Introducing Several Docker Images
Docker It is an open source software project that automates the deployment of applications in software containers, thereby providing an additional software abstraction layer and an automatic management mechanism for operating system layer virtualization on the Linux operating system.
Docker uses the resource separation mechanism in the Linux core, such as cgroups, and the Linux core name space (name space), to create independent software containers (containers). This works under a single Linux entity, avoiding the additional burden of launching a virtual machine.
To sum it up simply, Docker is a container, and anything can be stuffed into it. You can also think of it as a lightweight virtual machine.
The advantage of using Docker is that it is not destructive to the current system environment. Basically, an image can be run on any machine that contains Docker, which can be said to be very convenient.
This article mainly introduces several images I made while learning Docker and how to use them.
Install and start Docker
Anyone with an operating system kernel greater than or equal to 3.10 can install the latest version of Docker, and you can directly run the official installation script for one-click installation.
The method to execute the script is as follows:
wget -qO- get.docker.com | bash
After the installation is complete, run the following command to verify whether the installation is successful.
docker version
Start Docker
systemctl start docker
View Docker startup status
systemctl status docker
Allow Docker to start automatically at boot
systemctl enable docker
Shadowsocks-libev Docker Image
Based on the official alpine:latest image, compile and install the latest versions of shadowsocks-libev, simple-obfs and v2ray-plugin plug-ins.
The container relies on reading the configuration file in the host when it is started. Therefore, when starting the image with different config files, any Docker can be opened, which is the so-called multi-port.
Placing the configuration file in the host is based on this consideration: you can modify the configured port, password, encryption method and other information in the host at any time, and then just restart the container without creating a new container again.
Supported Tags and Dockerfile
3.3.3, latest, alpine (Dockerfile)
Pull image
docker pull teddysun/shadowsocks-libev
Create config file
For example, create config.json in the directory /etc/shadowsocks-libev. The full path is /etc/shadowsocks-libev/config.json
The sample content is as follows:
{
"server":"0.0.0.0",
"server_port":9000,
"password":"password0",
"timeout":300,
"method":"aes-256-gcm",
"fast_open":true,
"nameserver":"8.8.8.8",
"mode":"tcp_and_udp"
}
If you want to enable simple-obfs at the same time, the configuration file example is as follows:
{
"server":"0.0.0.0",
"server_port":9000,
"password":"password0",
"timeout":300,
"method":"aes-256-gcm",
"fast_open":true,
"nameserver":"8.8.8.8",
"mode":"tcp_and_udp",
"plugin":"obfs-server",
"plugin_opts":"obfs=tls"
}
If you want to enable v2ray-plugin at the same time, the configuration file example is as follows:
{
"server":"0.0.0.0",
"server_port":9000,
"password":"password0",
"timeout":300,
"method":"aes-256-gcm",
"fast_open":true,
"nameserver":"8.8.8.8",
"mode":"tcp_and_udp",
"plugin":"v2ray-plugin",
"plugin_opts":"server"
}
For the meaning of all options in the configuration file, please refer tothis link。
For more configuration of v2ray-plugin, please refer tothis link。
Start container
In the above example, the defined port is 9000, so when starting the container, you need to map port 9000 to the host's external port.
Start command:
docker run -d -p 9000:9000 -p 9000:9000/udp --name ss-libev --restart=always -v /etc/shadowsocks-libev:/etc/shadowsocks-libev teddysun/shadowsocks-libev
docker run: Start running a container.
-d parameter: The container runs in the background and outputs the container ID.
-p parameter: Map the container's 9000 port to the local machine's 9000 port. The default is to map TCP. When UDP needs to be mapped, add another UDP mapping. After the colon is the container port, and before the colon is the host port. It can be written consistently or inconsistently.
–name parameter: Assign an identifier to the container to facilitate future start, stop, delete and other operations.
-v parameter: mount volume (volume), the colon is followed by the path of the container, and the path in front of the colon is the path of the host. It can be written consistently or inconsistently.
teddysun/shadowsocks-libev: This is the pulled image path.
Check the running status of the container
Use the following command to view all created Docker containers and display container size and other information:
docker ps -as
Stop container
Use the following command to stop a running container:
docker stop $name
The $name here is the identifier of the container defined in the step of starting the container, such as ss-libev in the example demonstration
Delete container
After the container is stopped, you can use the following command to delete the container:
docker rm $name
The $name here is the identifier of the container defined in the step of starting the container, such as ss-libev in the example
Start container
Use the following command to start a stopped container:
docker start $name
The $name here is the identifier of the container defined in the step of starting the container, such as ss-libev in the example
ShadowsocksR Docker Image
Based on the python:3.7-alpine image, installed on GithubThe latest version。
The container relies on reading the configuration file in the host when starting, so when starting the image with different config files, you can open any Docker, which is the so-called multi-port.
Placing the configuration file in the host is based on this consideration: you can modify the configured port, password, encryption method and other information in the host at any time, and then just restart the container without creating a new container again.
Supported Tags and Dockerfile
3.2.2, alpine, latest (Dockerfile)
Pull image
docker pull teddysun/shadowsocks-r
Create config file
For example, create config.json in the directory /etc/shadowsocks-r. The full path is /etc/shadowsocks-r/config.json
The sample content is as follows:
{
"server":"0.0.0.0",
"server_ipv6":"::",
"server_port":9000,
"local_address":"127.0.0.1",
"local_port":1080,
"password":"password0",
"timeout":120,
"method":"aes-256-cfb",
"protocol":"origin",
"protocol_param":"",
"obfs":"plain",
"obfs_param":"",
"redirect":"",
"dns_ipv6":false,
"fast_open":true,
"workers":1
}
For the meaning of the ShadowsocksR protocol plug-in document, please refer tothis link。
Start container
In the above example, the defined port is 9000, so when starting the container, you need to map port 9000 to the host's external port.
