|
1 | 1 |
|
2 | | -[](https://github.com/Yundera/mesh-router/actions/workflows/docker-publish.yml) |
| 2 | +[](https://github.com/Yundera/mesh-router-tunnel/actions/workflows/docker-publish.yml) |
3 | 3 |
|
4 | | -# MeshRouter |
| 4 | +# MeshRouter Tunnel |
5 | 5 |
|
6 | 6 | ## Sponsor |
7 | 7 | Thanks for sponsoring this project |
@@ -73,16 +73,43 @@ Example: `nextcloud.mynas.nsl.sh` or `nextcloud-mynas.nsl.sh` |
73 | 73 |
|
74 | 74 | | Variable | Default | Description | |
75 | 75 | |----------|---------|-------------| |
76 | | -| `PROVIDER` | - | Provider connection string: `<url>,<userId>,<signature>` | |
| 76 | +| `PROVIDER` | - | Provider connection string: `<url>,<userId>,<signature>` (for single provider setup) | |
77 | 77 | | `ROUTING_TARGET_HOST` | `caddy` | Target container hostname for traffic forwarding | |
78 | 78 | | `ROUTING_TARGET_PORT` | `80` | Target container port | |
79 | 79 |
|
| 80 | +### YAML Configuration (Multi-Provider) |
| 81 | + |
| 82 | +For advanced setups with multiple providers, use a YAML configuration file mounted at `/app/config/config.yml`: |
| 83 | + |
| 84 | +```yaml |
| 85 | +providers: |
| 86 | + - provider: https://nsl.sh,userId,signature |
| 87 | + defaultService: casaos |
| 88 | + - provider: http://custom-provider.com,userId2 |
| 89 | + defaultService: myapp |
| 90 | + services: |
| 91 | + myapp: |
| 92 | + defaultPort: '3000' |
| 93 | +``` |
| 94 | +
|
| 95 | +The configuration file is watched for changes and will automatically reconnect to providers when modified. |
| 96 | +
|
| 97 | +### Connection Health Monitoring |
| 98 | +
|
| 99 | +The requester automatically monitors WireGuard handshakes every 5 minutes. If a connection becomes stale (no handshake within 5 minutes), it will: |
| 100 | +1. Log the connection issue |
| 101 | +2. Tear down the WireGuard interface |
| 102 | +3. Re-register with the provider |
| 103 | +4. Re-establish the tunnel |
| 104 | +
|
| 105 | +This ensures resilient connections without manual intervention. |
| 106 | +
|
80 | 107 | ### Docker Compose Example |
81 | 108 |
|
82 | 109 | ```yaml |
83 | 110 | services: |
84 | 111 | mesh-router: |
85 | | - image: mesh-router:latest |
| 112 | + image: ghcr.io/yundera/mesh-router-tunnel:latest |
86 | 113 | cap_add: |
87 | 114 | - NET_ADMIN |
88 | 115 | - SYS_MODULE |
@@ -168,20 +195,51 @@ Provider mode is used on public servers to accept incoming VPN connections. |
168 | 195 |
|
169 | 196 | ### Environment Variables |
170 | 197 |
|
171 | | -| Variable | Description | |
172 | | -|----------|-------------| |
173 | | -| `PROVIDER_ANNONCE_DOMAIN` | Domain to announce (e.g., `nsl.sh`) | |
174 | | -| `AUTH_API_URL` | URL for user authentication API | |
175 | | -| `VPN_IP_RANGE` | IP range for VPN clients (e.g., `10.77.0.0/16`) | |
176 | | -| `VPN_PORT` | WireGuard port (default: `51820`) | |
177 | | -| `VPN_ENDPOINT_ANNOUNCE` | Public endpoint for VPN connections | |
| 198 | +| Variable | Default | Description | |
| 199 | +|----------|---------|-------------| |
| 200 | +| `PROVIDER_ANNONCE_DOMAIN` | - | Domain to announce (e.g., `nsl.sh`) - presence of this variable enables provider mode | |
| 201 | +| `AUTH_API_URL` | - | URL for user authentication API (optional) | |
| 202 | +| `VPN_IP_RANGE` | `10.77.0.0/16` | IP range for VPN clients | |
| 203 | +| `VPN_PORT` | `51820` | WireGuard listen port | |
| 204 | +| `VPN_ENDPOINT_ANNOUNCE` | - | Public endpoint for VPN connections (IP or hostname) | |
| 205 | +| `SSL` | `false` | Enable HTTPS with self-signed certificate on port 443 | |
| 206 | + |
| 207 | +### Provider API Endpoints |
| 208 | + |
| 209 | +The provider exposes an internal API on port 3000 (used by Nginx for routing): |
| 210 | + |
| 211 | +| Endpoint | Method | Description | |
| 212 | +|----------|--------|-------------| |
| 213 | +| `/api/ping` | GET | Health check - returns `ok` | |
| 214 | +| `/api/get_ip/<host>` | GET | Resolves domain to backend VPN IP for routing | |
| 215 | +| `/api/register` | POST | Peer registration endpoint for requesters | |
| 216 | + |
| 217 | +**Registration Request Body:** |
| 218 | +```json |
| 219 | +{ |
| 220 | + "userId": "username", |
| 221 | + "vpnPublicKey": "WireGuard public key", |
| 222 | + "authToken": "signature or auth token" |
| 223 | +} |
| 224 | +``` |
| 225 | + |
| 226 | +**Registration Response:** |
| 227 | +```json |
| 228 | +{ |
| 229 | + "wgConfig": { "interface": {...}, "peers": [...] }, |
| 230 | + "serverIp": "10.77.0.1", |
| 231 | + "serverDomain": "nsl.sh", |
| 232 | + "domainName": "username", |
| 233 | + "domain": "username.nsl.sh" |
| 234 | +} |
| 235 | +``` |
178 | 236 |
|
179 | 237 | ### Docker Compose Example |
180 | 238 |
|
181 | 239 | ```yaml |
182 | 240 | services: |
183 | 241 | routing: |
184 | | - image: mesh-router:latest |
| 242 | + image: ghcr.io/yundera/mesh-router-tunnel:latest |
185 | 243 | ports: |
186 | 244 | - "80:80" |
187 | 245 | - "443:443" |
|
0 commit comments