update default repo to main

.github/workflows/docker-image-nightly.yml

@@ -0,0 +1,22 @@
+name: Docker Image CI (nightly)
+
+on:
+  push:
+    branches:
+      - "*" # matches every branch that doesn't contain a '/'
+      - "*/*" # matches every branch containing a single '/'
+      - "**" # matches every branch
+      - "!main" # excludes main
+
+jobs:
+  build-nightly:
+    uses: ./.github/workflows/docker-image.yml
+    with:
+      image_name: ${{ github.repository_owner }}/godoxy
+      tag: nightly
+  build-nightly-agent:
+    uses: ./.github/workflows/docker-image.yml
+    with:
+      image_name: ${{ github.repository_owner }}/godoxy-agent
+      tag: nightly
+      agent: true

.github/workflows/docker-image-prod.yml

@@ -0,0 +1,20 @@
+name: Docker Image CI
+
+on:
+  push:
+    tags:
+      - v*
+
+jobs:
+  build-prod:
+    uses: ./.github/workflows/docker-image.yml
+    with:
+      image_name: ${{ github.repository_owner }}/godoxy
+      old_image_name: ${{ github.repository_owner }}/go-proxy
+      tag: latest
+  build-prod-agent:
+    uses: ./.github/workflows/docker-image.yml
+    with:
+      image_name: ${{ github.repository_owner }}/godoxy-agent
+      tag: latest
+      agent: true

.github/workflows/docker-image.yml

@@ -1,128 +1,163 @@
 name: Docker Image CI
 
 on:
-    push:
-        tags: ["*"]
+  workflow_call:
+    inputs:
+      tag:
+        required: true
+        type: string
+      image_name:
+        required: true
+        type: string
+      old_image_name:
+        required: false
+        type: string
+      agent:
+        required: false
+        default: false
+        type: boolean
 
 env:
-    REGISTRY: ghcr.io
-    IMAGE_NAME: ${{ github.repository }}
+  REGISTRY: ghcr.io
+  MAKE_ARGS: agent=${{ inputs.agent && '1' || '0' }}
+  DIGEST_PATH: /tmp/digests/${{ inputs.agent && 'agent' || 'main' }}
+  DIGEST_NAME_SUFFIX: ${{ inputs.agent && 'agent' || 'main' }}
 
 jobs:
-    build:
-        name: Build multi-platform Docker image
-        runs-on: ubuntu-22.04
+  build:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - runner: ubuntu-latest
+            platform: linux/amd64
+          - runner: ubuntu-24.04-arm
+            platform: linux/arm64
 
-        permissions:
-            contents: read
-            packages: write
-            id-token: write
-            attestations: write
+    name: Build ${{ matrix.platform }}
+    runs-on: ${{ matrix.runner }}
 
-        strategy:
-            fail-fast: false
-            matrix:
-                platform:
-                    - linux/amd64
-                    # - linux/arm/v6
-                    # - linux/arm/v7
-                    - linux/arm64
-        steps:
-            - name: Prepare
-              run: |
-                  platform=${{ matrix.platform }}
-                  echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+      attestations: write
 
-            - name: Docker meta
-              id: meta
-              uses: docker/metadata-action@v5
-              with:
-                  images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+    steps:
+      - name: Prepare
+        run: |
+          platform=${{ matrix.platform }}
+          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
 
-            - name: Set up QEMU
-              uses: docker/setup-qemu-action@v3
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ inputs.image_name }}
+          tags: |
+            type=raw,value=${{ inputs.tag }},event=branch
+            type=ref,event=tag
 
-            - name: Set up Docker Buildx
-              uses: docker/setup-buildx-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          platforms: ${{ matrix.platform }}
 
-            - name: Login to registry
-              uses: docker/login-action@v3
-              with:
-                  registry: ${{ env.REGISTRY }}
-                  username: ${{ github.actor }}
-                  password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Login to registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
-            - name: Build and push by digest
-              id: build
-              uses: docker/build-push-action@v6
-              with:
-                  platforms: ${{ matrix.platform }}
-                  labels: ${{ steps.meta.outputs.labels }}
-                  outputs: type=image,name=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }},push-by-digest=true,name-canonical=true,push=true
-                  cache-from: type=gha
-                  cache-to: type=gha,mode=max
-                  build-args: |
-                      VERSION=${{ github.ref_name }}
+      - name: Build and push by digest
+        id: build
+        uses: docker/build-push-action@v6
+        with:
+          platforms: ${{ matrix.platform }}
+          labels: ${{ steps.meta.outputs.labels }}
+          outputs: type=image,name=${{ env.REGISTRY }}/${{ inputs.image_name }},push-by-digest=true,name-canonical=true,push=true
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          build-args: |
+            VERSION=${{ github.ref_name }}
+            MAKE_ARGS=${{ env.MAKE_ARGS }}
 
-            - name: Generate artifact attestation
-              uses: actions/attest-build-provenance@v1
-              with:
-                  subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
-                  subject-digest: ${{ steps.build.outputs.digest }}
-                  push-to-registry: true
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-name: ${{ env.REGISTRY }}/${{ inputs.image_name }}
+          subject-digest: ${{ steps.build.outputs.digest }}
+          push-to-registry: true
 
