Board logo

標題: Phicomm N1 Docker V2ray server ws + TLS (+SNIPROXY) [打印本頁]

作者: yiucsw    時間: 2020-1-10 13:10     標題: Phicomm N1 Docker V2ray server ws + TLS (+SNIPROXY)

本帖最後由 yiucsw 於 2020-1-27 14:46 編輯

Reference to http://www.telecom-cafe.com/foru ... &extra=page%3D1
這文章我每次再看都有新發現。

V2ray server ws + tls on N1.

Prepare Docker in N1
1) SSH or Filezilla to N1
2) create directory.  e.g. docker-v2ray, docker-lighttpd
3) create config file: (要有備份)
4) create docker for v2ray
5) create docker for lighttpd

作者: yiucsw    時間: 2020-1-10 13:21

本帖最後由 yiucsw 於 2020-1-27 14:48 編輯

Create docker local image and Container
ssh to N1
mkdir -p ~/docker-v2ray-alpine/etc
cd ~/docker-v2ray-alpine
create Dockerfile
create etc/v2ray.json
  1. docker build -t v2ray .  
複製代碼
  1. docker run -dt -v $PWD/etc:/etc/v2ray:rw --name v2ray -p 8443:8443 v2ray
複製代碼
or enable SNIproxy/haproxy with overlay network
  1. docker run -d -v $PWD/etc:/etc/v2ray:rw --name v2ray --net=container:haproxy v2ray
複製代碼

  1. docker logs v2ray
複製代碼

start success result:
V2Ray 4.22.1 (V2Fly, a community-driven edition of V2Ray.) Custom (go1.13.5 linux/arm64)
A unified platform for anti-censorship.

作者: yiucsw    時間: 2020-1-10 13:25

本帖最後由 yiucsw 於 2020-1-13 14:03 編輯

Dockerfile: 從official v2ray copy 下來
  1. FROM ubuntu:latest as builder

  2. RUN apt-get update
  3. RUN apt-get install curl -y
  4. RUN curl -L -o /tmp/go.sh https://install.direct/go.sh
  5. RUN chmod +x /tmp/go.sh
  6. RUN /tmp/go.sh

  7. FROM alpine:latest

  8. LABEL maintainer "Darian Raymond <[email]admin@v2ray.com[/email]>"

  9. COPY --from=builder /usr/bin/v2ray/v2ray /usr/bin/v2ray/
  10. COPY --from=builder /usr/bin/v2ray/v2ctl /usr/bin/v2ray/
  11. COPY --from=builder /usr/bin/v2ray/geoip.dat /usr/bin/v2ray/
  12. COPY --from=builder /usr/bin/v2ray/geosite.dat /usr/bin/v2ray/
  13. # COPY v2ray.json /etc/v2ray/v2ray.json


  14. RUN set -ex && \
  15.     apk --no-cache add ca-certificates && \
  16.     mkdir /var/log/v2ray/ &&\
  17.     chmod +x /usr/bin/v2ray/v2ctl && \
  18.     chmod +x /usr/bin/v2ray/v2ray

  19. ENV PATH /usr/bin/v2ray:$PATH

  20. CMD ["v2ray", "-config=/etc/v2ray/v2ray.json"]
複製代碼

作者: yiucsw    時間: 2020-1-10 13:32

本帖最後由 yiucsw 於 2020-1-19 16:10 編輯

v2ray.json. copy for tomleehk
請改-UUID, yourwebddns 是比v2ray 用的dynu.
  1. {
  2.   "log" : {
  3.     "access": "/var/log/access.log",
  4.     "error": "/var/log/error.log",
  5.     "loglevel": "warning"
  6.   },
  7.   "inbounds": [
  8.     {
  9.       "port": 8443,
  10.       "protocol": "vmess",
  11.       "allocate": {
  12.             "strategy": "always"
  13.         },
  14.       "settings": {
  15.         "clients": [
  16.           {
  17.             "id": "8b737d60-a000-4a0f-8de3-218fa0c0a3d8",
  18.             "alterId": 64,
  19.             "security": "auto",
  20.             "level": 0
  21.           }
  22.         ]
  23.       },
  24.         "streamSettings": {
  25.         "network":"ws",
  26.         "wsSettings": {
  27.             "connectionReuse": true,
  28.             "path": "/vpath",
  29.             "headers": {
  30.                  "Host": "yourweb.dynu.net"
  31.             }
  32.         }
  33.         }
  34.      }
  35.   ],
  36.   "outbounds": [
  37.     {
  38.       "protocol": "freedom",
  39.       "settings": {}
  40.     }
  41.   ]
  42. }
複製代碼

