects Releases Wiki Activity

opentracker

Browse Source
This commit is contained in:
Zimovskii Anatolii 2022-06-21 13:00:27 +03:00
parent aabbe5ca0e
commit 8e709f708a
Signed by: stam
GPG Key ID: 9911D9EF664EEE14
7 changed files with 520 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
linux/ecosystem/opentracker/Dockerfile Normal file
View File

@ -0,0 +1,90 @@
FROM epicmorg/debian:bullseye-develop as compile-stage
ARG DEBIAN_FRONTEND=noninteractive
WORKDIR /usr/src
##################################################################
# Run libowfat compilation in separated layer to benefit from docker layer cache
##################################################################
RUN cvs -d :pserver:cvs@cvs.fefe.de:/cvs -z9 co libowfat ; \
git clone git://erdgeist.org/opentracker ; \
cd /usr/src/libowfat ; \
make
##################################################################
# http://erdgeist.org/arts/software/opentracker/#build-instructions
##################################################################
RUN cd /usr/src/opentracker ; \
# Build opentracker statically to use it in scratch image
LDFLAGS=-static make ; \
mkdir -pv /tmp/stage/bin ; \
install -m 755 opentracker.debug /tmp/stage/bin ; \
make DESTDIR=/tmp/stage BINDIR="/bin" install
FROM epicmorg/debian:bullseye
##################################################################
# setup future environment
##################################################################
ENV APP_DIR=/etc/opentracker
ENV RETRACKER_BIN=opentracker
ENV RETRACKER_PORT=6969
ENV RETRACKER_CONFIG=/etc/opentracker/opentracker.conf
ENV RETRACKER_DEBUG=false
ENV RETRACKER_OPTS=
WORKDIR ${APP_DIR}
RUN mkdir -pv ${APP_DIR}
COPY --from=compile-stage /tmp/stage/bin /usr/bin
COPY etc/opentracker/ ${APP_DIR}
##################################################################
# cleaninig up
##################################################################
RUN apt purge policykit-1 -y && \
apt clean -y && \
apt autoclean -y && \
rm -rfv /var/lib/apt/lists/* && \
rm -rfv /tmp/mc.patch && \
rm -rfv /var/cache/apt/archives/*.deb && \
rm -rfv /tmp/* && \
rm -rfv ${APP_API_DIR}/phpcs.xml && \
rm -rfv ${APP_API_DIR}/composer.lock && \
rm -rfv ${APP_API_DIR}/composer.json
##################################################################
# healthcheck. good practice
##################################################################
HEALTHCHECK --interval=2m --timeout=3s CMD curl -f http://localhost:${RETRACKER_PORT}/ || exit 1
##################################################################
# Add image configuration and scripts
##################################################################
COPY docker-entrypoint.sh /usr/bin/docker-entrypoint.sh
RUN chmod 755 /usr/bin/docker-entrypoint.sh
##################################################################
# Final config
##################################################################
EXPOSE ${RETRACKER_PORT}/udp
EXPOSE ${RETRACKER_PORT}/tcp
##################################################################
# volumes for logs and data
##################################################################
##################################################################
# Setup stopsignal
##################################################################
STOPSIGNAL SIGINT
##################################################################
# run site
##################################################################
ENTRYPOINT ["tini", "-s", "--", "docker-entrypoint.sh"]
CMD ["docker-entrypoint.sh"]

19
linux/ecosystem/opentracker/Makefile Normal file
View File

@ -0,0 +1,19 @@
all: app
app:
make build
make deploy
make clean
build:
docker-compose build --compress --no-cache --progress plain
deploy:
docker-compose push
clean:
docker container prune -f
docker image prune -f
docker network prune -f
docker volume prune -f
docker system prune -af

