Merge pull request #8 from aleskxyz/supervisord

Use supervisord for process management

.github/workflows/build.yml

@@ -3,9 +3,6 @@ name: Create and publish a Docker image
 # Configures this workflow to run every time a change is pushed to the branch called `release`.
 on:
   push:
-    branches:
-      - master
-      - ci**
     tags:
       - v*
 

Dockerfile

@@ -3,12 +3,14 @@ ENV WARP_LICENSE=
 ENV FAMILIES_MODE=off
 EXPOSE 1080/tcp
 RUN apt-get update && \
-  apt-get install curl gpg socat lsb-release -y && \
+  apt-get install curl gpg socat lsb-release supervisor logrotate -y && \
   curl -fsSL https://pkg.cloudflareclient.com/pubkey.gpg | gpg --yes --dearmor --output /usr/share/keyrings/cloudflare-warp-archive-keyring.gpg && \
   echo "deb [signed-by=/usr/share/keyrings/cloudflare-warp-archive-keyring.gpg] https://pkg.cloudflareclient.com/ $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/cloudflare-client.list && \
   apt-get update && \
   apt-get install cloudflare-warp -y && \
   rm -rf /var/lib/apt/lists/*
-COPY --chmod=755 entrypoint.sh entrypoint.sh
+COPY --chmod=755 scripts /scripts
+COPY --chmod=644 configs/logrotate.conf /etc/logrotate.conf
+COPY --chmod=644 configs/supervisord.conf /etc/supervisor/supervisord.conf
 VOLUME ["/var/lib/cloudflare-warp"]
-CMD ["./entrypoint.sh"]
+CMD ["/usr/bin/supervisord"]

configs/logrotate.conf

@@ -0,0 +1,8 @@
+/var/lib/cloudflare-warp/*.txt {
+  size 10M
+  rotate 5
+  compress
+  missingok
+  notifempty
+  copytruncate
+}

configs/supervisord.conf

@@ -0,0 +1,50 @@
+[supervisord]
+nodaemon=true
+logfile=/dev/null
+pidfile=/var/run/supervisord.pid
+logfile_maxbytes=0
+
+[unix_http_server]
+file=/var/run/supervisor.sock
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=unix:///var/run/supervisor.sock
+
+[program:socat]
+command=socat tcp-listen:1080,reuseaddr,fork tcp:localhost:40000
+autostart=true
+autorestart=true
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+
+[program:warp-svc]
+command=/scripts/warp.sh
+autostart=true
+autorestart=true
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+
+[program:healthcheck]
+command=/scripts/healthcheck.sh
+autostart=false
+autorestart=true
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+
+[program:logrotate]
+command=/scripts/logrotate.sh
+autostart=true
+autorestart=true
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0

docker-compose.yml

@@ -1,7 +1,7 @@
 version: "3"
 services:
   warp:
-    image: aleskxyz/warp-svc:latest
+    image: ghcr.io/aleskxyz/warp-svc:latest
     ports:
     - 1080:1080
     restart: always

scripts/healthcheck.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+# Trap SIGTERM and SIGINT to handle graceful shutdown
+trap 'kill ${sleep_pid}; exit 0' SIGTERM SIGINT
+
+# Main loop
+while true; do
+  # Check if the Cloudflare WARP service is working
+  if ! curl --retry 3 -m 3 -sSLx socks5h://127.0.0.1:40000 https://www.cloudflare.com/cdn-cgi/trace/ | grep -q "warp=on" &> /dev/null; then
+    # Restart the warp-svc service if WARP is not working
+    echo "WARP service is not working. Restarted warp-svc."
+    supervisorctl restart warp-svc
+  fi
+  # Sleep in a way that allows interruption
+  sleep 60 &
+  sleep_pid=$!
+  wait $sleep_pid
+done

scripts/logrotate.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+# Trap SIGTERM and SIGINT to handle graceful shutdown
+trap 'kill ${sleep_pid}; exit 0' SIGTERM SIGINT
+
+# Remove write access for group and others.
+chmod go-w /var/lib/cloudflare-warp
+
+# Main loop
+while true; do
+  logrotate /etc/logrotate.conf
+  # Sleep in a way that allows us to interrupt it
+  sleep 60 &
+  sleep_pid=$!
+  wait $sleep_pid
+done

scripts/warp.sh

@@ -0,0 +1,80 @@
+#!/bin/bash
+
+set -e
+
+# Kill any existing instances of warp-svc before starting a new one
+if pkill -x warp-svc -9; then
+  echo "Existing warp-svc process killed."
+fi
+
+# Start warp-svc in the background and redirect output to exclude dbus messages
+warp-svc > >(grep -iv dbus) 2> >(grep -iv dbus >&2) &
+WARP_PID=$!
+
+# Trap SIGTERM and SIGINT, and forward those signals to the warp-svc process
+trap "echo 'Stopping warp-svc...'; kill -TERM $WARP_PID; exit" SIGTERM SIGINT
+
+# Maximum number of attempts to try the registration
+MAX_ATTEMPTS=5
+attempt_counter=0
+
+echo "Attempting to start warp-svc and register..."
+
+# Function to check service status and attempt registration
+function attempt_registration {
+  until warp-cli --accept-tos registration new &> /dev/null; do
+    echo "Wait for warp-svc to start... Attempt $((++attempt_counter)) of $MAX_ATTEMPTS"
+    sleep 1
+    if [[ $attempt_counter -ge $MAX_ATTEMPTS ]]; then
+      echo "Failed to register after $MAX_ATTEMPTS attempts. Exiting."
+      return 1
+    fi
+  done
+  echo "warp-svc has been started and registered successfully!"
+}
+
+# Call the registration function
+if attempt_registration; then
+  echo "Service started and registered successfully."
+else
+  echo "There was an issue starting the service or registering. Check logs for details."
+  kill $WARP_PID
+  exit 1
+fi
+
+# Set the proxy port to 40000
+warp-cli --accept-tos proxy port 40000
+
+# Set the mode to proxy
+warp-cli --accept-tos mode proxy
+
+# Disable DNS log
+warp-cli --accept-tos dns log disable
+
+# Set the families mode based on the value of the FAMILIES_MODE variable
+warp-cli --accept-tos dns families "${FAMILIES_MODE}"
+
+# Set the WARP_LICENSE if it is not empty
+if [[ -n $WARP_LICENSE ]]; then
+  warp-cli --accept-tos registration license "${WARP_LICENSE}"
+fi
+
+# Connect to the WARP service
+warp-cli --accept-tos connect
+
+while true; do
+  # Check if warp-cli is connected
+  if warp-cli --accept-tos status | grep -iq connected; then
+    echo "Connected successfully."
+    # If connected, start healthcheck and break the loop
+    supervisorctl start healthcheck
+    break
+  else
+    echo "Not connected. Checking again..."
+  fi
+  # Wait for a specified time before checking again
+  sleep 1
+done
+
+# Wait for warp-svc process to finish
+wait $WARP_PID