notpushkin/outline-keygen.sh

## outline-keygen.sh
#!/bin/bash

set -euo pipefail

fb="$(tput bold)"
fn="$(tput sgr0)"

log() {
  echo "$1" > /dev/stderr
}

read -p "${fb}Server Domain:${fn} " -r SERVER_HOSTNAME

openssl req \
  -x509 -nodes -days 36500 -newkey rsa:4096 \
  -subj "/CN=${SERVER_HOSTNAME}" \
  -keyout shadowbox-selfsigned.key \
  -out shadowbox-selfsigned.crt

FINGERPRINT="$(openssl x509 -in shadowbox-selfsigned.crt -noout -sha256 -fingerprint | tr -d :)"
API_PREFIX="$(head -c 16 /dev/urandom | base64 | tr '/+' '_-' | tr -d '=')"

log "Upload shadowbox-selfsigned.key and shadowbox-selfsigned.crt as Docker Secrets"
log "then proceed to set up the stack. Use the following env variables:"
log ""
log "SB_API_PREFIX=${API_PREFIX}"
log ""
log "To manage your server, paste this into Outline Manager:"
log ""
echo "{\"apiUrl\": \"https://${SERVER_HOSTNAME}:41312/${API_PREFIX}\",\"certSha256\":\"${FINGERPRINT#*=}\"}"

## outline-stack.yml
# Outline VPN server stack adapted for use with Lunni / Docker Swarm.

version: "3.8"

services:
  shadowbox:
    image: quay.io/outline/shadowbox:stable
    ports:
      - "4150:4150"    # Shadowsocks
      - "41312:41312"  # API
    environment:
      SB_METRICS_URL: "http://0.0.0.0/"
      SB_DEFAULT_SERVER_NAME: "${SB_DEFAULT_SERVER_NAME:-Outline × Lunni}"
      SB_STATE_DIR: "/opt/outline/persisted-state"
      SB_API_PORT: "41312"
      SB_API_PREFIX: "${SB_API_PREFIX?}"
      SB_PRIVATE_KEY_FILE: "/run/secrets/shadowbox-selfsigned.key"
      SB_CERTIFICATE_FILE: "/run/secrets/shadowbox-selfsigned.crt"

    volumes:
      - shadowbox_state:/opt/outline/persisted-state
    secrets:
      - source: outline_privkey
        target: shadowbox-selfsigned.key
      - source: outline_pubkey
        target: shadowbox-selfsigned.crt

secrets:
  outline_privkey:
    # file: ./shadowbox-selfsigned.key
    external: true
  outline_pubkey:
    # file: ./shadowbox-selfsigned.crt
    external: true

volumes:
  shadowbox_state:
	#!/bin/bash

	set -euo pipefail

	fb="$(tput bold)"
	fn="$(tput sgr0)"

	log() {
	echo "$1" > /dev/stderr
	}

	read -p "${fb}Server Domain:${fn} " -r SERVER_HOSTNAME

	openssl req \
	-x509 -nodes -days 36500 -newkey rsa:4096 \
	-subj "/CN=${SERVER_HOSTNAME}" \
	-keyout shadowbox-selfsigned.key \
	-out shadowbox-selfsigned.crt

	FINGERPRINT="$(openssl x509 -in shadowbox-selfsigned.crt -noout -sha256 -fingerprint \| tr -d :)"
	API_PREFIX="$(head -c 16 /dev/urandom \| base64 \| tr '/+' '_-' \| tr -d '=')"

	log "Upload shadowbox-selfsigned.key and shadowbox-selfsigned.crt as Docker Secrets"
	log "then proceed to set up the stack. Use the following env variables:"
	log ""
	log "SB_API_PREFIX=${API_PREFIX}"
	log ""
	log "To manage your server, paste this into Outline Manager:"
	log ""
	echo "{\"apiUrl\": \"https://${SERVER_HOSTNAME}:41312/${API_PREFIX}\",\"certSha256\":\"${FINGERPRINT#*=}\"}"
	# Outline VPN server stack adapted for use with Lunni / Docker Swarm.

	version: "3.8"

	services:
	shadowbox:
	image: quay.io/outline/shadowbox:stable
	ports:
	- "4150:4150" # Shadowsocks
	- "41312:41312" # API
	environment:
	SB_METRICS_URL: "http://0.0.0.0/"
	SB_DEFAULT_SERVER_NAME: "${SB_DEFAULT_SERVER_NAME:-Outline × Lunni}"
	SB_STATE_DIR: "/opt/outline/persisted-state"
	SB_API_PORT: "41312"
	SB_API_PREFIX: "${SB_API_PREFIX?}"
	SB_PRIVATE_KEY_FILE: "/run/secrets/shadowbox-selfsigned.key"
	SB_CERTIFICATE_FILE: "/run/secrets/shadowbox-selfsigned.crt"

	volumes:
	- shadowbox_state:/opt/outline/persisted-state
	secrets:
	- source: outline_privkey
	target: shadowbox-selfsigned.key
	- source: outline_pubkey
	target: shadowbox-selfsigned.crt

	secrets:
	outline_privkey:
	# file: ./shadowbox-selfsigned.key
	external: true
	outline_pubkey:
	# file: ./shadowbox-selfsigned.crt
	external: true

	volumes:
	shadowbox_state: