diff --git a/apps/cliproxyapi-plus/6.9.5-0/data.yml b/apps/cliproxyapi-plus/6.9.5-0/data.yml new file mode 100644 index 0000000..bb34142 --- /dev/null +++ b/apps/cliproxyapi-plus/6.9.5-0/data.yml @@ -0,0 +1,57 @@ +additionalProperties: + formFields: + - default: 8317 + edit: true + envKey: PANEL_APP_PORT_8317 + labelEn: Port 8317 + labelZh: 端口 8317 + required: true + rule: paramPort + type: number + - default: 8085 + edit: true + envKey: PANEL_APP_PORT_8085 + labelEn: Port 8085 + labelZh: 端口 8085 + required: true + rule: paramPort + type: number + - default: 1455 + edit: true + envKey: PANEL_APP_PORT_1455 + labelEn: Port 1455 + labelZh: 端口 1455 + required: true + rule: paramPort + type: number + - default: 54545 + edit: true + envKey: PANEL_APP_PORT_54545 + labelEn: Port 54545 + labelZh: 端口 54545 + required: true + rule: paramPort + type: number + - default: 51121 + edit: true + envKey: PANEL_APP_PORT_51121 + labelEn: Port 51121 + labelZh: 端口 51121 + required: true + rule: paramPort + type: number + - default: 11451 + edit: true + envKey: PANEL_APP_PORT_11451 + labelEn: Port 11451 + labelZh: 端口 11451 + required: true + rule: paramPort + type: number + - default: Asia/Shanghai + edit: true + envKey: TZ + labelEn: Time Zone + labelZh: 时区 + required: true + type: text \ No newline at end of file diff --git a/apps/cliproxyapi-plus/6.9.5-0/data/config.yaml b/apps/cliproxyapi-plus/6.9.5-0/data/config.yaml new file mode 100644 index 0000000..0ea51e5 --- /dev/null +++ b/apps/cliproxyapi-plus/6.9.5-0/data/config.yaml @@ -0,0 +1,422 @@ +# Server host/interface to bind to. Default is empty ("") to bind all interfaces (IPv4 + IPv6). +# Use "127.0.0.1" or "localhost" to restrict access to local machine only. +host: '' + +# Server port +port: 8317 + +# TLS settings for HTTPS. When enabled, the server listens with the provided certificate and key. +tls: + enable: false + cert: '' + key: '' + +# Management API settings +remote-management: + # Whether to allow remote (non-localhost) management access. + # When false, only localhost can access management endpoints (a key is still required). + allow-remote: false + + # Management key. If a plaintext value is provided here, it will be hashed on startup. + # All management requests (even from localhost) require this key. + # Leave empty to disable the Management API entirely (404 for all /v0/management routes). + secret-key: '' + + # Disable the bundled management control panel asset download and HTTP route when true. + disable-control-panel: false + + # GitHub repository for the management control panel. Accepts a repository URL or releases API URL. + panel-github-repository: 'https://github.com/router-for-me/Cli-Proxy-API-Management-Center' + +# Authentication directory (supports ~ for home directory) +auth-dir: '~/.cli-proxy-api' + +# API keys for authentication +api-keys: + - 'your-api-key-1' + - 'your-api-key-2' + - 'your-api-key-3' + +# Enable debug logging +debug: false + +# Enable pprof HTTP debug server (host:port). Keep it bound to localhost for safety. +pprof: + enable: false + addr: '127.0.0.1:8316' + +# When true, disable high-overhead HTTP middleware features to reduce per-request memory usage under high concurrency. +commercial-mode: false + +# Open OAuth URLs in incognito/private browser mode. +# Useful when you want to login with a different account without logging out from your current session. +# Default: false (but Kiro auth defaults to true for multi-account support) +incognito-browser: true + +# When true, write application logs to rotating files instead of stdout +logging-to-file: false + +# Maximum total size (MB) of log files under the logs directory. When exceeded, the oldest log +# files are deleted until within the limit. Set to 0 to disable. +logs-max-total-size-mb: 0 + +# Maximum number of error log files retained when request logging is disabled. +# When exceeded, the oldest error log files are deleted. Default is 10. Set to 0 to disable cleanup. +error-logs-max-files: 10 + +# When false, disable in-memory usage statistics aggregation +usage-statistics-enabled: false + +# Proxy URL. Supports socks5/http/https protocols. Example: socks5://user:pass@192.168.1.1:1080/ +# Per-entry proxy-url also supports "direct" or "none" to bypass both the global proxy-url and environment proxies explicitly. +proxy-url: "" + +# When true, unprefixed model requests only use credentials without a prefix (except when prefix == model name). +force-model-prefix: false + +# When true, forward filtered upstream response headers to downstream clients. +# Default is false (disabled). +passthrough-headers: false + +# Number of times to retry a request. Retries will occur if the HTTP response code is 403, 408, 500, 502, 503, or 504. +request-retry: 3 + +# Maximum number of different credentials to try for one failed request. +# Set to 0 to keep legacy behavior (try all available credentials). +max-retry-credentials: 0 + +# Maximum wait time in seconds for a cooled-down credential before triggering a retry. +max-retry-interval: 30 + +# Quota exceeded behavior +quota-exceeded: + switch-project: true # Whether to automatically switch to another project when a quota is exceeded + switch-preview-model: true # Whether to automatically switch to a preview model when a quota is exceeded + +# Routing strategy for selecting credentials when multiple match. +routing: + strategy: 'round-robin' # round-robin (default), fill-first + +# When true, enable authentication for the WebSocket API (/v1/ws). +ws-auth: false + +# When > 0, emit blank lines every N seconds for non-streaming responses to prevent idle timeouts. +nonstream-keepalive-interval: 0 + +# Streaming behavior (SSE keep-alives + safe bootstrap retries). +# streaming: +# keepalive-seconds: 15 # Default: 0 (disabled). <= 0 disables keep-alives. +# bootstrap-retries: 1 # Default: 0 (disabled). Retries before first byte is sent. + +# Gemini API keys +# gemini-api-key: +# - api-key: "AIzaSy...01" +# prefix: "test" # optional: require calls like "test/gemini-3-pro-preview" to target this credential +# base-url: "https://generativelanguage.googleapis.com" +# headers: +# X-Custom-Header: "custom-value" +# proxy-url: "socks5://proxy.example.com:1080" +# # proxy-url: "direct" # optional: explicit direct connect for this credential +# models: +# - name: "gemini-2.5-flash" # upstream model name +# alias: "gemini-flash" # client alias mapped to the upstream model +# excluded-models: +# - "gemini-2.5-pro" # exclude specific models from this provider (exact match) +# - "gemini-2.5-*" # wildcard matching prefix (e.g. gemini-2.5-flash, gemini-2.5-pro) +# - "*-preview" # wildcard matching suffix (e.g. gemini-3-pro-preview) +# - "*flash*" # wildcard matching substring (e.g. gemini-2.5-flash-lite) +# - api-key: "AIzaSy...02" + +# Codex API keys +# codex-api-key: +# - api-key: "sk-atSM..." +# prefix: "test" # optional: require calls like "test/gpt-5-codex" to target this credential +# base-url: "https://www.example.com" # use the custom codex API endpoint +# headers: +# X-Custom-Header: "custom-value" +# proxy-url: "socks5://proxy.example.com:1080" # optional: per-key proxy override +# # proxy-url: "direct" # optional: explicit direct connect for this credential +# models: +# - name: "gpt-5-codex" # upstream model name +# alias: "codex-latest" # client alias mapped to the upstream model +# excluded-models: +# - "gpt-5.1" # exclude specific models (exact match) +# - "gpt-5-*" # wildcard matching prefix (e.g. gpt-5-medium, gpt-5-codex) +# - "*-mini" # wildcard matching suffix (e.g. gpt-5-codex-mini) +# - "*codex*" # wildcard matching substring (e.g. gpt-5-codex-low) + +# Claude API keys +# claude-api-key: +# - api-key: "sk-atSM..." # use the official claude API key, no need to set the base url +# - api-key: "sk-atSM..." +# prefix: "test" # optional: require calls like "test/claude-sonnet-latest" to target this credential +# base-url: "https://www.example.com" # use the custom claude API endpoint +# headers: +# X-Custom-Header: "custom-value" +# proxy-url: "socks5://proxy.example.com:1080" # optional: per-key proxy override +# # proxy-url: "direct" # optional: explicit direct connect for this credential +# models: +# - name: "claude-3-5-sonnet-20241022" # upstream model name +# alias: "claude-sonnet-latest" # client alias mapped to the upstream model +# excluded-models: +# - "claude-opus-4-5-20251101" # exclude specific models (exact match) +# - "claude-3-*" # wildcard matching prefix (e.g. claude-3-7-sonnet-20250219) +# - "*-thinking" # wildcard matching suffix (e.g. claude-opus-4-5-thinking) +# - "*haiku*" # wildcard matching substring (e.g. claude-3-5-haiku-20241022) +# cloak: # optional: request cloaking for non-Claude-Code clients +# mode: "auto" # "auto" (default): cloak only when client is not Claude Code +# # "always": always apply cloaking +# # "never": never apply cloaking +# strict-mode: false # false (default): prepend Claude Code prompt to user system messages +# # true: strip all user system messages, keep only Claude Code prompt +# sensitive-words: # optional: words to obfuscate with zero-width characters +# - "API" +# - "proxy" +# cache-user-id: true # optional: default is false; set true to reuse cached user_id per API key instead of generating a random one each request + +# Default headers for Claude API requests. Update when Claude Code releases new versions. +# In legacy mode, user-agent/package-version/runtime-version/timeout are used as fallbacks +# when the client omits them, while OS/arch remain runtime-derived. When +# stabilize-device-profile is enabled, OS/arch stay pinned to the baseline values below, +# while user-agent/package-version/runtime-version seed a software fingerprint that can +# still upgrade to newer official Claude client versions. +# claude-header-defaults: +# user-agent: "claude-cli/2.1.44 (external, sdk-cli)" +# package-version: "0.74.0" +# runtime-version: "v24.3.0" +# os: "MacOS" +# arch: "arm64" +# timeout: "600" +# stabilize-device-profile: false # optional, default false; set true to enable per-auth/API-key fingerprint pinning + +# Default headers for Codex OAuth model requests. +# These are used only for file-backed/OAuth Codex requests when the client +# does not send the header. `user-agent` applies to HTTP and websocket requests; +# `beta-features` only applies to websocket requests. They do not apply to codex-api-key entries. +# codex-header-defaults: +# user-agent: "codex_cli_rs/0.114.0 (Mac OS 14.2.0; x86_64) vscode/1.111.0" +# beta-features: "multi_agent" + +# Kiro (AWS CodeWhisperer) configuration +# Note: Kiro API currently only operates in us-east-1 region +#kiro: +# - token-file: "~/.aws/sso/cache/kiro-auth-token.json" # path to Kiro token file +# agent-task-type: "" # optional: "vibe" or empty (API default) +# start-url: "https://your-company.awsapps.com/start" # optional: IDC start URL (preset for login) +# region: "us-east-1" # optional: OIDC region for IDC login and token refresh +# - access-token: "aoaAAAAA..." # or provide tokens directly +# refresh-token: "aorAAAAA..." +# profile-arn: "arn:aws:codewhisperer:us-east-1:..." +# proxy-url: "socks5://proxy.example.com:1080" # optional: proxy override + +# Kilocode (OAuth-based code assistant) +# Note: Kilocode uses OAuth device flow authentication. +# Use the CLI command: ./server --kilo-login +# This will save credentials to the auth directory (default: ~/.cli-proxy-api/) +# oauth-model-alias: +# kilo: +# - name: "minimax/minimax-m2.5:free" +# alias: "minimax-m2.5" +# - name: "z-ai/glm-5:free" +# alias: "glm-5" +# oauth-excluded-models: +# kilo: +# - "kilo-claude-opus-4-6" # exclude specific models (exact match) +# - "*:free" # wildcard matching suffix (e.g. all free models) + +# OpenAI compatibility providers +# openai-compatibility: +# - name: "openrouter" # The name of the provider; it will be used in the user agent and other places. +# prefix: "test" # optional: require calls like "test/kimi-k2" to target this provider's credentials +# base-url: "https://openrouter.ai/api/v1" # The base URL of the provider. +# headers: +# X-Custom-Header: "custom-value" +# api-key-entries: +# - api-key: "sk-or-v1-...b780" +# proxy-url: "socks5://proxy.example.com:1080" # optional: per-key proxy override +# # proxy-url: "direct" # optional: explicit direct connect for this credential +# - api-key: "sk-or-v1-...b781" # without proxy-url +# models: # The models supported by the provider. +# - name: "moonshotai/kimi-k2:free" # The actual model name. +# alias: "kimi-k2" # The alias used in the API. +# thinking: # optional: omit to default to levels ["low","medium","high"] +# levels: ["low", "medium", "high"] +# # You may repeat the same alias to build an internal model pool. +# # The client still sees only one alias in the model list. +# # Requests to that alias will round-robin across the upstream names below, +# # and if the chosen upstream fails before producing output, the request will +# # continue with the next upstream model in the same alias pool. +# - name: "qwen3.5-plus" +# alias: "claude-opus-4.66" +# - name: "glm-5" +# alias: "claude-opus-4.66" +# - name: "kimi-k2.5" +# alias: "claude-opus-4.66" + +# Vertex API keys (Vertex-compatible endpoints, base-url is optional) +# vertex-api-key: +# - api-key: "vk-123..." # x-goog-api-key header +# prefix: "test" # optional: require calls like "test/vertex-pro" to target this credential +# base-url: "https://example.com/api" # optional, e.g. https://zenmux.ai/api; falls back to Google Vertex when omitted +# proxy-url: "socks5://proxy.example.com:1080" # optional per-key proxy override +# # proxy-url: "direct" # optional: explicit direct connect for this credential +# headers: +# X-Custom-Header: "custom-value" +# models: # optional: map aliases to upstream model names +# - name: "gemini-2.5-flash" # upstream model name +# alias: "vertex-flash" # client-visible alias +# - name: "gemini-2.5-pro" +# alias: "vertex-pro" +# excluded-models: # optional: models to exclude from listing +# - "imagen-3.0-generate-002" +# - "imagen-*" + +# Amp Integration +# ampcode: +# # Configure upstream URL for Amp CLI OAuth and management features +# upstream-url: "https://ampcode.com" +# # Optional: Override API key for Amp upstream (otherwise uses env or file) +# upstream-api-key: "" +# # Per-client upstream API key mapping +# # Maps client API keys (from top-level api-keys) to different Amp upstream API keys. +# # Useful when different clients need to use different Amp accounts/quotas. +# # If a client key isn't mapped, falls back to upstream-api-key (default behavior). +# upstream-api-keys: +# - upstream-api-key: "amp_key_for_team_a" # Upstream key to use for these clients +# api-keys: # Client keys that use this upstream key +# - "your-api-key-1" +# - "your-api-key-2" +# - upstream-api-key: "amp_key_for_team_b" +# api-keys: +# - "your-api-key-3" +# # Restrict Amp management routes (/api/auth, /api/user, etc.) to localhost only (default: false) +# restrict-management-to-localhost: false +# # Force model mappings to run before checking local API keys (default: false) +# force-model-mappings: false +# # Amp Model Mappings +# # Route unavailable Amp models to alternative models available in your local proxy. +# # Useful when Amp CLI requests models you don't have access to (e.g., Claude Opus 4.5) +# # but you have a similar model available (e.g., Claude Sonnet 4). +# model-mappings: +# - from: "claude-opus-4-5-20251101" # Model requested by Amp CLI +# to: "gemini-claude-opus-4-5-thinking" # Route to this available model instead +# - from: "claude-sonnet-4-5-20250929" +# to: "gemini-claude-sonnet-4-5-thinking" +# - from: "claude-haiku-4-5-20251001" +# to: "gemini-2.5-flash" + +# Global OAuth model name aliases (per channel) +# These aliases rename model IDs for both model listing and request routing. +# Supported channels: gemini-cli, vertex, aistudio, antigravity, claude, codex, qwen, iflow, kiro, github-copilot, kimi. +# NOTE: Aliases do not apply to gemini-api-key, codex-api-key, claude-api-key, openai-compatibility, vertex-api-key, or ampcode. +# You can repeat the same name with different aliases to expose multiple client model names. +# oauth-model-alias: +# antigravity: +# - name: "rev19-uic3-1p" +# alias: "gemini-2.5-computer-use-preview-10-2025" +# - name: "gemini-3-pro-image" +# alias: "gemini-3-pro-image-preview" +# - name: "gemini-3-pro-high" +# alias: "gemini-3-pro-preview" +# - name: "gemini-3-flash" +# alias: "gemini-3-flash-preview" +# - name: "claude-sonnet-4-5" +# alias: "gemini-claude-sonnet-4-5" +# - name: "claude-sonnet-4-5-thinking" +# alias: "gemini-claude-sonnet-4-5-thinking" +# - name: "claude-opus-4-5-thinking" +# alias: "gemini-claude-opus-4-5-thinking" +# gemini-cli: +# - name: "gemini-2.5-pro" # original model name under this channel +# alias: "g2.5p" # client-visible alias +# fork: true # when true, keep original and also add the alias as an extra model (default: false) +# vertex: +# - name: "gemini-2.5-pro" +# alias: "g2.5p" +# aistudio: +# - name: "gemini-2.5-pro" +# alias: "g2.5p" +# claude: +# - name: "claude-sonnet-4-5-20250929" +# alias: "cs4.5" +# codex: +# - name: "gpt-5" +# alias: "g5" +# qwen: +# - name: "qwen3-coder-plus" +# alias: "qwen-plus" +# iflow: +# - name: "glm-4.7" +# alias: "glm-god" +# kimi: +# - name: "kimi-k2.5" +# alias: "k2.5" +# kiro: +# - name: "kiro-claude-opus-4-5" +# alias: "op45" +# github-copilot: +# - name: "gpt-5" +# alias: "copilot-gpt5" + +# OAuth provider excluded models +# Supported channels: gemini-cli, vertex, aistudio, antigravity, claude, codex, qwen, iflow, kiro, github-copilot. +# oauth-excluded-models: +# gemini-cli: +# - "gemini-2.5-pro" # exclude specific models (exact match) +# - "gemini-2.5-*" # wildcard matching prefix (e.g. gemini-2.5-flash, gemini-2.5-pro) +# - "*-preview" # wildcard matching suffix (e.g. gemini-3-pro-preview) +# - "*flash*" # wildcard matching substring (e.g. gemini-2.5-flash-lite) +# vertex: +# - "gemini-3-pro-preview" +# aistudio: +# - "gemini-3-pro-preview" +# antigravity: +# - "gemini-3-pro-preview" +# claude: +# - "claude-3-5-haiku-20241022" +# codex: +# - "gpt-5-codex-mini" +# qwen: +# - "vision-model" +# iflow: +# - "tstars2.0" +# kimi: +# - "kimi-k2-thinking" +# kiro: +# - "kiro-claude-haiku-4-5" +# github-copilot: +# - "raptor-mini" + +# Optional payload configuration +# payload: +# default: # Default rules only set parameters when they are missing in the payload. +# - models: +# - name: "gemini-2.5-pro" # Supports wildcards (e.g., "gemini-*") +# protocol: "gemini" # restricts the rule to a specific protocol, options: openai, gemini, claude, codex, antigravity +# params: # JSON path (gjson/sjson syntax) -> value +# "generationConfig.thinkingConfig.thinkingBudget": 32768 +# default-raw: # Default raw rules set parameters using raw JSON when missing (must be valid JSON). +# - models: +# - name: "gemini-2.5-pro" # Supports wildcards (e.g., "gemini-*") +# protocol: "gemini" # restricts the rule to a specific protocol, options: openai, gemini, claude, codex, antigravity +# params: # JSON path (gjson/sjson syntax) -> raw JSON value (strings are used as-is, must be valid JSON) +# "generationConfig.responseJsonSchema": "{\"type\":\"object\",\"properties\":{\"answer\":{\"type\":\"string\"}}}" +# override: # Override rules always set parameters, overwriting any existing values. +# - models: +# - name: "gpt-*" # Supports wildcards (e.g., "gpt-*") +# protocol: "codex" # restricts the rule to a specific protocol, options: openai, gemini, claude, codex, antigravity +# params: # JSON