qr, https, etc

reflog · reflog · commit 7cf5a51efb46 · 2025-04-10T14:32:15.000+02:00
diff --git a/Dockerfile b/Dockerfile
@@ -1,7 +1,7 @@
 FROM alpine:edge
 
 # Set the timezone and install CA certificates
-RUN apk --no-cache add ca-certificates tzdata libqrencode
+RUN apk --no-cache add ca-certificates tzdata
 
 COPY lantern-server-manager /app/server
 COPY --from=ghcr.io/sagernet/sing-box /usr/local/bin/sing-box /usr/local/bin/sing-box
diff --git a/Makefile b/Makefile
@@ -2,7 +2,6 @@ lantern-server-manager:
 	CGO_ENABLED=0 go build -ldflags="-extldflags=-static" -o lantern-server-manager ./cmd/...
 
 packer:
-	@cd cloud/packer
 	@if [ -z "$(PKR_VAR_aws_secret_key)" ]; then \
 		echo "Error: PKR_VAR_aws_secret_key is not set"; \
 		exit 1; \
@@ -17,4 +16,4 @@ packer:
 		exit 1; \
 	fi
 
-	@packer build .
+	cd cloud/packer && packer build .
diff --git a/cloud/lantern-server-manager.service b/cloud/lantern-server-manager.service
@@ -5,7 +5,7 @@ After=syslog.target network.target remote-fs.target nss-lookup.target
 
 [Service]
 User=root
-ExecStart=/opt/lantern/lantern-server-manager serve
+ExecStart=/opt/lantern/lantern-server-manager serve -d /opt/lantern/data
 ExecStop=/bin/kill -s QUIT $MAINPID
 PrivateTmp=true
 StandardOutput=journal+console
diff --git a/cloud/packer/main.pkr.hcl b/cloud/packer/main.pkr.hcl
@@ -13,7 +13,7 @@ source "amazon-ebs" "amazon-linux" {
   region        = var.aws_region
   source_ami_filter {
     filters = {
-      name                = "*amzn3-ami-hvm-*"
+      name                = "al2023-ami*x86_64"
       root-device-type    = "ebs"
       virtualization-type = "hvm"
     }
@@ -30,19 +30,24 @@ build {
     source      = "../lantern-server-manager.service"
     destination = "/tmp/lantern-server-manager.service"
   }
+  provisioner "file" {
+    source      = "../sing-box.service"
+    destination = "/tmp/sing-box.service"
+  }
 
   provisioner "shell" {
     inline = [
-      "yum install -y qrencode",
       "curl -L https://github.com/SagerNet/sing-box/releases/download/v${var.sing_box_version}/sing-box-${var.sing_box_version}-linux-amd64.tar.gz -o /tmp/sing-box.tar.gz",
       "curl -L https://github.com/getlantern/lantern-server-manager/releases/download/v${var.version}/lantern-server-manager_${var.version}_linux_amd64.tar.gz -o /tmp/lantern-server-manager.tar.gz",
       "tar -xzf /tmp/lantern-server-manager.tar.gz -C /tmp",
       "tar -xzf /tmp/sing-box.tar.gz -C /tmp",
       "sudo mkdir -p /opt/lantern",
       "sudo mv /tmp/sing-box-${var.sing_box_version}-linux-amd64/sing-box /usr/local/bin/sing-box",
       "sudo mv /tmp/lantern-server-manager.service /opt/lantern/lantern-server-manager.service",
+      "sudo mv /tmp/sing-box.service /opt/lantern/sing-box.service",
       "sudo mv /tmp/lantern-server-manager /opt/lantern/lantern-server-manager",
       "sudo systemctl enable /opt/lantern/lantern-server-manager.service",
+      "sudo systemctl enable /opt/lantern/sing-box.service",
       "rm /home/ec2-user/.ssh/authorized_keys",
       "sudo rm /root/.ssh/authorized_keys"
     ]
diff --git a/cloud/packer/vars.pkr.hcl b/cloud/packer/vars.pkr.hcl
@@ -14,7 +14,6 @@ variable "aws_access_key" {
 
 variable "version" {
   type    = string
-  default = "0.0.2"
 }
 
 variable "sing_box_version" {
diff --git a/cloud/sing-box.service b/cloud/sing-box.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=SingBox
+Documentation=https://github.com/getlantern/sing-box
+After=lantern-server-manager.service
+Requires=lantern-server-manager.service
+
+[Service]
+User=root
+ExecStart=/usr/local/bin/sing-box run --config /opt/lantern/data/sing-box-config.json
+ExecStop=/bin/kill -s QUIT $MAINPID
+PrivateTmp=true
+StandardOutput=journal+console
+StandardError=journal+console
+[Install]
+WantedBy=multi-user.target
diff --git a/common/server.go b/common/server.go
@@ -5,9 +5,9 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"github.com/mdp/qrterminal/v3"
 	"math/rand/v2"
 	"os"
-	"os/exec"
 	"path"
 	"time"
 
