Phicomm N1 Docker V2ray server ws + TLS (+SNIPROXY)
[i=s] 本帖最後由 yiucsw 於 2020-1-27 14:46 編輯 [/i]Reference to [url]http://www.telecom-cafe.com/forum/viewthread.php?tid=7749&extra=page%3D1[/url]
這文章我每次再看都有新發現。
V2ray server ws + tls on N1.
Prepare Docker in N1[size=1]
1) SSH or Filezilla to N1
2) create directory. e.g. docker-v2ray, docker-lighttpd
3) create config file: (要有備份)
4) create docker for v2ray
5) create docker for lighttpd[/size] [i=s] 本帖最後由 yiucsw 於 2020-1-27 14:48 編輯 [/i]
Create docker local image and Container
ssh to N1
[size=1][quote]mkdir -p ~/docker-v2ray-alpine/etc
cd ~/docker-v2ray-alpine
create Dockerfile
create etc/v2ray.json
[/quote][code]docker build -t v2ray . [/code][code]docker run -dt -v $PWD/etc:/etc/v2ray:rw --name v2ray -p 8443:8443 v2ray[/code]or enable SNIproxy/haproxy with overlay network[code]docker run -d -v $PWD/etc:/etc/v2ray:rw --name v2ray --net=container:haproxy v2ray[/code][/size]
[size=1][code]docker logs v2ray
[/code][/size]
start success result:
[size=1][quote]V2Ray 4.22.1 (V2Fly, a community-driven edition of V2Ray.) Custom (go1.13.5 linux/arm64)
A unified platform for anti-censorship.[/quote][/size] [i=s] 本帖最後由 yiucsw 於 2020-1-13 14:03 編輯 [/i]
Dockerfile: 從official v2ray copy 下來
[size=1][code]FROM ubuntu:latest as builder
RUN apt-get update
RUN apt-get install curl -y
RUN curl -L -o /tmp/go.sh https://install.direct/go.sh
RUN chmod +x /tmp/go.sh
RUN /tmp/go.sh
FROM alpine:latest
LABEL maintainer "Darian Raymond <[email]admin@v2ray.com[/email]>"
COPY --from=builder /usr/bin/v2ray/v2ray /usr/bin/v2ray/
COPY --from=builder /usr/bin/v2ray/v2ctl /usr/bin/v2ray/
COPY --from=builder /usr/bin/v2ray/geoip.dat /usr/bin/v2ray/
COPY --from=builder /usr/bin/v2ray/geosite.dat /usr/bin/v2ray/
# COPY v2ray.json /etc/v2ray/v2ray.json
RUN set -ex && \
apk --no-cache add ca-certificates && \
mkdir /var/log/v2ray/ &&\
chmod +x /usr/bin/v2ray/v2ctl && \
chmod +x /usr/bin/v2ray/v2ray
ENV PATH /usr/bin/v2ray:$PATH
CMD ["v2ray", "-config=/etc/v2ray/v2ray.json"][/code][/size] [i=s] 本帖最後由 yiucsw 於 2020-1-19 16:10 編輯 [/i]
v2ray.json. copy for tomleehk
請改-UUID, yourwebddns 是比v2ray 用的dynu.
[size=1][code]
{
"log" : {
"access": "/var/log/access.log",
"error": "/var/log/error.log",
"loglevel": "warning"
},
"inbounds": [
{
"port": 8443,
"protocol": "vmess",
"allocate": {
"strategy": "always"
},
"settings": {
"clients": [
{
"id": "8b737d60-a000-4a0f-8de3-218fa0c0a3d8",
"alterId": 64,
"security": "auto",
"level": 0
}
]
},
"streamSettings": {
"network":"ws",
"wsSettings": {
"connectionReuse": true,
"path": "/vpath",
"headers": {
"Host": "yourweb.dynu.net"
}
}
}
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": {}
}
]
}
[/code][/size] [i=s] 本帖最後由 yiucsw 於 2020-1-27 14:47 編輯 [/i]
create ssl.conf in etc
change non-443 port for haproxy or SNIproxy
[size=1][quote]$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/ssl/server.pem"
ssl.ca-file = "/etc/ssl/fullchain.crt"
}[/quote]
Change to non-443 for haproxy/sniproxy or use router port forward 443 to 2443.
