docker版tls分流器+v2ray+trojan

docker-compose文件

version: "3.7"
services:
  v2ray:
    image: v2fly/v2fly-core
    container_name: v2ray
    restart: always
    volumes:
      - /root/v2ray/config.json:/etc/v2ray/config.json
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
      - /root/v2ray/sock:/sock
  tls-shunt-proxy:
    image: hqhyco/tls-shunt-proxy:latest
    container_name: tls-shunt-proxy
    restart: always
    ports:
      - 443:443
      - 80:80
    volumes:
      - /root/tls-shunt-proxy/config.yaml:/etc/tls-shunt-proxy/config.yaml
      - /root/tls-shunt-proxy/certificates:/etc/ssl/tls-shunt-proxy/certificates
      - /root/tls-shunt-proxy/www:/var/www/html
      - /root/v2ray/sock:/sock
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
    depends_on:
      - v2ray
  trojan:
    image: p4gefau1t/trojan-go:latest
    container_name: trojan
    restart: always
#    ports:
#      - 3567:3567
    volumes:
      - /root/trojan/config.json:/etc/trojan-go/config.json

流量都从tls分流器进出，所以只开放80和443端口

tls分流器可以解析静态网页和自动获取ssl，这样就可以省略caddy了，配置文件具体看

https://github.com/liberal-boy/tls-shunt-proxy

listen: 0.0.0.0:443
redirecthttps: 0.0.0.0:80

vhosts:
  - name: abc.com
    tlsoffloading: true
    managedcert: true
    keytype: p256
    alpn: h2,http/1.1
    protocols: tls12,tls13
    http:
      handler: fileServer
      args: /var/www/html
    default:
      handler: proxyPass
      args: unix:/sock/v2ray.sock
    trojan:
      handler: proxyPass
      args: trojan:4567

#可以添加多个站点
#  - name: abc.com
#    tlsoffloading: true
#    managedcert: true
#    keytype: p256
#    alpn: http/1.1
#    protocols: tls12,tls13
#    default:
#      handler: proxyPass
#      args: wordpress:80
#反代其他应用alpn不用加h2

trojan使用的是trojan-go，因为trojangfw一定要ssl文件，trojan-go可以不要直接交给分流器处理

trojan的配置文件，”remote_addr”: “1.1.1.1”,已经没作用了，因为分流器会把http流量解析到/var/www/html，不会再叫给trojan处理了，这里随便写

{
  "run_type": "server",
  "local_addr": "0.0.0.0",
  "local_port": 4567,
  "remote_addr": "1.1.1.1",
  "remote_port": 80,
  "log_level": 3,
  "password": [
    "123456"
  ],
  "transport_plugin": {
    "enabled": true,
    "type": "plaintext"
  },
  "router": {
    "enabled": false
  }
}

“transport_plugin”: {
“enabled”: true,
“type”: “plaintext”
}，这一段是trojan-go的插件，直接明文处理，因为分流器加了tls

v2ray的vmess配置

{
    "inbounds": [
        {
            "protocol": "vmess",
            "listen": "0.0.0.0",
            "port": 10000,
            "settings": {
                "clients": [
                    {
                        "id": "cea35d87-696c-4dfc-be60-f1f7772cf80f"
                    }
                ]
            },
            "streamSettings": {
                "network": "ds",
                "dsSettings": {
                     "path": "/sock/v2ray.sock"
                }

            }
        }
    ],
    "outbounds": [
        {
            "protocol": "freedom"
        }
    ]
}

v2ray的vless配置

{
    "inbounds": [
        {
            "protocol": "vless",
            "listen": "0.0.0.0",
            "port": 10000,
            "settings": {
                "clients": [
                    {
                        "id": "98bc7998-8e06-4193-84e2-38f2e10ee763"
                    }
                ],
                "decryption": "none"
            },
            "streamSettings": {
                "network": "ds",
                "dsSettings": {
                     "path": "/sock/v2ray.sock"
                }

            }
        }
    ],
    "outbounds": [
        {
            "protocol": "freedom"
        }
    ]
}

采用的是ds，官方说相比 TCP，Domain Socket (以下简称 DS) 更为高效。根据测试反馈，速度超过 50Mbps 时，通常会有较明显的性能差距。

就是以sock这个文件来进行通信

要chmod 666 /root/v2ray/sock/v2ray.sock

原理简要的知道了就可以制作一键脚本了

https://github.com/hqhyco/v2ray_tls_tcp_trojan_docker