docker 集合箱
大约 13 分钟
环境要求
Docker20+
docker-compose
开始前请设置一个别名:vim .bashrc
alias dc="docker-compose"
alias dcd="dc down"
alias dcup="dc up -d"
minio - 9001
version: "3.5"
networks:
backend:
driver: bridge
services:
minio:
image: minio/minio
privileged: true
restart: always
ports:
- "${minio_api_port}:9000"
- "${minio_port}:9001"
environment:
- MINIO_ROOT_USER=${MINIO_USER}
- MINIO_ROOT_PASSWORD=${MINIO_PASSWORD}
volumes:
- "${minio_data}:/data"
- "${minio_config}:/root/.minio"
command: server --console-address ':9001' /data #指定容器中的目录 /data
networks:
- backend
healthcheck:
test: [ "CMD", "curl", "-f", "http://localhost:9000/minio/health/live" ]
interval: 30s
timeout: 20s
retries: 3
MINIO_USER=admin
MINIO_PASSWORD=admin666
minio_api_port=9000
minio_port=9001
minio_data=./data
minio_config=./config
dc up -d minio
prometheus - 9090
官网: https://prometheus.io/
启动
dc up -d prometheus
配置文件
prometheus_port=9090
prometheus_config=./prometheus/config
syncthing - 8384
数据同步
启动
dc up -d syncthing
配置文件
syncthing_name=syncthing
syncthing_web_port=8384
syncthing_path=./syncthing
aria2 - 6885
下载工具
启动
dc up -d aria2
Tip:打开页面提示认证失败,自行修改 RPC连接 配置 AriaNG设置》tab切换到 RPC 配置 Aria2 RPC秘钥:admin666
Ariang访问端口: 6885
merlisearch - 7700
version: "3.8"
services:
meilisearch:
image: getmeili/meilisearch:v1.7
container_name: meilisearch
ports:
- 7700:7700
environment:
- MEILI_MASTER_KEY=admin666
volumes:
- ./data:/meili_data
启动
dc up -d meilisearch
PanIndex - 5238
网盘管理工具
启动
dc up -d panindex
初始密码:PanIndex
配置文件
panindex_port=5238 # web访问端口
panindex_data=./panindex/data # 数据库地址
panindex_share_path=/home/orangbus/Videos # docker本地目录地址,网盘不需要设置:/share
httpbin - 8085
dc up -d httpbin
traefik - 8012
负载均衡
启动
dc up -d traefik
配置文件
traefik_port=8011
traefik_dashbord_port=8012 #后台面板地址
traefik_https_port=443
filebrowser - 8010
文件管理
启动
dc up -d filebrowser
配置文件
filebrowser_port=8010 # 访问端口
filebrowser_data=./data # 文件存储路径
cloudreve - 5212
文件管理
启动
dc up -d cloudreve
配置文件
cloudreve_port=5212 # web访问端口
cloudreve_uploads=./data #./cloudreve/uploads
cloudreve_config=./cloudreve/config
cloudreve_db=./cloudreve/db
cloudreve_avatar=./cloudreve/avatar
nextcloud- 5212
文件管理
启动
dc up -d nextcloud
配置文件
nextcloud_port=8090
nextcloud_data=./nextcloud
nextcloud_user=orangbus
nextcloud_password=orangbus666
nextcloud_database=nextcloud
v2raya
管理页面端口:2017
代理端口:20171-20172
docker run -d \
--restart=always \
--privileged \
--network=host \
--name v2raya \
-e V2RAYA_LOG_FILE=/tmp/v2raya.log \
-e V2RAYA_NFTABLES_SUPPORT=off \
-v /lib/modules:/lib/modules:ro \
-v /etc/resolv.conf:/etc/resolv.conf \
-v /etc/v2raya:/etc/v2raya \
mzz2017/v2raya
services:
v2raya:
image: mzz2017/v2raya:latest
restart: always
privileged: true
container_name: v2raya
network_mode: host
volumes:
- /lib/modules:/lib/modules:ro
- /etc/resolv.conf:/etc/resolv.conf
- /etc/v2raya:/etc/v2raya
environment:
- V2RAYA_LOG_FILE=/tmp/v2raya.log
- V2RAYA_NFTABLES_SUPPORT=off
- IPTABLES_MODE=legacy
seafile
mysql_data=./data/mysql
mysql_port=3307
mysql_password=@mysql666
seafile_port=10800
seafile_data=/data/seafile
seafile_admin_email=1353727504@qq.com
seafile_admin_password=@admin666
seafile_admin_host=sync.home.com
version: "3.5"
networks:
backend:
driver: bridge
services:
db:
image: mariadb:10.5
container_name: seafile-mysql
environment:
- MYSQL_ROOT_PASSWORD=${mysql_password} # Requested, set the root's password of MySQL service.
