congsh/Arch1Panel
1
0
Fork 0
mirror of https://github.com/arch3rPro/1Panel-Appstore.git synced 2026-04-14 16:07:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: congsh:e27d8ac57e3786b52f36a5c612ce41ef1b31da1d
Branches Tags
congsh:main
...
compare: congsh:a81c787a0b39e61a33ae2b7565ba5d8129ad5ad7
Branches Tags
congsh:main

2 Commits
e27d8ac57e ... a81c787a0b

Author SHA1 Message Date
arch3rPro
a81c787a0b feat: update skills 2026-04-01 18:41:10 +08:00
arch3rPro
6013a7944e feat: Add app cliproxyapi and tailscale-Derp 2026-04-01 18:38:58 +08:00
19 changed files with 1769 additions and 47 deletions
Expand all files Collapse all files

57
apps/cliproxyapi-plus/6.9.5-0/data.yml Normal file
View File

@@ -0,0 +1,57 @@
additionalProperties:
formFields:
- default: 8317
edit: true
envKey: PANEL_APP_PORT_8317
labelEn: Port 8317
labelZh: 端口 8317
required: true
rule: paramPort
type: number
- default: 8085
edit: true
envKey: PANEL_APP_PORT_8085
labelEn: Port 8085
labelZh: 端口 8085
required: true
rule: paramPort
type: number
- default: 1455
edit: true
envKey: PANEL_APP_PORT_1455
labelEn: Port 1455
labelZh: 端口 1455
required: true
rule: paramPort
type: number
- default: 54545
edit: true
envKey: PANEL_APP_PORT_54545
labelEn: Port 54545
labelZh: 端口 54545
required: true
rule: paramPort
type: number
- default: 51121
edit: true
envKey: PANEL_APP_PORT_51121
labelEn: Port 51121
labelZh: 端口 51121
required: true
rule: paramPort
type: number
- default: 11451
edit: true
envKey: PANEL_APP_PORT_11451
labelEn: Port 11451
labelZh: 端口 11451
required: true
rule: paramPort
type: number
- default: Asia/Shanghai
edit: true
envKey: TZ
labelEn: Time Zone
labelZh: 时区
required: true
type: text