166
linux/ecosystem/opentracker/README.md Normal file
View File

@ -0,0 +1,166 @@
# opentracker-docker
Docker image from scratch, customizable, simple and small, for the [opentracker project](https://erdgeist.org/arts/software/opentracker/), a open and free bittorrent tracker.
## How to use this image
This image compile `Opentracker` following [build instructions](https://erdgeist.org/arts/software/opentracker/#build-instructions), but using [GCC](https://gcc.gnu.org/)'s [`-static`](https://gcc.gnu.org/onlinedocs/gcc/Link-Options.html) link option. The `-static` option links a program statically, in other words it does not require a dependency on dynamic libraries at runtime in order to run.
This image is designed to be used in a micro-service environment. There are three versions of the image you can choose from.
The `open` tag contains a Opentracker builded with defaults options and run in [open mode](https://erdgeist.org/arts/software/opentracker/#invocation).
The `blacklist` and `whitelist` tags contains a Opentracker builded with `-DWANT_ACCESSLIST_BLACK` and `-DWANT_ACCESSLIST_WHITE` respectively and run in [closed mode](https://erdgeist.org/arts/software/opentracker/#closed-mode).
## Using in `open` Mode
The image has `/bin/opentracker` binary as [ENTRYPOINT](https://docs.docker.com/engine/reference/builder/#entrypoint) and `-f /etc/opentracker/opentracker.conf` as default [CMD](https://docs.docker.com/engine/reference/builder/#exec-form-entrypoint-example).
So you can run:
```bash
docker run \
--rm \
-d \
--name opentracker \
-p 6969:6969/udp -p 6969:6969 \
wiltonsr/opentracker:open
```
Or with `docker-compose.yml` file:
```yml
version: "3"
services:
tracker:
image: wiltonsr/opentracker:open
container_name: opentracker
restart: always
ports:
- 6969:6969/tcp
- 6969:6969/udp
```
```bash
docker-compose up
```
Now you can access [Opentracker Stats page](https://erdgeist.org/arts/software/opentracker/#statistics) at http://localhost:6969/stats from your host system.
### Debug Mode
All `tags` also contains `/bin/opentracker.debug` binary. So you could run Opentracker in `debug mode` overriding default `ENTRYPOINT`.
```bash
docker run \
--rm \
-d \
--name opentracker \
-p 6969:6969/udp -p 6969:6969 \
--entrypoint="/bin/opentracker.debug" \
wiltonsr/opentracker:open \
-f /etc/opentracker/opentracker.conf
```
It is also possible to override the default command with:
```bash
docker run \
--rm \
--name opentracker \
-p 6969:6969/udp -p 6969:6969 \
wiltonsr/opentracker:open \
-h
```
You will get:
```text
Usage: /bin/opentracker [-i ip] [-p port] [-P port] [-r redirect] [-d dir] [-u user] [-A ip] [-f config] [-s livesyncport]
-f config include and execute the config file
-i ip specify ip to bind to (default: *, you may specify more than one)
-p port specify tcp port to bind to (default: 6969, you may specify more than one)
-P port specify udp port to bind to (default: 6969, you may specify more than one)
-r redirecturlspecify url where / should be redirected to (default none)
-d dir specify directory to try to chroot to (default: ".")
-u user specify user under whose privileges opentracker should run (default: "nobody")
-A ip bless an ip address as admin address (e.g. to allow syncs from this address)
Example: ./opentracker -i 127.0.0.1 -p 6969 -P 6969 -f ./opentracker.conf -i 10.1.1.23 -p 2710 -p 80
```
### Configuration file
All `tags` use default configuration file from [here](https://erdgeist.org/gitweb/opentracker/tree/opentracker.conf.sample).
Some adjusts are made:
- `tracker.user` is setted to `opentracker` [USER](https://docs.docker.com/engine/reference/builder/#user) in all tags.
- `access.whitelist` is setted to `/etc/opentracker/whitelist` in `whitelist` tag.
- `access.blacklist` is setted to `/etc/opentracker/blacklist` in `blacklist` tag.
You could override the default configuration using a [VOLUME](https://docs.docker.com/engine/reference/builder/#volume):
```bash
docker run \
--rm \
--name opentracker \
-v $PWD/local-opentracker.conf:/etc/opentracker/opentracker.conf \
-p 6969:6969/udp -p 6969:6969 \
wiltonsr/opentracker:open
```
## Using in `closed` Mode
If you want to control what torrents to track or not to track. You could use opentracker with one of the accesslist-options `tags`, you can control which torrents are tracked by providing a file that contains a list of human readable `info_hashes`. An example whitelist file would look like
```text
0123456789abcdef0123456789abcdef01234567
890123456789abcdef0123456789abcdef012345
```
### Compilation
Opentracker provides accesslist options, `-DWANT_ACCESSLIST_BLACK` and `-DWANT_ACCESSLIST_WHITE`, but this options are `exclusive`. Trying to compile it with both options will resulte in this error:
```bash
cc -c -o opentracker.o -I../libowfat -Wall -pipe -Wextra -O3 -DWANT_ACCESSLIST_BLACK -DWANT_ACCESSLIST_WHITE -DWANT_FULLSCRAPE opentracker.c
In file included from opentracker.c:36:
ot_accesslist.h:10:4: error: #error WANT_ACCESSLIST_BLACK and WANT_ACCESSLIST_WHITE are exclusive.
10 | # error WANT_ACCESSLIST_BLACK and WANT_ACCESSLIST_WHITE are exclusive.
| ^~~~~
make: *** [Makefile:81: opentracker.o] Erro 1
```
Because of that there are two another tags, `blacklist` and `whitelist`, which were compiled with the respective options.
### Whitelist Mode
```bash
docker run \
--rm \
--name opentracker \
-v $PWD/local-whitelist:/etc/opentracker/whitelist \
-p 6969:6969/udp -p 6969:6969 \
wiltonsr/opentracker:whitelist
```
### Blacklist Mode
```bash
docker run \
--rm \
--name opentracker \
-v $PWD/local-blacklist:/etc/opentracker/blacklist \
-p 6969:6969/udp -p 6969:6969 \
wiltonsr/opentracker:blacklist
```
### Reloading file changes
To make opentracker reload it's `white`/`blacklist` after changes, send a `SIGHUP` unix signal.
```bash
docker kill --signal="SIGHUP" opentracker
```

