enable/disable clash

ChisBread · May 14, 2022 · ba2a529 · ba2a529
1 parent 8f850d5
commit ba2a529
Show file tree

Hide file tree

Showing 3 changed files with 81 additions and 62 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -38,6 +38,8 @@ RUN echo 'detect arch ...' \
     && gunzip master.tar.gz && tar xvf master.tar && rm master.tar \
     && mkdir /default/exports && mv ACL4SSR-master /default/exports/ACL4SSR \
     && chmod -R a+r /default/
+
+ENV ENABLE_CLASH=1
 ENV REQUIRED_CONFIG=""
 ENV CLASH_HTTP_PORT=7890
 ENV CLASH_SOCKS_PORT=7891

diff --git a/README.md b/README.md
@@ -1,9 +1,9 @@
 # chislash
 - 开箱即用的clash透明网关
-
+- 也可作为[纯订阅转换服务](#其它场景)使用
 ## 警告
 - 十分**不建议**在云服务器(甲骨文,AWS...)上使用透明代理特性(IP_ROUTE=1)！ 任何意外情况都可能导致你的服务器失联
-- 如果依然要使用,请关闭透明代理特性,作为HTTP/SOCKS5代理服务器使用; 参考[其它场景](#其它场景)中的"非透明代理"
+- 如果依然要使用,请关闭透明代理特性,作为HTTP/SOCKS5代理服务器使用; 参考[非透明代理](#其它场景)
 ## 环境检查
 - 检查是否支持TProxy(支持TProxy, 才能使用透明代理)
 ```
@@ -54,6 +54,19 @@ sudo docker run --name chislash \
 ```
 - 关闭IPv6代理: *-e IPV6_PROXY=0*
 - 关闭UDP代理: *-e UDP_PROXY=0*
+- 纯订阅转换服务(subconverter)
+```bash
+sudo docker run --name chislash \
+    --rm -it \
+    -e ENABLE_CLASH=0 \
+    -p 25500:25500 \
+    -p 8091:8091 \
+    -e SUBSCR_URLS=<(可不填, 填写后启动会更新/etc/clash/config.yaml)> \
+    -v $HOME/.config/chislash:/etc/clash \
+    chisbread/chislash:latest
+```
+  - 转换服务: *http://127.0.0.1:25500/sub*
+  - 转换规则: *http://127.0.0.1:8091/ACL4SSR/Clash/config/* 
 ## 进阶使用
 - 一些细节
   - 透明代理: 容器自动映射路由表, 劫持本地DNS流量实现本地透明代理; 亦可作为网关使用, 需要将网关和DNS指定为服务器IP

diff --git a/start.sh b/start.sh
@@ -13,7 +13,7 @@ _term() {
     # terminate when the clash-daemon process dies
     __=`kill -9 ${pid} 2>&1 >/dev/null` || true
     tail --pid=${pid} -f /dev/null || true
-    if [ "$IP_ROUTE" == "1" ]; then
+    if [ "$ENABLE_CLASH" == "1" ] && [ "$IP_ROUTE" == "1" ]; then
         echolog "unset iproutes ..."
         __=`unsetroute 2>&1 >/dev/null` || true
         echolog "done."
@@ -79,12 +79,6 @@ fi
 if [ ! -d "/etc/clash/exports" ]; then
     cp -arp /default/exports /etc/clash/exports
 fi
-if [ "$IP_ROUTE" == "1" ]; then
-    setcap 'cap_net_admin,cap_net_bind_service=+ep' /usr/bin/clash
-else
-    setcap 'cap_net_admin,cap_net_bind_service=-ep' /usr/bin/clash
-    CLASH_TPROXY_PORT=0
-fi
 chmod -R a+rw /etc/clash
 ################### 生成config.yaml ###################
 # 启动订阅转换服务
@@ -169,62 +163,72 @@ if [ "$SUBSCR_URLS" != "" ]; then
         $NO_ENGLISH || echolog "Subscription expires after ${SINCE} seconds"
     fi
 fi
-echolog "使用环境变量覆盖config.yaml设置"
-$NO_ENGLISH || echolog "Override config.yaml with environment variables"
-python3 /default/clash/utils/override.py \
-    "/etc/clash/config.yaml" \
-    "$REQUIRED_CONFIG" \
-    "$CLASH_HTTP_PORT" \
-    "$CLASH_SOCKS_PORT" \
-    "$CLASH_TPROXY_PORT" \
-    "$CLASH_MIXED_PORT" \
-    "$LOG_LEVEL" \
-    "$IPV6_PROXY"
-################### 启动clash服务 ###################
-echolog "Clash启动中..."
-$NO_ENGLISH || echolog "Clash is starting ..."
-su - clash -c "/usr/bin/clash -d /etc/clash -ext-ctl 0.0.0.0:$DASH_PORT -ext-ui $DASH_PATH"  >/etc/clash/clash.log 2>&1 &
-EXPID=$!
-# 等待,直到SOCKS端口被监听, 或者clash启动失败
-while :
-do
-    PID=`ps -def|grep -P '^clash'|awk '{print $2}'` || true
-    PORT_EXIST=`ss -tlnp | awk '{print $4}' | grep -P ".*:$CLASH_SOCKS_PORT" | head -n 1` || true
-    if [ "$PID" == "" ] || [ "$PORT_EXIST" == "" ]; then
-        EXPID_EXIST=$(ps aux | awk '{print $2}'| grep -w $EXPID) || true
-        if [ ! $EXPID_EXIST ];then
-            echoerr "clash is not running"
-            if [ "`cat /etc/clash/clash.log| grep 'Operation not permitted'`" != "" ]; then
-                echoerr "privileged must be true"
+# 启动clash服务
+if [ "$ENABLE_CLASH" == "1" ]; then
+    if [ "$IP_ROUTE" == "1" ]; then
+        setcap 'cap_net_admin,cap_net_bind_service=+ep' /usr/bin/clash
+    else
+        setcap 'cap_net_admin,cap_net_bind_service=-ep' /usr/bin/clash
+        CLASH_TPROXY_PORT=0
+    fi
+    echolog "使用环境变量覆盖config.yaml设置"
+    $NO_ENGLISH || echolog "Override config.yaml with environment variables"
+    python3 /default/clash/utils/override.py \
+        "/etc/clash/config.yaml" \
+        "$REQUIRED_CONFIG" \
+        "$CLASH_HTTP_PORT" \
+        "$CLASH_SOCKS_PORT" \
+        "$CLASH_TPROXY_PORT" \
+        "$CLASH_MIXED_PORT" \
+        "$LOG_LEVEL" \
+        "$IPV6_PROXY"
+    ################### 启动clash服务 ###################
+    echolog "Clash启动中..."
+    $NO_ENGLISH || echolog "Clash is starting ..."
+    su - clash -c "/usr/bin/clash -d /etc/clash -ext-ctl 0.0.0.0:$DASH_PORT -ext-ui $DASH_PATH"  >/etc/clash/clash.log 2>&1 &
+    EXPID=$!
+    # 等待,直到SOCKS端口被监听, 或者clash启动失败
+    while :
+    do
+        PID=`ps -def|grep -P '^clash'|awk '{print $2}'` || true
+        PORT_EXIST=`ss -tlnp | awk '{print $4}' | grep -P ".*:$CLASH_SOCKS_PORT" | head -n 1` || true
+        if [ "$PID" == "" ] || [ "$PORT_EXIST" == "" ]; then
+            EXPID_EXIST=$(ps aux | awk '{print $2}'| grep -w $EXPID) || true
+            if [ ! $EXPID_EXIST ];then
+                echoerr "clash is not running"
+                if [ "`cat /etc/clash/clash.log| grep 'Operation not permitted'`" != "" ]; then
+                    echoerr "privileged must be true"
+                fi
+                exit 1
             fi
-            exit 1
+            sleep 1
+            continue
         fi
-        sleep 1
-        continue
-    fi
-    echo $PID > /var/clash.pid
-    break
-done
-echolog "Clash已就绪"
-$NO_ENGLISH || echolog "Clash is ready"
+        echo $PID > /var/clash.pid
+        break
+    done
+    echolog "Clash已就绪"
+    $NO_ENGLISH || echolog "Clash is ready"
 