-            - name: Export digest
-              run: |
-                  mkdir -p /tmp/digests
-                  digest="${{ steps.build.outputs.digest }}"
-                  touch "/tmp/digests/${digest#sha256:}"
+      - name: Export digest
+        run: |
+          mkdir -p ${{ env.DIGEST_PATH }}
+          digest="${{ steps.build.outputs.digest }}"
+          touch "${{ env.DIGEST_PATH }}/${digest#sha256:}"
 
-            - name: Upload digest
-              uses: actions/upload-artifact@v4
-              with:
-                  name: digests-${{ env.PLATFORM_PAIR }}
-                  path: /tmp/digests/*
-                  if-no-files-found: error
-                  retention-days: 1
-    merge:
-        runs-on: ubuntu-22.04
-        needs:
-            - build
-        permissions:
-            contents: read
-            packages: write
-            id-token: write
-        steps:
-            - name: Download digests
-              uses: actions/download-artifact@v4
-              with:
-                  path: /tmp/digests
-                  pattern: digests-*
-                  merge-multiple: true
+      - name: Upload digest
+        uses: actions/upload-artifact@v4
+        with:
+          name: digests-${{ env.PLATFORM_PAIR }}-${{ env.DIGEST_NAME_SUFFIX }}
+          path: ${{ env.DIGEST_PATH }}/*
+          if-no-files-found: error
+          retention-days: 1
 
-            - name: Set up Docker Buildx
-              uses: docker/setup-buildx-action@v3
+  merge:
+    needs: build
+    runs-on: ubuntu-latest
 
-            - name: Docker meta
-              id: meta
-              uses: docker/metadata-action@v5
-              with:
-                  images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
 
-            - name: Login to registry
-              uses: docker/login-action@v3
-              with:
-                  registry: ${{ env.REGISTRY }}
-                  username: ${{ github.actor }}
-                  password: ${{ secrets.GITHUB_TOKEN }}
+    steps:
+      - name: Download digests
+        uses: actions/download-artifact@v4
+        with:
+          path: ${{ env.DIGEST_PATH }}
+          pattern: digests-*-${{ env.DIGEST_NAME_SUFFIX }}
+          merge-multiple: true
 
-            - name: Create manifest list and push
-              id: push
-              working-directory: /tmp/digests
-              run: |
-                  docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
-                    $(printf '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@sha256:%s ' *)
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
 
-            - name: Inspect image
-              run: |
-                  docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }}
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ inputs.image_name }}
+          tags: |
+            type=raw,value=${{ inputs.tag }},event=branch
+            type=ref,event=tag
+
+      - name: Login to registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Create manifest list and push
+        id: push
+        working-directory: ${{ env.DIGEST_PATH }}
+        run: |
+          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+            $(printf '${{ env.REGISTRY }}/${{ inputs.image_name }}@sha256:%s ' *)
+
+      - name: Old image name
+        if: inputs.old_image_name != ''
+        run: |
+          docker buildx imagetools create -t ${{ env.REGISTRY }}/${{ inputs.old_image_name }}:${{ steps.meta.outputs.version }}\
+            ${{ env.REGISTRY }}/${{ inputs.image_name }}:${{ steps.meta.outputs.version }}
+
+      - name: Inspect image
+        run: |
+          docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ inputs.image_name }}:${{ steps.meta.outputs.version }}
+
+      - name: Inspect image (old)
+        if: inputs.old_image_name != ''
+        run: |
+          docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ inputs.old_image_name }}:${{ steps.meta.outputs.version }}

.trunk/trunk.yaml

@@ -2,7 +2,7 @@
 # To learn more about the format of this file, see https://docs.trunk.io/reference/trunk-yaml
 version: 0.1
 cli:
-  version: 1.22.9
+  version: 1.22.10
 # Trunk provides extensibility via plugins. (https://docs.trunk.io/plugins)
 plugins:
   sources:
@@ -23,16 +23,16 @@ lint:
   enabled:
     - hadolint@2.12.1-beta
     - actionlint@1.7.7
-    - checkov@3.2.360
+    - checkov@3.2.370
     - git-diff-check
     - gofmt@1.20.4
-    - golangci-lint@1.63.4
+    - golangci-lint@1.64.5
     - osv-scanner@1.9.2
-    - oxipng@9.1.3
-    - prettier@3.4.2
+    - oxipng@9.1.4
+    - prettier@3.5.1
     - shellcheck@0.10.0
     - shfmt@3.6.0
-    - trufflehog@3.88.4
+    - trufflehog@3.88.9
 actions:
   disabled:
     - trunk-announce

.vscode/settings.example.json

@@ -1,10 +1,10 @@
 {
   "yaml.schemas": {
-    "https://github.com/yusing/go-proxy/raw/v0.9/schemas/config.schema.json": [
+    "https://github.com/yusing/go-proxy/raw/main/schemas/config.schema.json": [
       "config.example.yml",
       "config.yml"
     ],
-    "https://github.com/yusing/go-proxy/raw/v0.9/schemas/routes.schema.json": [
+    "https://github.com/yusing/go-proxy/raw/main/schemas/routes.schema.json": [
       "providers.example.yml"
     ]
   }

Dockerfile

@@ -1,5 +1,5 @@
 # Stage 1: Builder
-FROM golang:1.23.5-alpine AS builder
+FROM golang:1.23.6-alpine AS builder
 HEALTHCHECK NONE
 
 # package version does not matter

README.md

@@ -70,23 +70,17 @@ Setup DNS Records point to machine which runs `GoDoxy`, e.g.
 