6
linux/ecosystem/opentracker/docker-compose.yml Normal file
View File

@ -0,0 +1,6 @@
version: '3.9'
services:
app:
image: "epicmorg/opentracker:latest"
build:
context: .

27
linux/ecosystem/opentracker/docker-entrypoint.sh Executable file
View File

@ -0,0 +1,27 @@
#!/bin/bash
set -euo pipefail
# Setup default Opts
: ${RETRACKER_BIN:=opentracker}
: ${RETRACKER_PORT:=6969}
: ${RETRACKER_CONFIG:=/etc/opentracker/opentracker.conf}
: ${RETRACKER_DEBUG:=false}
: ${RETRACKER_OPTS:=}
if [[ -z "${RETRACKER_DEBUG}" ]]; then
echo "[retracker] Debug env RETRACKER_DEBUG is not set. Skipping..."
export RETRACKER_BIN="opentracker"
elif [ "${RETRACKER_DEBUG}" == "false" ]; then
echo "[retracker] Debug env RETRACKER_DEBUG is set to false. Skipping..."
export RETRACKER_BIN="opentracker"
elif [ "${RETRACKER_DEBUG}" == "true" ]; then
echo "[retracker] Debug env RETRACKER_DEBUG is set to true. Enabling it."
export RETRACKER_BIN="opentracker.debug"
else
echo "[retracker] Debug env RETRACKER_DEBUG is set to strange value. Skipping..."
export RETRACKER_BIN="opentracker"
fi
echo "[opentracker] Starting up"
${RETRACKER_BIN} ${RETRACKER_OPTS} -f ${RETRACKER_CONFIG}

