Init

Dockerfile

@@ -0,0 +1,11 @@
+FROM alpine
+
+RUN apk add --no-cache supervisor bind-tools iptables sniproxy dnsmasq
+
+ADD instl /usr/local/bin/
+RUN mkdir -p /opt/tariq
+ADD dnsmasq.sh sniproxy.sh domains tariq /opt/tariq/
+
+ADD services.ini /etc/supervisor.d/
+ADD my_init /
+CMD ["/my_init"]

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2017 AliKhadivi
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,98 @@
+## About
+
+Tariq is yet another smart DNS solution to bypass geo-blocking.
+
+## Dependencies
+
+* Docker ([Install](https://docs.docker.com/engine/install/ubuntu/))
+* systemd
+* BASH v4
+* crontab (By default is instaled but is optional)
+* dig
+<!-- * iptables & ipset -->
+<!-- ## Install iptables & ipset on debian based 
+```bash
+sudo apt install iptables ipset
+``` -->
+
+## Install from DockerHub
+
+```bash
+docker pull AliKhadivi/tariq
+docker run -v /usr/local/bin:/install AliKhadivi/tariq instl
+```
+
+## Install from GitHub
+
+```bash
+git clone https://github.com/AliKhadivi/tariq
+cd tariq
+docker build -t AliKhadivi/tariq .
+ln -snf $PWD/tariq /usr/local/bin/tariq
+```
+
+## Usage
+
+Tariq needs to be installed on a server to the region you are interested.
+After you start it, change the DNS of your TV to the IP of your server.
+
+### Start Tariq and enable it on boot
+
+```bash
+tariq start
+tariq enable
+```
+
+### Check if it's running
+
+```bash
+tariq status
+```
+
+### Allow an IP to use your smart DNS
+
+```bash
+tariq add-ip 1.2.3.4
+```
+
+### Remove an IP
+
+```bash
+tariq rm-ip 1.2.3.4
+```
+
+### List all allowed IPs
+
+```bash
+tariq list-ips
+```
+
+### Configuration
+
+If you want to use OpenDNS servers instead Google DNS then do:
+
+```bash
+tariq config-set dns '208.67.222.222,208.67.220.220'
+tariq restart
+```
+
+Tariq by default is using iptables to allow ports `443`, `80`, `53`
+only for the IPs you want. If you prefer to manage this with your own
+firewall rules, then you can disable this feature with:
+
+```bash
+tariq config-set iptables false
+tariq restart
+```
+
+Tariq detects if you have a global IPv6 and it creates IPv6 NAT. This
+feature adds an iptables rule even if `iptables` config options is `false`.
+To disable this feature do:
+
+```bash
+tariq config-set ipv6nat false
+tariq restart
+```
+
+## License
+MIT

build.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+beforeMD5="$(md5sum domains | sed 's/ //g')"
+curl https://gist.githubusercontent.com/AliKhadivi/465b897173ebe1f2922a7adc85c5f214/raw > domains
+afterMD5="$(md5sum domains | sed 's/ //g')"
+if [ $beforeMD5 == $afterMD5 ]
+then
+        echo "Not changed Domains"
+	# exit
+fi
+
+
+
+#./update_domains.sh
+docker build -t AliKhadivi/tariq .
+tariq restart
+#tariq stop
+#tariq start
+#sleep 14
+#tariq status
+