[quote]$SERVER["socket"] == ":2443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/ssl/server.pem"
ssl.ca-file = "/etc/ssl/fullchain.crt"
}
[/quote]
[/size] [i=s] 本帖最後由 yiucsw 於 2020-1-19 16:31 編輯 [/i]
[size=1]Modified from tomleehk's ws+tls
Sample lighttpd.conf from [quote]https://github.com/m4rcu5nl/docker-lighttpd-alpine/blob/master/config/lighttpd/lighttpd.conf[/quote]
Sample mime-types.conf from
[quote][url]https://raw.githubusercontent.com/spujadas/lighttpd-docker/master/etc/lighttpd/mime-types.conf[/quote][/size]
lighttpd.conf changes:
[size=1] [quote]server.modules = (
"mod_rewrite",
"mod_redirect",
"mod_access",
"mod_proxy",
"mod_accesslog",
"mod_openssl"
)[/quote]
add to bottom
[size=1][code]$HTTP["url"] =~ "^/vpath" {
$HTTP["host"] == "exxx.dynu.net" {
proxy.header = ( "upgrade" => "enable")
proxy.server = ( "" => (("host" => "127.0.0.1","port" => 8443)))
}
else {
url.redirect = ( "" => "/" )
}
}[/code][/size]
[size=1]Can access log by
[quote]Docker exec lighttpd cat /etc/lighttpd/access.log[/quote][/size] [i=s] 本帖最後由 yiucsw 於 2020-1-27 14:47 編輯 [/i]
[size=1]Edit from tomleehk [url]http://www.telecom-cafe.com/forum/viewthread.php?tid=7749&extra=page%3D1[/url]
copy and paste from [url]https://github.com/m4rcu5nl/docker-lighttpd-alpine/blob/master/config/lighttpd/lighttpd.conf[/url] [/size]
Build docker image:[code]docker build -t lighttpd .[/code]7) For WS only :[code]
docker run \
--detach \
--name lighttpd \
--mount type=bind,source=/etc/localtime,destination=/etc/localtime,readonly=true \
--mount type=bind,source=$PWD/htdocs,destination=/var/www/localhost/htdocs \
--mount type=bind,source=/etc/ssl,destination=/etc/ssl \
--publish 80:80 \
--publish 443:443 \
lighttpd
[/code][/size]
For enable TLS +WS + haproxy/sniproxy
[size=1][code]docker run --rm -d \
--net=container:haproxy --name lighttpd -v /etc/ssl:/etc/ssl:ro \
-v $PWD/htdocs:/var/www/localhost/htdocs -v $PWD/etc:/etc/lighttpd:ro lighttpd[/code][/size] [i=s] 本帖最後由 yiucsw 於 2020-1-19 16:24 編輯 [/i]
deleted reserved [i=s] 本帖最後由 yiucsw 於 2020-1-19 15:11 編輯 [/i]
[size=1]Modified base on [url]https://github.com/m4rcu5nl/docker-lighttpd-alpine[/url]
Dockerfile
[quote]FROM alpine:latest
# Install packages
RUN apk add --update --no-cache \
lighttpd \
lighttpd-mod_webdav \
openssl \
curl && \
rm -rf /var/cache/apk/*
COPY htdocs/index.html /var/www/localhost/htdocs/
COPY etc/* /etc/lighttpd/
HEALTHCHECK --interval=3m --timeout=5s \
CMD curl -f http://localhost/ || exit 1
# Expose http(s) ports
EXPOSE 80 443 8443
# Make configuration path and webroot a volume
VOLUME /etc/lighttpd/
ENTRYPOINT ["lighttpd", "-D", "-f","/etc/lighttpd/lighttpd.conf"][/quote][/size] [i=s] 本帖最後由 yiucsw 於 2020-1-19 15:20 編輯 [/i]
[size=1]在 armbian BBR 加速
[quote]echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf[/quote][/size]
頁:
[1]