init

https://github.com/bjdgyc/anylink/tree/33b30ecb2104aa6ddb842b87b92d349a3a6eb914

.codecov.yml

@@ -0,0 +1,5 @@
+ignore:
+  - "screenshot"
+  - "web"
+  - "server/conf"
+  - "server/files"

.gitignore

@@ -0,0 +1,5 @@
+# Binaries for programs and plugins
+.idea/
+anylink-deploy
+ui
+

Dockerfile

@@ -0,0 +1,48 @@
+# web
+FROM node:lts-alpine as builder_node
+WORKDIR /web
+COPY ./web /web
+RUN npx browserslist@latest --update-db \
+    && npm install \
+    && npm run build \
+    && ls /web/ui
+
+# server
+FROM golang:alpine as builder_golang
+#TODO 本地打包时使用镜像
+#ENV GOPROXY=https://goproxy.io
+ENV GOOS=linux
+WORKDIR /anylink
+COPY . /anylink
+COPY --from=builder_node /web/ui  /anylink/server/ui
+
+#TODO 本地打包时使用镜像
+#RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories
+RUN apk add --no-cache git
+RUN cd /anylink/server;go build -o anylink -ldflags "-X main.COMMIT_ID=$(git rev-parse HEAD)" \
+    && /anylink/server/anylink tool -v
+
+# anylink
+FROM alpine
+LABEL maintainer="github.com/bjdgyc"
+
+ENV IPV4_CIDR="192.168.10.0/24"
+
+WORKDIR /app
+COPY --from=builder_node /web/ui  /app/ui
+COPY --from=builder_golang /anylink/server/anylink  /app/
+COPY ./server/conf  /app/conf
+COPY ./server/files  /app/files
+COPY docker_entrypoint.sh  /app/
+
+#TODO 本地打包时使用镜像
+#RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories
+RUN apk add --no-cache bash iptables \
+    && chmod +x /app/docker_entrypoint.sh \
+    && ls /app
+
+EXPOSE 443 8800
+
+#CMD ["/app/anylink"]
+ENTRYPOINT ["/app/docker_entrypoint.sh"]
+