422
apps/cliproxyapi-plus/6.9.5-0/data/config.yaml Normal file
View File

@@ -0,0 +1,422 @@
# Server host/interface to bind to. Default is empty ("") to bind all interfaces (IPv4 + IPv6).
# Use "127.0.0.1" or "localhost" to restrict access to local machine only.
host: ''
# Server port
port: 8317
# TLS settings for HTTPS. When enabled, the server listens with the provided certificate and key.
tls:
enable: false
cert: ''
key: ''
# Management API settings
remote-management:
# Whether to allow remote (non-localhost) management access.
# When false, only localhost can access management endpoints (a key is still required).
allow-remote: false
# Management key. If a plaintext value is provided here, it will be hashed on startup.
# All management requests (even from localhost) require this key.
# Leave empty to disable the Management API entirely (404 for all /v0/management routes).
secret-key: ''
# Disable the bundled management control panel asset download and HTTP route when true.
disable-control-panel: false
# GitHub repository for the management control panel. Accepts a repository URL or releases API URL.
panel-github-repository: 'https://github.com/router-for-me/Cli-Proxy-API-Management-Center'
# Authentication directory (supports ~ for home directory)
auth-dir: '~/.cli-proxy-api'
# API keys for authentication
api-keys:
- 'your-api-key-1'
- 'your-api-key-2'
- 'your-api-key-3'
# Enable debug logging
debug: false
# Enable pprof HTTP debug server (host:port). Keep it bound to localhost for safety.
pprof:
enable: false
addr: '127.0.0.1:8316'
# When true, disable high-overhead HTTP middleware features to reduce per-request memory usage under high concurrency.
commercial-mode: false
# Open OAuth URLs in incognito/private browser mode.
# Useful when you want to login with a different account without logging out from your current session.
# Default: false (but Kiro auth defaults to true for multi-account support)
incognito-browser: true
# When true, write application logs to rotating files instead of stdout
logging-to-file: false
# Maximum total size (MB) of log files under the logs directory. When exceeded, the oldest log
# files are deleted until within the limit. Set to 0 to disable.
logs-max-total-size-mb: 0
# Maximum number of error log files retained when request logging is disabled.
# When exceeded, the oldest error log files are deleted. Default is 10. Set to 0 to disable cleanup.
error-logs-max-files: 10
# When false, disable in-memory usage statistics aggregation
usage-statistics-enabled: false
# Proxy URL. Supports socks5/http/https protocols. Example: socks5://user:pass@192.168.1.1:1080/
# Per-entry proxy-url also supports "direct" or "none" to bypass both the global proxy-url and environment proxies explicitly.
proxy-url: ""
# When true, unprefixed model requests only use credentials without a prefix (except when prefix == model name).
force-model-prefix: false
# When true, forward filtered upstream response headers to downstream clients.
# Default is false (disabled).
passthrough-headers: false
# Number of times to retry a request. Retries will occur if the HTTP response code is 403, 408, 500, 502, 503, or 504.
request-retry: 3
# Maximum number of different credentials to try for one failed request.
# Set to 0 to keep legacy behavior (try all available credentials).
max-retry-credentials: 0
# Maximum wait time in seconds for a cooled-down credential before triggering a retry.
max-retry-interval: 30
# Quota exceeded behavior
quota-exceeded:
switch-project: true # Whether to automatically switch to another project when a quota is exceeded
switch-preview-model: true # Whether to automatically switch to a preview model when a quota is exceeded
# Routing strategy for selecting credentials when multiple match.
routing:
strategy: 'round-robin' # round-robin (default), fill-first
# When true, enable authentication for the WebSocket API (/v1/ws).
ws-auth: false
# When > 0, emit blank lines every N seconds for non-streaming responses to prevent idle timeouts.
nonstream-keepalive-interval: 0
# Streaming behavior (SSE keep-alives + safe bootstrap retries).
# streaming:
# keepalive-seconds: 15 # Default: 0 (disabled). <= 0 disables keep-alives.
# bootstrap-retries: 1 # Default: 0 (disabled). Retries before first byte is sent.
# Gemini API keys
# gemini-api-key:
# - api-key: "AIzaSy...01"
# prefix: "test" # optional: require calls like "test/gemini-3-pro-preview" to target this credential
# base-url: "https://generativelanguage.googleapis.com"
# headers:
# X-Custom-Header: "custom-value"
# proxy-url: "socks5://proxy.example.com:1080"
# # proxy-url: "direct" # optional: explicit direct connect for this credential
# models:
# - name: "gemini-2.5-flash" # upstream model name
# alias: "gemini-flash" # client alias mapped to the upstream model
# excluded-models:
# - "gemini-2.5-pro" # exclude specific models from this provider (exact match)
# - "gemini-2.5-*" # wildcard matching prefix (e.g. gemini-2.5-flash, gemini-2.5-pro)
# - "*-preview" # wildcard matching suffix (e.g. gemini-3-pro-preview)
# - "*flash*" # wildcard matching substring (e.g. gemini-2.5-flash-lite)
# - api-key: "AIzaSy...02"
# Codex API keys
# codex-api-key:
# - api-key: "sk-atSM..."
# prefix: "test" # optional: require calls like "test/gpt-5-codex" to target this credential
# base-url: "https://www.example.com" # use the custom codex API endpoint
# headers:
# X-Custom-Header: "custom-value"
# proxy-url: "socks5://proxy.example.com:1080" # optional: per-key proxy override
# # proxy-url: "direct" # optional: explicit direct connect for this credential
# models:
# - name: "gpt-5-codex" # upstream model name
# alias: "codex-latest" # client alias mapped to the upstream model
# excluded-models:
# - "gpt-5.1" # exclude specific models (exact match)
# - "gpt-5-*" # wildcard matching prefix (e.g. gpt-5-medium, gpt-5-codex)
# - "*-mini" # wildcard matching suffix (e.g. gpt-5-codex-mini)
# - "*codex*" # wildcard matching substring (e.g. gpt-5-codex-low)
# Claude API keys
# claude-api-key:
# - api-key: "sk-atSM..." # use the official claude API key, no need to set the base url
# - api-key: "sk-atSM..."
# prefix: "test" # optional: require calls like "test/claude-sonnet-latest" to target this credential
# base-url: "https://www.example.com" # use the custom claude API endpoint
# headers:
# X-Custom-Header: "custom-value"
# proxy-url: "socks5://proxy.example.com:1080" # optional: per-key proxy override
# # proxy-url: "direct" # optional: explicit direct connect for this credential
# models:
# - name: "claude-3-5-sonnet-20241022" # upstream model name
# alias: "claude-sonnet-latest" # client alias mapped to the upstream model
# excluded-models:
# - "claude-opus-4-5-20251101" # exclude specific models (exact match)
# - "claude-3-*" # wildcard matching prefix (e.g. claude-3-7-sonnet-20250219)
# - "*-thinking" # wildcard matching suffix (e.g. claude-opus-4-5-thinking)
# - "*haiku*" # wildcard matching substring (e.g. claude-3-5-haiku-20241022)
# cloak: # optional: request cloaking for non-Claude-Code clients
# mode: "auto" # "auto" (default): cloak only when client is not Claude Code
# # "always": always apply cloaking
# # "never": never apply cloaking
# strict-mode: false # false (default): prepend Claude Code prompt to user system messages
# # true: strip all user system messages, keep only Claude Code prompt
# sensitive-words: # optional: words to obfuscate with zero-width characters
# - "API"
# - "proxy"
# cache-user-id: true # optional: default is false; set true to reuse cached user_id per API key instead of generating a random one each request
# Default headers for Claude API requests. Update when Claude Code releases new versions.
# In legacy mode, user-agent/package-version/runtime-version/timeout are used as fallbacks
# when the client omits them, while OS/arch remain runtime-derived. When
# stabilize-device-profile is enabled, OS/arch stay pinned to the baseline values below,
# while user-agent/package-version/runtime-version seed a software fingerprint that can
# still upgrade to newer official Claude client versions.
# claude-header-defaults:
# user-agent: "claude-cli/2.1.44 (external, sdk-cli)"
# package-version: "0.74.0"
# runtime-version: "v24.3.0"
# os: "MacOS"
# arch: "arm64"
# timeout: "600"
# stabilize-device-profile: false # optional, default false; set true to enable per-auth/API-key fingerprint pinning
# Default headers for Codex OAuth model requests.
# These are used only for file-backed/OAuth Codex requests when the client
# does not send the header. `user-agent` applies to HTTP and websocket requests;
# `beta-features` only applies to websocket requests. They do not apply to codex-api-key entries.
# codex-header-defaults:
# user-agent: "codex_cli_rs/0.114.0 (Mac OS 14.2.0; x86_64) vscode/1.111.0"
# beta-features: "multi_agent"
# Kiro (AWS CodeWhisperer) configuration
# Note: Kiro API currently only operates in us-east-1 region
#kiro:
