Comments (12)
MikeWang000000
commented on July 22, 2024
Thanks. 不过有一些建议可以作为参考:
- 可以采用多阶段 (Multi-stage builds) 的方式构建,这样可以避免把整个 GCC 打进镜像里面,减少镜像体积;
- NATMap 目前还没有内置 iptables 转发(虽然我曾提过这个事),
NET_ADMINNET_RAW这两个权限还暂时用不到。
from natmap.
MikeWang000000
commented on July 22, 2024
@heiher 另外不知是否有构建 Docker 镜像的规划?如果有我可以帮忙提个 PR。
from natmap.
Lxeon
commented on July 22, 2024
Thanks. 不过有一些建议可以作为参考:
1. 可以采用多阶段 (Multi-stage builds) 的方式构建,这样可以避免把整个 GCC 打进镜像里面,减少镜像体积; 2. NATMap 目前还没有内置 iptables 转发(虽然我曾提过这个事),`NET_ADMIN` `NET_RAW` 这两个权限还暂时用不到。
更新
FROM ubuntu:latest as builder
ENV LANG C.UTF-8
ENV LANGUAGE C.UTF-8
ENV LC_ALL C.UTF-8
RUN apt update \
&& apt upgrade -y \
&& apt install -y gcc git make curl \
&& git clone --recursive https://github.com/heiher/natmap.git \
&& cd natmap \
&& make \
&& cp ./bin/natmap /opt/natmap
FROM ubuntu:latest
RUN apt update \
&& apt upgrade -y \
&& apt install -y curl
COPY --from=builder /opt/natmap /opt/natmap
ENTRYPOINT ["/opt/natmap"]感觉有些常用的命令也得加上去
from natmap.
heiher
commented on July 22, 2024
@heiher 另外不知是否有构建 Docker 镜像的规划?如果有我可以帮忙提个 PR。
如果能提个PR就太好了~ 有没有可能直接根据arch下载发布页由github action构建出来的二进制?那样会不会依赖简单一些
from natmap.
doyoman
commented on July 22, 2024
不编译,直接下载最新Releases的对应架构文件到alpine镜像就行吧,做好启动脚本和对应环境变量就ok,这样体积应该非常小
from natmap.
gmugu
commented on July 22, 2024
放在docker中运行,会出现端口占用问题
from natmap.
heiher
commented on July 22, 2024
放在docker中运行,会出现端口占用问题
具体是什么错误?可能需要给net_admin的capability才行。
from natmap.
gmugu
commented on July 22, 2024
放在docker中运行,会出现端口占用问题
具体是什么错误?可能需要给
net_admin的capability才行。
natmap-natmap-ssh-1 | [E] hev_sock_client_tcp src/hev-sock.c:167 Address in use
natmap-natmap-ssh-1 | [E] tnsk_run src/hev-tnsk.c:107 Start TCP keep-alive service failed.
natmap-natmap-ssh-1 | [E] hev_sock_client_tcp src/hev-sock.c:167 Address in use
natmap-natmap-ssh-1 | [E] tnsk_run src/hev-tnsk.c:107 Start TCP keep-alive service failed.
natmap-natmap-ssh-1 | [E] hev_sock_client_tcp src/hev-sock.c:167 Address in use
natmap-natmap-ssh-1 | [E] tnsk_run src/hev-tnsk.c:107 Start TCP keep-alive service failed.
natmap-natmap-ssh-1 | [E] hev_sock_client_tcp src/hev-sock.c:167 Address in use
natmap-natmap-ssh-1 | [E] tnsk_run src/hev-tnsk.c:107 Start TCP keep-alive service failed.
一直报这个打印
from natmap.
gmugu
commented on July 22, 2024
放在docker中运行,会出现端口占用问题
具体是什么错误?可能需要给
net_admin的capability才行。
在宿主机执行过一次"natmap -4 -s stunserver.stunprotocol.org -h qq.com -b 443 -e /opt/ddns.sh -k 60"命令之后,再启动docker就没问题,个人猜测是在docker内无法打开端口重用
from natmap.
heiher
commented on July 22, 2024
放在docker中运行,会出现端口占用问题
具体是什么错误?可能需要给
net_admin的capability才行。在宿主机执行过一次"natmap -4 -s stunserver.stunprotocol.org -h qq.com -b 443 -e /opt/ddns.sh -k 60"命令之后,再启动docker就没问题,个人猜测是在docker内无法打开端口重用
很有可能,当docker容器没有授权net_admin或privileged模式。如果监听443端口的服务没有重启过,在宿主机上执行过一次natmap后端口重用将持续有效。
from natmap.
gmugu
commented on July 22, 2024
放在docker中运行,会出现端口占用问题
具体是什么错误?可能需要给
net_admin的capability才行。在宿主机执行过一次"natmap -4 -s stunserver.stunprotocol.org -h qq.com -b 443 -e /opt/ddns.sh -k 60"命令之后,再启动docker就没问题,个人猜测是在docker内无法打开端口重用
很有可能,当docker容器没有授权
net_admin或privileged模式。如果监听443端口的服务没有重启过,在宿主机上执行过一次natmap后端口重用将持续有效。
授权过net_admin或privileged模式了,问题还在,应该不是权限的问题。我看了端口重用的代码,docker容器实现隔离,pid也是隔离的,应该无法通过pid控制端口重用
from natmap.
heiher
commented on July 22, 2024
放在docker中运行,会出现端口占用问题
具体是什么错误?可能需要给
net_admin的capability才行。在宿主机执行过一次"natmap -4 -s stunserver.stunprotocol.org -h qq.com -b 443 -e /opt/ddns.sh -k 60"命令之后,再启动docker就没问题,个人猜测是在docker内无法打开端口重用
很有可能,当docker容器没有授权
net_admin或privileged模式。如果监听443端口的服务没有重启过,在宿主机上执行过一次natmap后端口重用将持续有效。授权过net_admin或privileged模式了,问题还在,应该不是权限的问题。我看了端口重用的代码,docker容器实现隔离,pid也是隔离的,应该无法通过pid控制端口重用
正解。忘记这个细节了
from natmap.
Related Issues (20)
- Operation in progress什么鬼报错
- 不知道怎么给wiki提pr,大佬看下能不能更新下wiki上关于ssh的说明 HOT 2
- How about creating the docker image for NATMap?
- 问一个非常弱智的问题 HOT 5
- 在Android上执行时发生了错误 HOT 7
- Origin rule无法完成 HOT 4
- [Feature Request] iptables / nftables forwarding HOT 6
- How does stun - http work? HOT 1
- tcp和udp能否共存? HOT 7
- ssh断开连接问题 HOT 4
- 网络变动后故障 HOT 3
- ddns via cloudflare HOT 1
- 希望能增加参数,不要错误日志,或者把日志写入文件。 HOT 3
- notification scripts can be run manually, but natmap cannot
- 在开启clash的服务器上,无法打洞 HOT 7
- 请求在wireguard安卓客户端增加TXT记录解析 HOT 7
- 是否可以增加个先行脚本参数呢 例如-e 带的脚本 HOT 12
- Does it support FreeBSD? HOT 6
- 编译成静态链接报错 HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from natmap.