@qpjoy/tunnel-cli 0.1.0 → 0.1.2

package/README.md

@@ -17,19 +17,35 @@ Run commands directly through the bundled script:
 
 ```bash
 qp-tunnel-cli status
-qp-tunnel-cli tun-on
-qp-tunnel-cli tun-off
+qp-tunnel-cli server-on
 qp-tunnel-cli update-subscription
 ```
 
 For server commands, `qp-tunnel-cli` re-runs itself with `sudo` when root is needed.
+Use `server-on` for public VPS hosts: it keeps Mihomo running as a local outbound
+proxy and configures shell, SSH, Docker/containerd/buildkit proxy drop-ins without
+enabling TUN route takeover. Reserve `tun-on` for machines that are not serving
+public inbound traffic.
+
+Run any command through the active Mihomo local proxy:
+
+```bash
+qp-tunnel-cli ./electron-server/scripts/manage.sh redeploy
+qp-tunnel-cli -- docker compose build
+```
+
+For host commands, `HTTP_PROXY` points at `127.0.0.1:<mixed-port>`. For
+Docker/Compose build containers, the CLI also injects container-facing variables
+such as `MARKET_CONTAINER_HTTP_PROXY` and `QP_TUNNEL_CONTAINER_HTTP_PROXY`
+pointing at `host.docker.internal:<mixed-port>`.
 
 Install the bundled script as a normal Linux command:
 
 ```bash
 sudo qp-tunnel-cli install-script
+sudo qp-tunnel-cli upgrade-systemd
 sudo mihomo-client status
-sudo mihomo-client tun-on
+sudo mihomo-client server-on
 ```
 
 Use a custom target when needed:

package/README.setup.md

@@ -0,0 +1,10 @@
+```bash
+npm i -g @qpjoy/tunnel-cli@0.1.1
+
+sudo qp-tunnel-cli install-script
+sudo qp-tunnel-cli upgrade-systemd
+
+sudo qp-tunnel-cli tun-off
+sudo qp-tunnel-cli server-on
+sudo qp-tunnel-cli status
+```

package/dist/index.js

@@ -10,6 +10,28 @@ const packageRoot = (0, node_path_1.resolve)(__dirname, '..');
 const bundledClientScript = (0, node_path_1.resolve)(packageRoot, 'resources/mihomo-client.sh');
 const repoClientScript = (0, node_path_1.resolve)(packageRoot, '../../../scripts/mihomo-client.sh');
 const defaultInstallTarget = '/usr/local/bin/mihomo-client';
+const defaultMihomoConfigFile = '/etc/mihomo-client/config.yaml';
+const defaultNoProxyEntries = [
+    'localhost',
+    '127.0.0.1',
+    '::1',
+    'postgres',
+    'market',
+    'db',
+    'redis',
+    'host.docker.internal',
+    'docker.for.mac.host.internal',
+    'docker.for.win.localhost',
+    'kubernetes.docker.internal',
+    '10.0.0.0/8',
+    '172.16.0.0/12',
+    '192.168.0.0/16',
+    '100.64.0.0/10',
+    '100.88.0.0/16',
+    '100.89.0.0/16',
+    '100.90.0.0/16',
+    '.local',
+];
 const clientCommands = new Set([
     'setup',
     'install',
@@ -21,6 +43,11 @@ const clientCommands = new Set([
     'logs',
     'enable',
     'disable',
+    'upgrade-systemd',
+    'server-on',
+    'server-off',
+    'egress-on',
+    'egress-off',
     'proxy-on',
     'proxy-off',
     'tun-on',
@@ -45,19 +72,28 @@ Usage:
   qp-tunnel-cli script-path
   qp-tunnel-cli client-help
   qp-tunnel-cli <mihomo-client command> [options]
+  qp-tunnel-cli -- <command> [args...]
+  qp-tunnel-cli <command-path> [args...]
 
 Common commands:
   qp-tunnel-cli install --url http://IP:3434/peer_user01.mihomo.yaml --user download --password pass
   qp-tunnel-cli status
   qp-tunnel-cli start
+  qp-tunnel-cli server-on
   qp-tunnel-cli tun-on
   qp-tunnel-cli tun-off
   qp-tunnel-cli update-subscription
   qp-tunnel-cli uninstall --purge
+  qp-tunnel-cli ./electron-server/scripts/manage.sh redeploy
 
 The npm package is a thin distributor for the Linux mihomo-client script. Client
 commands re-run through sudo when needed, then execute the bundled shell script.
 