106
linux/ecosystem/opentracker/etc/opentracker/opentracker.conf Normal file
View File

@ -0,0 +1,106 @@
# opentracker config file
#
# I) Address opentracker will listen on, using both, tcp AND udp family
# (note, that port 6969 is implicite if ommitted).
#
# If no listen option is given (here or on the command line), opentracker
# listens on 0.0.0.0:6969 tcp and udp.
#
# The next variable determines if udp sockets are handled in the event
# loop (set it to 0, the default) or are handled in blocking reads in
# dedicated worker threads. You have to set this value before the
# listen.tcp_udp or listen.udp statements before it takes effect, but you
# can re-set it for each listen statement. Normally you should keep it at
# the top of the config file.
#
# listen.udp.workers 4
#
# listen.tcp_udp 0.0.0.0
# listen.tcp_udp 192.168.0.1:80
# listen.tcp_udp 10.0.0.5:6969
#
# To only listen on tcp or udp family ports, list them this way:
#
# listen.tcp 0.0.0.0
# listen.udp 192.168.0.1:6969
#
# Note, that using 0.0.0.0 for udp sockets may yield surprising results.
# An answer packet sent on that socket will not necessarily have the
# source address that the requesting client may expect, but any address
# on that interface.
#
# II) If opentracker runs in a non-open mode, point it to files containing
# all torrent hashes that it will serve (shell option -w)
#
# access.whitelist /path/to/whitelist
#
# or, if opentracker was compiled to allow blacklisting (shell option -b)
#
# access.blacklist ./blacklist
#
# It is pointless and hence not possible to compile black AND white
# listing, so choose one of those options at compile time. File format
# is straight forward: "<hex info hash>\n<hex info hash>\n..."
#
# If you do not want to grant anyone access to your stats, enable the
# WANT_RESTRICT_STATS option in Makefile and bless the ip addresses
# allowed to fetch stats here.
#
# access.stats 192.168.0.23
#
# There is another way of hiding your stats. You can obfuscate the path
# to them. Normally it is located at /stats but you can configure it to
# appear anywhere on your tracker.
#
# access.stats_path stats
# III) Live sync uses udp multicast packets to keep a cluster of opentrackers
# synchronized. This option tells opentracker which port to listen for
# incoming live sync packets. The ip address tells opentracker, on which
# interface to join the multicast group, those packets will arrive.
# (shell option -i 192.168.0.1 -s 9696), port 9696 is default.
#
# livesync.cluster.listen 192.168.0.1:9696
#
# Note that two udp sockets will be opened. One on ip address 0.0.0.0
# port 9696, that will join the multicast group 224.0.42.23 for incoming
# udp packets and one on ip address 192.168.0.1 port 9696 for outgoing
# udp packets.
#
# As of now one and only one ip address must be given, if opentracker
# was built with the WANT_SYNC_LIVE feature.
#
# IV) Sync between trackers running in a cluster is restricted to packets
# coming from trusted ip addresses. While source ip verification is far
# from perfect, the authors of opentracker trust in the correct
# application of tunnels, filters and LAN setups (shell option -A).
#
# livesync.cluster.node_ip 192.168.0.4
# livesync.cluster.node_ip 192.168.0.5
# livesync.cluster.node_ip 192.168.0.6
#
# This is the admin ip address for old style (HTTP based) asynchronus
# tracker syncing.
#
# batchsync.cluster.admin_ip 10.1.1.1
#
# V) Control privilege drop behaviour.
# Put in the directory opentracker will chroot/chdir to. All black/white
# list files must be put in that directory (shell option -d).
#
#
# tracker.rootdir /usr/local/etc/opentracker
#
# Tell opentracker which user to setuid to.
#
# tracker.user nobody
#
# VI) opentracker can be told to answer to a "GET / HTTP"-request with a
# redirect to another location (shell option -r).
#
# tracker.redirect_url https://your.tracker.local/