# - token-file: "~/.aws/sso/cache/kiro-auth-token.json" # path to Kiro token file
# agent-task-type: "" # optional: "vibe" or empty (API default)
# start-url: "https://your-company.awsapps.com/start" # optional: IDC start URL (preset for login)
# region: "us-east-1" # optional: OIDC region for IDC login and token refresh
# - access-token: "aoaAAAAA..." # or provide tokens directly
# refresh-token: "aorAAAAA..."
# profile-arn: "arn:aws:codewhisperer:us-east-1:..."
# proxy-url: "socks5://proxy.example.com:1080" # optional: proxy override
# Kilocode (OAuth-based code assistant)
# Note: Kilocode uses OAuth device flow authentication.
# Use the CLI command: ./server --kilo-login
# This will save credentials to the auth directory (default: ~/.cli-proxy-api/)
# oauth-model-alias:
# kilo:
# - name: "minimax/minimax-m2.5:free"
# alias: "minimax-m2.5"
# - name: "z-ai/glm-5:free"
# alias: "glm-5"
# oauth-excluded-models:
# kilo:
# - "kilo-claude-opus-4-6" # exclude specific models (exact match)
# - "*:free" # wildcard matching suffix (e.g. all free models)
# OpenAI compatibility providers
# openai-compatibility:
# - name: "openrouter" # The name of the provider; it will be used in the user agent and other places.
# prefix: "test" # optional: require calls like "test/kimi-k2" to target this provider's credentials
# base-url: "https://openrouter.ai/api/v1" # The base URL of the provider.
# headers:
# X-Custom-Header: "custom-value"
# api-key-entries:
# - api-key: "sk-or-v1-...b780"
# proxy-url: "socks5://proxy.example.com:1080" # optional: per-key proxy override
# # proxy-url: "direct" # optional: explicit direct connect for this credential
# - api-key: "sk-or-v1-...b781" # without proxy-url
# models: # The models supported by the provider.
# - name: "moonshotai/kimi-k2:free" # The actual model name.
# alias: "kimi-k2" # The alias used in the API.
# thinking: # optional: omit to default to levels ["low","medium","high"]
# levels: ["low", "medium", "high"]
# # You may repeat the same alias to build an internal model pool.
# # The client still sees only one alias in the model list.
# # Requests to that alias will round-robin across the upstream names below,
# # and if the chosen upstream fails before producing output, the request will
# # continue with the next upstream model in the same alias pool.
# - name: "qwen3.5-plus"
# alias: "claude-opus-4.66"
# - name: "glm-5"
# alias: "claude-opus-4.66"
# - name: "kimi-k2.5"
# alias: "claude-opus-4.66"
# Vertex API keys (Vertex-compatible endpoints, base-url is optional)
# vertex-api-key:
# - api-key: "vk-123..." # x-goog-api-key header
# prefix: "test" # optional: require calls like "test/vertex-pro" to target this credential
# base-url: "https://example.com/api" # optional, e.g. https://zenmux.ai/api; falls back to Google Vertex when omitted
# proxy-url: "socks5://proxy.example.com:1080" # optional per-key proxy override
# # proxy-url: "direct" # optional: explicit direct connect for this credential
# headers:
# X-Custom-Header: "custom-value"
# models: # optional: map aliases to upstream model names
# - name: "gemini-2.5-flash" # upstream model name
# alias: "vertex-flash" # client-visible alias
# - name: "gemini-2.5-pro"
# alias: "vertex-pro"
# excluded-models: # optional: models to exclude from listing
# - "imagen-3.0-generate-002"
# - "imagen-*"
# Amp Integration
# ampcode:
# # Configure upstream URL for Amp CLI OAuth and management features
# upstream-url: "https://ampcode.com"
# # Optional: Override API key for Amp upstream (otherwise uses env or file)
# upstream-api-key: ""
# # Per-client upstream API key mapping
# # Maps client API keys (from top-level api-keys) to different Amp upstream API keys.
# # Useful when different clients need to use different Amp accounts/quotas.
# # If a client key isn't mapped, falls back to upstream-api-key (default behavior).
# upstream-api-keys:
# - upstream-api-key: "amp_key_for_team_a" # Upstream key to use for these clients
# api-keys: # Client keys that use this upstream key
# - "your-api-key-1"
# - "your-api-key-2"
# - upstream-api-key: "amp_key_for_team_b"
# api-keys:
# - "your-api-key-3"
# # Restrict Amp management routes (/api/auth, /api/user, etc.) to localhost only (default: false)
# restrict-management-to-localhost: false
# # Force model mappings to run before checking local API keys (default: false)
# force-model-mappings: false
# # Amp Model Mappings
# # Route unavailable Amp models to alternative models available in your local proxy.
# # Useful when Amp CLI requests models you don't have access to (e.g., Claude Opus 4.5)
# # but you have a similar model available (e.g., Claude Sonnet 4).
# model-mappings:
# - from: "claude-opus-4-5-20251101" # Model requested by Amp CLI
# to: "gemini-claude-opus-4-5-thinking" # Route to this available model instead
# - from: "claude-sonnet-4-5-20250929"
# to: "gemini-claude-sonnet-4-5-thinking"
# - from: "claude-haiku-4-5-20251001"
# to: "gemini-2.5-flash"
# Global OAuth model name aliases (per channel)
# These aliases rename model IDs for both model listing and request routing.
# Supported channels: gemini-cli, vertex, aistudio, antigravity, claude, codex, qwen, iflow, kiro, github-copilot, kimi.
# NOTE: Aliases do not apply to gemini-api-key, codex-api-key, claude-api-key, openai-compatibility, vertex-api-key, or ampcode.
# You can repeat the same name with different aliases to expose multiple client model names.
# oauth-model-alias:
# antigravity:
# - name: "rev19-uic3-1p"
# alias: "gemini-2.5-computer-use-preview-10-2025"
# - name: "gemini-3-pro-image"
# alias: "gemini-3-pro-image-preview"
# - name: "gemini-3-pro-high"
# alias: "gemini-3-pro-preview"
# - name: "gemini-3-flash"
# alias: "gemini-3-flash-preview"
# - name: "claude-sonnet-4-5"
# alias: "gemini-claude-sonnet-4-5"
# - name: "claude-sonnet-4-5-thinking"
# alias: "gemini-claude-sonnet-4-5-thinking"
# - name: "claude-opus-4-5-thinking"
# alias: "gemini-claude-opus-4-5-thinking"
# gemini-cli:
# - name: "gemini-2.5-pro" # original model name under this channel
# alias: "g2.5p" # client-visible alias
# fork: true # when true, keep original and also add the alias as an extra model (default: false)
# vertex:
# - name: "gemini-2.5-pro"
# alias: "g2.5p"
# aistudio:
# - name: "gemini-2.5-pro"
# alias: "g2.5p"
# claude:
# - name: "claude-sonnet-4-5-20250929"
# alias: "cs4.5"
# codex:
# - name: "gpt-5"
# alias: "g5"
# qwen:
# - name: "qwen3-coder-plus"
# alias: "qwen-plus"
# iflow:
# - name: "glm-4.7"
# alias: "glm-god"
# kimi:
# - name: "kimi-k2.5"
# alias: "k2.5"
# kiro:
# - name: "kiro-claude-opus-4-5"
# alias: "op45"
# github-copilot:
# - name: "gpt-5"
# alias: "copilot-gpt5"
# OAuth provider excluded models
# Supported channels: gemini-cli, vertex, aistudio, antigravity, claude, codex, qwen, iflow, kiro, github-copilot.
# oauth-excluded-models:
# gemini-cli:
# - "gemini-2.5-pro" # exclude specific models (exact match)
# - "gemini-2.5-*" # wildcard matching prefix (e.g. gemini-2.5-flash, gemini-2.5-pro)
# - "*-preview" # wildcard matching suffix (e.g. gemini-3-pro-preview)
# - "*flash*" # wildcard matching substring (e.g. gemini-2.5-flash-lite)
# vertex:
# - "gemini-3-pro-preview"
# aistudio:
# - "gemini-3-pro-preview"
# antigravity:
# - "gemini-3-pro-preview"
# claude:
# - "claude-3-5-haiku-20241022"
# codex:
# - "gpt-5-codex-mini"
# qwen:
# - "vision-model"
# iflow:
# - "tstars2.0"
# kimi:
# - "kimi-k2-thinking"
# kiro:
# - "kiro-claude-haiku-4-5"
# github-copilot:
# - "raptor-mini"
# Optional payload configuration
# payload:
# default: # Default rules only set parameters when they are missing in the payload.
# - models:
# - name: "gemini-2.5-pro" # Supports wildcards (e.g., "gemini-*")
# protocol: "gemini" # restricts the rule to a specific protocol, options: openai, gemini, claude, codex, antigravity
# params: # JSON path (gjson/sjson syntax) -> value
# "generationConfig.thinkingConfig.thinkingBudget": 32768
# default-raw: # Default raw rules set parameters using raw JSON when missing (must be valid JSON).
# - models:
# - name: "gemini-2.5-pro" # Supports wildcards (e.g., "gemini-*")
# protocol: "gemini" # restricts the rule to a specific protocol, options: openai, gemini, claude, codex, antigravity
# params: # JSON path (gjson/sjson syntax) -> raw JSON value (strings are used as-is, must be valid JSON)
# "generationConfig.responseJsonSchema": "{\"type\":\"object\",\"properties\":{\"answer\":{\"type\":\"string\"}}}"
# override: # Override rules always set parameters, overwriting any existing values.
# - models:
# - name: "gpt-*" # Supports wildcards (e.g., "gpt-*")
# protocol: "codex" # restricts the rule to a specific protocol, options: openai, gemini, claude, codex, antigravity
# params: # JSON path (gjson/sjson syntax) -> value
# "reasoning.effort": "high"
# override-raw: # Override raw rules always set parameters using raw JSON (must be valid JSON).
# - models:
# - name: "gpt-*" # Supports wildcards (e.g., "gpt-*")
# protocol: "codex" # restricts the rule to a specific protocol, options: openai, gemini, claude, codex, antigravity
# params: # JSON path (gjson/sjson syntax) -> raw JSON value (strings are used as-is, must be valid JSON)
# "response_format": "{\"type\":\"json_schema\",\"json_schema\":{\"name\":\"answer\",\"schema\":{\"type\":\"object\"}}}"
# filter: # Filter rules remove specified parameters from the payload.
# - models:
# - name: "gemini-2.5-pro" # Supports wildcards (e.g., "gemini-*")
# protocol: "gemini" # restricts the rule to a specific protocol, options: openai, gemini, claude, codex, antigravity
# params: # JSON paths (gjson/sjson syntax) to remove from the payload
# - "generationConfig.thinkingConfig.thinkingBudget"
# - "generationConfig.responseJsonSchema"

