feat: fix start scripts & Dockerfile

Dockerfile

@@ -36,7 +36,8 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 COPY . .
 
 # Install requirements (python 3)
-RUN pip install -r requirements.txt
+# Pastikan Anda memiliki file requirements.txt dengan 'flask' di dalamnya
+RUN pip install --no-cache-dir -r requirements.txt
 
 # Berikan izin eksekusi ke semua biner dan skrip yang relevan
 RUN chmod +x \
@@ -73,21 +74,13 @@ EXPOSE 20000-65535/udp
 # Needed by HuggingFace Spaces (to avoid starting stuck)
 EXPOSE 7860
 
-# Setup sudo
+# Setup sudo untuk user 'nix'
 RUN useradd -m nix
 RUN echo "nix ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
 USER nix
 
-# Setup VPN
-ENV INTERFACE=$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)' | head -1)
-
-# Setup iptables
-RUN iptables -t nat -A PREROUTING -i "$INTERFACE" -p udp --dport 1:5999 -j DNAT --to-destination :3671
-RUN iptables -t nat -A PREROUTING -i "$INTERFACE" -p udp --dport 6000:19999 -j DNAT --to-destination :5667
-RUN iptables -t nat -A PREROUTING -i "$INTERFACE" -p udp --dport 20000:65535 -j DNAT --to-destination :5666
-RUN iptables -t nat -L -n
-
 # Tentukan entrypoint yang akan menjalankan skrip startup
+# Semua logika dinamis (iptables, sysctl) dipindahkan ke start.sh
 ENTRYPOINT ["/app/start.sh"]
 
 # ==================================================================================================
@@ -103,8 +96,9 @@ ENTRYPOINT ["/app/start.sh"]
 #   --sysctl net.ipv4.ip_forward=1 \
 #   --sysctl net.core.rmem_max=16777216 \
 #   --sysctl net.core.wmem_max=16777216 \
+#   -p 7860:7860 \
 #   -p 8080:8080/tcp \
-#   -p 1000-5000:1000-5000/udp \
+#   -p 1-65535:1-65535/udp \
 #   <nama-image-anda>
 #
 # Di Hugging Face Spaces, Anda perlu mengkonfigurasi ini di `README.md` (metadata).
@@ -115,7 +109,7 @@ ENTRYPOINT ["/app/start.sh"]
 # colorFrom: blue
 # colorTo: green
 # sdk: docker
-# app_port: 8080
+# app_port: 7860
 # docker_args: "--cap-add=NET_ADMIN --cap-add=SYS_NICE"
 # ---
 #

README.md

@@ -5,7 +5,7 @@ colorFrom: blue
 colorTo: green
 sdk: docker
 app_port: 7860
-docker_args: "--cap-add=NET_ADMIN --cap-add=SYS_NICE --sysctl net.ipv4.ip_forward=1 --sysctl net.core.rmem_max=16777216 --sysctl net.core.wmem_max=16777216 --sysctl net.core.netdev_max_backlog=5000 --sysctl net.core.somaxconn=65535 --sysctl vm.swappiness=1 --sysctl net.ipv4.tcp_fin_timeout=10 --sysctl net.ipv4.tcp_keepalive_time=60"
+docker_args: "--user root --cap-add=NET_ADMIN --cap-add=SYS_NICE --sysctl net.ipv4.ip_forward=1 --sysctl net.core.rmem_max=16777216 --sysctl net.core.wmem_max=16777216 --sysctl net.core.netdev_max_backlog=5000 --sysctl net.core.somaxconn=65535 --sysctl vm.swappiness=1 --sysctl net.ipv4.tcp_fin_timeout=10 --sysctl net.ipv4.tcp_keepalive_time=60"
 ---
 Mereka memanggil ku seorang pahlawan, karena aku menyelamatkan
 mereka dari kehancuran.

requirements.txt

@@ -1 +1 @@
-flask
+flask

start.sh

@@ -2,6 +2,7 @@
 set -m
 
 echo "=== Memulai Web Server Flask untuk IP Publik ==="
+# Skrip Flask dijalankan di background. Port 7860 adalah default untuk HF Spaces.
 python3 -c '
 from flask import Flask, Response
 import urllib.request
@@ -9,20 +10,21 @@ import json
 import os
 
 app = Flask(__name__)
-PORT = 7860
+PORT = int(os.environ.get("PORT", 7860))
 
 def get_public_ip():
     """Fetches the public IP address from an external service."""
-    urls = ["https://api.ipify.org?format=json", "https://ipinfo.io/json"]
+    urls = ["https://api.ipify.org?format=json", "https://ipinfo.io/json", "https://httpbin.org/ip"]
     for url in urls:
         try:
-            # Use a timeout to prevent the request from hanging indefinitely
             with urllib.request.urlopen(url, timeout=5) as response:
                 if response.status == 200:
                     data = json.loads(response.read().decode("utf-8"))
-                    if "ip" in data:
+                    # Handle different JSON responses
+                    ip = data.get("ip") or data.get("origin")
+                    if ip:
                         print(f"Successfully fetched IP from {url}")
-                        return data["ip"]
+                        return ip
         except Exception as e:
             print(f"Gagal mendapatkan IP dari {url}: {e}")
     
