From fef7402b510fe1ee5e9eb2445f01d4fc1c34bdf4 Mon Sep 17 00:00:00 2001 From: xzx3344521 Date: Fri, 31 Oct 2025 21:40:52 +0800 Subject: [PATCH] Update Docker 24.0.5 --- Docker 24.0.5 | 590 +++++++++++++++++++++++++------------------------- 1 file changed, 293 insertions(+), 297 deletions(-) diff --git a/Docker 24.0.5 b/Docker 24.0.5 index 10bbb22..721dbc5 100644 --- a/Docker 24.0.5 +++ b/Docker 24.0.5 @@ -1,334 +1,330 @@ #!/bin/bash -set -e -echo "==========================================" -echo " 修复Docker服务未找到问题" -echo "==========================================" +set -e # 颜色定义 RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' +BLUE='\033[0;34m' NC='\033[0m' -log_info() { echo -e "${GREEN}[INFO]${NC} $1"; } -log_warn() { echo -e "${YELLOW}[WARN]${NC} $1"; } -log_error() { echo -e "${RED}[ERROR]${NC} $1"; } +# 输出颜色信息 +log() { + echo -e "${GREEN}[INFO]${NC} $1" +} -# 检查Docker安装状态 -check_docker_installation() { - log_info "检查Docker安装状态..." +warn() { + echo -e "${YELLOW}[WARN]${NC} $1" +} + +error() { + echo -e "${RED}[ERROR]${NC} $1" +} + +info() { + echo -e "${BLUE}[INFO]${NC} $1" +} + +# 检测系统IP +detect_ip() { + log "正在检测服务器IP地址..." - if command -v docker &> /dev/null; then - docker --version - log_info "✅ Docker CLI 已安装" - return 0 + # 尝试多种方法获取公网IP + PUBLIC_IP=$(curl -s --connect-timeout 5 http://ipinfo.io/ip || \ + curl -s --connect-timeout 5 http://ifconfig.me || \ + curl -s --connect-timeout 5 http://api.ipify.org || \ + echo "unknown") + + # 获取内网IP + LOCAL_IP=$(ip route get 1 | awk '{print $7; exit}' 2>/dev/null || \ + hostname -I | awk '{print $1}' 2>/dev/null || \ + echo "unknown") + + # 显示检测结果 + if [ "$PUBLIC_IP" != "unknown" ]; then + info "检测到公网IP: $PUBLIC_IP" + SERVER_IP="$PUBLIC_IP" else - log_error "❌ Docker CLI 未安装" - return 1 + warn "无法获取公网IP,使用内网IP: $LOCAL_IP" + SERVER_IP="$LOCAL_IP" fi } -# 检查服务文件 -check_service_files() { - log_info "检查Docker服务文件..." +# 生成密钥 +generate_keys() { + log "正在生成RustDesk密钥对..." - local services=( - "/lib/systemd/system/docker.service" - "/usr/lib/systemd/system/docker.service" - "/etc/systemd/system/docker.service" - ) + # 创建目录 + mkdir -p {hbbs,hbbr,data} - for service in "${services[@]}"; do - if [ -f "$service" ]; then - log_info "找到服务文件: $service" - return 0 + # 检查是否已有密钥 + if [ -f "data/key_pair" ]; then + warn "检测到已存在的密钥对,使用现有密钥" + # 从保存的密钥对中恢复 + cat data/key_pair | grep "私钥" | cut -d' ' -f2 | base64 -d > data/id_ed25519 + cat data/key_pair | grep "公钥" | cut -d' ' -f2 | base64 -d > data/id_ed25519.pub + else + # 生成新密钥 + openssl genrsa -out data/id_ed25519 2048 2>/dev/null + openssl rsa -in data/id_ed25519 -pubout -out data/id_ed25519.pub 2>/dev/null + + # 保存密钥对信息 + echo "私钥: $(cat data/id_ed25519 | base64 -w 0)" > data/key_pair + echo "公钥: $(cat data/id_ed25519.pub | base64 -w 0)" >> data/key_pair + log "新的密钥对生成完成" + fi + + # 复制密钥到服务目录 + cp data/id_ed25519* hbbs/ + cp data/id_ed25519* hbbr/ + + # 获取公钥用于显示 + PUBLIC_KEY=$(cat data/id_ed25519.pub | base64 -w 0) +} + +# 生成Docker Compose配置 +generate_docker_compose() { + log "生成Docker Compose配置文件..." + + cat > docker-compose.yml << EOF +version: '3.8' + +services: + hbbs: + image: lejianwen/rustdesk-server-s6 + container_name: rustdesk-hbbs + restart: unless-stopped + ports: + - "21115:21115" + - "21116:21116" + - "21116:21116/udp" + - "21117:21117" + - "21118:21118" + - "21119:21119" + volumes: + - ./hbbs:/root + - ./data:/data + command: hbbs -r ${SERVER_IP}:21117 + networks: + - rustdesk-net + + hbbr: + image: lejianwen/rustdesk-server-s6 + container_name: rustdesk-hbbr + restart: unless-stopped + ports: + - "21117:21117" + - "21118:21118" + - "21119:21119" + volumes: + - ./hbbr:/root + - ./data:/data + command: hbbr + networks: + - rustdesk-net + +networks: + rustdesk-net: + driver: bridge +EOF +} + +# 生成管理脚本 +generate_management_script() { + log "生成管理脚本..." + + cat > manage.sh << 'EOF' +#!