26
apps/cliproxyapi-plus/6.9.5-0/docker-compose.yml Normal file
View File

@@ -0,0 +1,26 @@
services:
cliproxyapi-plus:
image: eceasy/cli-proxy-api-plus:v6.9.5-0
container_name: ${CONTAINER_NAME}
restart: always
networks:
- 1panel-network
ports:
- ${PANEL_APP_PORT_8317}:8317
- ${PANEL_APP_PORT_8085}:8085
- ${PANEL_APP_PORT_1455}:1455
- ${PANEL_APP_PORT_54545}:54545
- ${PANEL_APP_PORT_51121}:51121
- ${PANEL_APP_PORT_11451}:11451
volumes:
- ./data/config.yaml:/CLIProxyAPI/config.yaml
- ./data/auths:/root/.cli-proxy-api
- ./data/logs:/CLIProxyAPI/logs
environment:
- TZ=${TZ}
labels:
createdBy: "Apps"
networks:
1panel-network:
external: true

29
apps/cliproxyapi-plus/README.md Normal file
View File

@@ -0,0 +1,29 @@
# CLIProxyAPI Plus
CLIProxyAPI Plus 代理API服务基于主线项目添加第三方提供商支持。
## 功能特点
- 支持多种代理协议
- 支持第三方提供商
- 高性能设计
- 易于部署和使用
## 使用说明
### 默认端口
- Web 界面: 8317
- API 端口: 8085
- 其他端口: 1455, 54545, 51121, 11451
### 数据目录
应用数据存储在 `./data` 目录,包含:
- `config.yaml` - 配置文件
- `auths/` - 认证信息目录
- `logs/` - 日志目录
## 相关链接
- GitHub: https://github.com/router-for-me/CLIProxyAPIPlus

29
apps/cliproxyapi-plus/README_en.md Normal file
View File

@@ -0,0 +1,29 @@
# CLIProxyAPI Plus
CLIProxyAPI Plus proxy API service with third-party provider support based on the mainline project.
## Features
- Support multiple proxy protocols
- Support third-party providers
- High performance design
- Easy to deploy and use
## Usage
### Default Ports
- Web UI: 8317
- API Port: 8085
- Other Ports: 1455, 54545, 51121, 11451
### Data Directory
Application data is stored in the `./data` directory:
- `config.yaml` - Configuration file
- `auths/` - Authentication directory
- `logs/` - Logs directory
## Links
- GitHub: https://github.com/router-for-me/CLIProxyAPIPlus

24
apps/cliproxyapi-plus/data.yml Normal file
View File

@@ -0,0 +1,24 @@
name: CLIProxyAPI Plus
tags:
- 网络工具
- 代理服务
title: CLIProxyAPI Plus - 代理API服务
description: CLIProxyAPI Plus - 代理API服务
additionalProperties:
key: cliproxyapi-plus
name: CLIProxyAPI Plus
tags:
- Proxy
- Network
shortDescZh: CLIProxyAPI Plus 代理API服务
shortDescEn: CLIProxyAPI Plus Proxy API Service
type: website
crossVersionUpdate: true
limit: 0
recommend: 0
website: https://github.com/router-for-me/CLIProxyAPIPlus
github: https://github.com/router-for-me/CLIProxyAPIPlus
document: https://github.com/router-for-me/CLIProxyAPIPlus
architectures:
- amd64
- arm64

57
apps/cliproxyapi-plus/latest/data.yml Normal file
View File

@@ -0,0 +1,57 @@
additionalProperties:
formFields:
- default: 8317
edit: true
envKey: PANEL_APP_PORT_8317
labelEn: Port 8317
labelZh: 端口 8317
required: true
rule: paramPort
type: number
- default: 8085
edit: true
envKey: PANEL_APP_PORT_8085
labelEn: Port 8085
labelZh: 端口 8085
required: true
rule: paramPort
type: number
- default: 1455
edit: true
envKey: PANEL_APP_PORT_1455
labelEn: Port 1455
labelZh: 端口 1455
required: true
rule: paramPort
type: number
- default: 54545
edit: true
envKey: PANEL_APP_PORT_54545
labelEn: Port 54545
labelZh: 端口 54545
required: true
rule: paramPort
type: number
- default: 51121
edit: true
envKey: PANEL_APP_PORT_51121
labelEn: Port 51121
labelZh: 端口 51121
required: true
rule: paramPort
type: number
- default: 11451
edit: true
envKey: PANEL_APP_PORT_11451
labelEn: Port 11451
labelZh: 端口 11451
required: true
rule: paramPort
type: number
- default: Asia/Shanghai
edit: true
envKey: TZ
labelEn: Time Zone
labelZh: 时区
required: true
type: text