+Unknown commands are executed with QPJoy proxy variables injected. Host commands
+receive HTTP_PROXY=http://127.0.0.1:<mixed-port>; Docker/Compose build contexts
+also receive container-facing variables such as MARKET_CONTAINER_HTTP_PROXY and
+QP_TUNNEL_CONTAINER_HTTP_PROXY=http://host.docker.internal:<mixed-port>.
+
 Install the script as a normal server command:
   sudo qp-tunnel-cli install-script
   sudo mihomo-client status
@@ -123,6 +159,94 @@ function runClientCommand(scriptArgs) {
     }
     runScriptWithoutSudo(scriptArgs);
 }
+function mixedPortFromConfig() {
+    const explicit = process.env.QP_TUNNEL_MIXED_PORT || process.env.MIHOMO_MIXED_PORT;
+    if (explicit && /^\d+$/.test(explicit)) {
+        return explicit;
+    }
+    const configFile = process.env.MIHOMO_CONFIG_FILE || defaultMihomoConfigFile;
+    if (!(0, node_fs_1.existsSync)(configFile)) {
+        process.stderr.write(`Mihomo config not found: ${configFile}\nRun: sudo qp-tunnel-cli install ... && sudo qp-tunnel-cli server-on\n`);
+        process.exit(1);
+    }
+    const content = (0, node_fs_1.readFileSync)(configFile, 'utf8');
+    const match = /^\s*mixed-port\s*:\s*(\d+)/m.exec(content);
+    if (!match) {
+        process.stderr.write(`Could not detect mixed-port from ${configFile}\n`);
+        process.exit(1);
+    }
+    return match[1];
+}
+function mergeCsvValues(...values) {
+    const seen = new Set();
+    const merged = [];
+    for (const value of values) {
+        for (const item of (value || '').split(',')) {
+            const trimmed = item.trim();
+            if (!trimmed || seen.has(trimmed))
+                continue;
+            seen.add(trimmed);
+            merged.push(trimmed);
+        }
+    }
+    return merged.join(',');
+}
+function proxyEnvironment() {
+    const port = mixedPortFromConfig();
+    const hostProxy = `http://127.0.0.1:${port}`;
+    const hostSocksProxy = `socks5://127.0.0.1:${port}`;
+    const containerHost = process.env.QP_TUNNEL_CONTAINER_HOST || 'host.docker.internal';
+    const containerProxy = `http://${containerHost}:${port}`;
+    const noProxy = mergeCsvValues(process.env.NO_PROXY, process.env.no_proxy, defaultNoProxyEntries.join(','));
+    const containerNoProxy = mergeCsvValues(process.env.MARKET_CONTAINER_NO_PROXY, process.env.QP_TUNNEL_CONTAINER_NO_PROXY, noProxy);
+    return {
+        ...process.env,
+        HTTP_PROXY: hostProxy,
+        HTTPS_PROXY: hostProxy,
+        ALL_PROXY: hostSocksProxy,
+        http_proxy: hostProxy,
+        https_proxy: hostProxy,
+        all_proxy: hostSocksProxy,
+        NO_PROXY: noProxy,
+        no_proxy: noProxy,
+        npm_config_proxy: hostProxy,
+        npm_config_https_proxy: hostProxy,
+        npm_config_noproxy: noProxy,
+        pnpm_config_proxy: hostProxy,
+        pnpm_config_https_proxy: hostProxy,
+        pnpm_config_noproxy: noProxy,
+        QP_TUNNEL_MIXED_PORT: port,
+        QP_TUNNEL_HOST_HTTP_PROXY: hostProxy,
+        QP_TUNNEL_HOST_HTTPS_PROXY: hostProxy,
+        QP_TUNNEL_HOST_ALL_PROXY: hostSocksProxy,
+        QP_TUNNEL_CONTAINER_HTTP_PROXY: containerProxy,
+        QP_TUNNEL_CONTAINER_HTTPS_PROXY: containerProxy,
+        QP_TUNNEL_CONTAINER_NO_PROXY: containerNoProxy,
+        CONTAINER_HTTP_PROXY: containerProxy,
+        CONTAINER_HTTPS_PROXY: containerProxy,
+        CONTAINER_NO_PROXY: containerNoProxy,
+        BUILD_CONTAINER_HTTP_PROXY: containerProxy,
+        BUILD_CONTAINER_HTTPS_PROXY: containerProxy,
+        BUILD_CONTAINER_NO_PROXY: containerNoProxy,
+        MARKET_CONTAINER_HTTP_PROXY: process.env.MARKET_CONTAINER_HTTP_PROXY || containerProxy,
+        MARKET_CONTAINER_HTTPS_PROXY: process.env.MARKET_CONTAINER_HTTPS_PROXY || containerProxy,
+        MARKET_CONTAINER_NO_PROXY: containerNoProxy,
+    };
+}
+function runExternalCommand(commandArgs) {
+    if (commandArgs.length === 0) {
+        process.stderr.write('Missing command after qp-tunnel-cli --\n');
+        process.exit(1);
+    }
+    const [rawCommand, ...rawArgs] = commandArgs;
+    const command = rawCommand === 'sudo' && !rawArgs.includes('-E') ? 'sudo' : rawCommand;
+    const commandArgsWithSudoEnv = rawCommand === 'sudo' && !rawArgs.includes('-E') ? ['-E', ...rawArgs] : rawArgs;
+    const result = (0, node_child_process_1.spawnSync)(command, commandArgsWithSudoEnv, {
+        stdio: 'inherit',
+        env: proxyEnvironment(),
+    });
+    exitFromSpawn(result);
+}
 function parseInstallScriptArgs(scriptArgs) {
     let target = defaultInstallTarget;
     for (let index = 0; index < scriptArgs.length; index += 1) {
@@ -186,6 +310,9 @@ async function printScriptPath() {
 }
 async function main() {
     const command = args[0] ?? 'help';
+    if (command === '--') {
+        runExternalCommand(args.slice(1));
+    }
     if (command === 'help' || command === '--help' || command === '-h') {
         help();
         return;
@@ -209,9 +336,10 @@ async function main() {
     if (passthroughCommand && clientCommands.has(passthroughCommand)) {
         runClientCommand(args);
     }
-    process.stderr.write(`Unknown command: ${command}\n`);
+    if (args.length > 0) {
+        runExternalCommand(args);
+    }
     help();
-    process.exitCode = 1;
 }
 main().catch((error) => {
     const message = error instanceof Error ? error.message : String(error);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@qpjoy/tunnel-cli",
-  "version": "0.1.0",
+  "version": "0.1.2",
   "description": "Global QPJoy Tunnel CLI for installing and running the Linux mihomo-client script.",
   "private": false,
   "type": "commonjs",

