singbox-full/docker-compose.yml at main · danxiaonuo/singbox-full · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
version: '3.9'
services:

  # 服务名
  singbox:
    # 模拟一个伪终端
    tty: true
    # 打开标准输入,可以接受外部输入
    stdin_open: true
    # 主机名
    hostname: singbox
    # 指定容器名称
    container_name: singbox
    # 指定为镜像名称或镜像ID
    image: danxiaonuo/singbox-full:latest
    # 覆盖容器启动后默认执行的命令
    # command: /sbin/init
    # 允许容器中运行一些特权命令
    privileged: true
    # 指定容器退出后的重启策略为始终重启
    restart: always
    # 指定容器的内核能力(capacity)分配
    cap_add:
     - ALL
    # 配置容器内核参数
    sysctls:
      - net.ipv4.tcp_ecn=1
      - net.ipv4.tcp_ecn_fallback=1
      - net.ipv4.tcp_congestion_control=bbrplus
    # 数据卷所挂载路径设置
    volumes:
      # sing-box配置目录
      #- ./conf/sing-box/vmess.json:/etc/sing-box/vmess.json:rw,cached
      #- ./conf/sing-box/trojan.json:/etc/sing-box/trojan.json:rw,cached
      # 同步宿主机时区与时间
      - /usr/share/zoneinfo:/usr/share/zoneinfo:ro,cached
      - /etc/localtime:/etc/localtime:ro,cached
      # 共享内核
      - /lib/modules:/lib/modules:ro,cached
      - /etc/sysctl.conf:/etc/sysctl.conf:ro,cached
    # 环境变量
    environment:
      # VMESS端口号
      - VMESS_PORT=6601
      # VMESS名称
      - VMESS_NAME=xiaonuo
      # VMESS UUID
      - VMESS_UUID=f011c012-5f1d-418c-9494-d24d77a9d8f9
      # VMESS ALTER_ID
      - VMESS_ALTER_ID=0
      # VMESS路径
      - VMESS_WSPATH=/vmess
      # TROJAN端口号
      - TROJAN_PORT=6602
      # TROJAN名称
      - TROJAN_NAME=xiaonuo
      # TROJAN密码
      - TROJAN_PWD=@admin123
      # TROJAN路径
      - TROJAN_WSPATH=/trojan
    # 指定设备映射关系
    devices:
     - /dev/net/tun
    # 解决容器的依赖
    #depends_on:
    #  - ""
    # 配置容器连接的网络
    networks:
      app_net:
        ipv4_address: 172.186.0.2
        ipv6_address: 2066::2
    # 暴露端口信息
    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - target: 443
        published: 443
        protocol: tcp
        mode: host
    # 指定容器的 ulimits 限制值
    ulimits:
      nproc: 65535
      nofile:
          soft: 65535
          hard: 65535


networks:
  app_net:
    driver: bridge
    enable_ipv6: true
    driver_opts:
      com.docker.network.bridge.name: app_net
      com.docker.network.bridge.enable_icc: "true"
      com.docker.network.bridge.enable_ip_forwarding: "true"
      com.docker.network.bridge.enable_ip_masquerade: "true"
      com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
      com.docker.network.bridge.host_binding_ipv6: "::/0"
      com.docker.network.driver.mtu: 1500
    ipam:
      driver: default
      config:
      - subnet: 172.186.0.0/24
        gateway: 172.186.0.1
      - subnet: 2066::/64
        gateway: 2066::1