path (gjson/sjson syntax) -> value +# "reasoning.effort": "high" +# override-raw: # Override raw rules always set parameters using raw JSON (must be valid JSON). +# - models: +# - name: "gpt-*" # Supports wildcards (e.g., "gpt-*") +# protocol: "codex" # restricts the rule to a specific protocol, options: openai, gemini, claude, codex, antigravity +# params: # JSON path (gjson/sjson syntax) -> raw JSON value (strings are used as-is, must be valid JSON) +# "response_format": "{\"type\":\"json_schema\",\"json_schema\":{\"name\":\"answer\",\"schema\":{\"type\":\"object\"}}}" +# filter: # Filter rules remove specified parameters from the payload. +# - models: +# - name: "gemini-2.5-pro" # Supports wildcards (e.g., "gemini-*") +# protocol: "gemini" # restricts the rule to a specific protocol, options: openai, gemini, claude, codex, antigravity +# params: # JSON paths (gjson/sjson syntax) to remove from the payload +# - "generationConfig.thinkingConfig.thinkingBudget" +# - "generationConfig.responseJsonSchema" diff --git a/apps/cliproxyapi-plus/6.9.5-0/docker-compose.yml b/apps/cliproxyapi-plus/6.9.5-0/docker-compose.yml new file mode 100644 index 0000000..4700d8b --- /dev/null +++ b/apps/cliproxyapi-plus/6.9.5-0/docker-compose.yml @@ -0,0 +1,26 @@ +services: + cliproxyapi-plus: + image: eceasy/cli-proxy-api-plus:v6.9.5-0 + container_name: ${CONTAINER_NAME} + restart: always + networks: + - 1panel-network + ports: + - ${PANEL_APP_PORT_8317}:8317 + - ${PANEL_APP_PORT_8085}:8085 + - ${PANEL_APP_PORT_1455}:1455 + - ${PANEL_APP_PORT_54545}:54545 + - ${PANEL_APP_PORT_51121}:51121 + - ${PANEL_APP_PORT_11451}:11451 + volumes: + - ./data/config.yaml:/CLIProxyAPI/config.yaml + - ./data/auths:/root/.cli-proxy-api + - ./data/logs:/CLIProxyAPI/logs + environment: + - TZ=${TZ} + labels: + createdBy: "Apps" + +networks: + 1panel-network: + external: true \ No newline at end of file diff --git a/apps/cliproxyapi-plus/README.md b/apps/cliproxyapi-plus/README.md new file mode 100644 index 0000000..67ce9c9 --- /dev/null +++ b/apps/cliproxyapi-plus/README.md @@ -0,0 +1,29 @@ +# CLIProxyAPI Plus + +CLIProxyAPI Plus 代理API服务,基于主线项目添加第三方提供商支持。 + +## 功能特点 + +- 支持多种代理协议 +- 支持第三方提供商 +- 高性能设计 +- 易于部署和使用 + +## 使用说明 + +### 默认端口 + +- Web 界面: 8317 +- API 端口: 8085 +- 其他端口: 1455, 54545, 51121, 11451 + +### 数据目录 + +应用数据存储在 `./data` 目录,包含: +- `config.yaml` - 配置文件 +- `auths/` - 认证信息目录 +- `logs/` - 日志目录 + +## 相关链接 + +- GitHub: https://github.com/router-for-me/CLIProxyAPIPlus \ No newline at end of file diff --git a/apps/cliproxyapi-plus/README_en.md b/apps/cliproxyapi-plus/README_en.md new file mode 100644 index 0000000..9dc3bc7 --- /dev/null +++ b/apps/cliproxyapi-plus/README_en.md @@ -0,0 +1,29 @@ +# CLIProxyAPI Plus + +CLIProxyAPI Plus proxy API service with third-party provider support based on the mainline project. + +## Features + +- Support multiple proxy protocols +- Support third-party providers +- High performance design +- Easy to deploy and use + +## Usage + +### Default Ports + +- Web UI: 8317 +- API Port: 8085 +- Other Ports: 1455, 54545, 51121, 11451 + +### Data Directory + +Application data is stored in the `./data` directory: +- `config.yaml` - Configuration file +- `auths/` - Authentication directory +- `logs/` - Logs directory + +## Links + +- GitHub: https://github.com/router-for-me/CLIProxyAPIPlus \ No newline at end of file diff --git a/apps/cliproxyapi-plus/data.yml b/apps/cliproxyapi-plus/data.yml new file mode 100644 index 0000000..aeebfeb --- /dev/null +++ b/apps/cliproxyapi-plus/data.yml @@ -0,0 +1,24 @@ +name: CLIProxyAPI Plus +tags: + - 网络工具 + - 代理服务 +title: CLIProxyAPI Plus - 代理API服务 +description: CLIProxyAPI Plus - 代理API服务 +additionalProperties: + key: cliproxyapi-plus + name: CLIProxyAPI Plus + tags: + - Proxy + - Network + shortDescZh: CLIProxyAPI Plus 代理API服务 + shortDescEn: CLIProxyAPI Plus Proxy API Service + type: website + crossVersionUpdate: true + limit: 0 + recommend: 0 + website: https://github.com/router-for-me/CLIProxyAPIPlus + github: https://github.com/router-for-me/CLIProxyAPIPlus + document: https://github.com/router-for-me/CLIProxyAPIPlus + architectures: + - amd64 + - arm64 \ No newline at end of file diff --git a/apps/cliproxyapi-plus/latest/data.yml b/apps/cliproxyapi-plus/latest/data.yml new file mode 100644 index 0000000..bb34142 --- /dev/null +++ b/apps/cliproxyapi-plus/latest/data.yml @@ -0,0 +1,57 @@ +additionalProperties: + formFields: + - default: 8317 + edit: true + envKey: PANEL_APP_PORT_8317 + labelEn: Port 8317 + labelZh: 端口 8317 + required: true + rule: paramPort + type: number + - default: 8085 + edit: true + envKey: PANEL_APP_PORT_8085 + labelEn: Port 8085 + labelZh: 端口 8085 + required: true + rule: paramPort + type: number + - default: 1455 + edit: true + envKey: PANEL_APP_PORT_1455 + labelEn: Port 1455 + labelZh: 端口 1455 + required: true + rule: paramPort + type: number + - default: 54545 + edit: true + envKey: PANEL_APP_PORT_54545 + labelEn: Port 54545 + labelZh: 端口 54545 + required: true + rule: paramPort + type: number + - default: 51121 + edit: true + envKey: PANEL_APP_PORT_51121 + labelEn: Port 51121 + labelZh: 端口 51121 + required: true + rule: paramPort + type: number + - default: 11451 + edit: true + envKey: PANEL_APP_PORT_11451 + labelEn: Port 11451 + labelZh: 端口 11451 + required: true + rule: paramPort + type: number + - default: Asia/Shanghai + edit: true + envKey: TZ + labelEn: Time Zone + labelZh: 时区 + required: true + type: text \ No newline at end of file diff --git a/apps/cliproxyapi-plus/latest/data/.gitkeep b/apps/cliproxyapi-plus/latest/data/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/apps/cliproxyapi-plus/latest/data/config.yaml b/apps/cliproxyapi-plus/latest/data/config.yaml new file mode 100644 index 0000000..0ea51e5 --- /dev/null +++ b/apps/cliproxyapi-plus/latest/data/config.yaml @@ -0,0 +1,422 @@ +# Server host/interface to bind to. Default is empty ("") to bind all interfaces (IPv4 + IPv6). +# Use "127.0.0.1" or "localhost" to restrict access to local machine only. +host: '' + +# Server port +port: 8317 + +# TLS settings for HTTPS. When enabled, the server listens with the provided certificate and key. +tls: + enable: false + cert: '' + key: '' + +# Management API settings +remote-management: + # Whether to allow remote (non-localhost) management access. + # When false, only localhost can access management endpoints (a key is still required). + allow-remote: false + + # Management key. If a plaintext value is provided here, it will be hashed on startup. + # All