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2020 bjdgyc
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,167 @@
+# AnyLink
+
+AnyLink 是一个企业级远程办公sslvpn的软件，可以支持多人同时在线使用。
+
+## Introduction
+
+AnyLink 基于 [ietf-openconnect](https://tools.ietf.org/html/draft-mavrogiannopoulos-openconnect-03)
+协议开发，并且借鉴了 [ocserv](http://ocserv.gitlab.io/www/index.html) 的开发思路，使其可以同时兼容 AnyConnect 客户端。
+
+## Screenshot
+
+![online](screenshot/online.jpg)
+
+## Installation
+
+> 升级 go version = 1.15
+>
+> 需要提前安装好 golang 和 nodejs
+
+```shell
+git clone https://github.com/go-kiss/anylink.git
+
+cd anylink
+sh build.sh
+
+# 注意使用root权限运行
+cd anylink-deploy
+sudo ./anylink -conf="conf/server.toml"
+
+# 默认管理后台访问地址
+# http://host:8800
+# 默认账号密码
+# admin 123456
+```
+
+## Feature
+
+- [x] IP分配(实现IP、MAC映射信息的持久化)
+- [x] TLS-TCP通道
+- [x] DTLS-UDP通道
+- [x] 兼容AnyConnect
+- [x] 用户组支持
+- [x] 多用户支持
+- [x] TOTP令牌支持
+- [x] 流量控制
+- [x] 后台管理界面
+- [x] 访问权限管理
+
+## Config
+
+默认配置文件内有详细的注释，根据注释填写配置即可。
+
+```shell
+# 生成后台密码
+./anylink tool -p 123456
+
+# 生成jwt密钥
+./anylink tool -s
+```
+
+[conf/server.toml](server/conf/server.toml)
+
+## Systemd
+
+添加 systemd脚本
+
+* anylink 程序目录放入 `/usr/local/anylink-deploy`
+
+systemd 脚本放入：
+
+* centos: `/usr/lib/systemd/system/`
+* ubuntu: `/lib/systemd/system/`
+
+操作命令:
+
+* 启动: `systemctl start anylink`
+* 停止: `systemctl stop anylink`
+* 开机自启: `systemctl enable anylink`
+
+## Docker
+
+1. 获取镜像
+
+   ```bash
+   docker pull go-kiss/anylink:latest
+   ```
+
+2. 生成密码
+
+   ```bash
+   docker run -it --rm go-kiss/anylink tool -p 123456
+   #Passwd:$2a$10$lCWTCcGmQdE/4Kb1wabbLelu4vY/cUwBwN64xIzvXcihFgRzUvH2a
+   ```
+
+3. 生成jwt secret
+
+   ```bash
+   docker run -it --rm go-kiss/anylink tool -s
+   #Secret:9qXoIhY01jqhWIeIluGliOS4O_rhcXGGGu422uRZ1JjZxIZmh17WwzW36woEbA
+   ```
+
+4. 启动容器
+
+   ```bash
+   docker run -itd --name anylink --privileged \
+   -p 443:443 -p 8800:8800 \
+   --restart=always \
+   go-kiss/anylink
+   ```
+
+5. 使用自定义参数启动容器
+
+   ```bash
+   docker run -itd --name anylink --privileged \
+   -e IPV4_CIDR=192.168.10.0/24 \
+   -p 443:443 -p 8800:8800 \
+   --restart=always \
+   go-kiss/anylink \
+   -c=/etc/server.toml --admin_addr=:8080
+   ```
+
+6. 构建镜像
+
+   ```bash
+   #获取仓库源码
+   git clone https://github.com/go-kiss/anylink.git
+   # 构建镜像
+   docker build -t anylink .
+   ```
+
+## Setting
+
+1. 开启服务器转发
+
+ ```shell
+ # flie: /etc/sysctl.conf
+ net.ipv4.ip_forward = 1
+
+ #执行如下命令
+ sysctl -w net.ipv4.ip_forward=1
+ ```
+
+2. 设置nat转发规则
+
+```shell
+# eth0为服务器内网网卡
+iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o eth0 -j MASQUERADE
+```
+
+3. 使用AnyConnect客户端连接即可
+
+## Contribution
+
+欢迎提交 PR、Issues，感谢为AnyLink做出贡献。 
+
+## Other Screenshot
+
+<details>
+<summary>展开查看</summary>
+
+![system.jpg](screenshot/system.jpg)
+![setting.jpg](screenshot/setting.jpg)
+![users.jpg](screenshot/users.jpg)
+![ip_map.jpg](screenshot/ip_map.jpg)
+![group.jpg](screenshot/group.jpg)
+
+</details>

build.sh

@@ -0,0 +1,47 @@
+#!/bin/env bash
+
+set -x
+function RETVAL() {
+  rt=$1
+  if [ $rt != 0 ]; then
+    echo $rt
+    exit 1
+  fi
+}
+
+#当前目录
+cpath=$(pwd)
+
+echo "编译二进制文件"
+cd $cpath/server
+go build -o anylink -ldflags "-X main.COMMIT_ID=$(git rev-parse HEAD)"
+RETVAL $?
+
+echo "编译前端项目"
+cd $cpath/web
+#国内可替换源加快速度
+npm install --registry=https://registry.npm.taobao.org
+npm run build --registry=https://registry.npm.taobao.org
+#npm install
+#npm run build
+RETVAL $?
+
+cd $cpath
+
+echo "整理部署文件"
+deploy="anylink-deploy"
+rm -rf $deploy
+mkdir $deploy
+mkdir $deploy/log
+
+cp -r server/anylink $deploy
+cp -r server/conf $deploy
+cp -r server/files $deploy
+cp -r server/bridge-init.sh $deploy
+
+cp -r systemd $deploy
+cp -r web/ui $deploy
+
+#注意使用root权限运行
+#cd anylink-deploy
+#sudo ./anylink -conf="conf/server.toml"

