Skip to content

Commit

Permalink
Merge pull request #1390 from v-kamerdinerov/small-image-less-cve
Browse files Browse the repository at this point in the history 
Bump python, small image size, close python CVE, add new flag UVICORN_SSL_CA_TYPE
  • Loading branch information
@ImMohammad20000
ImMohammad20000 authored Nov 23, 2024
2 parents f5a0c25 + 8050618 commit 633682b
Show file tree
Hide file tree
Showing 10 changed files with 148 additions and 119 deletions.
7 changes: 4 additions & 3 deletions .dockerignore
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,12 @@
**/node_modules
__pycache__
*.log
*.pyc
*.pyo
*.pyd
*.pyo
.env*
__pycache__
db.sqlite3
db.sqlite3-journal
*.log
v2ray-core
venv
xray-core
1 change: 1 addition & 0 deletions .env.example
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ UVICORN_PORT = 8000
# UVICORN_UDS: "/run/marzban.socket"
# UVICORN_SSL_CERTFILE = "/var/lib/marzban/certs/example.com/fullchain.pem"
# UVICORN_SSL_KEYFILE = "/var/lib/marzban/certs/example.com/key.pem"
# UVICORN_SSL_CA_TYPE = "public"

# DASHBOARD_PATH = "/dashboard/"

Expand Down
29 changes: 20 additions & 9 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,24 +1,35 @@
FROM python:3.10-slim
ARG PYTHON_VERSION=3.12

ENV PYTHONUNBUFFERED 1
FROM python:$PYTHON_VERSION-slim AS build

ENV PYTHONUNBUFFERED=1

WORKDIR /code

RUN apt-get update \
&& apt-get install -y curl unzip gcc python3-dev \
&& apt-get install -y --no-install-recommends build-essential curl unzip gcc python3-dev libpq-dev \
&& curl -L https://github.com/Gozargah/Marzban-scripts/raw/master/install_latest_xray.sh | bash \
&& rm -rf /var/lib/apt/lists/*

RUN bash -c "$(curl -L https://github.com/Gozargah/Marzban-scripts/raw/master/install_latest_xray.sh)"

COPY ./requirements.txt /code/
RUN pip install --no-cache-dir --upgrade -r /code/requirements.txt
RUN python3 -m pip install --upgrade pip setuptools \
&& pip install --no-cache-dir --upgrade -r /code/requirements.txt

COPY . /code
FROM python:$PYTHON_VERSION-slim

ENV PYTHON_LIB_PATH=/usr/local/lib/python${PYTHON_VERSION%.*}/site-packages
WORKDIR /code

RUN rm -rf $PYTHON_LIB_PATH/*

RUN apt-get remove -y curl unzip gcc python3-dev
COPY --from=build $PYTHON_LIB_PATH $PYTHON_LIB_PATH
COPY --from=build /usr/local/bin /usr/local/bin
COPY --from=build /usr/local/share/xray /usr/local/share/xray

COPY . /code

RUN ln -s /code/marzban-cli.py /usr/bin/marzban-cli \
&& chmod +x /usr/bin/marzban-cli \
&& marzban-cli completion install --shell bash

CMD ["bash", "-c", "alembic upgrade head; python main.py"]
CMD ["bash", "-c", "alembic upgrade head; python main.py"]
77 changes: 39 additions & 38 deletions README-fa.md
View file

Large diffs are not rendered by default.

3 changes: 2 additions & 1 deletion README-ru.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -263,7 +263,7 @@ server {
> Ниже приведены настройки, которые можно задать с помощью переменных окружения поместив их в файл `.env`.
| Перменная | Описание |
| ---------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------ |
| ---------------------------------------- |--------------------------------------------------------------------------------------------------------------------------------|
| SUDO_USERNAME | Имя пользователя главного администратора |
| SUDO_PASSWORD | Пароль главного администратора |
| SQLALCHEMY_DATABASE_URL | Путь к файлу БД ([SQLAlchemy's docs](https://docs.sqlalchemy.org/en/20/core/engines.html#database-urls)) |
Expand All @@ -272,6 +272,7 @@ server {
| UVICORN_UDS | Привязка приложения к UNIX domain socket |
| UVICORN_SSL_CERTFILE | Адрес файла сертификата SSL |
| UVICORN_SSL_KEYFILE | Адрес файла ключа SSL |
| UVICORN_SSL_CA_TYPE | Тип центра сертификации ключа SSL. Используйте `private` для тестирования самоподписанных CA (по умолчанию: `public`) |
| XRAY_JSON | Адрес файла JSON конфигурации Xray. (по умолчанию: `xray_config.json`) |
| XRAY_EXECUTABLE_PATH | Путь к бинарникам Xray (по умолчанию: `/usr/local/bin/xray`) |
| XRAY_ASSETS_PATH | Путь к папке с рессурсными файлами для Xray (файлы geoip.dat и geosite.dat) (по умолчанию: `/usr/local/share/xray`) |
Expand Down
73 changes: 37 additions & 36 deletions README-zh-cn.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -250,43 +250,44 @@ server {

