diff --git a/src/server_manager/install_scripts/install_server.sh b/src/server_manager/install_scripts/install_server.sh index d8b04a60b..feaf8f781 100755 --- a/src/server_manager/install_scripts/install_server.sh +++ b/src/server_manager/install_scripts/install_server.sh @@ -312,27 +312,19 @@ function check_firewall() { FIREWALL_STATUS="\ You won’t be able to access it externally, despite your server being correctly set up, because there's a firewall (in this machine, your router or cloud -provider) that is preventing incoming connections to ports ${SB_API_PORT} and ${ACCESS_KEY_PORT}. - -- If you plan to have a single access key to access your server, opening those - ports for TCP and UDP should suffice. -- If you plan on adding additional access keys, you’ll have to open ports 1024 - through 65535 on your firewall since the Outline server may allocate any of - those ports to new access keys. -" +provider) that is preventing incoming connections to ports ${SB_API_PORT} and ${ACCESS_KEY_PORT}." else FIREWALL_STATUS="\ If you have connection problems, it may be that your router or cloud provider -blocks inbound connections, even though your machine seems to allow them. - -- If you plan to have a single access key to access your server make sure - ports ${SB_API_PORT} and ${ACCESS_KEY_PORT} are open for TCP and UDP on - your router or cloud provider. -- If you plan on adding additional access keys, you’ll have to open ports - 1024 through 65535 on your router or cloud provider since the Outline - Server may allocate any of those ports to new access keys. -" +blocks inbound connections, even though your machine seems to allow them." fi + FIREWALL_STATUS="\ +$FIREWALL_STATUS + +Make sure to open the following ports on your firewall, router or cloud provider: +- Management port ${SB_API_PORT}, for TCP +- Access key port ${ACCESS_KEY_PORT}, for TCP and UDP +" } install_shadowbox() { diff --git a/src/shadowbox/server/main.ts b/src/shadowbox/server/main.ts index 141f1e9fd..a2dbf18af 100644 --- a/src/shadowbox/server/main.ts +++ b/src/shadowbox/server/main.ts @@ -24,7 +24,6 @@ import {PortProvider} from '../infrastructure/get_port'; import * as json_config from '../infrastructure/json_config'; import * as logging from '../infrastructure/logging'; import {PrometheusClient, runPrometheusScraper} from '../infrastructure/prometheus_scraper'; -import {RolloutTracker} from '../infrastructure/rollout'; import {AccessKeyId} from '../model/access_key'; import {PrometheusManagerMetrics} from './manager_metrics'; @@ -78,20 +77,10 @@ async function reservePortForNewAccessKeys( portProvider: PortProvider, serverConfig: json_config.JsonConfig): Promise { serverConfig.data().portForNewAccessKeys = await portProvider.reserveNewPort(); + serverConfig.write(); return serverConfig.data().portForNewAccessKeys; } -function createRolloutTracker(serverConfig: json_config.JsonConfig): - RolloutTracker { - const rollouts = new RolloutTracker(serverConfig.data().serverId); - if (serverConfig.data().rollouts) { - for (const rollout of serverConfig.data().rollouts) { - rollouts.forceRollout(rollout.id, rollout.enabled); - } - } - return rollouts; -} - async function main() { const verbose = process.env.LOG_LEVEL === 'debug'; const portProvider = new PortProvider(); @@ -174,15 +163,9 @@ async function main() { const accessKeyRepository = new ServerAccessKeyRepository( portProvider, proxyHostname, accessKeyConfig, shadowsocksServer); - // TODO(fortuna): Once single-port is fully rollout, we should: - // - update `install_server.sh` to stop using `--net=host` for new servers (old servers are stuck - // with that forever) and output new instructions for port configuration. - // - update manger UI to provide new instructions for port configuration in manual mode. - if (createRolloutTracker(serverConfig).isRolloutEnabled('single-port', 100)) { - const portForNewAccessKeys = getPortForNewAccessKeys(serverConfig, accessKeyConfig) || - await reservePortForNewAccessKeys(portProvider, serverConfig); - accessKeyRepository.enableSinglePort(portForNewAccessKeys); - } + const portForNewAccessKeys = getPortForNewAccessKeys(serverConfig, accessKeyConfig) || + await reservePortForNewAccessKeys(portProvider, serverConfig); + accessKeyRepository.enableSinglePort(portForNewAccessKeys); const prometheusClient = new PrometheusClient(`http://${prometheusLocation}`); const metricsReader = new PrometheusUsageMetrics(prometheusClient);