-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
189 lines (164 loc) · 5.78 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
# Description:
# This Dockerfile is used to build a v2ray-plugin ready Docker image for shadowsocks-libev.
# It sets up the necessary dependencies and configurations for running the shadowsocks-libev-v2ray.
#
# - acme.sh
# - v2ray-plugin
#
# Volume:
# None
#
# Expose:
# - 8388: The port for the shadowsocks service.
#
# Build:
# docker build -t alexzhangs/shadowsocks-libev-v2ray .
# docker build --platform linux/amd64 -t alexzhangs/shadowsocks-libev-v2ray .
#
# Run:
#
# ### Start a shadowsocks port service without v2ray-plugin: ###
#
# SS_PORT=8388 SS_PASSWORD=password ENCRYPT=aes-256-cfb
#
# docker run --restart=always -d -p $SS_PORT:$SS_PORT \
# --name ss-server alexzhangs/shadowsocks-libev-v2ray \
# ss-server -p $SS_PORT -k $SS_PASSWORD -m $ENCRYPT
#
#
# ### Start a shadowsocks port service with v2ray-plugin enabled (manual verification): ###
#
# SS_PORT=8388 SS_PASSWORD=password ENCRYPT=aes-256-cfb DOMAIN=v2ray.ss.yourdomain.com
#
# docker run -e V2RAY=1 -e DOMAIN=$DOMAIN \
# --restart=always -d -p $SS_PORT:$SS_PORT \
# --name ss-server-v2ray alexzhangs/shadowsocks-libev-v2ray \
# ss-server -p $SS_PORT -k $SS_PASSWORD -m $ENCRYPT \
# --plugin v2ray-plugin --plugin-opts "server;tls;host=$DOMAIN"
#
#
# ### Start a shadowsocks manager service without v2ray-plugin, no live port: ###
#
# MGR_PORT=6001 SS_PORTS=8381-8385 ENCRYPT=aes-256-cfb
#
# docker run --restart=always -d -p $MGR_PORT:$MGR_PORT/UDP -p $SS_PORTS:$SS_PORTS \
# --name ss-manager alexzhangs/shadowsocks-libev-v2ray \
# ss-manager --manager-address 0.0.0.0:$MGR_PORT \
# --executable /usr/local/bin/ss-server -m $ENCRYPT -s 0.0.0.0
#
#
# ### Start a shadowsocks manager service with v2ray-plugin enabled (automated verfication with name.com), no live port: ###
#
# MGR_PORT=6001 SS_PORTS=8381-8385 ENCRYPT=aes-256-cfb DOMAIN=v2ray.ss.yourdomain.com
# DNS=dns_namecom DNS_ENV=Namecom_Username=your_username,Namecom_Token=your_password
#
# docker run -e V2RAY=1 -e DOMAIN=$DOMAIN \
# -e DNS=$DNS -e DNS_ENV=$DNS_ENV \
# --restart=always -d -p $MGR_PORT:$MGR_PORT/UDP -p $SS_PORTS:$SS_PORTS \
# --name ss-manager-v2ray alexzhangs/shadowsocks-libev-v2ray \
# ss-manager --manager-address 0.0.0.0:$MGR_PORT \
# --executable /usr/local/bin/ss-server -m $ENCRYPT -s 0.0.0.0 \
# --plugin v2ray-plugin --plugin-opts "server;tls;host=$DOMAIN"
#
# For more information, please refer to the project repository:
# https://github.com/alexzhangs/shadowsocks-libev-v2ray
#
# To enable proxy at build time, use:
# docker build --build-arg https_proxy=http://host.docker.internal:$PROXY_HTTP_PORT_ON_HOST ...
ARG http_proxy https_proxy all_proxy
### First stage: build environment
FROM alpine as builder
# Instal file, git, curl
RUN apk --no-cache add file git curl
# v2ray-plugin requires Go 1.16
ENV GO_VERSION=1.16.10
# Install Go
RUN <<EOF
set -ex
ARCH=$(uname -m)
case ${ARCH} in
x86_64)
GO_BINARY_URL="https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz"
;;
aarch64)
GO_BINARY_URL="https://dl.google.com/go/go${GO_VERSION}.linux-arm64.tar.gz"
;;
*)
echo "${ARCH}: Unsupported architecture"
exit 1
;;
esac
curl -LO ${GO_BINARY_URL}
tar -C /usr/local -xzf go*.tar.gz
# Workaround to fix error: go: not found
# Use `file $(which go)` to debug the missing library
case ${ARCH} in
x86_64)
mkdir /lib64
ln -s /lib/ld-musl-x86_64.so.1 /lib64/ld-linux-x86-64.so.2
;;
aarch64)
ln -s ld-musl-aarch64.so.1 /lib/ld-linux-aarch64.so.1
;;
esac
EOF
# Set the PATH for Go
ENV PATH=$PATH:/usr/local/go/bin
# Verify that Go is installed
RUN go version && go env
# Install v2ray-plugin
RUN <<EOF
set -ex
git clone --depth 1 https://github.com/shadowsocks/v2ray-plugin
(cd v2ray-plugin && go build && /bin/cp -a v2ray-plugin /usr/bin/v2ray-plugin)
EOF
# Verify that v2ray-plugin is installed
RUN v2ray-plugin -version
### Second stage: final image
FROM shadowsocks/shadowsocks-libev:edge
# Copy the v2ray-plugin binary from the builder stage
COPY --from=builder /usr/bin/v2ray-plugin /usr/bin/v2ray-plugin
# Link the missing library
RUN <<EOF
# Workaround to fix error: v2ray-plugin: not found
# Use `file $(which v2ray-plugin)` to debug the missing library
set -ex
ARCH=$(uname -m)
case ${ARCH} in
x86_64)
mkdir /lib64
ln -s /lib/ld-musl-x86_64.so.1 /lib64/ld-linux-x86-64.so.2
;;
aarch64)
ln -s ld-musl-aarch64.so.1 /lib/ld-linux-aarch64.so.1
;;
esac
EOF
# Verify that v2ray-plugin is installed
RUN v2ray-plugin -version
# Instal file, curl, openssl, bash, python3, py3-pip
RUN apk --no-cache add file \
# used by acme.sh
curl openssl \
# used by docker-entrypoint.sh
bash \
# used by dns-lexicon and its dependencies
python3 py3-pip gcc linux-headers libc-dev python3-dev libffi-dev && \
if [[ ! -e /usr/bin/python ]]; then ln -s python3 /usr/bin/python ; fi && \
if [[ ! -e /usr/bin/pip ]]; then ln -s pip3 /usr/bin/pip ; fi
# Install dns-lexicon
RUN pip install dns-lexicon
# Install acme.sh
RUN curl -sL https://get.acme.sh | sh
# Set the PATH for acme.sh
ENV PATH=$PATH:/root/.acme.sh
# Verify that acme.sh is installed
RUN acme.sh --version
# Set work directory
WORKDIR /shadowsocks-libev-v2ray
# Copy the current directory contents at local into the container
COPY . .
RUN chmod +x docker-entrypoint.sh
# Use the entrypoint script from this repository over the one from shadowsocks/shadowsocks-libev:edge
ENTRYPOINT [ "./docker-entrypoint.sh" ]
CMD [ "ss-server", "-p", "8388", "-k", "password", "-m", "aes-256-cfb" ]