 **NOTE:** GoDoxy is designed to be (and only works when) running in `host` network mode, do not change it. To change listening ports, modify `.env`.
 
-1.  Pull the latest docker images
+1.  Prepare a new directory for docker compose and config files.
+
+2.  Run setup script inside the directory, or [set up manually](#manual-setup)
 
     ```shell
-    docker pull ghcr.io/yusing/go-proxy:latest
+    /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/yusing/go-proxy/main/scripts/setup.sh)"
     ```
 
-2.  Create new directory, `cd` into it, then run setup, or [set up manually](#manual-setup)
+3.  Start the container `docker compose up -d` and wait for it to be ready
 
-    ```shell
-    docker run --rm -v .:/setup ghcr.io/yusing/go-proxy /app/godoxy setup
-    ```
-
-3.  _(Optional)_ setup `docker-socket-proxy` other docker nodes (see [Multi docker nodes setup](https://github.com/yusing/go-proxy/wiki/Configurations#multi-docker-nodes-setup)) then add them inside `config.yml`
-
-4.  Start the container `docker compose up -d`
-
-5.  You may now do some extra configuration on WebUI `https://godoxy.domain.com`
+4.  You may now do some extra configuration on WebUI `https://godoxy.yourdomain.com`
 
 [🔼Back to top](#table-of-content)
 
@@ -94,15 +88,15 @@ Setup DNS Records point to machine which runs `GoDoxy`, e.g.
 
 1. Make `config` directory then grab `config.example.yml` into `config/config.yml`
 
-   `mkdir -p config && wget https://raw.githubusercontent.com/yusing/go-proxy/v0.9/config.example.yml -O config/config.yml`
+   `mkdir -p config && wget https://raw.githubusercontent.com/yusing/go-proxy/main/config.example.yml -O config/config.yml`
 
 2. Grab `.env.example` into `.env`
 
-   `wget https://raw.githubusercontent.com/yusing/go-proxy/v0.9/.env.example -O .env`
+   `wget https://raw.githubusercontent.com/yusing/go-proxy/main/.env.example -O .env`
 
 3. Grab `compose.example.yml` into `compose.yml`
 
-   `wget https://raw.githubusercontent.com/yusing/go-proxy/v0.9/compose.example.yml -O compose.yml`
+   `wget https://raw.githubusercontent.com/yusing/go-proxy/main/compose.example.yml -O compose.yml`
 
 ### Folder structrue
 
@@ -118,6 +112,10 @@ Setup DNS Records point to machine which runs `GoDoxy`, e.g.
 │   │   ├── middleware2.yml
 │   ├── provider1.yml
 │   └── provider2.yml
+├── data
+│   ├── metrics # metrics data
+│   │   ├── uptime.json
+│   │   └── system_info.json
 └── .env
 ```
 

README_CHT.md

@@ -66,23 +66,19 @@
 
 ## 安裝
 
-1.  拉取最新的 Docker 映像
+**注意：** GoDoxy 設計為（且僅在）`host` 網路模式下運作，請勿更改。如需更改監聽埠，請修改 `.env`。
+
+1.  準備一個新目錄用於 docker compose 和配置文件。
+
+2.  在目錄內運行安裝腳本，或[手動安裝](#手動安裝)
 
     ```shell
-    docker pull ghcr.io/yusing/go-proxy:latest
+    /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/yusing/go-proxy/main/scripts/setup.sh)"
     ```
 
-2.  建立新目錄，`cd` 進入後運行安裝，或[手動安裝](#手動安裝)
+3.  啟動容器 `docker compose up -d` 並等待就緒
 
-    ```shell
-    docker run --rm -v .:/setup ghcr.io/yusing/go-proxy /app/godoxy setup
-    ```
-
-3.  _（可選）_ 設置其他 Docker 節點的 `docker-socket-proxy`（參見 [多 Docker 節點設置](https://github.com/yusing/go-proxy/wiki/Configurations#multi-docker-nodes-setup)），然後在 `config.yml` 中添加它們
-
-4.  啟動容器 `docker compose up -d`
-
-5.  大功告成!可前往WebUI `https://gp.domain.com` 進行額外的配置
+4.  現在可以在 WebUI `https://godoxy.yourdomain.com` 進行額外配置
 
 [🔼回到頂部](#目錄)
 
@@ -90,15 +86,15 @@
 
 1. 建立 `config` 目錄，然後將 `config.example.yml` 下載到 `config/config.yml`
 
-   `mkdir -p config && wget https://raw.githubusercontent.com/yusing/go-proxy/v0.9/config.example.yml -O config/config.yml`
+   `mkdir -p config && wget https://raw.githubusercontent.com/yusing/go-proxy/main/config.example.yml -O config/config.yml`
 
 2. 將 `.env.example` 下載到 `.env`
 
-   `wget https://raw.githubusercontent.com/yusing/go-proxy/v0.9/.env.example -O .env`
+   `wget https://raw.githubusercontent.com/yusing/go-proxy/main/.env.example -O .env`
 
 3. 將 `compose.example.yml` 下載到 `compose.yml`
 
-   `wget https://raw.githubusercontent.com/yusing/go-proxy/v0.9/compose.example.yml -O compose.yml`
+   `wget https://raw.githubusercontent.com/yusing/go-proxy/main/compose.example.yml -O compose.yml`
 
 ### 資料夾結構
 
@@ -114,6 +110,10 @@
 │   │   ├── middleware2.yml
 │   ├── provider1.yml
 │   └── provider2.yml
+├── data
+│   ├── metrics # metrics data
+│   │   ├── uptime.json
+│   │   └── system_info.json
 └── .env
 ```
 

cmd/main.go

@@ -42,9 +42,6 @@ func main() {
 	args := common.GetArgs()
 
 	switch args.Command {
-	case common.CommandSetup:
-		internal.Setup()
-		return
 	case common.CommandReload:
 		if err := query.ReloadServer(); err != nil {
 			E.LogFatal("server reload error", err)

compose.example.yml

@@ -1,7 +1,7 @@
 ---
 services:
   frontend:
-    image: ghcr.io/yusing/go-proxy-frontend:latest
+    image: ghcr.io/yusing/godoxy-frontend:latest
     container_name: godoxy-frontend
     restart: unless-stopped
     network_mode: host
@@ -21,7 +21,7 @@ services:
       #     - 192.168.0.0/16
       #     - 172.16.0.0/12
   app:
-    image: ghcr.io/yusing/go-proxy:latest
+    image: ghcr.io/yusing/godoxy:latest
     container_name: godoxy
     restart: always
     network_mode: host

go.mod

@@ -1,22 +1,22 @@
 module github.com/yusing/go-proxy
 
-go 1.23.5
+go 1.23.6
 
 require (
-	github.com/PuerkitoBio/goquery v1.10.1 // parsing HTML for extract fav icon
+	github.com/PuerkitoBio/goquery v1.10.2 // parsing HTML for extract fav icon
 	github.com/coder/websocket v1.8.12 // websocket for API and agent
 	github.com/coreos/go-oidc/v3 v3.12.0 // oidc authentication
 	github.com/docker/cli v27.5.1+incompatible // docker CLI
 	github.com/docker/docker v27.5.1+incompatible // docker daemon
 	github.com/fsnotify/fsnotify v1.8.0 // file watcher
-	github.com/go-acme/lego/v4 v4.21.0 // acme client
-	github.com/go-playground/validator/v10 v10.24.0 // validator
+	github.com/go-acme/lego/v4 v4.22.2 // acme client
+	github.com/go-playground/validator/v10 v10.25.0 // validator
 	github.com/gobwas/glob v0.2.3 // glob matcher for route rules
 	github.com/golang-jwt/jwt/v5 v5.2.1 // jwt for default auth
 	github.com/gotify/server/v2 v2.6.1 // reference the Message struct for json response
 	github.com/lithammer/fuzzysearch v1.1.8 // fuzzy search for searching icons and filtering metrics
 	github.com/prometheus/client_golang v1.20.5 // metrics
-	github.com/puzpuzpuz/xsync/v3 v3.5.0 // lock free map for concurrent operations
+	github.com/puzpuzpuz/xsync/v3 v3.5.1 // lock free map for concurrent operations
 	github.com/rs/zerolog v1.33.0 // logging
 	github.com/vincent-petithory/dataurl v1.0.0 // data url for fav icon
 	golang.org/x/crypto v0.33.0 // encrypting password with bcrypt
@@ -76,7 +76,7 @@ require (
 	golang.org/x/mod v0.23.0 // indirect
 	golang.org/x/sync v0.11.0 // indirect
 	golang.org/x/sys v0.30.0 // indirect
-	golang.org/x/tools v0.29.0 // indirect
+	golang.org/x/tools v0.30.0 // indirect
 	google.golang.org/protobuf v1.36.5 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gotest.tools/v3 v3.5.1 // indirect