0
apps/cliproxyapi-plus/latest/data/.gitkeep Normal file
View File

422
apps/cliproxyapi-plus/latest/data/config.yaml Normal file
View File

@@ -0,0 +1,422 @@
# Server host/interface to bind to. Default is empty ("") to bind all interfaces (IPv4 + IPv6).
# Use "127.0.0.1" or "localhost" to restrict access to local machine only.
host: ''
# Server port
port: 8317
# TLS settings for HTTPS. When enabled, the server listens with the provided certificate and key.
tls:
enable: false
cert: ''
key: ''
# Management API settings
remote-management:
# Whether to allow remote (non-localhost) management access.
# When false, only localhost can access management endpoints (a key is still required).
allow-remote: false
# Management key. If a plaintext value is provided here, it will be hashed on startup.
# All management requests (even from localhost) require this key.
# Leave empty to disable the Management API entirely (404 for all /v0/management routes).
secret-key: ''
# Disable the bundled management control panel asset download and HTTP route when true.
disable-control-panel: false
# GitHub repository for the management control panel. Accepts a repository URL or releases API URL.
panel-github-repository: 'https://github.com/router-for-me/Cli-Proxy-API-Management-Center'
# Authentication directory (supports ~ for home directory)
auth-dir: '~/.cli-proxy-api'
# API keys for authentication
api-keys:
- 'your-api-key-1'
- 'your-api-key-2'
- 'your-api-key-3'
# Enable debug logging
debug: false
# Enable pprof HTTP debug server (host:port). Keep it bound to localhost for safety.
pprof:
enable: false
addr: '127.0.0.1:8316'
# When true, disable high-overhead HTTP middleware features to reduce per-request memory usage under high concurrency.
commercial-mode: false
# Open OAuth URLs in incognito/private browser mode.
# Useful when you want to login with a different account without logging out from your current session.
# Default: false (but Kiro auth defaults to true for multi-account support)
incognito-browser: true
# When true, write application logs to rotating files instead of stdout
logging-to-file: false
# Maximum total size (MB) of log files under the logs directory. When exceeded, the oldest log
# files are deleted until within the limit. Set to 0 to disable.
logs-max-total-size-mb: 0
# Maximum number of error log files retained when request logging is disabled.
# When exceeded, the oldest error log files are deleted. Default is 10. Set to 0 to disable cleanup.
error-logs-max-files: 10
# When false, disable in-memory usage statistics aggregation
usage-statistics-enabled: false
# Proxy URL. Supports socks5/http/https protocols. Example: socks5://user:pass@192.168.1.1:1080/
# Per-entry proxy-url also supports "direct" or "none" to bypass both the global proxy-url and environment proxies explicitly.
proxy-url: ""
# When true, unprefixed model requests only use credentials without a prefix (except when prefix == model name).
force-model-prefix: false
# When true, forward filtered upstream response headers to downstream clients.
# Default is false (disabled).
passthrough-headers: false
# Number of times to retry a request. Retries will occur if the HTTP response code is 403, 408, 500, 502, 503, or 504.
request-retry: 3
# Maximum number of different credentials to try for one failed request.
# Set to 0 to keep legacy behavior (try all available credentials).
max-retry-credentials: 0
# Maximum wait time in seconds for a cooled-down credential before triggering a retry.
max-retry-interval: 30
# Quota exceeded behavior
quota-exceeded:
switch-project: true # Whether to automatically switch to another project when a quota is exceeded
switch-preview-model: true # Whether to automatically switch to a preview model when a quota is exceeded
# Routing strategy for selecting credentials when multiple match.
routing:
strategy: 'round-robin' # round-robin (default), fill-first
# When true, enable authentication for the WebSocket API (/v1/ws).
ws-auth: false
# When > 0, emit blank lines every N seconds for non-streaming responses to prevent idle timeouts.
nonstream-keepalive-interval: 0
# Streaming behavior (SSE keep-alives + safe bootstrap retries).
# streaming:
# keepalive-seconds: 15 # Default: 0 (disabled). <= 0 disables keep-alives.
# bootstrap-retries: 1 # Default: 0 (disabled). Retries before first byte is sent.
# Gemini API keys
# gemini-api-key:
# - api-key: "AIzaSy...01"
# prefix: "test" # optional: require calls like "test/gemini-3-pro-preview" to target this credential
# base-url: "https://generativelanguage.googleapis.com"
# headers:
# X-Custom-Header: "custom-value"
# proxy-url: "socks5://proxy.example.com:1080"
# # proxy-url: "direct" # optional: explicit direct connect for this credential
# models:
# - name: "gemini-2.5-flash" # upstream model name
# alias: "gemini-flash" # client alias mapped to the upstream model
# excluded-models:
# - "gemini-2.5-pro" # exclude specific models from this provider (exact match)
# - "gemini-2.5-*" # wildcard matching prefix (e.g. gemini-2.5-flash, gemini-2.5-pro)
# - "*-preview" # wildcard matching suffix (e.g. gemini-3-pro-preview)
# - "*flash*" # wildcard matching substring (e.g. gemini-2.5-flash-lite)
# - api-key: "AIzaSy...02"
# Codex API keys
# codex-api-key:
# - api-key: "sk-atSM..."
# prefix: "test" # optional: require calls like "test/gpt-5-codex" to target this credential
# base-url: "https://www.example.com" # use the custom codex API endpoint
# headers:
# X-Custom-Header: "custom-value"
# proxy-url: "socks5://proxy.example.com:1080" # optional: per-key proxy override
# # proxy-url: "direct" # optional: explicit direct connect for this credential
# models:
# - name: "gpt-5-codex" # upstream model name
# alias: "codex-latest" # client alias mapped to the upstream model
# excluded-models:
# - "gpt-5.1" # exclude specific models (exact match)
# - "gpt-5-*" # wildcard matching prefix (e.g. gpt-5-medium, gpt-5-codex)
# - "*-mini" # wildcard matching suffix (e.g. gpt-5-codex-mini)
# - "*codex*" # wildcard matching substring (e.g. gpt-5-codex-low)
# Claude API keys
# claude-api-key:
# - api-key: "sk-atSM..." # use the official claude API key, no need to set the base url
# - api-key: "sk-atSM..."
# prefix: "test" # optional: require calls like "test/claude-sonnet-latest" to target this credential
# base-url: "https://www.example.com" # use the custom claude API endpoint
# headers:
# X-Custom-Header: "custom-value"
# proxy-url: "socks5://proxy.example.com:1080" # optional: per-key proxy override
# # proxy-url: "direct" # optional: explicit direct connect for this credential
# models:
# - name: "claude-3-5-sonnet-20241022" # upstream model name
# alias: "claude-sonnet-latest" # client alias mapped to the upstream model
# excluded-models:
# - "claude-opus-4-5-20251101" # exclude specific models (exact match)
# - "claude-3-*" # wildcard matching prefix (e.g. claude-3-7-sonnet-20250219)
# - "*-thinking" # wildcard matching suffix (e.g. claude-opus-4-5-thinking)
# - "*haiku*" # wildcard matching substring (e.g. claude-3-5-haiku-20241022)
# cloak: # optional: request cloaking for non-Claude-Code clients
# mode: "auto" # "auto" (default): cloak only when client is not Claude Code
# # "always": always apply cloaking
# # "never": never apply cloaking
# strict-mode: false # false (default): prepend Claude Code prompt to user system messages
# # true: strip all user system messages, keep only Claude Code prompt
# sensitive-words: # optional: words to obfuscate with zero-width characters
# - "API"
# - "proxy"
# cache-user-id: true # optional: default is false; set true to reuse cached user_id per API key instead of generating a random one each request
# Default headers for Claude API requests. Update when Claude Code releases new versions.
# In legacy mode, user-agent/package-version/runtime-version/timeout are used as fallbacks
# when the client omits them, while OS/arch remain runtime-derived. When
# stabilize-device-profile is enabled, OS/arch stay pinned to the baseline values below,
# while user-agent/package-version/runtime-version seed a software fingerprint that can
# still upgrade to newer official Claude client versions.
# claude-header-defaults:
# user-agent: "claude-cli/2.1.44 (external, sdk-cli)"
# package-version: "0.74.0"
# runtime-version: "v24.3.0"
# os: "MacOS"
# arch: "arm64"
# timeout: "600"
# stabilize-device-profile: false # optional, default false; set true to enable per-auth/API-key fingerprint pinning
# Default headers for Codex OAuth model requests.
# These are used only for file-backed/OAuth Codex requests when the client
# does not send the header. `user-agent` applies to HTTP and websocket requests;
# `beta-features` only applies to websocket requests. They do not apply to codex-api-key entries.
# codex-header-defaults:
# user-agent: "codex_cli_rs/0.114.0 (Mac OS 14.2.0; x86_64) vscode/1.111.0"
# beta-features: "multi_agent"
# Kiro (AWS CodeWhisperer) configuration
# Note: Kiro API currently only operates in us-east-1 region
#kiro:
# - token-file: "~/.aws/sso/cache/kiro-auth-token.json" # path to Kiro token file
# agent-task-type: "" # optional: "vibe" or empty (API default)
# start-url: "https://your-company.awsapps.com/start" # optional: IDC start URL (preset for login)
# region: "us-east-1" # optional: OIDC region for IDC login and token refresh
# - access-token: "aoaAAAAA..." # or provide tokens directly
# refresh-token: "aorAAAAA..."
# profile-arn: "arn:aws:codewhisperer:us-east-1:..."
# proxy-url: "socks5://proxy.example.com:1080" # optional: proxy override
# Kilocode (OAuth-based code assistant)
# Note: Kilocode uses OAuth device flow authentication.
# Use the CLI command: ./server --kilo-login
# This will save credentials to the auth directory (default: ~/.cli-proxy-api/)
# oauth-model-alias:
# kilo:
# - name: "minimax/minimax-m2.5:free"
# alias: "minimax-m2.5"
# - name: "z-ai/glm-5:free"
# alias: "glm-5"
# oauth-excluded-models:
# kilo:
# - "kilo-claude-opus-4-6" # exclude specific models (exact match)
# - "*:free" # wildcard matching suffix (e.g. all free models)
# OpenAI compatibility providers
# openai-compatibility:
# - name: "openrouter" # The name of the provider; it will be used in the user agent and other places.
# prefix: "test" # optional: require calls like "test/kimi-k2" to target this provider's credentials
# base-url: "https://openrouter.ai/api/v1" # The base URL of the provider.
# headers:
# X-Custom-Header: "custom-value"
# api-key-entries:
# - api-key: "sk-or-v1-...b780"
# proxy-url: "socks5://proxy.example.com:1080" # optional: per-key proxy override
# # proxy-url: "direct" # optional: explicit direct connect for this credential
# - api-key: "sk-or-v1-...b781" # without proxy-url
# models: # The models supported by the provider.
# - name: "moonshotai/kimi-k2:free" # The actual model name.
# alias: "kimi-k2" # The alias used in the API.
# thinking: # optional: omit to default to levels ["low","medium","high"]
# levels: ["low", "medium", "high"]
# # You may repeat the same alias to build an internal model pool.
# # The client still sees only one alias in the model list.
# # Requests to that alias will round-robin across the upstream names below,
# # and if the chosen upstream fails before producing output, the request will
# # continue with the next upstream model in the same alias pool.
# - name: "qwen3.5-plus"
# alias: "claude-opus-4.66"
# - name: "glm-5"
# alias: "claude-opus-4.66"
# - name: "kimi-k2.5"
# alias: "claude-opus-4.66"
# Vertex API keys (Vertex-compatible endpoints, base-url is optional)
# vertex-api-key:
# - api-key: "vk-123..." # x-goog-api-key header
# prefix: "test" # optional: require calls like "test/vertex-pro" to target this credential
# base-url: "https://example.com/api" # optional, e.g. https://zenmux.ai/api; falls back to Google Vertex when omitted
# proxy-url: "socks5://proxy.example.com:1080" # optional per-key proxy override
# # proxy-url: "direct" # optional: explicit direct connect for this credential
# headers:
# X-Custom-Header: "custom-value"
# models: # optional: map aliases to upstream model names
# - name: "gemini-2.5-flash" # upstream model name
# alias: "vertex-flash" # client-visible alias
# - name: "gemini-2.5-pro"
# alias: "vertex-pro"
# excluded-models: # optional: models to exclude from listing
# - "imagen-3.0-generate-002"
# - "imagen-*"
# Amp Integration
# ampcode:
# # Configure upstream URL for Amp CLI OAuth and management features
# upstream-url: "https://ampcode.com"
# # Optional: Override API key for Amp upstream (otherwise uses env or file)
# upstream-api-key: ""
# # Per-client upstream API key mapping
# # Maps client API keys (from top-level api-keys) to different Amp upstream API keys.
# # Useful when different clients need to use different Amp accounts/quotas.
# # If a client key isn't mapped, falls back to upstream-api-key (default behavior).
# upstream-api-keys:
# - upstream-api-key: "amp_key_for_team_a" # Upstream key to use for these clients
# api-keys: # Client keys that use this upstream key
# - "your-api-key-1"
# - "your-api-key-2"
# - upstream-api-key: "amp_key_for_team_b"
# api-keys:
# - "your-api-key-3"
# # Restrict Amp management routes (/api/auth, /api/user, etc.) to localhost only (default: false)
# restrict-management-to-localhost: false
# # Force model mappings to run before checking local API keys (default: false)
# force-model-mappings: false
# # Amp Model Mappings
# # Route unavailable Amp models to alternative models available in your local proxy.
# # Useful when Amp CLI requests models you don't have access to (e.g., Claude Opus 4.5)
# # but you have a similar model available (e.g., Claude Sonnet 4).
# model-mappings:
# - from: "claude-opus-4-5-20251101" # Model requested by Amp CLI
# to: "gemini-claude-opus-4-5-thinking" # Route to this available model instead
# - from: "claude-sonnet-4-5-20250929"
# to: "gemini-claude-sonnet-4-5-thinking"
# - from: "claude-haiku-4-5-20251001"
# to: "gemini-2.5-flash"
# Global OAuth model name aliases (per channel)
# These aliases rename model IDs for both model listing and request routing.
# Supported channels: gemini-cli, vertex, aistudio, antigravity, claude, codex, qwen, iflow, kiro, github-copilot, kimi.
# NOTE: Aliases do not apply to gemini-api-key, codex-api-key, claude-api-key, openai-compatibility, vertex-api-key, or ampcode.
# You can repeat the same name with different aliases to expose multiple client model names.
# oauth-model-alias:
# antigravity:
# - name: "rev19-uic3-1p"
# alias: "gemini-2.5-computer-use-preview-10-2025"
# - name: "gemini-3-pro-image"
# alias: "gemini-3-pro-image-preview"
# - name: "gemini-3-pro-high"
# alias: "gemini-3-pro-preview"
# - name: "gemini-3-flash"
# alias: "gemini-3-flash-preview"
# - name: "claude-sonnet-4-5"
# alias: "gemini-claude-sonnet-4-5"
# - name: "claude-sonnet-4-5-thinking"
# alias: "gemini-claude-sonnet-4-5-thinking"
# - name: "claude-opus-4-5-thinking"
# alias: "gemini-claude-opus-4-5-thinking"
# gemini-cli:
# - name: "gemini-2.5-pro" # original model name under this channel
# alias: "g2.5p" # client-visible alias
# fork: true # when true, keep original and also add the alias as an extra model (default: false)
# vertex:
# - name: "gemini-2.5-pro"
# alias: "g2.5p"
# aistudio:
# - name: "gemini-2.5-pro"
# alias: "g2.5p"
# claude:
# - name: "claude-sonnet-4-5-20250929"
# alias: "cs4.5"
# codex:
# - name: "gpt-5"
# alias: "g5"
# qwen:
# - name: "qwen3-coder-plus"
# alias: "qwen-plus"
# iflow:
# - name: "glm-4.7"
# alias: "glm-god"
# kimi:
# - name: "kimi-k2.5"
# alias: "k2.5"
# kiro:
# - name: "kiro-claude-opus-4-5"
# alias: "op45"
# github-copilot:
# - name: "gpt-5"
# alias: "copilot-gpt5"
# OAuth provider excluded models
# Supported channels: gemini-cli, vertex, aistudio, antigravity, claude, codex, qwen, iflow, kiro, github-copilot.
# oauth-excluded-models:
# gemini-cli:
# - "gemini-2.5-pro" # exclude specific models (exact match)
# - "gemini-2.5-*" # wildcard matching prefix (e.g. gemini-2.5-flash, gemini-2.5-pro)
# - "*-preview" # wildcard matching suffix (e.g. gemini-3-pro-preview)
# - "*flash*" # wildcard matching substring (e.g. gemini-2.5-flash-lite)
# vertex:
# - "gemini-3-pro-preview"
# aistudio:
# - "gemini-3-pro-preview"
# antigravity:
# - "gemini-3-pro-preview"
# claude:
# - "claude-3-5-haiku-20241022"
# codex:
# - "gpt-5-codex-mini"
# qwen:
# - "vision-model"
# iflow:
# - "tstars2.0"
# kimi:
# - "kimi-k2-thinking"
# kiro:
# - "kiro-claude-haiku-4-5"
# github-copilot:
# - "raptor-mini"
# Optional payload configuration
# payload:
# default: # Default rules only set parameters when they are missing in the payload.
# - models:
# - name: "gemini-2.5-pro" # Supports wildcards (e.g., "gemini-*")
# protocol: "gemini" # restricts the rule to a specific protocol, options: openai, gemini, claude, codex, antigravity
# params: # JSON path (gjson/sjson syntax) -> value
# "generationConfig.thinkingConfig.thinkingBudget": 32768
# default-raw: # Default raw rules set parameters using raw JSON when missing (must be valid JSON).
# - models:
# - name: "gemini-2.5-pro" # Supports wildcards (e.g., "gemini-*")
# protocol: "gemini" # restricts the rule to a specific protocol, options: openai, gemini, claude, codex, antigravity
# params: # JSON path (gjson/sjson syntax) -> raw JSON value (strings are used as-is, must be valid JSON)
# "generationConfig.responseJsonSchema": "{\"type\":\"object\",\"properties\":{\"answer\":{\"type\":\"string\"}}}"
# override: # Override rules always set parameters, overwriting any existing values.
# - models:
# - name: "gpt-*" # Supports wildcards (e.g., "gpt-*")
# protocol: "codex" # restricts the rule to a specific protocol, options: openai, gemini, claude, codex, antigravity
# params: # JSON path (gjson/sjson syntax) -> value
# "reasoning.effort": "high"
# override-raw: # Override raw rules always set parameters using raw JSON (must be valid JSON).
# - models:
# - name: "gpt-*" # Supports wildcards (e.g., "gpt-*")
# protocol: "codex" # restricts the rule to a specific protocol, options: openai, gemini, claude, codex, antigravity
# params: # JSON path (gjson/sjson syntax) -> raw JSON value (strings are used as-is, must be valid JSON)
# "response_format": "{\"type\":\"json_schema\",\"json_schema\":{\"name\":\"answer\",\"schema\":{\"type\":\"object\"}}}"
# filter: # Filter rules remove specified parameters from the payload.
# - models:
# - name: "gemini-2.5-pro" # Supports wildcards (e.g., "gemini-*")
# protocol: "gemini" # restricts the rule to a specific protocol, options: openai, gemini, claude, codex, antigravity
# params: # JSON paths (gjson/sjson syntax) to remove from the payload
# - "generationConfig.thinkingConfig.thinkingBudget"
# - "generationConfig.responseJsonSchema"

26
apps/cliproxyapi-plus/latest/docker-compose.yml Normal file
View File

@@ -0,0 +1,26 @@
services:
cliproxyapi-plus:
image: eceasy/cli-proxy-api-plus:latest
container_name: ${CONTAINER_NAME}
restart: always
networks:
- 1panel-network
ports:
- ${PANEL_APP_PORT_8317}:8317
- ${PANEL_APP_PORT_8085}:8085
- ${PANEL_APP_PORT_1455}:1455
- ${PANEL_APP_PORT_54545}:54545
- ${PANEL_APP_PORT_51121}:51121
- ${PANEL_APP_PORT_11451}:11451
volumes:
- ./data/config.yaml:/CLIProxyAPI/config.yaml
- ./data/auths:/root/.cli-proxy-api
- ./data/logs:/CLIProxyAPI/logs
environment:
- TZ=${TZ}
labels:
createdBy: "Apps"
networks:
1panel-network:
external: true

BIN
apps/cliproxyapi-plus/logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 48 KiB

85
apps/tailscale-derp/README.md Normal file
View File

@@ -0,0 +1,85 @@
# Tailscale Derp
Tailscale DERP 中继服务器使用完整配置方式包含tailscale和derper共存的部署方案。
## 功能特点
- 完整的tailscale和derper共存配置
- 支持客户端验证,防止被滥用
- 占用资源少,部署简单
- 支持多种架构amd64、arm64、arm/v7
## 使用说明
### 默认端口
- TCP: 43443
- UDP: 43478
### 登录指南
部署完成后需要获取tailscale登录链接
```bash
# 查看tailscale容器日志获取登录链接
docker logs -f <容器名称>-tailscale
```
在日志中找到类似以下内容的登录链接:
```
To authenticate, visit:
https://login.tailscale.com/a/xxxxxxx
```
复制链接到浏览器打开并登录Tailscale账户。
### 防火墙配置
确保服务器防火墙开放以下端口:
- TCP 43443
- UDP 43478
### Tailscale ACL 配置
在 Tailscale 控制面板的 Access controls 中添加以下配置:
```json
{
"derpMap": {
"OmitDefaultRegions": false,
"Regions": {
"912": {
"RegionID": 912,
"RegionCode": "derper_self",
"RegionName": "Derper Self",
"Nodes": [
{
"Name": "derper_self",
"RegionID": 912,
"DERPPort": 43443,
"STUNPort": 43478,
"IPv4": "YOUR_SERVER_IP",
"InsecureForTests": true
}
]
}
}
}
}
```
保存后,客户端需要重新连接以获取新配置。
### 验证部署
使用以下命令验证 DERP 服务器是否正常工作:
```bash
tailscale netcheck
```
## 相关链接
- 官方网站: https://tailscale.com
- GitHub: https://github.com/yangchuansheng/ip_derper
- 部署文档: https://seepine.com/ops/tailscale/derper/

85
apps/tailscale-derp/README_en.md Normal file
View File

@@ -0,0 +1,85 @@
# Tailscale Derp
Tailscale DERP relay server with complete configuration, including coexistence of tailscale and derper.
## Features
- Complete tailscale and derper coexistence configuration
- Supports client verification to prevent abuse
- Low resource consumption, simple deployment
- Supports multiple architectures (amd64, arm64, arm/v7)
## Usage
### Default Ports
- TCP: 43443
- UDP: 43478
### Login Guide
After deployment, you need to get the tailscale login link:
```bash
# Check tailscale container logs for login link
docker logs -f <container-name>-tailscale
```
Find the login link in the logs similar to:
```
To authenticate, visit:
https://login.tailscale.com/a/xxxxxxx
```
Copy the link to browser and login to your Tailscale account.
### Firewall Configuration
Ensure the following ports are open in the server firewall:
- TCP 43443
- UDP 43478
### Tailscale ACL Configuration
Add the following configuration in the Access controls section of the Tailscale control panel:
```json
{
"derpMap": {
"OmitDefaultRegions": false,
"Regions": {
"912": {
"RegionID": 912,
"RegionCode": "derper_self",
"RegionName": "Derper Self",
"Nodes": [
{
"Name": "derper_self",
"RegionID": 912,
"DERPPort": 43443,
"STUNPort": 43478,
"IPv4": "YOUR_SERVER_IP",
"InsecureForTests": true
}
]
}
}
}
}
```
After saving, clients need to reconnect to get the new configuration.
### Verify Deployment
Use the following command to verify the DERP server is working:
```bash
tailscale netcheck
```
## Links
- Website: https://tailscale.com
- GitHub: https://github.com/yangchuansheng/ip_derper
- Documentation: https://seepine.com/ops/tailscale/derper/

29
apps/tailscale-derp/data.yml Normal file
View File

@@ -0,0 +1,29 @@
name: Tailscale Derp
tags:
- 网络工具
- VPN
title: Tailscale DERP 中继服务器
description: Tailscale DERP 中继服务器,无需域名即可使用
additionalProperties:
key: tailscale-derp
name: Tailscale Derp
tags:
- Network
- VPN
shortDescZh: Tailscale DERP 中继服务器,无需域名即可使用
shortDescEn: Tailscale DERP relay server, no domain required
description:
en: Tailscale DERP relay server for private VPN connections without domain requirements
zh: Tailscale DERP 中继服务器,用于无需域名的私有 VPN 连接
zh-Hant: Tailscale DERP 中繼服務器,用於無需域名的私有 VPN 連線
type: website
crossVersionUpdate: true
limit: 0
recommend: 50
website: https://tailscale.com
github: https://github.com/yangchuansheng/ip_derper
document: https://ameow.xyz/archives/tailscale-derp-server-deployment
architectures:
- amd64
- arm64
- arm/v7

52
apps/tailscale-derp/latest/data.yml Normal file
View File

@@ -0,0 +1,52 @@
additionalProperties:
formFields:
- default: 43443
edit: true
envKey: PANEL_APP_PORT_TCP
labelEn: TCP Port
labelZh: TCP 端口
required: true
rule: paramPort
type: number
label:
en: TCP Port
ja: TCP ポート
ms: Port TCP
pt-br: Porta TCP
ru: TCP порт
ko: TCP 포트
zh-Hant: TCP 埠
zh: TCP 端口
- default: 43478
edit: true
envKey: PANEL_APP_PORT_UDP
labelEn: UDP Port
labelZh: UDP 端口
required: true
rule: paramPort
type: number
label:
en: UDP Port
ja: UDP ポート
ms: Port UDP
pt-br: Porta UDP
ru: UDP порт
ko: UDP 포트
zh-Hant: UDP 埠
zh: UDP 端口
- default: true
edit: true
envKey: DERP_VERIFY_CLIENTS
labelEn: Verify Clients
labelZh: 验证客户端
required: false
type: boolean
label:
en: Verify Clients
ja: クライアント認証
ms: Verifikasi Pelanggan
pt-br: Verificar Clientes
ru: Проверка клиентов
ko: 클라이언트 확인
zh-Hant: 驗證客戶端
zh: 验证客户端

38
apps/tailscale-derp/latest/docker-compose.yml Normal file
View File

@@ -0,0 +1,38 @@
services:
tailscale:
image: tailscale/tailscale:latest
environment:
- TS_HOSTNAME=tailscale-docker
- TS_AUTH_ONCE=true
- TS_STATE_DIR=/data
volumes:
- tailscale:/var/run/tailscale
- tailscale_data:/data
networks:
- 1panel-network
derper:
image: ghcr.io/yangchuansheng/ip_derper:latest
container_name: ${CONTAINER_NAME}
restart: always
networks:
- 1panel-network
ports:
- "${PANEL_APP_PORT_TCP}:443"
- "${PANEL_APP_PORT_UDP}:3478/udp"
volumes:
- tailscale:/var/run/tailscale
environment:
- DERP_VERIFY_CLIENTS=${DERP_VERIFY_CLIENTS}
depends_on:
- tailscale
labels:
createdBy: "Apps"
volumes:
tailscale:
tailscale_data:
networks:
1panel-network:
external: true

BIN
apps/tailscale-derp/logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 23 KiB

69
skills/SKILL.md
View File

@@ -59,7 +59,23 @@ Based on user input type, extract Docker deployment details:
2. Extract the image name and tag
3. Identify exposed ports and data directories
### Step 2: Generate App Key and Metadata
### Step 2: Resolve Latest Version (Create Version + latest)
Always create **two** version directories when possible:
- `latest/` uses image tag `latest`
- `<version>/` uses the **latest concrete tag** from the registry
**How to resolve the latest concrete tag:**
1. If the image is on **GitHub Container Registry** (`ghcr.io`), query tags from GitHub Packages (GHCR).
2. Otherwise, query **Docker Hub** tags.
3. Prefer the newest semver-like tag (e.g., `v1.2.3` or `1.2.3`). If none exist, pick the most recently updated non-`latest` tag.
4. If you cannot resolve a concrete tag, fall back to the image tag from input and warn the user.
**Rule:** The `latest/` directory must **always** use `image: ...:latest`. The `<version>/` directory must **always** use `image: ...:<version>`.
### Step 3: Generate App Key and Metadata
**App Key Rules:**
- Lowercase only
@@ -100,7 +116,7 @@ additionalProperties:
# Add: arm/v7, arm/v6, s390x if supported
```
### Step 3: Define Parameters (version/data.yml)
### Step 4: Define Parameters (version/data.yml)
Parameters become UI form fields in 1Panel. Define user-configurable values:
@@ -170,7 +186,25 @@ additionalProperties:
- `paramExtUrl`: Valid URL format
- Empty string: No validation
### Step 4: Create docker-compose.yml
### Port envKey Naming (Use 1Panel Standard Names)
Prefer these **standard** `envKey` names (observed across apps in `apps/`):
- `PANEL_APP_PORT_HTTP` (primary Web/UI port)
- `PANEL_APP_PORT_HTTPS`
- `PANEL_APP_PORT_API`
- `PANEL_APP_PORT_ADMIN`
- `PANEL_APP_PORT_PROXY`
- `PANEL_APP_PORT_PROXY_HTTP`
- `PANEL_APP_PORT_PROXY_HTTPS`
- `PANEL_APP_PORT_DB`
- `PANEL_APP_PORT_SSH`
- `PANEL_APP_PORT_S3`
- `PANEL_APP_PORT_SYNC`
**Guideline:** Use the most semantically correct name first; only invent new suffixes if none of the standard names fit.
### Step 5: Create docker-compose.yml
Convert the original Docker deployment to use variable substitution:
@@ -199,12 +233,20 @@ networks:
1. Always use `${CONTAINER_NAME}` for container_name
2. Always use `restart: always`
3. Always connect to `1panel-network` (external network)
4. Port mapping uses `PANEL_APP_PORT_*` variables from data.yml
4. Port mapping uses `PANEL_APP_PORT_*` variables from version/data.yml
5. Volume paths use relative `./data/` for persistence
6. Add `labels: createdBy: "Apps"`
7. Keep original environment variables but use defaults
### Step 5: Create README Files
**Port Mapping Format (Important):**
Use quoted mappings like:
```
- "${PANEL_APP_PORT_HTTP}:8080"
```
and ensure the same `envKey` exists in `version/data.yml`.
### Step 6: Create README Files
**README.md (Chinese):**
```markdown
@@ -269,17 +311,19 @@ Brief description of the application.
- GitHub: https://github.com/org/repo
```
### Step 6: Download App Icon
### Step 7: Download App Icon
Search and download the app logo from these sources (in order):
**Priority order:**
1. **Search the GitHub repository** for common icon files (e.g., `logo.png`, `icon.png`, `assets/logo.png`, `.github/icon.png`). Use the repo's raw download URL if found.
2. If not found, search and download the app logo from these sources (in order):
1. **Dashboard Icons**: https://dashboardicons.com/icons?q={app-name}
2. **Simple Icons**: https://simpleicons.org/?q={app-name}
3. **Selfh.st Icons**: https://selfh.st/icons/
Save as `logo.png` in the app root directory.
**Do not** create a placeholder or incorrect icon. If not found, warn and leave `logo.png` for manual replacement.
### Step 7: Create Data Directory Structure
### Step 8: Create Data Directory Structure
Create the `data/` directory inside the version folder:
```bash
@@ -294,13 +338,16 @@ Before delivering the app package, verify:
- [ ] App key is lowercase with hyphens only
- [ ] All required fields in top-level data.yml are present
- [ ] Version data.yml has proper parameter definitions
- [ ] `latest/` and `<version>/` directories both exist (when a concrete tag is resolvable)
- [ ] `latest/` uses image tag `latest`
- [ ] `<version>/` uses the concrete latest tag from registry
- [ ] Version data.yml has proper parameter definitions (formFields)
- [ ] docker-compose.yml uses variable substitution correctly
- [ ] `1panel-network` is defined as external network
- [ ] Volume paths use relative `./data/` format
- [ ] README files are created with proper documentation
- [ ] Logo file exists (logo.png)
- [ ] Version directory follows semver or uses "latest"
- [ ] Version directory follows semver; avoid only `latest`
## Common Patterns

