Add shadowsocks
This commit is contained in:
parent
3255e9e727
commit
0c9087b84c
@ -18,7 +18,7 @@ table inet filter {
|
|||||||
ip protocol icmp icmp type { echo-request, destination-unreachable, router-advertisement, time-exceeded, parameter-problem } accept
|
ip protocol icmp icmp type { echo-request, destination-unreachable, router-advertisement, time-exceeded, parameter-problem } accept
|
||||||
|
|
||||||
# activate the following line to accept common local services
|
# activate the following line to accept common local services
|
||||||
tcp dport { 80, 443, {{ ansible_port }}, {{ gitlab_ssh_port }} } ct state new accept
|
tcp dport { 80, 443, {{ ssh_port }}, {{ gitlab_ssh_port }}, {{ shadowsocks_port }} } ct state new accept
|
||||||
|
|
||||||
# count and drop any other traffic
|
# count and drop any other traffic
|
||||||
counter drop
|
counter drop
|
||||||
|
@ -20,6 +20,9 @@ default_ssh_port:
|
|||||||
# GitLab
|
# GitLab
|
||||||
gitlab_ssh_port:
|
gitlab_ssh_port:
|
||||||
|
|
||||||
|
# Shadowsocks
|
||||||
|
shadowsocks_port:
|
||||||
|
|
||||||
# Postfix
|
# Postfix
|
||||||
postfix_smtp_server:
|
postfix_smtp_server:
|
||||||
postfix_smtp_port:
|
postfix_smtp_port:
|
||||||
|
@ -10,6 +10,7 @@ volumes:
|
|||||||
letsencrypt:
|
letsencrypt:
|
||||||
runner_0_etc:
|
runner_0_etc:
|
||||||
runner_0_home:
|
runner_0_home:
|
||||||
|
shadowsocks:
|
||||||
|
|
||||||
services:
|
services:
|
||||||
|
|
||||||
@ -133,3 +134,16 @@ services:
|
|||||||
- ./proxy/nginx-conf.d:/etc/nginx/conf.d:ro
|
- ./proxy/nginx-conf.d:/etc/nginx/conf.d:ro
|
||||||
- letsencrypt:/etc/letsencrypt
|
- letsencrypt:/etc/letsencrypt
|
||||||
restart: always
|
restart: always
|
||||||
|
|
||||||
|
# -------------------------------------------------------------------------
|
||||||
|
# Shadowsocks server.
|
||||||
|
# -------------------------------------------------------------------------
|
||||||
|
|
||||||
|
shadowsocks:
|
||||||
|
container_name: shadowsocks
|
||||||
|
build: shadowsocks
|
||||||
|
image: registry.wojciechkozlowski.eu/wojtek/loki/shadowsocks
|
||||||
|
ports:
|
||||||
|
- 7698:7698
|
||||||
|
volumes:
|
||||||
|
- shadowsocks:/var/shadowsocks
|
||||||
|
15
shadowsocks/Dockerfile
Normal file
15
shadowsocks/Dockerfile
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
FROM debian
|
||||||
|
|
||||||
|
ENV DEBIAN_FRONTEND noninteractive
|
||||||
|
RUN apt-get update && apt-get -y upgrade
|
||||||
|
|
||||||
|
RUN apt-get -y install shadowsocks
|
||||||
|
|
||||||
|
ENV SS_VOL /var/shadowsocks
|
||||||
|
RUN mkdir $SS_VOL
|
||||||
|
ADD config.json $SS_VOL
|
||||||
|
|
||||||
|
EXPOSE 7698
|
||||||
|
VOLUME ["$SS_VOL"]
|
||||||
|
|
||||||
|
CMD ["sh", "-c", "/usr/bin/ssserver -c $SS_VOL/shadowsocks.json"]
|
18
shadowsocks/config.json
Normal file
18
shadowsocks/config.json
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
{
|
||||||
|
"server":"0.0.0.0",
|
||||||
|
"server_ipv6":"[::]",
|
||||||
|
"server_port":7698,
|
||||||
|
"local_address":"127.0.0.1",
|
||||||
|
"local_port":1080,
|
||||||
|
"password":"z",
|
||||||
|
"timeout":120,
|
||||||
|
"method":"aes-256-cfb",
|
||||||
|
"protocol":"$auth_sha1_v4_compatible",
|
||||||
|
"protocol_param":"",
|
||||||
|
"obfs":"http_simple_compatible",
|
||||||
|
"obfs_param":"",
|
||||||
|
"redirect":"",
|
||||||
|
"dns_ipv6":false,
|
||||||
|
"fast_open":false,
|
||||||
|
"workers":1
|
||||||
|
}
|
Reference in New Issue
Block a user