> 您可以使用环境变量或将其放置在 `env``.env` 文件中来设置以下设置。
| 变量 | 描述 |
| ---------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ |
| SUDO_USERNAME | 管理员用户名(默认: admin) |
| SUDO_PASSWORD | 管理员密码(默认: admin) |
| SQLALCHEMY_DATABASE_URL | 数据库文档([SQLAlchemy's docs](https://docs.sqlalchemy.org/en/20/core/engines.html#database-urls)|
| UVICORN_HOST | 绑定应用程序到此主机(默认为 `0.0.0.0`|
| UVICORN_PORT | 绑定应用程序到此端口(默认为 `8000`|
| UVICORN_UDS | 将应用程序绑定到一个 UNIX 域套接字 |
| UVICORN_SSL_CERTFILE | SSL 证书文件路径 |
| UVICORN_SSL_KEYFILE | SSL 密钥文件路径 |
| XRAY_JSON | Xray 的 json 配置文件路径(默认: `xray_config.json`|
| XRAY_EXECUTABLE_PATH | Xray 的执行程序路径: `/usr/local/bin/xray`|
| XRAY_ASSETS_PATH | Xray 的资源目录: `/usr/local/share/xray`|
| XRAY_SUBSCRIPTION_URL_PREFIX | 订阅URL的前缀 |
| XRAY_FALLBACKS_INBOUND_TAG | 包含 fallbacks 的入站标记, 在您需要使用 fallbacks 配置此项 |
| XRAY_EXCLUDE_INBOUND_TAGS | 不需要此应用程序管理或在链接中包含的入站标记 |
| CLASH_SUBSCRIPTION_TEMPLATE | 将用于生成冲突配置的模板(默认值:`clash/default.yml`|
| SUBSCRIPTION_PAGE_TEMPLATE | 用于生成订阅信息页面的模板(默认:`subscription/index.html`|
| HOME_PAGE_TEMPLATE | 诱饵页面模板(默认:`home/index.html`|
| TELEGRAM_API_TOKEN | Telegram bot API 令牌(可以从 [@botfather](https://t.me/botfather) 获取) |
| TELEGRAM_ADMIN_ID | 管理员的 Telegram ID(可以使用 [@userinfobot](https://t.me/userinfobot) 查找您的 ID) |
| TELEGRAM_PROXY_URL | 在代理下运行 Telegram bot。 |
| JWT_ACCESS_TOKEN_EXPIRE_MINUTES | Access Tokens 的过期时间,以分钟为单位,`0` 表示无限期(默认为 `1440` 分钟) |
| DOCS | API 文档是否应该在 `/docs``/redoc` 上提供(默认为 `False` |
| DEBUG | Debug mode for development (default: `False`) |
| WEBHOOK_ADDRESS | Webhook address to send notifications to. Webhook notifications will be sent if this value was set. |
| WEBHOOK_SECRET | Webhook secret will be sent with each request as `x-webhook-secret` in the header (default: `None`) |
| NUMBER_OF_RECURRENT_NOTIFICATIONS | How many times to retry if an error detected in sending a notification (default: `3`) |
| RECURRENT_NOTIFICATIONS_TIMEOUT | Timeout between each retry if an error detected in sending a notification in seconds (default: `180`) |
| NOTIFY_REACHED_USAGE_PERCENT | At which percentage of usage to send the warning notification (default: `80`) |
| NOTIFY_DAYS_LEFT | When to send warning notifaction about expiration (default: `3`) |
| 变量 | 描述 |
| ---------------------------------------- |-------------------------------------------------------------------------------------------------------------------------|
| SUDO_USERNAME | 管理员用户名(默认: admin) |
| SUDO_PASSWORD | 管理员密码(默认: admin) |
| SQLALCHEMY_DATABASE_URL | 数据库文档([SQLAlchemy's docs](https://docs.sqlalchemy.org/en/20/core/engines.html#database-urls)|
| UVICORN_HOST | 绑定应用程序到此主机(默认为 `0.0.0.0`|
| UVICORN_PORT | 绑定应用程序到此端口(默认为 `8000`|
| UVICORN_UDS | 将应用程序绑定到一个 UNIX 域套接字 |
| UVICORN_SSL_CERTFILE | SSL 证书文件路径 |
| UVICORN_SSL_KEYFILE | SSL 密钥文件路径 |
| UVICORN_SSL_CA_TYPE | 授权 SSL 证书的类型。使用“private”来测试自签名 CA(默认值:`public`|
| XRAY_JSON | Xray 的 json 配置文件路径(默认: `xray_config.json`|
