-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathdocker-compose.yml
162 lines (158 loc) · 4.4 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
version: '3.9'
services:
# 服务名
singbox:
# 模拟一个伪终端
tty: true
# 打开标准输入,可以接受外部输入
stdin_open: true
# 主机名
hostname: singbox
# 指定容器名称
container_name: singbox
# 指定为镜像名称或镜像ID
image: danxiaonuo/sing-box:latest
# 覆盖容器启动后默认执行的命令
# command: /sbin/init
# 允许容器中运行一些特权命令
privileged: true
# 指定容器退出后的重启策略为始终重启
restart: always
# 指定容器的内核能力(capacity)分配
cap_add:
- ALL
# 配置容器内核参数
sysctls:
- net.ipv4.tcp_ecn=1
- net.ipv4.tcp_ecn_fallback=1
- net.ipv4.tcp_congestion_control=bbrplus
# 数据卷所挂载路径设置
volumes:
# sing-box配置目录
#- ./conf/sing-box/vmess.json:/etc/sing-box/vmess.json:rw,cached
#- ./conf/sing-box/trojan.json:/etc/sing-box/trojan.json:rw,cached
# 同步宿主机时区与时间
- /usr/share/zoneinfo:/usr/share/zoneinfo:ro,cached
- /etc/localtime:/etc/localtime:ro,cached
# 共享内核
- /lib/modules:/lib/modules:ro,cached
- /etc/sysctl.conf:/etc/sysctl.conf:ro,cached
# 环境变量
environment:
# VMESS端口号
- VMESS_PORT=6601
# VMESS名称
- VMESS_NAME=xiaonuo
# VMESS UUID
- VMESS_UUID=f011c012-5f1d-418c-9494-d24d77a9d8f9
# VMESS ALTER_ID
- VMESS_ALTER_ID=0
# VMESS路径
- VMESS_WSPATH=/vmess
# TROJAN端口号
- TROJAN_PORT=6602
# TROJAN名称
- TROJAN_NAME=xiaonuo
# TROJAN密码
- TROJAN_PWD=@admin123
# TROJAN路径
- TROJAN_WSPATH=/trojan
# 指定设备映射关系
devices:
- /dev/net/tun
# 解决容器的依赖
#depends_on:
# - ""
# 配置容器连接的网络
networks:
app_net:
ipv4_address: 172.186.0.2
ipv6_address: 2066::2
# 暴露端口信息
expose:
- "6601/tcp"
- "6602/tcp"
# 指定容器的 ulimits 限制值
ulimits:
nproc: 65535
nofile:
soft: 65535
hard: 65535
# 服务名
nginx:
# 模拟一个伪终端
tty: true
# 打开标准输入,可以接受外部输入
stdin_open: true
# 主机名
hostname: nginx
# 指定容器名称
container_name: nginx
# 指定为镜像名称或镜像ID
image: danxiaonuo/nginx:latest
# 覆盖容器启动后默认执行的命令
# command: /sbin/init
# 允许容器中运行一些特权命令
privileged: true
# 指定容器退出后的重启策略为始终重启
restart: always
# 指定容器的内核能力(capacity)分配
cap_add:
- ALL
# 配置容器内核参数
sysctls:
- net.ipv4.tcp_ecn=1
- net.ipv4.tcp_ecn_fallback=1
- net.ipv4.tcp_congestion_control=bbrplus
# 数据卷所挂载路径设置
volumes:
# 配置目录与文件
- ./conf/nginx/vhost:/data/nginx/conf/vhost:rw,cached
# 日志目录
- ./logs/nginx:/data/nginx/logs:delegated
# 同步宿主机时区与时间
- /usr/share/zoneinfo:/usr/share/zoneinfo:ro,cached
- /etc/localtime:/etc/localtime:ro,cached
# 共享内核
- /lib/modules:/lib/modules:ro,cached
- /etc/sysctl.conf:/etc/sysctl.conf:ro,cached
# 指定设备映射关系
devices:
- /dev/net/tun
# 解决容器的依赖
depends_on:
- "singbox"
# 配置容器连接的网络
networks:
app_net:
ipv4_address: 172.186.0.3
ipv6_address: 2066::3
# 暴露端口信息
ports:
- "80:80"
- "443:443"
# 指定容器的 ulimits 限制值
ulimits:
nproc: 65535
nofile:
soft: 65535
hard: 65535
networks:
app_net:
driver: bridge
enable_ipv6: true
driver_opts:
com.docker.network.bridge.name: app_net
com.docker.network.bridge.enable_icc: "true"
com.docker.network.bridge.enable_ip_forwarding: "true"
com.docker.network.bridge.enable_ip_masquerade: "true"
com.docker.network.bridge.host_binding_ipv4: "0.0.0.0"
com.docker.network.bridge.host_binding_ipv6: "::/0"
com.docker.network.driver.mtu: 1500
ipam:
driver: default
config:
- subnet: 172.186.0.0/24
gateway: 172.186.0.1
- subnet: 2066::/64
gateway: 2066::1