package/resources/mihomo-client.sh

@@ -16,6 +16,7 @@ MIHOMO_SERVICE_FILE="${MIHOMO_SERVICE_FILE:-/etc/systemd/system/$MIHOMO_SERVICE_
 MIHOMO_PROFILE_PROXY_FILE="${MIHOMO_PROFILE_PROXY_FILE:-/etc/profile.d/mihomo-client-proxy.sh}"
 MIHOMO_DAEMON_PROXY_SERVICES="${MIHOMO_DAEMON_PROXY_SERVICES:-docker.service containerd.service buildkit.service}"
 MIHOMO_DAEMON_PROXY_DROPIN_NAME="${MIHOMO_DAEMON_PROXY_DROPIN_NAME:-mihomo-proxy.conf}"
+MIHOMO_NO_PROXY="${MIHOMO_NO_PROXY:-localhost,127.0.0.1,::1,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,100.64.0.0/10,100.88.0.0/16,100.89.0.0/16,100.90.0.0/16,host.docker.internal,.local}"
 MIHOMO_SSH_PROXY_HELPER="${MIHOMO_SSH_PROXY_HELPER:-/usr/local/bin/mihomo-ssh-proxy}"
 MIHOMO_SSH_CONFIG_DIR="${MIHOMO_SSH_CONFIG_DIR:-/etc/ssh/ssh_config.d}"
 MIHOMO_SSH_CONFIG_FILE="${MIHOMO_SSH_CONFIG_FILE:-$MIHOMO_SSH_CONFIG_DIR/99-mihomo-proxy.conf}"
@@ -41,6 +42,11 @@ Commands:
   logs                 Show recent service logs
   enable               Enable service on boot
   disable              Disable service on boot
+  upgrade-systemd      Refresh the installed systemd unit from this script
+  server-on            Enable persistent server-safe outbound proxy mode, without TUN
+  server-off           Disable server-safe proxy integrations, keeping the service installed
+  egress-on            Alias for server-on
+  egress-off           Alias for server-off
   proxy-on             Write /etc/profile.d proxy exports for login shells
   proxy-off            Remove /etc/profile.d proxy exports
   tun-on               Enable Mihomo TUN mode and also turn proxy-on on
@@ -85,11 +91,13 @@ Examples:
 