go.sum

@@ -2,8 +2,8 @@ github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOEl
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
 github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
-github.com/PuerkitoBio/goquery v1.10.1 h1:Y8JGYUkXWTGRB6Ars3+j3kN0xg1YqqlwvdTV8WTFQcU=
-github.com/PuerkitoBio/goquery v1.10.1/go.mod h1:IYiHrOMps66ag56LEH7QYDDupKXyo5A8qrjIx3ZtujY=
+github.com/PuerkitoBio/goquery v1.10.2 h1:7fh2BdHcG6VFZsK7toXBT/Bh1z5Wmy8Q9MV9HqT2AM8=
+github.com/PuerkitoBio/goquery v1.10.2/go.mod h1:0guWGjcLu9AYC7C1GHnpysHy056u9aEkUHwhdnePMCU=
 github.com/andybalholm/cascadia v1.3.3 h1:AG2YHrzJIm4BZ19iwJ/DAua6Btl3IwJX+VI4kktS1LM=
 github.com/andybalholm/cascadia v1.3.3/go.mod h1:xNd9bqTn98Ln4DwST8/nG+H0yuB8Hmgu1YHNnWw0GeA=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@@ -41,8 +41,8 @@ github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/
 github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
 github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM=
 github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8=
-github.com/go-acme/lego/v4 v4.21.0 h1:arEW+8o5p7VI8Bk1kr/PDlgD1DrxtTH1gJ4b7mehL8o=
-github.com/go-acme/lego/v4 v4.21.0/go.mod h1:HrSWzm3Ckj45Ie3i+p1zKVobbQoMOaGu9m4up0dUeDI=
+github.com/go-acme/lego/v4 v4.22.2 h1:ck+HllWrV/rZGeYohsKQ5iKNnU/WAZxwOdiu6cxky+0=
+github.com/go-acme/lego/v4 v4.22.2/go.mod h1:E2FndyI3Ekv0usNJt46mFb9LVpV/XBYT+4E3tz02Tzo=
 github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E=
 github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
@@ -56,8 +56,8 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.24.0 h1:KHQckvo8G6hlWnrPX4NJJ+aBfWNAE/HH+qdL2cBpCmg=
-github.com/go-playground/validator/v10 v10.24.0/go.mod h1:GGzBIJMuE98Ic/kJsBXbz1x/7cByt++cQ+YOuDM5wus=
+github.com/go-playground/validator/v10 v10.25.0 h1:5Dh7cjvzR7BRZadnsVOzPhWsrwUr0nmsZJxEAnFLNO8=
+github.com/go-playground/validator/v10 v10.25.0/go.mod h1:GGzBIJMuE98Ic/kJsBXbz1x/7cByt++cQ+YOuDM5wus=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
 github.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=
@@ -134,8 +134,8 @@ github.com/prometheus/common v0.62.0 h1:xasJaQlnWAeyHdUBeGjXmutelfJHWMRr+Fg4QszZ
 github.com/prometheus/common v0.62.0/go.mod h1:vyBcEuLSvWos9B1+CyL7JZ2up+uFzXhkqml0W5zIY1I=
 github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
 github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
-github.com/puzpuzpuz/xsync/v3 v3.5.0 h1:i+cMcpEDY1BkNm7lPDkCtE4oElsYLn+EKF8kAu2vXT4=
-github.com/puzpuzpuz/xsync/v3 v3.5.0/go.mod h1:VjzYrABPabuM4KyBh1Ftq6u8nhwY5tBPKP9jpmh0nnA=
+github.com/puzpuzpuz/xsync/v3 v3.5.1 h1:GJYJZwO6IdxN/IKbneznS6yPkVC+c3zyY/j19c++5Fg=
+github.com/puzpuzpuz/xsync/v3 v3.5.1/go.mod h1:VjzYrABPabuM4KyBh1Ftq6u8nhwY5tBPKP9jpmh0nnA=
 github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
 github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
 github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
@@ -264,8 +264,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
 golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
-golang.org/x/tools v0.29.0 h1:Xx0h3TtM9rzQpQuR4dKLrdglAmCEN5Oi+P74JdhdzXE=
-golang.org/x/tools v0.29.0/go.mod h1:KMQVMRsVxU6nHCFXrBPhDB8XncLNLM0lIy/F14RP588=
+golang.org/x/tools v0.30.0 h1:BgcpHewrV5AUp2G9MebG4XPFI1E2W41zU1SaqVA9vJY=
+golang.org/x/tools v0.30.0/go.mod h1:c347cR/OJfw5TI+GfX7RUPNMdDRRbjvYTS0jPyvsVtY=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

internal/common/args.go

@@ -12,7 +12,6 @@ type Args struct {
 
 const (
 	CommandStart              = ""
-	CommandSetup              = "setup"
 	CommandValidate           = "validate"
 	CommandListConfigs        = "ls-config"
 	CommandListRoutes         = "ls-routes"
@@ -25,7 +24,6 @@ const (
 
 var ValidCommands = []string{
 	CommandStart,
-	CommandSetup,
 	CommandValidate,
 	CommandListConfigs,
 	CommandListRoutes,
@@ -36,6 +34,15 @@ var ValidCommands = []string{
 	CommandDebugListMTrace,
 }
 
+func validateArg(arg string) error {
+	for _, v := range ValidCommands {
+		if arg == v {
+			return nil
+		}
+	}
+	return fmt.Errorf("invalid command %q", arg)
+}
+
 func GetArgs() Args {
 	var args Args
 	flag.Parse()
@@ -45,12 +52,3 @@ func GetArgs() Args {
 	}
 	return args
 }
-
-func validateArg(arg string) error {
-	for _, v := range ValidCommands {
-		if arg == v {
-			return nil
-		}
-	}
-	return fmt.Errorf("invalid command %q", arg)
-}

internal/net/http/middleware/cloudflare_real_ip.go

@@ -30,6 +30,14 @@ const (
 var (
 	cfCIDRsLastUpdate time.Time
 	cfCIDRsMu         sync.Mutex
+
+	// RFC 1918.
+	localCIDRs = []*types.CIDR{
+		{IP: net.IPv4(127, 0, 0, 1), Mask: net.IPv4Mask(255, 255, 255, 255)}, // 127.0.0.1/32
+		{IP: net.IPv4(10, 0, 0, 0), Mask: net.IPv4Mask(255, 0, 0, 0)},        // 10.0.0.0/8
+		{IP: net.IPv4(172, 16, 0, 0), Mask: net.IPv4Mask(255, 240, 0, 0)},    // 172.16.0.0/12
+		{IP: net.IPv4(192, 168, 0, 0), Mask: net.IPv4Mask(255, 255, 0, 0)},   // 192.168.0.0/16
+	}
 )
 
 var CloudflareRealIP = NewMiddleware[cloudflareRealIP]()
@@ -37,7 +45,7 @@ var CloudflareRealIP = NewMiddleware[cloudflareRealIP]()
 // setup implements MiddlewareWithSetup.
 func (cri *cloudflareRealIP) setup() {
 	cri.realIP.RealIPOpts = RealIPOpts{
-		Header:    "Cf-Connecting-Ip",
+		Header:    "CF-Connecting-IP",
 		Recursive: cri.Recursive,
 	}
 }
@@ -72,12 +80,7 @@ func tryFetchCFCIDR() (cfCIDRs []*types.CIDR) {
 	}
 
 	if common.IsTest {
-		cfCIDRs = []*types.CIDR{
-			{IP: net.IPv4(127, 0, 0, 1), Mask: net.IPv4Mask(255, 0, 0, 0)},
-			{IP: net.IPv4(10, 0, 0, 0), Mask: net.IPv4Mask(255, 0, 0, 0)},
-			{IP: net.IPv4(172, 16, 0, 0), Mask: net.IPv4Mask(255, 255, 0, 0)},
-			{IP: net.IPv4(192, 168, 0, 0), Mask: net.IPv4Mask(255, 255, 255, 0)},
-		}
+		cfCIDRs = localCIDRs
 	} else {
 		cfCIDRs = make([]*types.CIDR, 0, 30)
 		err := errors.Join(
@@ -122,6 +125,6 @@ func fetchUpdateCFIPRange(endpoint string, cfCIDRs *[]*types.CIDR) error {
 
 		*cfCIDRs = append(*cfCIDRs, (*types.CIDR)(cidr))
 	}
-
+	*cfCIDRs = append(*cfCIDRs, localCIDRs...)
 	return nil
 }

internal/route/route.go

@@ -233,6 +233,9 @@ func (r *Route) UseAccessLog() bool {
 }
 
 func (r *Route) Finalize() {
+	r.Alias = strings.ToLower(strings.TrimSpace(r.Alias))
+	r.Host = strings.ToLower(strings.TrimSpace(r.Host))
+
 	isDocker := r.Container != nil
 	cont := r.Container
 

internal/setup.go

@@ -1,127 +0,0 @@
-package internal
-
-import (
-	"io"
-	"log"
-	"net/http"
-	"net/url"
-	"os"
-	"path"
-
-	"github.com/yusing/go-proxy/internal/common"
-)
-
-var (
-	branch          = common.GetEnvString("BRANCH", "v0.9")
-	baseURL         = "https://github.com/yusing/go-proxy/raw/" + branch
-	requiredConfigs = []Config{
-		{common.ConfigBasePath, true, false, ""},
-		{common.DotEnvPath, false, true, common.DotEnvExamplePath},
-		{common.ComposeFileName, false, true, common.ComposeExampleFileName},
-		{path.Join(common.ConfigBasePath, common.ConfigFileName), false, true, common.ConfigExampleFileName},
-	}
-)
-
-type Config struct {
-	Pathname         string
-	IsDir            bool
-	NeedDownload     bool
-	DownloadFileName string
-}
-
-func Setup() {
-	log.Println("setting up go-proxy")
-	log.Println("branch:", branch)
-
-	if err := os.Chdir("/setup"); err != nil {
-		log.Fatalf("failed: %s\n", err)
-	}
-
-	for _, config := range requiredConfigs {
-		config.setup()
-	}
-
-	log.Println("setup finished")
-}
-
-func (c *Config) setup() {
-	if c.IsDir {
-		mkdir(c.Pathname)
-		return
-	}
-	if !c.NeedDownload {
-		touch(c.Pathname)
-		return
-	}
-
-	fetch(c.DownloadFileName, c.Pathname)
-}
-
-func hasFileOrDir(path string) bool {
-	_, err := os.Stat(path)
-	return err == nil
-}
-
-func mkdir(pathname string) {
-	_, err := os.Stat(pathname)
-	if err != nil && os.IsNotExist(err) {
-		log.Printf("creating directory %q\n", pathname)
-		err := os.MkdirAll(pathname, 0o755)
-		if err != nil {
-			log.Fatalf("failed: %s\n", err)
-		}
-		return
-	}
-	if err != nil {
-		log.Fatalf("failed: %s\n", err)
-	}
-}
-
-func touch(pathname string) {
-	if hasFileOrDir(pathname) {
-		return
-	}
-	log.Printf("creating file %q\n", pathname)
-	_, err := os.Create(pathname)
-	if err != nil {
-		log.Fatalf("failed: %s\n", err)
-	}
-}
-
-func fetch(remoteFilename string, outFileName string) {
-	if hasFileOrDir(outFileName) {
-		if remoteFilename == outFileName {
-			log.Printf("%q already exists, not overwriting\n", outFileName)
-			return
-		}
-		log.Printf("%q already exists, downloading to %q\n", outFileName, remoteFilename)
-		outFileName = remoteFilename
-	}
-	log.Printf("downloading %q to %q\n", remoteFilename, outFileName)
-
-	url, err := url.JoinPath(baseURL, remoteFilename)
-	if err != nil {
-		log.Fatalf("unexpected error: %s\n", err)
-	}
-
-	resp, err := http.Get(url)
-	if err != nil {
-		log.Fatalf("http request failed: %s\n", err)
-	}
-
-	body, err := io.ReadAll(resp.Body)
-	if err != nil {
-		resp.Body.Close()
-		log.Fatalf("error reading response body: %s\n", err)
-	}
-
-	err = os.WriteFile(outFileName, body, 0o644)
-	if err != nil {
-		resp.Body.Close()
-		log.Fatalf("failed to write to file: %s\n", err)
-	}
-
-	log.Print("done")
-
-	resp.Body.Close()
-}