366
skills/scripts/generate-app.sh
View File

@@ -67,6 +67,171 @@ log_info() { echo -e "${GREEN}[INFO]${NC} $1"; }
log_warn() { echo -e "${YELLOW}[WARN]${NC} $1"; }
log_error() { echo -e "${RED}[ERROR]${NC} $1"; }
# 解析镜像引用(支持 registry/namespace/repo:tag
parse_image_ref() {
local image_ref="$1"
local image_no_tag tag
# 去掉 digest
image_ref="${image_ref%%@*}"
if [[ "$image_ref" =~ ^(.+):([^/:]+)$ ]]; then
image_no_tag="${BASH_REMATCH[1]}"
tag="${BASH_REMATCH[2]}"
else
image_no_tag="$image_ref"
tag="latest"
fi
local first_segment="${image_no_tag%%/*}"
if [[ "$image_no_tag" == */* ]] && ([[ "$first_segment" == *.* ]] || [[ "$first_segment" == *:* ]] || [[ "$first_segment" == "localhost" ]]); then
REGISTRY="$first_segment"
IMAGE_PATH="${image_no_tag#*/}"
else
REGISTRY="docker.io"
IMAGE_PATH="$image_no_tag"
fi
if [[ "$IMAGE_PATH" == */* ]]; then
NAMESPACE="${IMAGE_PATH%%/*}"
REPO_PATH="${IMAGE_PATH#*/}"
else
NAMESPACE="library"
REPO_PATH="$IMAGE_PATH"
fi
IMAGE_BASE="$image_no_tag"
TAG="$tag"
}
# 获取 Docker Hub 最新版本号
get_latest_tag_docker_hub() {
local namespace="$1"
local repo_path="$2"
local url="https://hub.docker.com/v2/repositories/${namespace}/${repo_path}/tags?page_size=100&ordering=last_updated"
local tags
tags=$(curl -s "$url" | jq -r '.results[].name' 2>/dev/null || true)
local semver
semver=$(echo "$tags" | grep -E '^[vV]?[0-9]+\\.[0-9]+(\\.[0-9]+)?$' | head -n1 || true)
if [[ -n "$semver" ]]; then
echo "$semver"
return 0
fi
local nonlatest
nonlatest=$(echo "$tags" | grep -v '^latest$' | head -n1 || true)
echo "${nonlatest:-latest}"
}
# 获取 GHCR 最新版本号
get_latest_tag_ghcr() {
local namespace="$1"
local repo_path="$2"
local token tags
token=$(curl -s "https://ghcr.io/token?service=ghcr.io&scope=repository:${namespace}/${repo_path}:pull" | jq -r '.token' 2>/dev/null || true)
if [[ -z "$token" || "$token" == "null" ]]; then
echo "latest"
return 0
fi
tags=$(curl -s -H "Authorization: Bearer ${token}" "https://ghcr.io/v2/${namespace}/${repo_path}/tags/list" | jq -r '.tags[]' 2>/dev/null || true)
local semver
semver=$(echo "$tags" | grep -E '^[vV]?[0-9]+\\.[0-9]+(\\.[0-9]+)?$' | sort -V | tail -n1 || true)
if [[ -n "$semver" ]]; then
echo "$semver"
return 0
fi
local nonlatest
nonlatest=$(echo "$tags" | grep -v '^latest$' | sort -V | tail -n1 || true)
echo "${nonlatest:-latest}"
}
# 统一获取最新版本号
get_latest_tag() {
if [[ "$REGISTRY" == "ghcr.io" ]]; then
get_latest_tag_ghcr "$NAMESPACE" "$REPO_PATH"
return 0
fi
# 默认走 Docker Hub
get_latest_tag_docker_hub "$NAMESPACE" "$REPO_PATH"
}
# 解析端口映射条目为 host:container
parse_port_entry() {
local entry="$1"
entry="${entry%\"}"
entry="${entry#\"}"
if [[ "$entry" == */* ]]; then
entry="${entry%/*}"
fi
IFS=':' read -r -a parts <<< "$entry"
local host_port container_port
if [[ ${#parts[@]} -eq 1 ]]; then
host_port="${parts[0]}"
container_port="${parts[0]}"
elif [[ ${#parts[@]} -eq 2 ]]; then
host_port="${parts[0]}"
container_port="${parts[1]}"
else
host_port="${parts[-2]}"
container_port="${parts[-1]}"
fi
echo "${host_port}:${container_port}"
}
# 根据端口号选择 1Panel 常用 envKey
map_port_envkey() {
local port="$1"
local index="$2"
case "$port" in
80|8080|3000|5173|8000|5000)
echo "PANEL_APP_PORT_HTTP"
;;
443|8443)
echo "PANEL_APP_PORT_HTTPS"
;;
22)
echo "PANEL_APP_PORT_SSH"
;;
3306|5432|27017|6379)
echo "PANEL_APP_PORT_DB"
;;
9000|9001|8081|7001)
echo "PANEL_APP_PORT_API"
;;
*)
if [[ "$index" -eq 0 ]]; then
echo "PANEL_APP_PORT_HTTP"
else
echo "PANEL_APP_PORT_API"
fi
;;
esac
}
# envKey 对应标签
labels_for_envkey() {
local envkey="$1"
case "$envkey" in
PANEL_APP_PORT_HTTP) echo "Web Port|Web端口" ;;
PANEL_APP_PORT_HTTPS) echo "HTTPS Port|HTTPS端口" ;;
PANEL_APP_PORT_API) echo "API Port|API端口" ;;
PANEL_APP_PORT_ADMIN) echo "Admin Port|管理端口" ;;
PANEL_APP_PORT_PROXY) echo "Proxy Port|代理端口" ;;
PANEL_APP_PORT_DB) echo "DB Port|数据库端口" ;;
PANEL_APP_PORT_SSH) echo "SSH Port|SSH端口" ;;
PANEL_APP_PORT_S3) echo "S3 Port|S3端口" ;;
PANEL_APP_PORT_PROXY_HTTP) echo "Proxy HTTP Port|代理HTTP端口" ;;
PANEL_APP_PORT_PROXY_HTTPS) echo "Proxy HTTPS Port|代理HTTPS端口" ;;
PANEL_APP_PORT_SYNC) echo "Sync Port|同步端口" ;;
*) echo "Port|端口" ;;
esac
}
# 检测输入类型
detect_input_type() {
local input="$1"
@@ -146,22 +311,22 @@ extract_from_compose() {
# 提取镜像
local image
image=$(echo "$compose_content" | yq ".services.${SERVICE_NAME}.image" 2>/dev/null || echo "")
# 解析镜像名和标签
if [[ "$image" =~ ^([^:]+):(.+)$ ]]; then
IMAGE="${BASH_REMATCH[1]}"
TAG="${BASH_REMATCH[2]}"
else
IMAGE="$image"
TAG="latest"
fi
parse_image_ref "$image"
# 提取端口
PORT=$(echo "$compose_content" | yq ".services.${SERVICE_NAME}.ports[0]" 2>/dev/null | grep -oE '[0-9]+$' || echo "8080")
PORT_ENTRIES=()
while IFS= read -r line; do
[[ -z "$line" || "$line" == "null" ]] && continue
PORT_ENTRIES+=("$line")
done < <(echo "$compose_content" | yq ".services.${SERVICE_NAME}.ports[]" 2>/dev/null || true)
if [[ ${#PORT_ENTRIES[@]} -eq 0 ]]; then
PORT_ENTRIES=("8080")
fi
log_info "服务名: $SERVICE_NAME"
log_info "镜像: $IMAGE:$TAG"
log_info "端口: $PORT"
log_info "镜像: $IMAGE_BASE:$TAG"
log_info "端口数量: ${#PORT_ENTRIES[@]}"
}
# 从 docker run 命令提取信息
@@ -171,21 +336,30 @@ extract_from_docker_run() {
log_info "正在解析 docker run 命令"
# 提取镜像
IMAGE=$(echo "$cmd" | grep -oE '[^ ]+:[^ ]+$' | cut -d':' -f1 || echo "")
TAG=$(echo "$cmd" | grep -oE '[^ ]+:[^ ]+$' | cut -d':' -f2 || echo "latest")
local image_ref
image_ref=$(echo "$cmd" | awk '{print $NF}')
parse_image_ref "$image_ref"
# 提取容器名
SERVICE_NAME=$(echo "$cmd" | grep -oE '\-\-name[= ]+[^ ]+' | awk '{print $NF}' || echo "app")
# 提取端口
PORT=$(echo "$cmd" | grep -oE '\-p[= ]+[0-9]+:[0-9]+' | grep -oE '[0-9]+$' || echo "8080")
PORT_ENTRIES=()
while IFS= read -r line; do
[[ -z "$line" ]] && continue
PORT_ENTRIES+=("$line")
done < <(echo "$cmd" | grep -oE '\-p[= ]+[^ ]+' | awk '{print $NF}' || true)
if [[ ${#PORT_ENTRIES[@]} -eq 0 ]]; then
PORT_ENTRIES=("8080")
fi
APP_NAME="$SERVICE_NAME"
APP_KEY=$(echo "$SERVICE_NAME" | tr '[:upper:]' '[:lower:]')
log_info "应用名称: $APP_NAME"
log_info "镜像: $IMAGE:$TAG"
log_info "端口: $PORT"
log_info "镜像: $IMAGE_BASE:$TAG"
log_info "端口数量: ${#PORT_ENTRIES[@]}"
}
# 生成 data.yml
@@ -231,9 +405,45 @@ additionalProperties:
EOF
}
# 生成 version/data.yml参数定义
generate_version_data_yml() {
local output_file="$1"
log_info "生成版本 data.yml: $output_file"
cat > "$output_file" << EOF
additionalProperties:
formFields:
EOF
local i
for ((i=0; i<${#CONTAINER_PORTS[@]}; i++)); do
local envkey="${PORT_ENV_KEYS[$i]}"
local default_port="${HOST_PORTS[$i]}"
local labels
labels=$(labels_for_envkey "$envkey")
local label_en="${labels%%|*}"
local label_zh="${labels##*|}"
cat >> "$output_file" << EOF
- default: ${default_port}
edit: true
envKey: ${envkey}
labelEn: ${label_en}
labelZh: ${label_zh}
required: true
rule: paramPort
type: number
label:
en: ${label_en}
zh: ${label_zh}
EOF
done
}
# 生成 docker-compose.yml
generate_docker_compose() {
local output_file="$1"
local image_tag="$2"
log_info "生成 docker-compose.yml: $output_file"
@@ -245,14 +455,23 @@ services:
networks:
- 1panel-network
ports:
- "\${PANEL_APP_PORT_HTTP}:${PORT:-8080}"
EOF
local i
for ((i=0; i<${#CONTAINER_PORTS[@]}; i++)); do
cat >> "$output_file" << EOF
- "\${${PORT_ENV_KEYS[$i]}}:${CONTAINER_PORTS[$i]}"
EOF
done
cat >> "$output_file" << EOF
volumes:
- ./data/data:/app/data
environment:
- PUID=0
- PGID=0
- UMASK=022
image: ${IMAGE:-app}:${TAG:-latest}
image: ${IMAGE_BASE:-app}:${image_tag}
labels:
createdBy: "Apps"
networks:
@@ -312,11 +531,41 @@ EOF
download_icon() {
local app_name="$1"
local output_file="$2"
local github_url="${3:-}"
local icon_name
icon_name=$(echo "$app_name" | tr '[:upper:]' '[:lower:]')
log_info "尝试下载图标: $app_name"
log_info "尝试获取图标: $app_name"
# 优先从 GitHub 仓库内查找常见图标文件
if [[ -n "$github_url" ]]; then
local owner_repo repo_api candidate_paths
owner_repo=$(echo "$github_url" | sed -E 's|https?://github.com/||')
repo_api="https://api.github.com/repos/${owner_repo}"
candidate_paths=(
"logo.png"
"icon.png"
"logo.svg"
"icon.svg"
"assets/logo.png"
"assets/icon.png"
".github/logo.png"
".github/icon.png"
)
for path in "${candidate_paths[@]}"; do
local file_api="${repo_api}/contents/${path}"
local download_url
download_url=$(curl -s "$file_api" | jq -r '.download_url // empty' 2>/dev/null || true)
if [[ -n "$download_url" ]]; then
if curl -sSL -o "$output_file" "$download_url" 2>/dev/null && [[ -s "$output_file" ]]; then
log_info "图标来自仓库: ${path}"
return 0
fi
fi
done
fi
# 尝试各个图标源
for source in "${ICON_SOURCES[@]}"; do
@@ -327,9 +576,8 @@ download_icon() {
fi
done
log_warn "未找到图标,使用占位符"
# 创建简单的占位图标1x1 像素 PNG
echo -n "iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mNk+M9QDwADhgGAWjR9awAAAABJRU5ErkJggg==" | base64 -d > "$output_file"
log_warn "未找到图标,请手动补充 logo.png"
return 1
}
# 主函数
@@ -379,24 +627,70 @@ main() {
;;
esac
# 创建输出目录
local output_dir="${OUTPUT_BASE}/${APP_KEY}/${TAG:-latest}"
mkdir -p "$output_dir"
# 生成端口映射数组
HOST_PORTS=()
CONTAINER_PORTS=()
PORT_ENV_KEYS=()
PORT_ENV_KEYS_USED=()
local i
for ((i=0; i<${#PORT_ENTRIES[@]}; i++)); do
local mapping
mapping=$(parse_port_entry "${PORT_ENTRIES[$i]}")
local host_port="${mapping%%:*}"
local container_port="${mapping##*:}"
HOST_PORTS+=("$host_port")
CONTAINER_PORTS+=("$container_port")
local envkey
envkey=$(map_port_envkey "$container_port" "$i")
# 保证 envKey 唯一
if [[ " ${PORT_ENV_KEYS_USED[*]} " == *" ${envkey} "* ]]; then
envkey="${envkey}_${i}"
fi
PORT_ENV_KEYS+=("$envkey")
PORT_ENV_KEYS_USED+=("$envkey")
done
log_info "输出目录: $output_dir"
# 获取最新版本号
VERSION_TAG=$(get_latest_tag)
if [[ -z "$VERSION_TAG" ]]; then
VERSION_TAG="$TAG"
fi
if [[ -z "$VERSION_TAG" ]]; then
VERSION_TAG="latest"
fi
# 生成文件
generate_data_yml "${output_dir}/data.yml"
generate_docker_compose "${output_dir}/docker-compose.yml"
generate_readme "$output_dir"
download_icon "$APP_NAME" "${output_dir}/logo.png"
# 创建输出目录latest + 具体版本)
local output_dir_latest="${OUTPUT_BASE}/${APP_KEY}/latest"
mkdir -p "$output_dir_latest"
local output_dir_version=""
if [[ "$VERSION_TAG" != "latest" ]]; then
output_dir_version="${OUTPUT_BASE}/${APP_KEY}/${VERSION_TAG}"
mkdir -p "$output_dir_version"
else
log_warn "未能获取具体版本号version 目录将使用 latest请手动修正"
fi
log_info "输出目录: $output_dir_latest"
if [[ -n "$output_dir_version" ]]; then
log_info "输出目录: $output_dir_version"
fi
# 生成 latest 版本文件
generate_version_data_yml "${output_dir_latest}/data.yml"
generate_docker_compose "${output_dir_latest}/docker-compose.yml" "latest"
# 生成具体版本文件
if [[ -n "$output_dir_version" ]]; then
generate_version_data_yml "${output_dir_version}/data.yml"
generate_docker_compose "${output_dir_version}/docker-compose.yml" "$VERSION_TAG"
fi
generate_readme "${OUTPUT_BASE}/${APP_KEY}"
download_icon "$APP_NAME" "${OUTPUT_BASE}/${APP_KEY}/logo.png" "${GITHUB:-}"
# 生成上级目录的 data.yml
generate_data_yml "${OUTPUT_BASE}/${APP_KEY}/data.yml"
cp "${output_dir}/logo.png" "${OUTPUT_BASE}/${APP_KEY}/logo.png" 2>/dev/null || true
cp "${output_dir}/README.md" "${OUTPUT_BASE}/${APP_KEY}/README.md" 2>/dev/null || true
cp "${output_dir}/README_en.md" "${OUTPUT_BASE}/${APP_KEY}/README_en.md" 2>/dev/null || true
# 输出结果
echo ""
log_info "${GREEN}✓ 生成完成!${NC}"