   sudo bash ./scripts/mihomo-client.sh update-subscription
   sudo bash ./scripts/mihomo-client.sh start
+  sudo bash ./scripts/mihomo-client.sh server-on
   sudo bash ./scripts/mihomo-client.sh proxy-on
   sudo bash ./scripts/mihomo-client.sh tun-on
   sudo bash ./scripts/mihomo-client.sh ssh-proxy-on
   sudo bash ./scripts/mihomo-client.sh daemon-proxy-on
   sudo bash ./scripts/mihomo-client.sh run curl -I https://www.google.com/generate_204
+  sudo bash ./scripts/mihomo-client.sh run ./electron-server/scripts/manage.sh redeploy
   sudo bash ./scripts/mihomo-client.sh print-env
 EOF
 }
@@ -525,10 +533,10 @@ docker_proxy_env_lines() {
 	cat <<EOF
 HTTP_PROXY=http://127.0.0.1:$port
 HTTPS_PROXY=http://127.0.0.1:$port
-NO_PROXY=localhost,127.0.0.1,::1
+NO_PROXY=$MIHOMO_NO_PROXY
 http_proxy=http://127.0.0.1:$port
 https_proxy=http://127.0.0.1:$port
-no_proxy=localhost,127.0.0.1,::1
+no_proxy=$MIHOMO_NO_PROXY
 EOF
 }
 
@@ -589,6 +597,7 @@ status_command() {
 	echo "TUN mode: $([[ -f "$MIHOMO_TUN_OVERLAY_FILE" ]] && echo enabled || echo disabled)"
 	echo "SSH proxy config: $([[ -f "$MIHOMO_SSH_CONFIG_FILE" ]] && echo enabled || echo disabled)"
 	echo "Managed daemon proxy services: ${daemon_services:-none}"
+	echo "NO_PROXY: $MIHOMO_NO_PROXY"
 	echo
 	systemctl status "$MIHOMO_SERVICE_NAME" --no-pager || true
 }
@@ -711,10 +720,10 @@ daemon_proxy_on_command() {
 [Service]
 Environment="HTTP_PROXY=http://127.0.0.1:$port"
 Environment="HTTPS_PROXY=http://127.0.0.1:$port"
-Environment="NO_PROXY=localhost,127.0.0.1,::1"
+Environment="NO_PROXY=$MIHOMO_NO_PROXY"
 Environment="http_proxy=http://127.0.0.1:$port"
 Environment="https_proxy=http://127.0.0.1:$port"
-Environment="no_proxy=localhost,127.0.0.1,::1"
+Environment="no_proxy=$MIHOMO_NO_PROXY"
 EOF
 	done
 	systemd_reload
@@ -771,17 +780,73 @@ tun_off_command() {
 	fi
 }
 