/bin/bash + +# 颜色定义 +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +NC='\033[0m' + +# 管理功能 +case "$1" in + "start") + docker-compose up -d + echo -e "${GREEN}服务已启动${NC}" + ;; + "stop") + docker-compose down + echo -e "${YELLOW}服务已停止${NC}" + ;; + "restart") + docker-compose restart + echo -e "${GREEN}服务已重启${NC}" + ;; + "status") + docker-compose ps + ;; + "logs") + docker-compose logs -f + ;; + "update") + docker-compose pull + docker-compose down + docker-compose up -d + echo -e "${GREEN}服务已更新${NC}" + ;; + "backup") + BACKUP_DIR="backup/$(date +%Y%m%d_%H%M%S)" + mkdir -p $BACKUP_DIR + cp -r data $BACKUP_DIR/ + echo -e "${GREEN}密钥已备份到: $BACKUP_DIR${NC}" + ;; + "key-info") + if [ -f "data/key_pair" ]; then + echo -e "${BLUE}=== 密钥信息 ===${NC}" + echo "公钥 (Base64): $(cat data/key_pair | grep '公钥' | cut -d' ' -f2)" + echo -e "${BLUE}===============${NC}" + else + echo -e "${RED}没有找到密钥对${NC}" fi - done - - log_warn "未找到Docker服务文件" - return 1 -} - -# 重新安装Docker服务 -reinstall_docker_service() { - log_info "重新安装Docker服务..." - - # 彻底清理 - log_info "彻底清理Docker..." - systemctl stop docker 2>/dev/null || true - systemctl stop containerd 2>/dev/null || true - - # 卸载现有docker - apt-get remove -y --purge docker docker-engine docker.io containerd runc docker-ce docker-ce-cli 2>/dev/null || true - - # 清理文件和目录 - rm -rf /var/lib/docker - rm -rf /var/lib/containerd - rm -rf /etc/docker - rm -f /etc/apt/sources.list.d/docker* - - # 重新安装Docker(使用更稳定的方法) - log_info "重新安装Docker..." - - # 方法1:使用官方脚本但跳过服务设置 - curl -fsSL https://get.docker.com -o get-docker.sh - chmod +x get-docker.sh - - # 修改脚本以跳过systemd检查 - sed -i 's/systemctl is-active docker/#systemctl is-active docker/g' get-docker.sh - sed -i 's/systemctl start docker/#systemctl start docker/g' get-docker.sh - sed -i 's/systemctl enable docker/#systemctl enable docker/g' get-docker.sh - - # 运行修改后的脚本 - ./get-docker.sh --version 24.0.5 - - if [ $? -eq 0 ]; then - log_info "✅ Docker组件安装成功" - else - log_warn "官方脚本安装有问题,尝试手动安装..." - manual_install_docker - fi -} - -# 手动安装Docker -manual_install_docker() { - log_info "手动安装Docker..." - - # 安装依赖 - apt-get update - apt-get install -y \ - apt-transport-https \ - ca-certificates \ - curl \ - gnupg2 \ - software-properties-common - - # 添加Docker官方GPG密钥 - curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg - - # 添加Docker仓库 - echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null - - # 安装Docker - apt-get update - apt-get install -y \ - docker-ce=5:24.0.5-1~debian.12~bookworm \ - docker-ce-cli=5:24.0.5-1~debian.12~bookworm \ - containerd.io \ - docker-buildx-plugin \ - docker-compose-plugin -} - -# 创建Docker服务文件 -create_docker_service() { - log_info "创建Docker服务文件..." - - # 创建服务目录 - mkdir -p /etc/systemd/system - - # 创建docker.service文件 - cat > /etc/systemd/system/docker.service << 'EOF' -[Unit] -Description=Docker Application Container Engine -Documentation=https://docs.docker.com -After=network-online.target firewalld.service containerd.service -Wants=network-online.target -Requires=containerd.service - -[Service] -Type=notify -ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -ExecReload=/bin/kill -s HUP $MAINPID -TimeoutSec=0 -RestartSec=2 -Restart=always -StartLimitBurst=3 -StartLimitInterval=60s -LimitNOFILE=infinity -LimitNPROC=infinity -LimitCORE=infinity -TasksMax=infinity -Delegate=yes -KillMode=process - -[Install] -WantedBy=multi-user.target + ;; + "export-key") + if [ -f "data/key_pair" ]; then + echo -e "${YELLOW}=== 导出密钥 ===${NC}" + cat data/key_pair + echo -e "${YELLOW}===============${NC}" + else + echo -e "${RED}没有找到密钥对${NC}" + fi + ;; + "import-key") + if [ -z "$2" ]; then + echo -e "${RED}用法: ./manage.sh import-key ${NC}" + exit 1 + fi + + echo "$2" | base64 -d > data/id_ed25519 + openssl rsa -in data/id_ed25519 -pubout -out data/id_ed25519.pub 2>/dev/null + + echo "私钥: $(cat data/id_ed25519 | base64 -w 0)" > data/key_pair + echo "公钥: $(cat data/id_ed25519.pub | base64 -w 0)" >> data/key_pair + + cp data/id_ed25519* hbbs/ + cp data/id_ed25519* hbbr/ + + docker-compose restart + echo -e "${GREEN}密钥已导入并应用${NC}" + ;; + *) + echo -e "${BLUE}RustDesk 服务管理脚本${NC}" + echo "用法: $0 [命令]" + echo "" + echo "命令:" + echo " start 启动服务" + echo " stop 停止服务" + echo " restart 重启服务" + echo " status 查看状态" + echo " logs 查看日志" + echo " update 更新服务" + echo " backup 备份密钥" + echo " key-info 查看密钥信息" + echo " export-key 导出密钥" + echo " import-key 导入密钥 (需要Base64格式私钥)" + ;; +esac EOF - # 创建containerd服务文件 - cat > /etc/systemd/system/containerd.service << 'EOF' -[Unit] -Description=containerd container runtime -Documentation=https://containerd.io -After=network.target local-fs.target - -[Service] -ExecStartPre=-/sbin/modprobe overlay -ExecStart=/usr/bin/containerd -Restart=always -RestartSec=5 -Delegate=yes -KillMode=process -OOMScoreAdjust=-999 -LimitNOFILE=infinity -LimitNPROC=infinity -LimitCORE=infinity -TasksMax=infinity - -[Install] -WantedBy=multi-user.target -EOF - - log_info "服务文件创建完成" + chmod +x manage.sh } -# 配置和启动服务 -setup_and_start_services() { - log_info "配置和启动Docker服务..." +# 显示部署信息 +show_deployment_info() { + echo "" + echo -e "${GREEN}===============================================${NC}" + echo -e "${GREEN} RustDesk Server 部署完成! ${NC}" + echo -e "${GREEN}===============================================${NC}" + echo "" + echo -e "${BLUE}服务器信息:${NC}" + echo " ID 服务器: $SERVER_IP" + echo " 中继服务器: $SERVER_IP:21117" + echo "" + echo -e "${BLUE}密钥信息:${NC}" + echo " 公钥 (Base64): $(cat data/key_pair | grep '公钥' | cut -d' ' -f2)" + echo "" + echo -e "${BLUE}端口信息:${NC}" + echo " HBBS 端口: 21115-21119" + echo " HBBR 端口: 21117-21119" + echo "" + echo -e "${BLUE}管理命令:${NC}" + echo " 启动服务: ./manage.sh start" + echo " 停止服务: ./manage.sh stop" + echo " 查看状态: ./manage.sh status" + echo " 查看日志: ./manage.sh logs" + echo " 备份密钥: ./manage.sh backup" + echo " 导出密钥: ./manage.sh export-key" + echo "" + echo -e "${YELLOW}重要提示:${NC}" + echo " 1. 请确保防火墙开放端口 21115-21119" + echo " 2. 备份 data/ 目录下的密钥文件" + echo " 3. 在其他服务器部署时使用相同密钥保证客户端兼容" + echo -e "${GREEN}===============================================${NC}" +} + +# 检查防火墙 +check_firewall() { + log "检查防火墙状态..." - # 重新加载systemd - systemctl daemon-reload + # 检查 ufw + if command -v ufw >/dev/null 2>&1 && ufw status | grep -q "active"; then + warn "检测到 ufw 防火墙,请确保已开放端口 21115-21119" + echo "运行以下命令开放端口:" + echo " sudo ufw allow 21115:21119/tcp" + echo " sudo ufw allow 21116/udp" + fi - # 启用并启动containerd - systemctl enable containerd - systemctl start containerd + # 检查 firewalld + if command -v firewall-cmd >/dev/null 2>&1 && firewall-cmd --state >/dev/null 2>&1; then + warn "检测到 firewalld 防火墙,请确保已开放端口 21115-21119" + echo "运行以下命令开放端口:" + echo " sudo firewall-cmd --permanent --add-port=21115-21119/tcp" + echo " sudo firewall-cmd --permanent --add-port=21116/udp" + echo " sudo firewall-cmd --reload" + fi - # 启用并启动docker - systemctl enable docker - systemctl start docker - - # 等待服务启动 - sleep 5 - - # 检查服务状态 - if systemctl is-active docker &> /dev/null; then - log_info "✅ Docker服务启动成功!" - else - log_error "❌ Docker服务启动失败" - journalctl -u docker --no-pager -n 20 - return 1 + # 检查 iptables + if command -v iptables >/dev/null 2>&1; then + warn "请检查 iptables 规则,确保端口 21115-21119 已开放" fi } -# 验证安装 -verify_installation() { - log_info "验证Docker安装..." +# 主部署流程 +main() { + echo -e "${BLUE}===============================================${NC}" + echo -e "${BLUE} RustDesk Server 一键部署脚本 ${NC}" + echo -e "${BLUE}===============================================${NC}" - # 检查docker命令 - if command -v docker &> /dev/null; then - log_info "✅ Docker CLI: $(docker --version)" - else - log_error "❌ Docker CLI 不可用" - return 1 - fi + # 检测IP + detect_ip - # 检查服务状态 - if systemctl is-active docker &> /dev/null; then - log_info "✅ Docker服务运行正常" - else - log_error "❌ Docker服务未运行" - return 1 - fi + # 生成密钥 + generate_keys - # 测试docker info - if docker info &> /dev/null; then - log_info "✅ Docker守护进程响应正常" - else - log_warn "⚠️ Docker守护进程无响应" - return 1 - fi + # 生成Docker配置 + generate_docker_compose - log_info "🎉 Docker安装验证完成!" -} - -# 安装RustDesk服务器 -install_rustdesk() { - log_info "开始安装RustDesk服务器..." + # 生成管理脚本 + generate_management_script - # 创建数据目录 - mkdir -p /var/lib/rustdesk-server/{hbbs,hbbr} - - # 拉取镜像 - log_info "拉取RustDesk服务器镜像..." - docker pull rustdesk/rustdesk-server:latest - - # 启动hbbs - log_info "启动RustDesk hbbs服务..." - docker run -d \ - --name hbbs \ - --restart unless-stopped \ - --network host \ - -v /var/lib/rustdesk-server/hbbs:/root \ - rustdesk/rustdesk-server:latest hbbs - - # 启动hbbr - log_info "启动RustDesk hbbr服务..." - docker run -d \ - --name hbbr \ - --restart unless-stopped \ - --network host \ - -v /var/lib/rustdesk-server/hbbr:/root \ - rustdesk/rustdesk-server:latest hbbr - - log_info "✅ RustDesk服务器部署完成!" + # 启动服务 + log "启动RustDesk服务..." + docker-compose up -d # 显示部署信息 - show_rustdesk_info + show_deployment_info + + # 检查防火墙 + check_firewall + + echo "" + log "部署完成!可以使用 ./manage.sh 管理服务" } -# 显示RustDesk信息 -show_rustdesk_info() { - echo "" - log_info "🎉 RustDesk服务器部署完成!" - echo "==========================================" - echo "服务状态:" - echo " docker ps -a # 查看容器状态" - echo " systemctl status docker # 查看Docker服务" - echo "" - echo "重要信息:" - echo " 查看密钥: cat /var/lib/rustdesk-server/hbbs/id_ed25519.pub" - echo " 服务器IP: $(curl -s ifconfig.me || hostname -I | awk '{print $1}')" - echo "" - echo "客户端连接时需要:" - echo " 1. 上面显示的IP地址" - echo " 2. 上面显示的密钥" - echo "==========================================" -} - -# 主函数 -main() { - log_info "开始修复Docker服务未找到问题..." - - check_docker_installation || { - log_error "Docker未正确安装,退出" - exit 1 - } - - if check_service_files; then - log_info "服务文件存在,尝试启动服务..." - setup_and_start_services - else - log_info "服务文件不存在,重新安装..." - reinstall_docker_service - create_docker_service - setup_and_start_services - fi - - verify_installation && { - log_info "✅ Docker修复成功!" - echo "" - read -p "是否现在安装RustDesk服务器?(y/n): " -n 1 -r - echo - if [[ $REPLY =~ ^[Yy]$ ]]; then - install_rustdesk - else - log_info "您可以稍后运行此脚本安装RustDesk" - fi - } || { - log_error "❌ Docker修复失败" - } -} - -# 执行主函数 -main "$@" +# 运行主函数 +main