diff --git a/USAGE-ZH.md b/USAGE-ZH.md index 6bc54a0..a307e4f 100644 --- a/USAGE-ZH.md +++ b/USAGE-ZH.md @@ -100,5 +100,8 @@ sudo /usr/local/openp2p/openp2p uninstall ## Docker运行 ``` +# 把YOUR-TOKEN和YOUR-NODE-NAME替换成自己的 +docker run -d --net host --name openp2p-client -e OPENP2P_TOKEN=YOUR-TOKEN -e OPENP2P_NODE=YOUR-NODE-NAME openp2pcn/openp2p-client:latest +OR docker run -d --net host --name openp2p-client openp2pcn/openp2p-client:latest -token YOUR-TOKEN -node YOUR-NODE-NAME ``` diff --git a/USAGE.md b/USAGE.md index f3190e2..37da7e6 100644 --- a/USAGE.md +++ b/USAGE.md @@ -102,5 +102,8 @@ sudo /usr/local/openp2p/openp2p uninstall ## Run with Docker ``` +# Replace YOUR-TOKEN and YOUR-NODE-NAME with yours +docker run -d --net host --name openp2p-client -e OPENP2P_TOKEN=YOUR-TOKEN -e OPENP2P_NODE=YOUR-NODE-NAME openp2pcn/openp2p-client:latest +OR docker run -d --net host --name openp2p-client openp2pcn/openp2p-client:latest -token YOUR-TOKEN -node YOUR-NODE-NAME ``` \ No newline at end of file diff --git a/core/config.go b/core/config.go index 0ade7ea..a40b9f2 100644 --- a/core/config.go +++ b/core/config.go @@ -6,6 +6,7 @@ import ( "fmt" "io/ioutil" "os" + "strconv" "sync" "time" ) @@ -258,7 +259,7 @@ func parseParams(subCommand string) { gConf.setToken(*token) } }) - + // set default value if gConf.Network.ServerHost == "" { gConf.Network.ServerHost = *serverHost } @@ -269,6 +270,10 @@ func parseParams(subCommand string) { } gConf.Network.Node = *node } else { + envNode := os.Getenv("OPENP2P_NODE") + if envNode != "" { + gConf.setNode(envNode) + } if gConf.Network.Node == "" { // if node name not set. use os.Hostname gConf.Network.Node = defaultNodeName() } @@ -280,7 +285,14 @@ func parseParams(subCommand string) { } gConf.Network.TCPPort = *tcpPort } - + if *token == 0 { + envToken := os.Getenv("OPENP2P_TOKEN") + if envToken != "" { + if n, err := strconv.ParseUint(envToken, 10, 64); n != 0 && err == nil { + gConf.setToken(n) + } + } + } gConf.Network.ServerPort = *serverPort gConf.Network.UDPPort1 = UDPPort1 gConf.Network.UDPPort2 = UDPPort2 diff --git a/core/p2pnetwork.go b/core/p2pnetwork.go index 67b5210..6342171 100644 --- a/core/p2pnetwork.go +++ b/core/p2pnetwork.go @@ -3,6 +3,7 @@ package openp2p import ( "bytes" "crypto/tls" + "crypto/x509" "encoding/binary" "encoding/json" "errors" @@ -473,7 +474,12 @@ func (pn *P2PNetwork) init() error { gLog.Println(LvDEBUG, "detect NAT type:", pn.config.natType, " publicIP:", pn.config.publicIP) gatewayURL := fmt.Sprintf("%s:%d", pn.config.ServerHost, pn.config.ServerPort) uri := "/api/v1/login" - config := tls.Config{InsecureSkipVerify: true} // let's encrypt root cert "DST Root CA X3" expired at 2021/09/29. many old system(windows server 2008 etc) will not trust our cert + caCertPool := x509.NewCertPool() + caCertPool.AppendCertsFromPEM([]byte(rootCA)) + + config := tls.Config{ + RootCAs: caCertPool, + InsecureSkipVerify: false} // let's encrypt root cert "DST Root CA X3" expired at 2021/09/29. many old system(windows server 2008 etc) will not trust our cert websocket.DefaultDialer.TLSClientConfig = &config u := url.URL{Scheme: "wss", Host: gatewayURL, Path: uri} q := u.Query() diff --git a/core/protocol.go b/core/protocol.go index f78baca..a5b72d2 100644 --- a/core/protocol.go +++ b/core/protocol.go @@ -10,7 +10,7 @@ import ( "time" ) -const OpenP2PVersion = "3.9.11" +const OpenP2PVersion = "3.10.2" const ProductName string = "openp2p" const LeastSupportVersion = "3.0.0" const SyncServerTimeVersion = "3.9.0" @@ -146,7 +146,7 @@ const ( PaddingSize = 16 AESKeySize = 16 MaxRetry = 10 - Cone2ConePunchMaxRetry = 3 + Cone2ConePunchMaxRetry = 1 RetryInterval = time.Second * 30 PublicIPEchoTimeout = time.Second * 1 NatTestTimeout = time.Second * 5 @@ -440,3 +440,25 @@ type QueryPeerInfoRsp struct { IPv6 string `json:"IPv6,omitempty"` // if public relay node, ipv6 not set HasUPNPorNATPMP int `json:"hasUPNPorNATPMP,omitempty"` } + +const rootCA = `-----BEGIN CERTIFICATE----- +MIIDhTCCAm0CFHm0cd8dnGCbUW/OcS56jf0gvRk7MA0GCSqGSIb3DQEBCwUAMH4x +CzAJBgNVBAYTAkNOMQswCQYDVQQIDAJHRDETMBEGA1UECgwKb3BlbnAycC5jbjET +MBEGA1UECwwKb3BlbnAycC5jbjETMBEGA1UEAwwKb3BlbnAycC5jbjEjMCEGCSqG +SIb3DQEJARYUb3BlbnAycC5jbkBnbWFpbC5jb20wIBcNMjMwODAxMDkwMjMwWhgP +MjEyMzA3MDgwOTAyMzBaMH4xCzAJBgNVBAYTAkNOMQswCQYDVQQIDAJHRDETMBEG +A1UECgwKb3BlbnAycC5jbjETMBEGA1UECwwKb3BlbnAycC5jbjETMBEGA1UEAwwK +b3BlbnAycC5jbjEjMCEGCSqGSIb3DQEJARYUb3BlbnAycC5jbkBnbWFpbC5jb20w +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWg8wPy5hBLUaY4WOXayKu ++magEz1LAY0krzXYSZaSCvGMwA0cervwAqgKfiiZEhho5UNA5iVOJ6bO1RL9H7Vp +4HuW9BttDU/NQHguD8pyqx06Kaosz5LRw8USz1BCWWFdmi8Mv4I0omtd7m6lbWnY +nrjQKLYPahPW481jUfJPqR6wUTnBuBMr2ZAGqmFR4Lhqs9B1P9GeBfDWNwVApJUC +VEhbElukRJxdUvWeJ5+HMENKQcHCTTgmQbmDLMobHXs3Xf7fT9qC76wOe9LFHI6L +dAww9gryQhxWauQl1NO8aGJTFu+3wgnKBdTMJmF/1iuZYXJOCR1solwqU1hCgBsj +AgMBAAEwDQYJKoZIhvcNAQELBQADggEBADp153YNVN8p6/3PLnXxHBDeDViAfeQd +VJmy8eH1LTq/xtUY71HGSpL7iIBNoQdDTHfsg3c6ZANBCxbO/7AhFAzPt1aK8eHy +XuEiW0Z6R8np1Khh3alCOfD15tKcjok//Wxisbz+YItlbDus/eWRbLGB3HGrzn4l +GB18jw+G7o4U3rGX8agHqVGQEd06gk1ZaprASpTGwSsv4A5ehosjT1d7re8Z5eD4 +RVtXS+DplMClQ5QSlv3StwcWOsjyiAimNfLEU5xoEfq17yOJUTU1OTL4YOt16QUc +C1tnzFr3k/ioqFR7cnyzNrbjlfPOmO9l2WReEbMP3bvaSHm6EcpJKS8= +-----END CERTIFICATE-----` diff --git a/core/update.go b/core/update.go index bb64b17..54982b4 100644 --- a/core/update.go +++ b/core/update.go @@ -5,6 +5,7 @@ import ( "archive/zip" "compress/gzip" "crypto/tls" + "crypto/x509" "encoding/json" "fmt" "io" @@ -19,9 +20,13 @@ import ( func update(host string, port int) { gLog.Println(LvINFO, "update start") defer gLog.Println(LvINFO, "update end") + caCertPool := x509.NewCertPool() + caCertPool.AppendCertsFromPEM([]byte(rootCA)) + c := http.Client{ Transport: &http.Transport{ - TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, + TLSClientConfig: &tls.Config{RootCAs: caCertPool, + InsecureSkipVerify: false}, }, Timeout: time.Second * 30, } @@ -68,7 +73,7 @@ func updateFile(url string, checksum string, dst string) error { return err } tr := &http.Transport{ - TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, + TLSClientConfig: &tls.Config{InsecureSkipVerify: false}, } client := &http.Client{Transport: tr} response, err := client.Get(url)