Adding support for an external CloudFlare bypasser service and
introducing a new Docker image build with a dedicated target.
Key Changes
- Added `cloudflare_bypasser_external.py` for external bypasser
integration.
- Updated Docker Compose files to support the new service.
- Introduced a new Docker target for building a separate image for the
external bypasser.
- Refactored relevant modules to utilize the external bypasser when
configured.
- Documentation and configuration updates to reflect new options and
Docker targets.
Impact
- Users can now choose between internal and external CloudFlare
bypassing.
- New Docker image and target streamline deployment of the external
bypasser.
- Improved modularity and maintainability.
- No breaking changes for existing workflows.
Testing
- Manual and E2E tests performed for both bypasser modes.
- Docker Compose setups and new image build verified for development and
production.
Notes
Please review the new configuration options and Docker targets. Update
your environment and deployment scripts as needed. Feedback and
suggestions are welcome!
### Problem
The current `HEALTHCHECK` uses a custom script that fails on any non-2xx
HTTP response. When the API returns a `401 Unauthorized` status (a
common and valid case), the container is incorrectly marked as
`unhealthy`, even though the web server is running perfectly.
### Solution
This PR replaces the custom `pyrequests` script with a standard `curl`
command. The new `HEALTHCHECK` now only verifies that the server is
reachable and responding to connections, regardless of the HTTP status
code.
`curl` is used instead of patching the existing script because it is the
standard, most robust, and simplest solution for this type of check in a
Docker environment. It removes a custom dependency and follows a
well-understood pattern.
This change ensures the container's health status accurately reflects
the state of the server process, improving reliability for orchestration
platforms.
Refactor: Improve Docker build, add Tor support, use SeleniumBase
- Overhauled Dockerfile:
- Switched to python:3.10-slim base.
- Implemented multi-stage builds (base, standard, tor).
- Consolidated RUN layers for efficiency.
- Added locale/timezone setup.
- Added Tor setup and iptables configuration in dedicated stage/script.
- Replaced DrissionPage with SeleniumBase for Cloudflare bypassing.
- Added Tor support via `docker-compose.tor.yml` and `tor.sh` script.
- Updated `docker-compose.yml` to build locally and changed default port
to 8083.
- Added `docker-compose.dev.yml` and `docker-compose.tor.dev.yml`.
- Updated `entrypoint.sh` for timezone and sudo usage.
- Added/Updated environment variables (`TZ`, `USING_TOR`, etc.).
- Improved `.dockerignore`.
- Updated `readme.md` to reflect port changes, build process, document
`TZ`, and add details about the new Tor variant.
The Calibre dependency was due to the script testing for validity of the
downloaded file, as often they would be corrupted from aa. But CWA is
already doing that, so we are just having redundant code here.
For the cloudflarebypasser, I basically run my own version now, instead
of depending on an external library, this way we have better control for
debugging and on the docker image.
Fixes#18, #33, #27, #48, #65, #78, #86, #88, #89
---------
Co-authored-by: mik593 <91991279+mik593@users.noreply.github.com>
This PR add the option to set UID/GID during runtime, making sure the
application is running as a non-root user.
Besides this, it also helps with making sure UID/GID match between
containers.