@@ -36,16 +38,43 @@ def get_ip_route():
     return Response(public_ip, mimetype="text/plain")
 
 if __name__ == "__main__":
-    # Use host="0.0.0.0" to be accessible from outside the container.
-    # Port 7860 is the default for Hugging Face Spaces.
-    print(f"Server Flask IP dimulai di http://0.0.0.0:{PORT}")
     app.run(host="0.0.0.0", port=PORT)
 ' &
 WEBSERVER_PID=$!
 echo "Web server Flask berjalan di background dengan PID: $WEBSERVER_PID"
+sleep 5 # Beri waktu sejenak untuk server Flask memulai
 
 echo "=== Memulai Konfigurasi Server VPN ==="
 
+# 1. Mengaktifkan IP Forwarding & Optimasi Kernel (sysctl)
+# Perintah ini memerlukan hak akses root, jadi kita gunakan sudo.
+# Flag --cap-add=NET_ADMIN diperlukan saat menjalankan container.
+echo "Mengaktifkan IP forwarding dan optimasi kernel..."
+sudo sysctl -w net.ipv4.ip_forward=1
+sudo sysctl -w net.core.rmem_max=16777216
+sudo sysctl -w net.core.wmem_max=16777216
+sudo sysctl -w net.core.netdev_max_backlog=5000
+sudo sysctl -w net.core.somaxconn=65535
+sudo sysctl -w vm.swappiness=1
+# Nonaktifkan pesan error jika file tidak ada
+sudo sysctl -w -e net.ipv4.tcp_fin_timeout=10
+sudo sysctl -w -e net.ipv4.tcp_keepalive_time=60
+
+# 2. Menemukan interface jaringan utama
+# Ini harus dijalankan di dalam container saat runtime.
+INTERFACE=$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)' | head -1)
+if [ -z "$INTERFACE" ]; then
+    echo "ERROR: Tidak dapat menemukan interface jaringan default. Menggunakan 'eth0'."
+    INTERFACE="eth0"
+fi
+echo "Menggunakan interface: $INTERFACE"
+
+# 3. Mengatur MTU & Offloading
+# Memerlukan ethtool dan hak akses root (sudo).
+echo "Mengatur MTU dan offloading pada interface $INTERFACE..."
+sudo ip link set dev "$INTERFACE" mtu 9000
+sudo ethtool -K "$INTERFACE" tso on gso on gro on || echo "Peringatan: ethtool tidak dapat mengatur offloading."
+
 # 4. Mengatur Aturan Firewall (iptables)
 echo "Membersihkan aturan iptables sebelumnya..."
 sudo iptables -F
@@ -63,7 +92,6 @@ echo "Aturan iptables berhasil diterapkan."
 sudo iptables -t nat -L -n
 
 # 5. Menjalankan Layanan VPN di Background
-
 # badvpn-udpgw
 echo "Menjalankan badvpn-udpgw..."
 cd /app/udpgw
@@ -79,19 +107,14 @@ UDP_CUSTOM_PID=$!
 # zivpn
 echo "Menjalankan zivpn..."
 cd /app/zivpn
-./udp-zivpn-linux-amd64 server -c config.json &
-ZIVPN_PID=$!
+./udp-zivpn-linux-amd64 server -c config.json
+# ZIVPN_PID=$!
 
-echo "=== Semua layanan telah dimulai ==="
-echo "PID: webserver=$WEBSERVER_PID, badvpn=$BADVPN_PID, udp-custom=$UDP_CUSTOM_PID, zivpn=$ZIVPN_PID"
+# echo "=== Semua layanan telah dimulai ==="
+# echo "PID: webserver=$WEBSERVER_PID, badvpn=$BADVPN_PID, udp-custom=$UDP_CUSTOM_PID, zivpn=$ZIVPN_PID"
 
 # 6. Tunggu sinyal keluar dan bersihkan
 # trap "echo 'Menutup layanan...'; kill $WEBSERVER_PID $BADVPN_PID $UDP_CUSTOM_PID $ZIVPN_PID; exit 0" SIGINT SIGTERM
 
-# Tunggu semua proses background selesai
-# fg %1 akan membawa proses pertama ke foreground, menjaga kontainer tetap berjalan
-# dan memungkinkan trap untuk menangani sinyal dengan benar.
+# Tunggu semua proses background selesai. Ini menjaga container tetap berjalan.
 # wait $WEBSERVER_PID
-# wait $BADVPN_PID
-# wait $UDP_CUSTOM_PID
-# wait $ZIVPN_PID