Enable automatic updates
recommendedhosted installer
recommendedbash
curl -fsSL https://rsb-dashboard.tarik02.me/install/proxynode/helm \
| bash -s -- '' '' --auto-update- Then check /proxies to confirm the connection shows up.
manual install
values.yaml
controllers:
main:
containers:
main:
workingDir: /app
image:
repository: ghcr.io/tarik02/proxyhub/proxynode
tag: stable
pullPolicy: Always
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
resources:
limits:
memory: 128Mi
updater:
enabled: true
type: cronjob
cronjob:
schedule: "*/5 * * * *"
concurrencyPolicy: Forbid
successfulJobsHistory: 1
failedJobsHistory: 1
serviceAccount:
identifier: proxynode-auto-update
containers:
main:
image:
repository: curlimages/curl
tag: 8.12.1
pullPolicy: IfNotPresent
command:
- sh
- /scripts/check-and-rollout.sh
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
defaultPodOptions:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
secrets:
proxynode-config:
stringData:
proxynode.yaml: |
log:
level: info
endpoint: "wss://proxyhub.tarik02.me/join"
username: ""
password: ""
egressWhitelist:
- '{www.,}instagram.com:{80,443}'
- '{www.,}facebook.com:{80,443}'
- '{www.,}edge-chat.facebook.com:{80,443}'
- '{www.,}web-chat-e2ee.instagram.com:{80,443}'
- '{www.,}edge-chat.instagram.com:{80,443}'
- '{www.,}graph.instagram.com:{80,443}'
- '{www.,}gateway.instagram.com:{80,443}'
- '{www.,}2ip.ua:{80,443}'
- '{www.,}i.instagram.com:{80,443}'
- 'cdninstagram.com:{80,443}'
- '**.cdninstagram.com:{80,443}'
- 'fbcdn.net:{80,443}'
- '**.fbcdn.net:{80,443}'
- '{www.,}fbsbx.com:{80,443}'
- '{www.,}google.com:{80,443}'
- 'gstatic.com:{80,443}'
- '**.gstatic.com:{80,443}'
- '{www.,}{api.,}{x,twitter}.com:{80,443}'
serviceAccount:
proxynode-auto-update:
enabled: true
forceRename: proxynode-auto-update
configMaps:
proxynode-auto-update:
forceRename: proxynode-auto-update
data:
check-and-rollout.sh: |
#!/bin/sh
set -eu
registry_host='ghcr.io'
repository='tarik02/proxyhub/proxynode'
tag='stable'
deployment='proxynode-main'
service_account_dir=/var/run/secrets/kubernetes.io/serviceaccount
namespace="$(cat "$service_account_dir/namespace")"
api_server="https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT_HTTPS}"
auth_header="$(curl -fsSI "https://${registry_host}/v2/${repository}/manifests/${tag}" | tr -d '\r' | awk -F': ' 'tolower($1)=="www-authenticate"{print $2}')"
realm="$(printf %s "$auth_header" | sed -n 's/^Bearer realm="\([^"]*\)".*/\1/p')"
service="$(printf %s "$auth_header" | sed -n 's/.*service="\([^"]*\)".*/\1/p')"
scope="$(printf %s "$auth_header" | sed -n 's/.*scope="\([^"]*\)".*/\1/p')"
registry_token="$(curl -fsSL "${realm}?service=${service}&scope=${scope}" | sed -n 's/.*"token":"\([^"]*\)".*/\1/p')"
latest_digest="$(curl -fsSI \
-H "Authorization: Bearer ${registry_token}" \
-H 'Accept: application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.docker.distribution.manifest.v2+json, application/vnd.oci.image.index.v1+json, application/vnd.oci.image.manifest.v1+json' \
"https://${registry_host}/v2/${repository}/manifests/${tag}" | tr -d '\r' | awk -F': ' 'tolower($1)=="docker-content-digest"{print $2}' | tail -n 1)"
[ -n "$latest_digest" ] || {
echo "failed to resolve the latest proxynode image digest" >&2
exit 1
}
cluster_token="$(cat "$service_account_dir/token")"
deployment_json="$(curl -fsSL --cacert "$service_account_dir/ca.crt" -H "Authorization: Bearer ${cluster_token}" "${api_server}/apis/apps/v1/namespaces/${namespace}/deployments/${deployment}")"
current_digest="$(printf %s "$deployment_json" | sed -n 's|.*"proxyhub.io/last-image-digest":"\([^"]*\)".*|\1|p')"
if [ "$current_digest" = "$latest_digest" ]; then
echo "proxynode is already up to date ($latest_digest)"
exit 0
fi
timestamp="$(date -u +%Y-%m-%dT%H:%M:%SZ)"
patch="$(cat <<EOF
{"metadata":{"annotations":{"proxyhub.io/last-image-digest":"$latest_digest"}},"spec":{"template":{"metadata":{"annotations":{"proxyhub.io/last-image-digest":"$latest_digest","proxyhub.io/restarted-at":"$timestamp"}}}}}
EOF
)"
curl -fsSL --cacert "$service_account_dir/ca.crt" \
-X PATCH \
-H "Authorization: Bearer ${cluster_token}" \
-H "Content-Type: application/strategic-merge-patch+json" \
--data "$patch" \
"${api_server}/apis/apps/v1/namespaces/${namespace}/deployments/${deployment}" >/dev/null
echo "rolled proxynode to $latest_digest"
rbac:
roles:
proxynode-auto-update:
enabled: true
type: Role
forceRename: proxynode-auto-update
rules:
- apiGroups:
- apps
resources:
- deployments
resourceNames:
- proxynode
verbs:
- get
- patch
bindings:
proxynode-auto-update:
enabled: true
type: RoleBinding
forceRename: proxynode-auto-update
roleRef:
identifier: proxynode-auto-update
subjects:
- identifier: proxynode-auto-update
persistence:
proxynode-config:
type: secret
identifier: proxynode-config
globalMounts:
- path: /app/proxynode.yaml
subPath: proxynode.yaml
proxynode-auto-update:
type: configMap
identifier: proxynode-auto-update
defaultMode: 493
advancedMounts:
updater:
main:
- path: /scripts/check-and-rollout.sh
subPath: check-and-rollout.sh
readOnly: trueinstall chart
bash
helm repo add bjw-s https://bjw-s-labs.github.io/helm-charts/
helm repo update
helm upgrade --install proxynode bjw-s/app-template --rollback-on-failure -f values.yaml- Then check /proxies to confirm the connection shows up.