scripts/setup.sh

@@ -0,0 +1,219 @@
+#!/bin/bash
+
+set -e # Exit on error
+
+# Detect download tool
+if command -v curl >/dev/null 2>&1; then
+	DOWNLOAD_TOOL="curl"
+	DOWNLOAD_CMD="curl -fsSL -o"
+elif command -v wget >/dev/null 2>&1; then
+	DOWNLOAD_TOOL="wget"
+	DOWNLOAD_CMD="wget -qO"
+else
+	read -p "Neither curl nor wget is installed, install curl? (y/n): " INSTALL
+	if [ "$INSTALL" == "y" ]; then
+		install_pkg "curl"
+	else
+		echo "Error: Neither curl nor wget is installed. Please install one of them and try again."
+		exit 1
+	fi
+fi
+
+echo "Using ${DOWNLOAD_TOOL} for downloads"
+
+# get_default_branch() {
+#     local repo="$1"  # Format: owner/repo
+#     local branch
+
+#     if [ "$DOWNLOAD_TOOL" = "curl" ]; then
+#         branch=$(curl -sL "https://api.github.com/repos/${repo}" | grep -o '"default_branch": *"[^"]*"' | cut -d'"' -f4)
+#     elif [ "$DOWNLOAD_TOOL" = "wget" ]; then
+#         branch=$(wget -qO- "https://api.github.com/repos/${repo}" | grep -o '"default_branch": *"[^"]*"' | cut -d'"' -f4)
+#     fi
+
+#     if [ -z "$branch" ]; then
+#         echo "main"  # Fallback to 'main' if detection fails
+#     else
+#         echo "$branch"
+#     fi
+# }
+
+# Environment variables with defaults
+REPO="yusing/go-proxy"
+BRANCH=${BRANCH:-"main"}
+REPO_URL="https://github.com/$REPO"
+WIKI_URL="${REPO_URL}/wiki"
+BASE_URL="${REPO_URL}/raw/${BRANCH}"
+
+# Config paths
+CONFIG_BASE_PATH="config"
+DOT_ENV_PATH=".env"
+DOT_ENV_EXAMPLE_PATH=".env.example"
+COMPOSE_FILE_NAME="compose.yml"
+COMPOSE_EXAMPLE_FILE_NAME="compose.example.yml"
+CONFIG_FILE_NAME="config.yml"
+CONFIG_EXAMPLE_FILE_NAME="config.example.yml"
+
+echo "Setting up GoDoxy"
+echo "Branch: ${BRANCH}"
+
+install_pkg() {
+	# detect package manager
+	if command -v apt >/dev/null 2>&1; then
+		apt install -y "$1"
+	elif command -v yum >/dev/null 2>&1; then
+		yum install -y "$1"
+	elif command -v pacman >/dev/null 2>&1; then
+		pacman -S --noconfirm "$1"
+	else
+		echo "Error: No supported package manager found"
+		exit 1
+	fi
+}
+
+check_pkg() {
+	local cmd="$1"
+	local pkg="$2"
+	if ! command -v "$cmd" >/dev/null 2>&1; then
+		# check if user is root
+		if [ "$EUID" -ne 0 ]; then
+			echo "Error: $pkg is not installed and you are not running as root. Please install it and try again."
+			exit 1
+		fi
+		read -p "$pkg is not installed, install it? (y/n): " INSTALL
+		if [ "$INSTALL" == "y" ]; then
+			install_pkg "$pkg"
+		else
+			echo "Error: $pkg is not installed. Please install it and try again."
+			exit 1
+		fi
+	fi
+}
+
+# Function to check if file/directory exists
+has_file_or_dir() {
+	[ -e "$1" ]
+}
+
+# Function to create directory
+mkdir_if_not_exists() {
+	if [ ! -d "$1" ]; then
+		echo "Creating directory \"$1\""
+		mkdir -p "$1"
+	fi
+}
+
+# Function to create empty file
+touch_if_not_exists() {
+	if [ ! -f "$1" ]; then
+		echo "Creating file \"$1\""
+		touch "$1"
+	fi
+}
+
+# Function to download file
+fetch_file() {
+	local remote_file="$1"