management requests (even from localhost) require this key. + # Leave empty to disable the Management API entirely (404 for all /v0/management routes). + secret-key: '' + + # Disable the bundled management control panel asset download and HTTP route when true. + disable-control-panel: false + + # GitHub repository for the management control panel. Accepts a repository URL or releases API URL. + panel-github-repository: 'https://github.com/router-for-me/Cli-Proxy-API-Management-Center' + +# Authentication directory (supports ~ for home directory) +auth-dir: '~/.cli-proxy-api' + +# API keys for authentication +api-keys: + - 'your-api-key-1' + - 'your-api-key-2' + - 'your-api-key-3' + +# Enable debug logging +debug: false + +# Enable pprof HTTP debug server (host:port). Keep it bound to localhost for safety. +pprof: + enable: false + addr: '127.0.0.1:8316' + +# When true, disable high-overhead HTTP middleware features to reduce per-request memory usage under high concurrency. +commercial-mode: false + +# Open OAuth URLs in incognito/private browser mode. +# Useful when you want to login with a different account without logging out from your current session. +# Default: false (but Kiro auth defaults to true for multi-account support) +incognito-browser: true + +# When true, write application logs to rotating files instead of stdout +logging-to-file: false + +# Maximum total size (MB) of log files under the logs directory. When exceeded, the oldest log +# files are deleted until within the limit. Set to 0 to disable. +logs-max-total-size-mb: 0 + +# Maximum number of error log files retained when request logging is disabled. +# When exceeded, the oldest error log files are deleted. Default is 10. Set to 0 to disable cleanup. +error-logs-max-files: 10 + +# When false, disable in-memory usage statistics aggregation +usage-statistics-enabled: false + +# Proxy URL. Supports socks5/http/https protocols. Example: socks5://user:pass@192.168.1.1:1080/ +# Per-entry proxy-url also supports "direct" or "none" to bypass both the global proxy-url and environment proxies explicitly. +proxy-url: "" + +# When true, unprefixed model requests only use credentials without a prefix (except when prefix == model name). +force-model-prefix: false + +# When true, forward filtered upstream response headers to downstream clients. +# Default is false (disabled). +passthrough-headers: false + +# Number of times to retry a request. Retries will occur if the HTTP response code is 403, 408, 500, 502, 503, or 504. +request-retry: 3 + +# Maximum number of different credentials to try for one failed request. +# Set to 0 to keep legacy behavior (try all available credentials). +max-retry-credentials: 0 + +# Maximum wait time in seconds for a cooled-down credential before triggering a retry. +max-retry-interval: 30 + +# Quota exceeded behavior +quota-exceeded: + switch-project: true # Whether to automatically switch to another project when a quota is exceeded + switch-preview-model: true # Whether to automatically switch to a preview model when a quota is exceeded + +# Routing strategy for selecting credentials when multiple match. +routing: + strategy: 'round-robin' # round-robin (default), fill-first + +# When true, enable authentication for the WebSocket API (/v1/ws). +ws-auth: false + +# When > 0, emit blank lines every N seconds for non-streaming responses to prevent idle timeouts. +nonstream-keepalive-interval: 0 + +# Streaming behavior (SSE keep-alives + safe bootstrap retries). +# streaming: +# keepalive-seconds: 15 # Default: 0 (disabled). <= 0 disables keep-alives. +# bootstrap-retries: 1 # Default: 0 (disabled). Retries before first byte is sent. + +# Gemini API keys +# gemini-api-key: +# - api-key: "AIzaSy...01" +# prefix: "test" # optional: require calls like "test/gemini-3-pro-preview" to target this credential +# base-url: "https://generativelanguage.googleapis.com" +# headers: +# X-Custom-Header: "custom-value" +# proxy-url: "socks5://proxy.example.com:1080" +# # proxy-url: "direct" # optional: explicit direct connect for this credential +# models: +# - name: "gemini-2.5-flash" # upstream model name +# alias: "gemini-flash" # client alias mapped to the upstream model +# excluded-models: +# - "gemini-2.5-pro" # exclude specific models from this provider (exact match) +# - "gemini-2.5-*" # wildcard matching prefix (e.g. gemini-2.5-flash, gemini-2.5-pro) +# - "*-preview" # wildcard matching suffix (e.g. gemini-3-pro-preview) +# - "*flash*" # wildcard matching substring (e.g. gemini-2.5-flash-lite) +# - api-key: "AIzaSy...02" + +# Codex API keys +# codex-api-key: +# - api-key: "sk-atSM..." +# prefix: "test" # optional: require calls like "test/gpt-5-codex" to target this credential +# base-url: "https://www.example.com" # use the custom codex API endpoint +# headers: +# X-Custom-Header: "custom-value" +# proxy-url: "socks5://proxy.example.com:1080" # optional: per-key proxy override +# # proxy-url: "direct" # optional: explicit direct connect for this credential +# models: +# - name: "gpt-5-codex" # upstream model name +# alias: "codex-latest" # client alias mapped to the upstream model +# excluded-models: +# - "gpt-5.1" # exclude specific models (exact match) +# - "gpt-5-*" # wildcard matching prefix (e.g. gpt-5-medium, gpt-5-codex) +# - "*-mini" # wildcard matching suffix (e.g. gpt-5-codex-mini) +# - "*codex*" # wildcard matching substring (e.g. gpt-5-codex-low) + +# Claude API keys +# claude-api-key: +# - api-key: "sk-atSM..." # use the official claude API key, no need to set the base url +# - api-key: "sk-atSM..." +# prefix: "test" # optional: require calls like "test/claude-sonnet-latest" to target this credential +# base-url: "https://www.example.com" # use the custom claude API endpoint +# headers: +# X-Custom-Header: "custom-value" +# proxy-url: "socks5://proxy.example.com:1080" # optional: per-key proxy override +# # proxy-url: "direct" # optional: explicit direct connect for this credential +# models: +# - name: "claude-3-5-sonnet-20241022" # upstream model name +# alias: "claude-sonnet-latest" # client alias mapped to the upstream model +# excluded-models: +# - "claude-opus-4-5-20251101" # exclude specific models (exact match) +# - "claude-3-*" # wildcard matching prefix (e.g. claude-3-7-sonnet-20250219) +# - "*-thinking" # wildcard matching suffix (e.g. claude-opus-4-5-thinking) +# - "*haiku*" # wildcard matching substring (e.g. claude-3-5-haiku-20241022) +# cloak: # optional: request cloaking for non-Claude-Code clients +# mode: "auto" # "auto" (default): cloak only when client is not Claude Code +# # "always": always apply cloaking +# # "never": never apply cloaking +# strict-mode: false # false (default): prepend Claude Code prompt to user system messages +# # true: strip all user system messages, keep only Claude Code prompt +# sensitive-words: # optional: words to obfuscate with zero-width characters +# - "API" +# - "proxy" +# cache-user-id: true # optional: default is false; set true to reuse cached user_id per API key instead of generating a random one each request + +# Default headers for Claude API requests. Update when Claude Code releases new versions. +# In legacy mode, user-agent/package-version/runtime-version/timeout are used as fallbacks +# when the client omits them, while OS/arch remain runtime-derived. When +# stabilize-device-profile is enabled, OS/arch stay pinned to the baseline values below, +# while user-agent/package-version/runtime-version seed a software fingerprint that can +# still upgrade to newer official Claude client versions. +# claude-header-defaults: +# user-agent: "claude-cli/2.1.44 (external, sdk-cli)" +# package-version: "0.74.0" +# runtime-version: "v24.3.0" +# os: "MacOS" +# arch: "arm64" +# timeout: "600" +# stabilize-device-profile: false # optional, default false; set true to enable per-auth/API-key fingerprint pinning + +# Default headers for Codex OAuth model requests. +# These are used only for file-backed/OAuth Codex requests when the client +# does not send the header. `user-agent` applies to HTTP and websocket requests; +# `beta-features` only applies to websocket requests. They do not apply to codex-api-key entries. +# codex-header-defaults: +# user-agent: "codex_cli_rs/0.114.0 (Mac OS 14.2.0; x86_64) vscode/1.111.0" +# beta-features: "multi_agent" + +# Kiro (AWS CodeWhisperer) configuration +# Note: Kiro API currently only operates in us-east-1 region +#kiro: +# - token-file: "~/.aws/sso/cache/kiro-auth-token.json" # path to Kiro token file +# agent-task-type: "" # optional: "vibe" or empty (API default) +# start-url: "https://your-company.awsapps.com/start" # optional: IDC start URL (preset for login) +# region: "us-east-1" # optional: OIDC region for IDC login and token refresh +# - access-token: "aoaAAAAA..." # or provide tokens directly +# refresh-token: "aorAAAAA..." +# profile-arn: "arn:aws:codewhisperer:us-east-1:..." +# proxy-url: "socks5://proxy.example.com:1080" # optional: proxy override + +# Kilocode (OAuth-based code assistant) +# Note: Kilocode uses OAuth device flow authentication. +# Use the CLI command: ./server --kilo-login +# This will save credentials to the auth directory (default: ~/.cli-proxy-api/) +# oauth-model-alias: +# kilo: +# - name: "minimax/minimax-m2.5:free" +# alias: "minimax-m2.5" +# - name: "z-ai/glm-5:free" +# alias: "glm-5" +# oauth-excluded-models: +# kilo: +# - "kilo-claude-opus-4-6" # exclude specific models (exact match) +# - "*:free" # wildcard matching suffix (e.g. all free models) + +# OpenAI compatibility providers +# openai-compatibility: +# - name: "openrouter" # The name of the provider; it will be used in the user agent and other places. +# prefix: "test" # optional: require calls like "test/kimi-k2" to target this provider's credentials +# base-url: "https://openrouter.ai/api/v1" # The base URL of the provider. +# headers: +# X-Custom-Header: "custom-value" +# api-key-entries: +# - api-key: "sk-or-v1-...b780" +# proxy-url: "socks5://proxy.example.com:1080" # optional: per-key proxy override +# # proxy-url: "direct" # optional: explicit direct connect for this credential +# - api-key: "sk-or-v1-...b781" # without proxy-url +# models: # The models supported by the provider. +# - name: "moonshotai/kimi-k2:free" # The actual model name. +# alias: "kimi-k2" # The alias used in the API. +# thinking: # optional: omit to default to levels ["low","medium","high"] +# levels: ["low", "medium", "high"] +# # You may repeat the same alias to build an internal model pool. +# # The client still sees only one alias in the model list. +# # Requests to that alias will round-robin across the upstream names below, +# # and if the chosen upstream fails before producing output, the request will +# # continue with the next upstream model in the same alias pool. +# - name: "qwen3.5-plus" +# alias: "claude-opus-4.66" +# - name: "glm-5" +# alias: "claude-opus-4.66" +# - name: "kimi-k2.5" +# alias: "claude-opus-4.66" + +# Vertex API keys (Vertex-compatible endpoints, base-url is optional) +# vertex-api-key: +# - api-key: "vk-123..." # x-goog-api-key header +# prefix: "test" # optional: require calls like "test/vertex-pro" to target this credential +# base-url: "https://example.com/api" # optional, e.g. https://zenmux.ai/api; falls back to Google Vertex when omitted +# proxy-url: "socks5://proxy.example.com:1080" # optional per-key proxy override +# # proxy-url: "direct" # optional: explicit direct connect for this credential +# headers: +# X-Custom-Header: "custom-value" +# models: # optional: map aliases to upstream model names +# - name: "gemini-2.5-flash" # upstream model name +# alias: "vertex-flash" # client-visible alias +# - name: "gemini-2.5-pro" +# alias: "vertex-pro" +# excluded-models: # optional: models to exclude from listing +# - "imagen-3.0-generate-002" +# - "imagen-*" + +# Amp Integration +# ampcode: +# # Configure upstream URL for Amp CLI OAuth and management features +# upstream-url: "https://ampcode.com" +# # Optional: Override API key for Amp upstream (otherwise uses env or file) +# upstream-api-key: "" +# # Per-client upstream API key mapping +# # Maps client API keys (from top-level api-keys) to different Amp upstream API keys. +# # Useful when different clients need to use different Amp accounts/quotas. +# # If a client key isn't mapped, falls back to upstream-api-key (default behavior). +# upstream-api-keys: +# - upstream-api-key: "amp_key_for_team_a" # Upstream key to use for these clients +# api-keys: # Client keys that use this upstream key +# - "your-api-key-1" +# - "your-api-key-2" +# - upstream-api-key: "amp_key_for_team_b" +# api-keys: +# - "your-api-key-3" +# # Restrict Amp management routes (/api/auth, /api/user, etc.) to localhost only (default: false) +# restrict-management-to-localhost: false +# # Force model mappings to run before checking local API keys (default: false) +# force-model-mappings: false +# # Amp Model Mappings +# # Route unavailable Amp models to alternative models available in your local proxy. +# # Useful when Amp CLI requests models