docker/Dockerfile

@@ -0,0 +1,6 @@
+FROM ubuntu:18.04
+WORKDIR /
+COPY docker_entrypoint.sh docker_entrypoint.sh
+RUN mkdir /anylink && apt update && apt install -y wget iptables tar iproute2
+ENTRYPOINT ["/docker_entrypoint.sh"]
+#CMD ["/anylink/anylink","-conf=/anylink/conf/server.toml"]

docker/docker_entrypoint.sh

@@ -0,0 +1,41 @@
+#!/bin/sh
+USER="admin"
+MM=$(pwgen -1s)
+CREATE_USER=1
+CONFIG_FILE='/app/conf/server.toml'
+
+if [ $CREATE_USER -eq 1 ]; then
+  if [ ! -e $CREATE_USER ]; then
+	    MM=$(pwgen -1s)
+            touch $CREATE_USER
+	    bash /app/generate-certs.sh
+            cd /app/conf/ && cp *.crt  /usr/local/share/ca-certificates/
+	    update-ca-certificates --fresh
+            userpass=$(/app/anylink -passwd "${MM}"| cut -d : -f2)
+	    echo "${userpass}"
+            jwttoken=$(/app/anylink -secret | cut -d : -f2)
+            echo "-- First container startup --user:${USER} pwd:${MM}"
+            sed -i "s/admin/${USER}/g" /app/server-example.toml
+            sed -i "s/123456/${MM}/g" /app/server-example.toml
+            sed -i "s#usertoken#${userpass}#g" /app/server-example.toml
+            sed -i "s/jwttoken/${jwttoken}/g" /app/server-example.toml
+            else
+                        echo "-- Not first container startup --"
+  fi
+
+else
+                echo "user switch not create"
+
+fi
+
+if [ ! -f $CONFIG_FILE ]; then
+echo "#####Generating configuration file#####"
+cp /app/server-example.toml /app/conf/server.toml
+else
+        echo "#####Configuration file already exists#####"
+fi
+
+rtaddr=$(grep "cidr" /app/conf/server.toml |awk -F \" '{print $2}')
+sysctl -w net.ipv4.ip_forward=1
+iptables -t nat -A POSTROUTING -s "${rtaddr}" -o eth0+ -j MASQUERADE
+/app/anylink -conf="/app/conf/server.toml"

docker/docker_entrypoint_fix.sh

@@ -0,0 +1,37 @@
+#! /bin/bash
+version=(`wget -qO- -t1 -T2 "https://api.github.com/repos/bjdgyc/anylink/releases/latest" | grep "tag_name" | head -n 1 | awk -F ":" '{print $2}' | sed 's/\"//g;s/,//g;s/ //g'`)
+count=(`ls anylink | wc -w `)
+wget https://github.com/bjdgyc/anylink/releases/download/${version}/anylink-deploy.tar.gz
+tar xf anylink-deploy.tar.gz
+rm -rf anylink-deploy.tar.gz
+if [ ${count} -eq 0 ]; then
+	echo "init anylink"
+	mv anylink-deploy/* anylink/
+else
+	if [ ! -d "/anylink/log" ]; then
+		mv anylink-deploy/log anylink/
+	fi
+	if [ ! -d "/anylink/conf" ]; then
+                mv anylink-deploy/conf anylink/
+        fi
+	echo "update anylink"
+	rm -rf anylink/ui anylink/anylink anylink/files
+	mv anylink-deploy/ui anylink/
+	mv anylink-deploy/anylink anylink/
+	mv anylink-deploy/files anylink/
+fi
+rm -rf anylink-deploy
+sysctl -w net.ipv4.ip_forward=1
+if [[ ${mode} == pro ]];then
+	iptables -t nat -A POSTROUTING -s ${iproute} -o eth0 -j MASQUERADE
+	iptables -L -n -t nat
+	/anylink/anylink -conf=/anylink/conf/server.toml
+elif [[ ${mode} == password ]];then
+	if [ -z ${password} ];then
+		echo "invalid password"
+	else
+		/anylink/anylink -passwd ${password}
+	fi
+elif [[ ${mode} -eq jwt ]];then
+	/anylink/anylink -secret
+fi