-if [ "$IP_ROUTE" == "1" ]; then
-    echolog "设置路由规则..."
-    $NO_ENGLISH || echolog "Set iproutes ..."
-    __=`unsetroute >/dev/null 2>&1` || true
-    touch /tmp/setroute.log
-    __=`setroute >/tmp/setroute.log 2>/tmp/setroute.err` || true
-    cat /tmp/setroute.log | xargs -n 1 -P 10 -I {} bash -c 'echolog "[setroute] $@"' _ {}
-    cat /tmp/setroute.err | xargs -n 1 -P 10 -I {} bash -c 'echoerr "[setroute] $@"' _ {}
-    if [ "`cat /tmp/setroute.log|grep "tproxy is not supported" `" ]; then
-        echoerr "当前不支持TProxy! 自动加载xt_TPROXY失败, 请尝试手动执行: 'modprobe xt_TPROXY'"
-        $NO_ENGLISH || echoerr "TProxy is not supported"
-        exit 1
+    if [ "$IP_ROUTE" == "1" ]; then
+        echolog "设置路由规则..."
+        $NO_ENGLISH || echolog "Set iproutes ..."
+        __=`unsetroute >/dev/null 2>&1` || true
+        touch /tmp/setroute.log
+        __=`setroute >/tmp/setroute.log 2>/tmp/setroute.err` || true
+        cat /tmp/setroute.log | xargs -n 1 -P 10 -I {} bash -c 'echolog "[setroute] $@"' _ {}
+        cat /tmp/setroute.err | xargs -n 1 -P 10 -I {} bash -c 'echoerr "[setroute] $@"' _ {}
+        if [ "`cat /tmp/setroute.log|grep "tproxy is not supported" `" ]; then
+            echoerr "当前不支持TProxy! 自动加载xt_TPROXY失败, 请尝试手动执行: 'modprobe xt_TPROXY'"
+            $NO_ENGLISH || echoerr "TProxy is not supported"
+            exit 1
+        fi
     fi
+    echolog "Clash控制面板: http://$LOCAL_IP:$DASH_PORT/ui"
+    $NO_ENGLISH || echolog "Dashboard: http://$LOCAL_IP:$DASH_PORT/ui"
+    tail -f /etc/clash/clash.log \
+        | grep -v 'Start initial compatible provider' \
+        | xargs -n 1 -P 10 -I {} bash -c 'echolog "$@"' _ {}  2>&1 &
 fi
-echolog "Clash控制面板: http://$LOCAL_IP:$DASH_PORT/ui"
-$NO_ENGLISH || echolog "Dashboard: http://$LOCAL_IP:$DASH_PORT/ui"
-tail -f /etc/clash/clash.log \
-    | grep -v 'Start initial compatible provider' \
-    | xargs -n 1 -P 10 -I {} bash -c 'echolog "$@"' _ {}  2>&1 &
+
 wait