dnsmasq.sh

@@ -0,0 +1,69 @@
+#!/bin/sh
+
+ipv6_iface() {
+    ip -6 route | grep '^default' | sed 's/.*dev[[:space:]]\+\([^[:space:]]\+\).*/\1/'
+}
+
+has_global_ipv6() {
+    local x
+
+    for x in $(ipv6_iface); do
+        if ip -6 addr show dev "$x" | grep -q 'scope global'; then
+            return 0
+        fi
+    done
+
+    return 1
+}
+
+get_ext_ip() {
+    dig +short myip.opendns.com @resolver1.opendns.com 2> /dev/null
+}
+
+get_ext_ipv6() {
+    if has_global_ipv6; then
+        dig AAAA +short myip.opendns.com @2620:0:ccc::2 2> /dev/null
+    fi
+}
+
+cache_server=0
+[ "$1" == "--cache" ] && cache_server=1
+
+if [ "$cache_server" -eq 1 ]; then
+    conf=/tmp/dnsmasq-cache.conf
+    resolv=/tmp/dnsmasq-cache.resolv
+else
+    conf=/tmp/dnsmasq.conf
+    resolv=/tmp/dnsmasq.resolv
+fi
+
+rm -f $conf $resolve
+
+cat > $conf << EOF
+keep-in-foreground
+no-hosts
+resolv-file=$resolv
+EOF
+
+if [ "$cache_server" -eq 1 ]; then
+    echo "port=5399" >> $conf
+    iptables -w -t nat -A OUTPUT -s 127.0.0.1 -p udp -m udp --dport 53 -j REDIRECT --to 5399
+    iptables -w -t nat -A OUTPUT -s 127.0.0.1 -p tcp -m tcp --dport 53 -j REDIRECT --to 5399
+else
+    EXT_IP=${EXT_IP:-$(get_ext_ip)}
+    EXT_IPV6=${EXT_IPV6:-$(get_ext_ipv6)}
+
+    for x in $(cat /opt/tariq/domains); do
+        [[ -n "$EXT_IP" ]] && echo "address=/$x/$EXT_IP" >> $conf
+        [[ -n "$EXT_IPV6" ]] && echo "address=/$x/$EXT_IPV6" >> $conf
+    done
+fi
+
+DNS_SERVER="${DNS_SERVER:-8.8.8.8,8.8.4.4}"
+DNS_SERVER="${DNS_SERVER//,/ }"
+
+for x in $DNS_SERVER; do
+    echo "nameserver $x" >> $resolv
+done
+
+exec dnsmasq -C $conf

domains

@@ -0,0 +1,8 @@
+docker.com
+*.docker.com
+gitlab.com
+*.gitlab.com
+grafana.com
+grafana.org
+*.grafana.org
+*.grafana.com

instl

@@ -0,0 +1,9 @@
+#!/bin/sh
+
+if [ ! -d /install ]; then
+    echo "You need to mount the installation directory to /install" >&2
+    echo "You can to it with: '-v /usr/local/bin:/install'" >&2
+    exit 1
+fi
+
+install -m755 /opt/tariq/tariq /install/tariq

my_init

@@ -0,0 +1,15 @@
+#!/bin/sh
+
+# from http://stackoverflow.com/a/32144661
+is_privileged() {
+    ip link add dummy0 type dummy > /dev/null 2>&1 || return 1
+    ip link delete dummy0 > /dev/null 2>&1
+    return 0
+}
+
+if ! is_privileged; then
+    echo "This container needs to be run with '--privileged' or '--cap-add=NET_ADMIN' option" >&2
+    exit 1
+fi
+
+exec supervisord -c /etc/supervisord.conf -n

services.ini

@@ -0,0 +1,23 @@
+[program:dnsmasq]
+autorestart = true
+stdout_logfile = /dev/stdout
+stdout_logfile_maxbytes = 0
+stderr_logfile = /dev/stderr
+stderr_logfile_maxbytes = 0
+command = /opt/tariq/dnsmasq.sh
+
+[program:dnsmasq-cache]
+autorestart = true
+stdout_logfile = /dev/stdout
+stdout_logfile_maxbytes = 0
+stderr_logfile = /dev/stderr
+stderr_logfile_maxbytes = 0
+command = /opt/tariq/dnsmasq.sh --cache
+
+[program:sniproxy]
+autorestart = true
+stdout_logfile = /dev/stdout
+stdout_logfile_maxbytes = 0
+stderr_logfile = /dev/stderr
+stderr_logfile_maxbytes = 0
+command = /opt/tariq/sniproxy.sh

sniproxy.sh

@@ -0,0 +1,44 @@
+#!/bin/sh
+
+ipv6_iface() {
+    ip -6 route | grep '^default' | sed 's/.*dev[[:space:]]\+\([^[:space:]]\+\).*/\1/'
+}
+
+has_global_ipv6() {
+    local x
+
+    for x in $(ipv6_iface); do
+        if ip -6 addr show dev "$x" | grep -q 'scope global'; then
+            return 0
+        fi
+    done
+
+    return 1
+}
+
+resolver_mode=ipv4_only
+has_global_ipv6 && resolver_mode=ipv6_first
+
+cat > /tmp/sniproxy.conf << EOF
+user nobody
+group nobody
+
+listener 80 {
+    proto http
+}
+
+listener 443 {
+    proto tls
+}
+
+resolver {
+    nameserver 127.0.0.1
+    mode $resolver_mode
+}
+
+table {
+    .* *
+}
+EOF
+
+exec sniproxy -c /tmp/sniproxy.conf -f