| XRAY_EXECUTABLE_PATH | Xray 的执行程序路径: `/usr/local/bin/xray`|
| XRAY_ASSETS_PATH | Xray 的资源目录: `/usr/local/share/xray`|
| XRAY_SUBSCRIPTION_URL_PREFIX | 订阅URL的前缀 |
| XRAY_FALLBACKS_INBOUND_TAG | 包含 fallbacks 的入站标记, 在您需要使用 fallbacks 配置此项 |
| XRAY_EXCLUDE_INBOUND_TAGS | 不需要此应用程序管理或在链接中包含的入站标记 |
| CLASH_SUBSCRIPTION_TEMPLATE | 将用于生成冲突配置的模板(默认值:`clash/default.yml`|
| SUBSCRIPTION_PAGE_TEMPLATE | 用于生成订阅信息页面的模板(默认:`subscription/index.html`|
| HOME_PAGE_TEMPLATE | 诱饵页面模板(默认:`home/index.html`|
| TELEGRAM_API_TOKEN | Telegram bot API 令牌(可以从 [@botfather](https://t.me/botfather) 获取) |
| TELEGRAM_ADMIN_ID | 管理员的 Telegram ID(可以使用 [@userinfobot](https://t.me/userinfobot) 查找您的 ID) |
| TELEGRAM_PROXY_URL | 在代理下运行 Telegram bot。 |
| JWT_ACCESS_TOKEN_EXPIRE_MINUTES | Access Tokens 的过期时间,以分钟为单位,`0` 表示无限期(默认为 `1440` 分钟) |
| DOCS | API 文档是否应该在 `/docs``/redoc` 上提供(默认为 `False` |
| DEBUG | Debug mode for development (default: `False`) |
| WEBHOOK_ADDRESS | Webhook address to send notifications to. Webhook notifications will be sent if this value was set. |
| WEBHOOK_SECRET | Webhook secret will be sent with each request as `x-webhook-secret` in the header (default: `None`) |
| NUMBER_OF_RECURRENT_NOTIFICATIONS | How many times to retry if an error detected in sending a notification (default: `3`) |
| RECURRENT_NOTIFICATIONS_TIMEOUT | Timeout between each retry if an error detected in sending a notification in seconds (default: `180`) |
| NOTIFY_REACHED_USAGE_PERCENT | At which percentage of usage to send the warning notification (default: `80`) |
| NOTIFY_DAYS_LEFT | When to send warning notifaction about expiration (default: `3`) |
| USERS_AUTODELETE_DAYS | Delete expired (and optionally limited users) after this many days (Negative values disable this feature, default: `-1`) |
| USER_AUTODELETE_INCLUDE_LIMITED_ACCOUNTS | Weather to include limited accounts in the auto-delete feature (default: `False`) |
| USE_CUSTOM_JSON_DEFAULT | Enable custom JSON config for ALL supported clients (default: `False`) |
| USE_CUSTOM_JSON_FOR_V2RAYNG | Enable custom JSON config only for V2rayNG (default: `False`) |
| USE_CUSTOM_JSON_FOR_STREISAND | Enable custom JSON config only for Streisand (default: `False`) |
| USE_CUSTOM_JSON_FOR_V2RAYN | Enable custom JSON config only for V2rayN (default: `False`) |
| USER_AUTODELETE_INCLUDE_LIMITED_ACCOUNTS | Weather to include limited accounts in the auto-delete feature (default: `False`) |
| USE_CUSTOM_JSON_DEFAULT | Enable custom JSON config for ALL supported clients (default: `False`) |
| USE_CUSTOM_JSON_FOR_V2RAYNG | Enable custom JSON config only for V2rayNG (default: `False`) |
| USE_CUSTOM_JSON_FOR_STREISAND | Enable custom JSON config only for Streisand (default: `False`) |
| USE_CUSTOM_JSON_FOR_V2RAYN | Enable custom JSON config only for V2rayN (default: `False`) |


# 如何使用 API
Expand Down
Loading

0 comments on commit 633682b

Please sign in to comment.