+server_on_command() {
+	local was_tun_enabled="false"
+	if tun_enabled; then
+		was_tun_enabled="true"
+		remove_tun_overlay
+		render_runtime_config
+	fi
+	if service_is_active; then
+		if [[ "$was_tun_enabled" == "true" ]]; then
+			systemctl restart "$MIHOMO_SERVICE_NAME"
+		fi
+	else
+		systemctl start "$MIHOMO_SERVICE_NAME"
+	fi
+	systemctl enable "$MIHOMO_SERVICE_NAME" >/dev/null 2>&1 || true
+	proxy_on_command
+	ssh_proxy_on_command
+	daemon_proxy_on_command
+	echo "Server-safe outbound proxy mode enabled."
+	echo "Mihomo stays resident as a local proxy; TUN mode is disabled so public inbound services keep their normal return path."
+}
+
+server_off_command() {
+	remove_tun_overlay
+	render_runtime_config
+	proxy_off_command
+	ssh_proxy_off_command
+	daemon_proxy_off_command
+	if service_is_active; then
+		systemctl restart "$MIHOMO_SERVICE_NAME"
+	fi
+	echo "Server-safe outbound proxy integrations disabled. Mihomo service remains installed."
+}
+
 run_command() {
-	local port
+	local port host_proxy host_socks_proxy container_host container_proxy
 	[[ $# -gt 0 ]] || die "Usage: sudo bash ./scripts/mihomo-client.sh run <command> [args...]"
 	port="$(mixed_port_from_config)"
 	[[ -n "$port" ]] || die "Could not detect mixed-port from $MIHOMO_CONFIG_FILE"
-	http_proxy="http://127.0.0.1:$port" \
-	https_proxy="http://127.0.0.1:$port" \
-	HTTP_PROXY="http://127.0.0.1:$port" \
-	HTTPS_PROXY="http://127.0.0.1:$port" \
-	all_proxy="socks5://127.0.0.1:$port" \
-	ALL_PROXY="socks5://127.0.0.1:$port" \
+	host_proxy="http://127.0.0.1:$port"
+	host_socks_proxy="socks5://127.0.0.1:$port"
+	container_host="${QP_TUNNEL_CONTAINER_HOST:-host.docker.internal}"
+	container_proxy="http://${container_host}:$port"
+	http_proxy="$host_proxy" \
+	https_proxy="$host_proxy" \
+	HTTP_PROXY="$host_proxy" \
+	HTTPS_PROXY="$host_proxy" \
+	all_proxy="$host_socks_proxy" \
+	ALL_PROXY="$host_socks_proxy" \
+	no_proxy="$MIHOMO_NO_PROXY" \
+	NO_PROXY="$MIHOMO_NO_PROXY" \
+	QP_TUNNEL_MIXED_PORT="$port" \
+	QP_TUNNEL_HOST_HTTP_PROXY="$host_proxy" \
+	QP_TUNNEL_HOST_HTTPS_PROXY="$host_proxy" \
+	QP_TUNNEL_HOST_ALL_PROXY="$host_socks_proxy" \
+	QP_TUNNEL_CONTAINER_HTTP_PROXY="$container_proxy" \
+	QP_TUNNEL_CONTAINER_HTTPS_PROXY="$container_proxy" \
+	QP_TUNNEL_CONTAINER_NO_PROXY="$MIHOMO_NO_PROXY" \
+	CONTAINER_HTTP_PROXY="$container_proxy" \
+	CONTAINER_HTTPS_PROXY="$container_proxy" \
+	CONTAINER_NO_PROXY="$MIHOMO_NO_PROXY" \
+	BUILD_CONTAINER_HTTP_PROXY="$container_proxy" \
+	BUILD_CONTAINER_HTTPS_PROXY="$container_proxy" \
+	BUILD_CONTAINER_NO_PROXY="$MIHOMO_NO_PROXY" \
+	MARKET_CONTAINER_HTTP_PROXY="${MARKET_CONTAINER_HTTP_PROXY:-$container_proxy}" \
+	MARKET_CONTAINER_HTTPS_PROXY="${MARKET_CONTAINER_HTTPS_PROXY:-$container_proxy}" \
+	MARKET_CONTAINER_NO_PROXY="${MARKET_CONTAINER_NO_PROXY:-$MIHOMO_NO_PROXY}" \
 	"$@"
 }
 
@@ -852,6 +917,23 @@ install_command() {
 	fi
 }
 
+upgrade_systemd_command() {
+	ensure_dirs
+	load_env
+	log "Installing current mihomo-client launcher"
+	install_client_launcher
+	log "Refreshing systemd service file"
+	write_service_file
+	systemd_reload
+	systemctl enable "$MIHOMO_SERVICE_NAME" >/dev/null 2>&1 || true
+	if service_is_active; then
+		systemctl restart "$MIHOMO_SERVICE_NAME"
+		echo "Mihomo client systemd unit updated and service restarted."
+	else
+		echo "Mihomo client systemd unit updated. Start it with: systemctl start $MIHOMO_SERVICE_NAME"
+	fi
+}
+
 start_command() {
 	systemctl start "$MIHOMO_SERVICE_NAME"
 }
@@ -972,6 +1054,15 @@ main() {
 		disable)
 			disable_command
 		;;
+		upgrade-systemd)
+			upgrade_systemd_command
+		;;
+		server-on|egress-on)
+			server_on_command
+		;;
+		server-off|egress-off)
+			server_off_command
+		;;
 		proxy-on)
 			proxy_on_command
 		;;