Start command:
docker run -d -p 9000:9000 -p 9000:9000/udp --name ssr --restart=always -v /etc/shadowsocks-r:/etc/shadowsocks-r teddysun/shadowsocks-r
L2TP/IPsec VPN Server Docker Image
This image supports two connection methods: L2TP/IPsec PSK and IPSec Xauth PSK.
Based on the alpine:latest image, using alpine's own libreswan-3.29 and xl2tpd-1.3.15;
Note 1: When the Android version is less than or equal to 7, it is recommended to select IPSec Xauth PSK (Cisco IPsec) mode connection. As shown below:
Note 2: For multi-user connections under the same NAT, please select IPSec Xauth PSK (Cisco IPsec) mode connection.
Before starting this image, the environment variable file /etc/l2tp.env needs to be defined in advance. Please refer to the following instructions for its content.
At the same time, this image has the characteristics of autonomous user management. User accounts can be added, deleted, modified, and checked with a simple command.
Supported Tags and Dockerfile
latest, alpine (Dockerfile)
Pull image
docker pull teddysun/l2tp
Create startup environment parameter file
For example, it is /etc/l2tp.env. Each variable in this file is defined as follows:
VPN_IPSEC_PSK=teddysun.com VPN_USER=vpnuser VPN_PASSWORD=vpnpassword VPN_PUBLIC_IP= VPN_L2TP_NET= VPN_L2TP_LOCAL= VPN_L2TP_REMOTE= VPN_XAUTH_NET= VPN_XAUTH_REMOTE= VPN_DNS1= VPN_DNS2= VPN_SHA2_TRUNCBUG=
VPN_IPSEC_PSK: Pre-shared key
VPN_USER: Default login username
VPN_PASSWORD: Default login user password
VPN_PUBLIC_IP: Specify the public IP address. When your VPS has multiple public IPs, you may need to specify it manually.
VPN_L2TP_NET: Intranet L2TP network segment range, the default is 192.168.18.0/24, generally leave it blank.
VPN_L2TP_LOCAL: Intranet L2TP gateway IP, the default is 192.168.18.1, generally leave it blank.
VPN_L2TP_REMOTE: The intranet L2TP network segment is assigned to the IP segment for the connection. The default is 192.168.18.10-192.168.18.250. Generally, this can be left blank.
VPN_XAUTH_NET: Intranet XAUTH network segment range, the default is 192.168.20.0/24, generally leave it blank.
VPN_XAUTH_REMOTE: The intranet XAUTH network segment is assigned to the IP segment of the connection. The default is 192.168.20.10-192.168.20.250. Generally, it can be left blank.
VPN_DNS1: Default DNS server, 8.8.8.8, generally leave it blank.
VPN_DNS2: Default DNS server, 8.8.4.4, generally leave it blank.
Android 6 and 7 users:If you have connection issues, try setting sha2-truncbug=yes in /etc/ipsec.conf (default is no), you can add VPN_SHA2_TRUNCBUG=yes in the /etc/l2tp.env file, and then recreate the Docker container .
Start container
In this example, UDP ports 500 and 4500 need to be mapped to the host's external ports.
Start command:
docker run -d --privileged -p 500:500/udp -p 4500:4500/udp --name l2tp --restart=always --env-file /etc/l2tp.env -v /lib/modules:/lib/modules teddysun/l2tp
View startup log
docker logs l2tp
The l2tp here refers to the container identifier defined at startup, the name after the –name parameter.
The output log reference is as follows:
L2TP/IPsec VPN Server with the Username and Password is below: Server IP: Your Server public IP IPSec PSK: IPSec PSK (pre-shared key) Username : VPN username Password : VPN password Redirecting to: /etc/init.d/ipsec start Starting pluto IKE daemon for IPsec: Initializing NSS database xl2tpd(1): Not looking for kernel SAref support. xl2tpd(1): Using l2tp kernel support. xl2tpd(1): xl2tpd version xl2tpd-1.3.15 started on 1d20eaecd9f2 PID:1 xl2tpd(1): Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. xl2tpd(1): Forked by Scott Balmos and David Stipp, (C) 2001 xl2tpd(1): Inherited by Jeff McAdams, (C) 2002 xl2tpd(1): Forked again by Xelerance (www.xelerance.com) (C) 2006-2016 xl2tpd(1): Listening on IP address 0.0.0.0, port 1701
Of course, you can also check the output of the ipsec status command. The command is as follows:
docker exec -it l2tp ipsec status
The l2tp here refers to the container identifier defined at startup, the name after the –name parameter.
Manage VPN users
List all users and their passwords
docker exec -it l2tp l2tpctl -l
Add a new user
docker exec -it l2tp l2tpctl -a
Delete a user
docker exec -it l2tp l2tpctl -d
Change a user's password
docker exec -it l2tp l2tpctl -m
Print the version information of libreswan and xl2tpd in the container
docker exec -it l2tp l2tpctl -v
Print help information for the control script l2tpctl
docker exec -it l2tp l2tpctl -h
It should be noted that once the container is deleted and rebuilt, or is stopped and restarted, the VPN user information will be lost and needs to be re-created through the above command.
Connecting to L2TP VPN under Windows 10
First, refer to the settings in the picture below and slightly modify the VPN connection information.
Modify the VPN properties as shown in the figure.
Generally we are connected to a home router, that is to say, our network is generally in NAT state, so we need to change the registry. According tothis linkmodify the registry information. After the modification is completed, restart Windows.
Reference link
https://hub.docker.com/r/teddysun/shadowsocks-libev/
https://hub.docker.com/r/teddysun/shadowsocks-r/
https://hub.docker.com/r/teddysun/l2tp/