作者: yiucsw    時間: 2020-1-10 13:38

本帖最後由 yiucsw 於 2020-1-27 14:47 編輯

create ssl.conf in etc
change non-443 port for haproxy or SNIproxy

$SERVER["socket"] == ":443" {
    ssl.engine                  = "enable"
    ssl.pemfile                 = "/etc/ssl/server.pem"
    ssl.ca-file                        = "/etc/ssl/fullchain.crt"
}


Change to non-443 for haproxy/sniproxy or use router port forward 443 to 2443.
$SERVER["socket"] == ":2443" {
    ssl.engine                  = "enable"
    ssl.pemfile                 = "/etc/ssl/server.pem"
    ssl.ca-file                        = "/etc/ssl/fullchain.crt"
}


作者: yiucsw    時間: 2020-1-13 14:21

本帖最後由 yiucsw 於 2020-1-19 16:31 編輯

Modified from tomleehk's ws+tls
Sample lighttpd.conf from
https://github.com/m4rcu5nl/docker-lighttpd-alpine/blob/master/config/lighttpd/lighttpd.conf

Sample mime-types.conf from
[url]https://raw.githubusercontent.com/spujadas/lighttpd-docker/master/etc/lighttpd/mime-types.conf


lighttpd.conf changes:
  
server.modules = (
    "mod_rewrite",
    "mod_redirect",
    "mod_access",
    "mod_proxy",
    "mod_accesslog",
    "mod_openssl"
)


add to bottom
  1. $HTTP["url"] =~ "^/vpath" {
  2.   $HTTP["host"] == "exxx.dynu.net" {
  3.      proxy.header = ( "upgrade" => "enable")
  4.      proxy.server = ( "" => (("host" => "127.0.0.1","port" => 8443)))
  5.   }
  6.   else {
  7.         url.redirect = ( "" => "/" )
  8.        }
  9. }
複製代碼


Can access log by
Docker exec lighttpd cat /etc/lighttpd/access.log

作者: yiucsw    時間: 2020-1-13 15:28

本帖最後由 yiucsw 於 2020-1-27 14:47 編輯

Edit from tomleehk http://www.telecom-cafe.com/foru ... &extra=page%3D1

copy and paste from https://github.com/m4rcu5nl/dock ... httpd/lighttpd.conf


Build docker image:
  1. docker build -t lighttpd .
複製代碼
7) For WS only :
  1. docker run \
  2.         --detach \
  3.         --name lighttpd \
  4.         --mount type=bind,source=/etc/localtime,destination=/etc/localtime,readonly=true \
  5.         --mount type=bind,source=$PWD/htdocs,destination=/var/www/localhost/htdocs \
  6.        --mount type=bind,source=/etc/ssl,destination=/etc/ssl \
  7.         --publish 80:80 \
  8.         --publish 443:443 \
  9.         lighttpd
複製代碼


For enable TLS +WS + haproxy/sniproxy
  1. docker run --rm -d \
  2.         --net=container:haproxy --name lighttpd -v /etc/ssl:/etc/ssl:ro  \
  3.         -v $PWD/htdocs:/var/www/localhost/htdocs -v $PWD/etc:/etc/lighttpd:ro lighttpd
複製代碼

作者: yiucsw    時間: 2020-1-13 16:18

本帖最後由 yiucsw 於 2020-1-19 16:24 編輯

deleted reserved
作者: yiucsw    時間: 2020-1-13 17:34

本帖最後由 yiucsw 於 2020-1-19 15:11 編輯

Modified base on https://github.com/m4rcu5nl/docker-lighttpd-alpine
Dockerfile
FROM alpine:latest

# Install packages
RUN apk add --update --no-cache \
    lighttpd \
    lighttpd-mod_webdav \
    openssl \
    curl && \
    rm -rf /var/cache/apk/*

COPY htdocs/index.html /var/www/localhost/htdocs/
COPY etc/* /etc/lighttpd/

HEALTHCHECK --interval=3m --timeout=5s \
  CMD curl -f http://localhost/ || exit 1

# Expose http(s) ports
EXPOSE 80 443 8443

# Make configuration path and webroot a volume
VOLUME /etc/lighttpd/

ENTRYPOINT ["lighttpd", "-D", "-f","/etc/lighttpd/lighttpd.conf"]

作者: yiucsw    時間: 2020-1-16 11:17

本帖最後由 yiucsw 於 2020-1-19 15:20 編輯

在 armbian BBR 加速
echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf





歡迎光臨 電訊茶室 (http://www.telecom-cafe.com/forum/) Powered by Discuz! 7.2