106
linux/ecosystem/opentracker/etc/opentracker/opentracker.conf.sample Normal file
View File

@ -0,0 +1,106 @@
# opentracker config file
#
# I) Address opentracker will listen on, using both, tcp AND udp family
# (note, that port 6969 is implicite if ommitted).
#
# If no listen option is given (here or on the command line), opentracker
# listens on 0.0.0.0:6969 tcp and udp.
#
# The next variable determines if udp sockets are handled in the event
# loop (set it to 0, the default) or are handled in blocking reads in
# dedicated worker threads. You have to set this value before the
# listen.tcp_udp or listen.udp statements before it takes effect, but you
# can re-set it for each listen statement. Normally you should keep it at
# the top of the config file.
#
# listen.udp.workers 4
#
# listen.tcp_udp 0.0.0.0
# listen.tcp_udp 192.168.0.1:80
# listen.tcp_udp 10.0.0.5:6969
#
# To only listen on tcp or udp family ports, list them this way:
#
# listen.tcp 0.0.0.0
# listen.udp 192.168.0.1:6969
#
# Note, that using 0.0.0.0 for udp sockets may yield surprising results.
# An answer packet sent on that socket will not necessarily have the
# source address that the requesting client may expect, but any address
# on that interface.
#
# II) If opentracker runs in a non-open mode, point it to files containing
# all torrent hashes that it will serve (shell option -w)
#
# access.whitelist /path/to/whitelist
#
# or, if opentracker was compiled to allow blacklisting (shell option -b)
#
# access.blacklist ./blacklist
#
# It is pointless and hence not possible to compile black AND white
# listing, so choose one of those options at compile time. File format
# is straight forward: "<hex info hash>\n<hex info hash>\n..."
#
# If you do not want to grant anyone access to your stats, enable the
# WANT_RESTRICT_STATS option in Makefile and bless the ip addresses
# allowed to fetch stats here.
#
# access.stats 192.168.0.23
#
# There is another way of hiding your stats. You can obfuscate the path
# to them. Normally it is located at /stats but you can configure it to
# appear anywhere on your tracker.
#
# access.stats_path stats
# III) Live sync uses udp multicast packets to keep a cluster of opentrackers
# synchronized. This option tells opentracker which port to listen for
# incoming live sync packets. The ip address tells opentracker, on which
# interface to join the multicast group, those packets will arrive.
# (shell option -i 192.168.0.1 -s 9696), port 9696 is default.
#
# livesync.cluster.listen 192.168.0.1:9696
#
# Note that two udp sockets will be opened. One on ip address 0.0.0.0
# port 9696, that will join the multicast group 224.0.42.23 for incoming
# udp packets and one on ip address 192.168.0.1 port 9696 for outgoing
# udp packets.
#
# As of now one and only one ip address must be given, if opentracker
# was built with the WANT_SYNC_LIVE feature.
#
# IV) Sync between trackers running in a cluster is restricted to packets
# coming from trusted ip addresses. While source ip verification is far
# from perfect, the authors of opentracker trust in the correct
# application of tunnels, filters and LAN setups (shell option -A).
#
# livesync.cluster.node_ip 192.168.0.4
# livesync.cluster.node_ip 192.168.0.5
# livesync.cluster.node_ip 192.168.0.6
#
# This is the admin ip address for old style (HTTP based) asynchronus
# tracker syncing.
#
# batchsync.cluster.admin_ip 10.1.1.1
#
# V) Control privilege drop behaviour.
# Put in the directory opentracker will chroot/chdir to. All black/white
# list files must be put in that directory (shell option -d).
#
#
# tracker.rootdir /usr/local/etc/opentracker
#
# Tell opentracker which user to setuid to.
#
# tracker.user nobody
#
# VI) opentracker can be told to answer to a "GET / HTTP"-request with a
# redirect to another location (shell option -r).
#
# tracker.redirect_url https://your.tracker.local/