you don't have access to (e.g., Claude Opus 4.5) +# # but you have a similar model available (e.g., Claude Sonnet 4). +# model-mappings: +# - from: "claude-opus-4-5-20251101" # Model requested by Amp CLI +# to: "gemini-claude-opus-4-5-thinking" # Route to this available model instead +# - from: "claude-sonnet-4-5-20250929" +# to: "gemini-claude-sonnet-4-5-thinking" +# - from: "claude-haiku-4-5-20251001" +# to: "gemini-2.5-flash" + +# Global OAuth model name aliases (per channel) +# These aliases rename model IDs for both model listing and request routing. +# Supported channels: gemini-cli, vertex, aistudio, antigravity, claude, codex, qwen, iflow, kiro, github-copilot, kimi. +# NOTE: Aliases do not apply to gemini-api-key, codex-api-key, claude-api-key, openai-compatibility, vertex-api-key, or ampcode. +# You can repeat the same name with different aliases to expose multiple client model names. +# oauth-model-alias: +# antigravity: +# - name: "rev19-uic3-1p" +# alias: "gemini-2.5-computer-use-preview-10-2025" +# - name: "gemini-3-pro-image" +# alias: "gemini-3-pro-image-preview" +# - name: "gemini-3-pro-high" +# alias: "gemini-3-pro-preview" +# - name: "gemini-3-flash" +# alias: "gemini-3-flash-preview" +# - name: "claude-sonnet-4-5" +# alias: "gemini-claude-sonnet-4-5" +# - name: "claude-sonnet-4-5-thinking" +# alias: "gemini-claude-sonnet-4-5-thinking" +# - name: "claude-opus-4-5-thinking" +# alias: "gemini-claude-opus-4-5-thinking" +# gemini-cli: +# - name: "gemini-2.5-pro" # original model name under this channel +# alias: "g2.5p" # client-visible alias +# fork: true # when true, keep original and also add the alias as an extra model (default: false) +# vertex: +# - name: "gemini-2.5-pro" +# alias: "g2.5p" +# aistudio: +# - name: "gemini-2.5-pro" +# alias: "g2.5p" +# claude: +# - name: "claude-sonnet-4-5-20250929" +# alias: "cs4.5" +# codex: +# - name: "gpt-5" +# alias: "g5" +# qwen: +# - name: "qwen3-coder-plus" +# alias: "qwen-plus" +# iflow: +# - name: "glm-4.7" +# alias: "glm-god" +# kimi: +# - name: "kimi-k2.5" +# alias: "k2.5" +# kiro: +# - name: "kiro-claude-opus-4-5" +# alias: "op45" +# github-copilot: +# - name: "gpt-5" +# alias: "copilot-gpt5" + +# OAuth provider excluded models +# Supported channels: gemini-cli, vertex, aistudio, antigravity, claude, codex, qwen, iflow, kiro, github-copilot. +# oauth-excluded-models: +# gemini-cli: +# - "gemini-2.5-pro" # exclude specific models (exact match) +# - "gemini-2.5-*" # wildcard matching prefix (e.g. gemini-2.5-flash, gemini-2.5-pro) +# - "*-preview" # wildcard matching suffix (e.g. gemini-3-pro-preview) +# - "*flash*" # wildcard matching substring (e.g. gemini-2.5-flash-lite) +# vertex: +# - "gemini-3-pro-preview" +# aistudio: +# - "gemini-3-pro-preview" +# antigravity: +# - "gemini-3-pro-preview" +# claude: +# - "claude-3-5-haiku-20241022" +# codex: +# - "gpt-5-codex-mini" +# qwen: +# - "vision-model" +# iflow: +# - "tstars2.0" +# kimi: +# - "kimi-k2-thinking" +# kiro: +# - "kiro-claude-haiku-4-5" +# github-copilot: +# - "raptor-mini" + +# Optional payload configuration +# payload: +# default: # Default rules only set parameters when they are missing in the payload. +# - models: +# - name: "gemini-2.5-pro" # Supports wildcards (e.g., "gemini-*") +# protocol: "gemini" # restricts the rule to a specific protocol, options: openai, gemini, claude, codex, antigravity +# params: # JSON path (gjson/sjson syntax) -> value +# "generationConfig.thinkingConfig.thinkingBudget": 32768 +# default-raw: # Default raw rules set parameters using raw JSON when missing (must be valid JSON). +# - models: +# - name: "gemini-2.5-pro" # Supports wildcards (e.g., "gemini-*") +# protocol: "gemini" # restricts the rule to a specific protocol, options: openai, gemini, claude, codex, antigravity +# params: # JSON path (gjson/sjson syntax) -> raw JSON value (strings are used as-is, must be valid JSON) +# "generationConfig.responseJsonSchema": "{\"type\":\"object\",\"properties\":{\"answer\":{\"type\":\"string\"}}}" +# override: # Override rules always set parameters, overwriting any existing values. +# - models: +# - name: "gpt-*" # Supports wildcards (e.g., "gpt-*") +# protocol: "codex" # restricts the rule to a specific protocol, options: openai, gemini, claude, codex, antigravity +# params: # JSON path (gjson/sjson syntax) -> value +# "reasoning.effort": "high" +# override-raw: # Override raw rules always set parameters using raw JSON (must be valid JSON). +# - models: +# - name: "gpt-*" # Supports wildcards (e.g., "gpt-*") +# protocol: "codex" # restricts the rule to a specific protocol, options: openai, gemini, claude, codex, antigravity +# params: # JSON path (gjson/sjson syntax) -> raw JSON value (strings are used as-is, must be valid JSON) +# "response_format": "{\"type\":\"json_schema\",\"json_schema\":{\"name\":\"answer\",\"schema\":{\"type\":\"object\"}}}" +# filter: # Filter rules remove specified parameters from the payload. +# - models: +# - name: "gemini-2.5-pro" # Supports wildcards (e.g., "gemini-*") +# protocol: "gemini" # restricts the rule to a specific protocol, options: openai, gemini, claude, codex, antigravity +# params: # JSON paths (gjson/sjson syntax) to remove from the payload +# - "generationConfig.thinkingConfig.thinkingBudget" +# - "generationConfig.responseJsonSchema" diff --git a/apps/cliproxyapi-plus/latest/docker-compose.yml b/apps/cliproxyapi-plus/latest/docker-compose.yml new file mode 100644 index 0000000..e4f0ceb --- /dev/null +++ b/apps/cliproxyapi-plus/latest/docker-compose.yml @@ -0,0 +1,26 @@ +services: + cliproxyapi-plus: + image: eceasy/cli-proxy-api-plus:latest + container_name: ${CONTAINER_NAME} + restart: always + networks: + - 1panel-network + ports: + - ${PANEL_APP_PORT_8317}:8317 + - ${PANEL_APP_PORT_8085}:8085 + - ${PANEL_APP_PORT_1455}:1455 + - ${PANEL_APP_PORT_54545}:54545 + - ${PANEL_APP_PORT_51121}:51121 + - ${PANEL_APP_PORT_11451}:11451 + volumes: + - ./data/config.yaml:/CLIProxyAPI/config.yaml + - ./data/auths:/root/.cli-proxy-api + - ./data/logs:/CLIProxyAPI/logs + environment: + - TZ=${TZ} + labels: + createdBy: "Apps" + +networks: + 1panel-network: + external: true \ No newline at end of file diff --git a/apps/cliproxyapi-plus/logo.png b/apps/cliproxyapi-plus/logo.png new file mode 100644 index 0000000..445f4de Binary files /dev/null and b/apps/cliproxyapi-plus/logo.png differ diff --git a/apps/tailscale-derp/README.md b/apps/tailscale-derp/README.md new file mode 100644 index 0000000..936c319 --- /dev/null +++ b/apps/tailscale-derp/README.md @@ -0,0 +1,85 @@ +# Tailscale Derp + +Tailscale DERP 中继服务器,使用完整配置方式,包含tailscale和derper共存的部署方案。 + +## 功能特点 + +- 完整的tailscale和derper共存配置 +- 支持客户端验证,防止被滥用 +- 占用资源少,部署简单 +- 支持多种架构(amd64、arm64、arm/v7) + +## 使用说明 + +### 默认端口 + +- TCP: 43443 +- UDP: 43478 + +### 登录指南 + +部署完成后,需要获取tailscale登录链接: + +```bash +# 查看tailscale容器日志获取登录链接 +docker logs -f <容器名称>-tailscale +``` + +在日志中找到类似以下内容的登录链接: +``` +To authenticate, visit: + https://login.tailscale.com/a/xxxxxxx +``` + +复制链接到浏览器打开并登录Tailscale账户。 + +### 防火墙配置 + +确保服务器防火墙开放以下端口: +- TCP 43443 +- UDP 43478 + +### Tailscale ACL 配置 + +在 Tailscale 控制面板的 Access controls 中添加以下配置: + +```json +{ + "derpMap": { + "OmitDefaultRegions": false, + "Regions": { + "912": { + "RegionID": 912, + "RegionCode": "derper_self", + "RegionName": "Derper Self", + "Nodes": [ + { + "Name": "derper_self", + "RegionID": 912, + "DERPPort": 43443, + "STUNPort": 43478, + "IPv4": "YOUR_SERVER_IP", + "InsecureForTests": true + } + ] + } + } + } +} +``` + +保存后,客户端需要重新连接以获取新配置。 + +### 验证部署 + +使用以下命令验证 DERP 服务器是否正常工作: + +```bash +tailscale netcheck +``` + +## 相关链接 + +- 官方网站: https://tailscale.com +- GitHub: https://github.com/yangchuansheng/ip_derper +- 部署文档: https://seepine.com/ops/tailscale/derper/ \ No newline at end of file diff --git a/apps/tailscale-derp/README_en.md b/apps/tailscale-derp/README_en.md new file mode 100644 index 0000000..ac46be8 --- /dev/null +++ b/apps/tailscale-derp/README_en.md @@ -0,0 +1,85 @@ +# Tailscale Derp + +Tailscale DERP relay server with complete configuration, including coexistence of tailscale and derper. + +## Features + +- Complete tailscale and derper coexistence configuration +- Supports client verification to prevent abuse +- Low resource consumption, simple deployment +- Supports multiple architectures (amd64, arm64, arm/v7) + +## Usage + +### Default Ports + +- TCP: 43443 +- UDP: 43478 + +### Login Guide + +After deployment, you need to get the tailscale login link: + +```bash +# Check tailscale container logs for login link +docker logs -f -tailscale +``` + +Find the login link in the logs similar to: +``` +To authenticate, visit: + https://login.tailscale.com/a/xxxxxxx +``` + +Copy the link to browser and login to your Tailscale account. + +### Firewall Configuration + +Ensure the following ports are open in the server firewall: +- TCP 43443 +- UDP 43478 + +### Tailscale ACL Configuration + +Add the following configuration in the Access controls section of the Tailscale control panel: + +```json +{ + "derpMap": { + "OmitDefaultRegions": false, + "Regions": { + "912": { + "RegionID": 912, + "RegionCode": "derper_self", + "RegionName": "Derper Self", + "Nodes": [ + { + "Name": "derper_self", + "RegionID": 912, + "DERPPort": 43443, + "STUNPort": 43478, + "IPv4": "YOUR_SERVER_IP", + "InsecureForTests": true + } + ] + } + } + } +} +``` + +After saving, clients need to reconnect to get the new configuration. + +### Verify Deployment + +Use the following command to verify the DERP server is working: + +```bash +tailscale netcheck +``` + +## Links + +- Website: https://tailscale.com +- GitHub: https://github.com/yangchuansheng/ip_derper +- Documentation: https://seepine.com/ops/tailscale/derper/ \ No newline at end of file diff --git a/apps/tailscale-derp/data.yml b/apps/tailscale-derp/data.yml new file mode 100644 index 0000000..65b866a --- /dev/null +++ b/apps/tailscale-derp/data.yml @@ -0,0 +1,29 @@ +name: Tailscale Derp +tags: + - 网络工具 + - VPN +title: Tailscale DERP 中继服务器 +description: Tailscale DERP 中继服务器,无需域名即可使用 +additionalProperties: + key: tailscale-derp + name: Tailscale Derp + tags: + - Network + - VPN + shortDescZh: Tailscale DERP 中继服务器,无需域名即可使用 + shortDescEn: Tailscale DERP relay server, no domain required + description: + en: Tailscale DERP relay server for private VPN connections without domain requirements + zh: Tailscale DERP 中继服务器,用于无需域名的私有 VPN 连接 + zh-Hant: Tailscale DERP 中繼服務器,用於無需域名的私有 VPN 連線 + type: website + crossVersionUpdate: true + limit: 0 + recommend: 50 + website: https://tailscale.com + github: https://github.com/yangchuansheng/ip_derper + document: https://ameow.xyz/archives/tailscale-derp-server-deployment + architectures: + - amd64 + - arm64 + - arm/v7 \ No newline at end of file diff --git a/apps/tailscale-derp/latest/data.yml b/apps/tailscale-derp/latest/data.yml new file mode 100644 index 0000000..f8ea3c3 --- /dev/null +++ b/apps/tailscale-derp/latest/data.yml @@ -0,0 +1,52 @@ +additionalProperties: + formFields: + - default: 43443 + edit: true + envKey: PANEL_APP_PORT_TCP + labelEn: TCP Port + labelZh: TCP 端口 + required: true + rule: paramPort + type: number + label: + en: TCP Port + ja: TCP ポート + ms: Port TCP + pt-br: Porta TCP + ru: TCP порт + ko: TCP 포트 + zh-Hant: TCP 埠 + zh: TCP 端口 + - default: 43478 + edit: true + envKey: PANEL_APP_PORT_UDP + labelEn: UDP Port + labelZh: UDP 端口 + required: true + rule: paramPort + type: number + label: + en: UDP Port + ja: UDP ポート + ms: Port UDP + pt-br: Porta UDP + ru: UDP порт + ko: UDP 포트 + zh-Hant: UDP 埠 + zh: UDP 端口 + - default: true + edit: true + envKey: DERP_VERIFY_CLIENTS + labelEn: Verify Clients + labelZh: 验证客户端 + required: false + type: boolean + label: + en: Verify Clients + ja: クライアント認証 + ms: Verifikasi Pelanggan + pt-br: Verificar Clientes + ru: Проверка клиентов + ko: 클라이언트 확인 + zh-Hant: 驗證客戶端 + zh: 验证客户端 \ No newline at end of file diff --git a/apps/tailscale-derp/latest/docker-compose.yml b/apps/tailscale-derp/latest/docker-compose.yml new file mode 100644 index 0000000..ad6651b --- /dev/null +++ b/apps/tailscale-derp/latest/docker-compose.yml @@ -0,0 +1,38 @@ +services: + tailscale: + image: tailscale/tailscale:latest + environment: + - TS_HOSTNAME=tailscale-docker + - TS_AUTH_ONCE=true + - TS_STATE_DIR=/data + volumes: + - tailscale:/var/run/tailscale + - tailscale_data:/data + networks: + - 1panel-network + + derper: + image: ghcr.io/yangchuansheng/ip_derper:latest + container_name: ${CONTAINER_NAME} + restart: always + networks: + - 1panel-network + ports: + - "${PANEL_APP_PORT_TCP}:443" + - "${PANEL_APP_PORT_UDP}:3478/udp" + volumes: + - tailscale:/var/run/tailscale + environment: + - DERP_VERIFY_CLIENTS=${DERP_VERIFY_CLIENTS} + depends_on: + - tailscale + labels: + createdBy: "Apps" + +volumes: + tailscale: + tailscale_data: + +networks: + 1panel-network: + external: true \ No newline at end of file diff --git a/apps/tailscale-derp/logo.png b/apps/tailscale-derp/logo.png new file mode 100644 index 0000000..2026eea Binary files /dev/null and b/apps/tailscale-derp/logo.png differ