+	local out_file="$2"
+
+	if has_file_or_dir "$out_file"; then
+		if [ "$remote_file" = "$out_file" ]; then
+			echo "\"$out_file\" already exists, not overwriting"
+			return
+		fi
+		read -p "Do you want to overwrite \"$out_file\"? (y/n): " OVERWRITE
+		if [ "$OVERWRITE" != "y" ]; then
+			echo "Skipping \"$remote_file\""
+			return
+		fi
+	fi
+
+	echo "Downloading \"$remote_file\" to \"$out_file\""
+	if ! $DOWNLOAD_CMD "$out_file" "${BASE_URL}/${remote_file}"; then
+		echo "Error: Failed to download ${remote_file}"
+		rm -f "$out_file" # Clean up partial download
+		exit 1
+	fi
+	echo "Done"
+}
+
+ask_while_empty() {
+	local prompt="$1"
+	local var_name="$2"
+	local value=""
+	while [ -z "$value" ]; do
+		read -p "$prompt" value
+		if [ -z "$value" ]; then
+			echo "Error: $var_name cannot be empty, please try again"
+		fi
+	done
+	eval "$var_name=\"$value\""
+}
+
+check_pkg "openssl" "openssl"
+check_pkg "docker" "docker-ce"
+
+# Setup required configurations
+# 1. Config base directory
+mkdir_if_not_exists "$CONFIG_BASE_PATH"
+
+# 2. .env file
+fetch_file "$DOT_ENV_EXAMPLE_PATH" "$DOT_ENV_PATH"
+# set random JWT secret
+JWT_SECRET=$(openssl rand -base64 32)
+sed -i "s/GODOXY_API_JWT_SECRET=.*/GODOXY_API_JWT_SECRET=${JWT_SECRET}/" "$DOT_ENV_PATH"
+
+# 3. docker-compose.yml
+fetch_file "$COMPOSE_EXAMPLE_FILE_NAME" "$COMPOSE_FILE_NAME"
+
+# 4. config.yml
+fetch_file "$CONFIG_EXAMPLE_FILE_NAME" "${CONFIG_BASE_PATH}/${CONFIG_FILE_NAME}"
+
+# 5. setup authentication
+
+# ask for user and password
+echo "Setting up login user"
+ask_while_empty "Enter login username: " LOGIN_USERNAME
+ask_while_empty "Enter login password: " LOGIN_PASSWORD
+echo "Setting up login user \"$LOGIN_USERNAME\" with password \"$LOGIN_PASSWORD\""
+sed -i "s/GODOXY_API_USERNAME=.*/GODOXY_API_USERNAME=${LOGIN_USERNAME}/" "$DOT_ENV_PATH"
+sed -i "s/GODOXY_API_PASSWORD=.*/GODOXY_API_PASSWORD=${LOGIN_PASSWORD}/" "$DOT_ENV_PATH"
+
+# 6. setup autocert
+
+# ask if want to enable autocert
+echo "Setting up autocert for SSL certificate"
+ask_while_empty "Do you want to enable autocert? (y/n): " ENABLE_AUTOCERT
+
+# quit if not using autocert
+if [ "$ENABLE_AUTOCERT" == "y" ]; then
+	# ask for domain
+	echo "Setting up autocert"
+	ask_while_empty "Enter domain (e.g. example.com): " DOMAIN
+
+	# ask for email
+	ask_while_empty "Enter email for Let's Encrypt: " EMAIL
+
+	# ask if using cloudflare
+	ask_while_empty "Are you using cloudflare? (y/n): " USE_CLOUDFLARE
+
+	# ask for cloudflare api key
+	if [ "$USE_CLOUDFLARE" = "y" ]; then
+		ask_while_empty "Enter cloudflare api key: " CLOUDFLARE_API_KEY
+		cat <<EOF >>"$CONFIG_BASE_PATH/$CONFIG_FILE_NAME"
+autocert:
+  provider: cloudflare
+  email: $EMAIL
+  domains:
+    - "*.${DOMAIN}"
+    - "${DOMAIN}"
+  options:
+    auth_token: "$CLOUDFLARE_API_KEY"
+EOF
+	else
+		echo "Not using cloudflare, skipping autocert setup"
+		echo "Please refer to ${WIKI_URL}/Supported-DNS-01-Providers for more information"
+	fi
+fi
+
+echo "Setup finished"