@@ -29,20 +29,8 @@ func (c *ServerConfig) GetNewServerURL() string {
 }
 
 func (c *ServerConfig) GetQR() string {
-	qrCodeOptions := []string{"ANSI", "ANSI256", "ASCII", "ASCIIi", "UTF8", "UTF8i", "ANSIUTF8", "ANSIUTF8i", "ANSI256UTF8"}
-	text := "https://google.com/" // TODO: c.GetNewServerURL()
 	qrCode := bytes.NewBufferString("")
-	for _, qrCodeOption := range qrCodeOptions {
-		cmd := exec.Command("qrencode", "-t", qrCodeOption, text+qrCodeOption)
-		// collect output
-		cmd.Stdout = qrCode
-		cmd.Stderr = os.Stderr
-		if err := cmd.Run(); err != nil {
-			log.Errorf("Error generating QR code: %v", err)
-			continue
-		}
-	}
-	//qrterminal.GenerateHalfBlock(c.GetNewServerURL(), qrterminal.L, qrCode)
+	qrterminal.GenerateHalfBlock(c.GetNewServerURL(), qrterminal.L, qrCode)
 
 	return qrCode.String()
 }
diff --git a/common/singbox.go b/common/singbox.go
@@ -122,7 +122,7 @@ func GenerateSingBoxConnectConfig(dataDir, publicIP, username string) ([]byte, e
 						Server:     publicIP,
 						ServerPort: inboundOptions.ListenPort,
 					},
-					Method:   "2022-blake3-aes-128-gcm",
+					Method:   "chacha20-ietf-poly1305",
 					Password: pw,
 				},
 			},
@@ -140,8 +140,8 @@ func WriteSingBoxServerConfig(dataDir string, opt *option.Options) error {
 }
 
 func makeShadowsocksPassword() string {
-	// generate a password. we are using 2022-blake3-aes-128-gcm so length must be 16
-	passwordStr := password.MustGenerate(16, 10, 6, false, false)
+	// generate a password. we are using chacha20-ietf-poly1305 so length can be anything
+	passwordStr := password.MustGenerate(32, 10, 6, false, false)
 
 	return base64.StdEncoding.EncodeToString([]byte(passwordStr))
 }
@@ -163,7 +163,7 @@ func GenerateBasicSingBoxServerConfig(dataDir string) (*option.Options, error) {
 				Tag:  "ss-inbound",
 
 				Options: &option.ShadowsocksInboundOptions{
-					Method: "2022-blake3-aes-128-gcm",
+					Method: "chacha20-ietf-poly1305",
 					ListenOptions: option.ListenOptions{
 						ListenPort: uint16(port),
 						Listen:     common.Ptr(badoption.Addr(netip.AddrFrom4([4]byte{0, 0, 0, 0}))),
@@ -194,10 +194,18 @@ func ValidateSingBoxConfig(dataDir string) error {
 	return nil
 }
 
+// RestartSingBox restarts the sing-box service. If NO_SYSTEMD is set, it will use pkill and run the command directly.
+// this is useful for local testing without install of the service
+var noSystemd = os.Getenv("NO_SYSTEMD") != ""
+
 func RestartSingBox(dataDir string) error {
-	singBoxPath, _ := exec.LookPath("sing-box")
-	// kill process
-	_ = exec.Command("pkill", "-9", "sing-box").Run()
-	// start process
-	return exec.Command(singBoxPath, "run", "--config", path.Join(dataDir, "sing-box-config.json")).Start()
+	if noSystemd {
+		singBoxPath, _ := exec.LookPath("sing-box")
+		// kill process
+		_ = exec.Command("pkill", "-9", "sing-box").Run()
+		// start process
+		return exec.Command(singBoxPath, "run", "--config", path.Join(dataDir, "sing-box-config.json")).Start()
+	} else {
+		return exec.Command("systemctl", "restart", "sing-box").Run()
+	}
 }

Original file line number	Diff line number	Diff line change
`@@ -14,7 +14,6 @@ variable "aws_access_key" {`
`14`	`14`
`15`	`15`	`variable "version" {`
`16`	`16`	`type = string`
`17`		`- default = "0.0.2"`
`18`	`17`	`}`
`19`	`18`
`20`	`19`	`variable "sing_box_version" {`