This image combines ss-libev and simple-obfs both with the server and client included.
| Tag | Description | 🐳 |
|---|---|---|
:latest |
Shadowsocks-libev & simple-obfs on alpine:latest. |
 |
docker container run [OPTIONS] nutshells/ss-obfs [COMMAND] [ARG...]
- Learn more about
docker container runand itsOPTIONShere; - List all available
COMMANDs:docker container run --rm --read-only nutshells/ss-obfs help - List all
ARGs (for configuring the containers):- For server mode:
docker container run --rm --read-only nutshells/ss-obfs server --help - For client mode:
docker container run --rm --read-only nutshells/ss-obfs client --help
- For server mode:
Let's create a server container on the remote server:
Replace
<password>with a strong password, and assign an unused port to<remote_port>.
docker container run \
-d -p <remote_port>:12345/tcp -p <remote_port>:12345/udp \
--name=ss-obfs-server --restart=unless-stopped --read-only \
-e PASSWORD=<password> \
nutshells/ss-obfs \
serverThen run a client container on your local machine with the same configuration:
Remove
127.0.0.1:from the-poptions if you want to share it with the local network.
docker container run \
-d -p 127.0.0.1:12345:12345/tcp -p 127.0.0.1:12345:12345/udp \
--name=ss-obfs-client --restart=unless-stopped --read-only \
-e PASSWORD=<password> \
-e SERVER_ADDRESS=<remote_address> -e SERVER_PORT=<remote_port> \
nutshells/ss-obfs \
clientSee if it shows the correct IP address of your remote server.
curl -sSL https://ipinfo.io/ --socks5 127.0.0.1:12345As you can see from the examples of the previous sections: the container accepts original command-line options of ss-libev as arguments.
Here are a few more examples:
docker container run [OPTIONS] nutshells/ss-obfs server -v [OTHER_ARG...]docker container run --rm --read-only nutshells/ss-obfs server --help
docker container run --rm --read-only nutshells/ss-obfs client --helpHowever, please be informed that some of the options are managed by the entrypoint script of the container. You will encounter an error while trying to set any of them, just use the environment variables instead; as for other exceptions, just follow the message to get rid of them.
| Name | Default | Relevant Option | Description |
|---|---|---|---|
SERVER_ADDRESS |
-s |
Hostname or IP address of the remote server. Required for client mode ONLY. |
|
SERVER_PORT |
-p |
Port number of the remote server. Required for client mode ONLY. |
|
PASSWORD |
-p |
Password of the remote server. Required if KEY_IN_BASE64 is unset. |
|
KEY_IN_BASE64 |
--key |
Base64 encoded password of the remote server. Required if PASSWORD is unset. |
|
ENCRYPT_METHOD |
xchacha20-ietf-poly1305 |
-m |
Encryption Algorithms. Modern ciphers such as chacha20 or aes-gcm based are always recomended; choose from the latter ones if the server is AES-NI enabled. |
DNS_RESOLVERS |
8.8.8.8,8.8.4.4 |
-d |
Name servers for internal DNS resolver. server mode ONLY. |
TIMEOUT |
300 |
-t |
Socket timeout in seconds. |
TCP_RELAY |
true |
-u & -U |
Enable TCP relay. |
UDP_RELAY |
true |
-u & -U |
Enable UDP relay. |
REUSE_PORT |
true |
--reuse-port |
Enable port reuse. |
TCP_FAST_OPEN |
true |
--fast-open |
Enable TCP fast open. |
OBFS_PLUGIN |
http |
--plugin |
Traffic obscuration plugin. http or tls. |
OBFS_HOST |
bing.com |
--plugin-opts |
Hostname for traffic obscuration. client mode ONLY |
Learn to set an environment variable here, or refer to the Getting Started section for some live examples.
| Argument | Description | Default |
|---|---|---|
WITH_OBFS |
Compile with the simple-obfs plugin. | true |
See the sample file.
According to the optimization tips, you'd better increase the open file limit for the container:
It's NOT recommended to enable the privileged mode to this purpose. The default limit for open files is
1024in containers.
docker container run \
--ulimit nofile=51200:51200 \
[OTHER_OPTIONS] nutshells/ss-obfs server [OTHER_ARG...]Additionally, the --net=host option provides the best network performance, use it if you know it exactly.
Get an interactive shell to a running container:
docker container exec -it <container_name> /bin/ashYou can customize the image more easily by using the --build-arg option.
Check out all the build-time arguments in this table.
Let's remove the simple-obfs plugin completely from the build:
git clone --depth 1 https://github.com/quchao/nutshells.git
docker image build -q=false --rm=true --no-cache=true \
-t nutshells/ss-obfs \
-f ./ss-obfs/Dockerfile \
--build-arg WITH_OBFS=false \
./ss-obfsYou may want to make some modifications to the image. Pull the source code from GitHub, customize it, then build one by yourself:
git clone --depth 1 https://github.com/quchao/nutshells.git
docker image build -q=false --rm=true --no-cache=true \
-t nutshells/ss-obfs \
-f ./ss-obfs/Dockerfile \
./ss-obfsOtherwise just pull the image from the official registry, start a container and get a shell to it, commit the changes afterwards.
docker container commit --change "Commit msg" <container_name> nutshells/ss-obfs
Follow GitHub's How-to guide for the basis.
Contributions are always welcome in many ways:
- Give a star to show your fondness;
- File an issue if you have a question or an idea;
- Fork this repo and submit a PR;
- Improve the documentation.
- Add a section about modifying kernel parameters in containers.
- Add a
HealthCheckinstruction. - Add ipv6 support.
Unless specified, all codes of Project Nutshells are released under the MIT License.
Other relevant softwares:
| Ware/Lib | License |
|---|---|
| Docker |  |
| Shadowsocks-libev |  |
| Simple-obfs |  |