- MYSQL_LOG_CONSOLE=true
volumes:
- ${mysql_data}:/var/lib/mysql:rw # Requested, specifies the path to MySQL data persistent store.
networks:
- backend
memcached:
image: memcached
container_name: seafile-memcached
entrypoint: memcached -m 256
networks:
- backend
seafile:
image: seafileltd/seafile-mc:latest
container_name: seafile
ports:
- "${seafile_port}:80"
# - "443:443"
volumes:
- ${seafile_data}:/shared:rw
environment:
- DB_HOST=db
- DB_ROOT_PASSWD=${mysql_password}
- SEAFILE_ADMIN_EMAIL=${seafile_admin_email}
- SEAFILE_ADMIN_PASSWORD=${seafile_admin_password}
- SEAFILE_SERVER_LETSENCRYPT=false
- SEAFILE_SERVER_HOSTNAME=${seafile_admin_host}
- TIME_ZONE=Etc/UTC
depends_on:
- memcached
networks:
- backend
gitea
version: "3"
networks:
gitea:
external: false
services:
gitea:
image: gitea/gitea:1.19.0
container_name: gitea
environment:
- USER_UID=1000
- USER_GID=1000
- GITEA__database__DB_TYPE=postgres
- GITEA__database__HOST=db:5432
- GITEA__database__NAME=gitea
- GITEA__database__USER=gitea
- GITEA__database__PASSWD=gitea
restart: always
networks:
- gitea
volumes:
- ./data:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "3000:3000"
- "222:22"
depends_on:
- db
db:
image: postgres:14
restart: always
environment:
- POSTGRES_USER=gitea
- POSTGRES_PASSWORD=gitea
- POSTGRES_DB=gitea
networks:
- gitea
volumes:
- ./postgres:/var/lib/postgresql/data
aria2
version: "3.5"
services:
aria2:
image: superng6/aria2
restart: unless-stopped
environment:
- PUID=1000
- PGID=1000
- TZ=Asia/Shanghai
- "SECRET=${token}" #Aria2 token
volumes:
- "${aria2_config}:/config"
- "${aria2_downloads}:/downloads"
network_mode: host
ariang:
image: superng6/ariang:latest
ports:
- "${ariang_port}:80"
depends_on:
- aria2
# .env
aria2_config=./aria2/config # 配置目录
#aria2_downloads=./aria2/downloads # 文件下载保存目录
aria2_downloads=/data/PanFile/Download # 这里我把下载的资料通过 filebrowser 来管理
ariang_port=6885 # ariang:web访问端口
token=admin666
goaccess
docker pull allinurl/goaccess
cat /www/wwwlogs/api.movie.com.log | docker run --rm -i -e LANG=$LANG allinurl/goaccess -a -o html --log-format COMBINED - > /www/wwwroot/nginx.com/index.html
frp
服务器端
version: "3.5"
services:
serve:
image: snowdreamtech/frps:0.38.0
restart: unless-stopped
container_name: frps-server
network_mode: host
ports:
- "7700:7700"
- "7800:7800"
environment:
- PUID=1000
- PGID=1000
volumes:
- ./frps.ini:/etc/frp/frps.ini
frps.ini
[common]
bind_port = 7700
authentication_method = token
token = admin666
# 面板端口
dashboard_port = 8700
dashboard_addr = 0.0.0.0
# 登录面板账号设置
dashboard_user = admin
dashboard_pwd = admin666
# 设置http及https协议下代理端口(非重要)
vhost_http_port = 8800
vhost_https_port = 8900
客户端
version: "3.5"
services:
client:
image: snowdreamtech/frpc:0.38.0
restart: unless-stopped
container_name: frpc-client
network_mode: host
environment:
- PUID=1000
- PGID=1000
volumes:
- ./frpc.ini:/etc/frp/frpc.ini
[common]
server_addr = 162.14.72.65
server_port = 7700
authentication_method = token
token = admin666
[company_ssh]
type = tcp
local_ip = 192.168.110.136
local_port = 22
remote_port = 7701
[company_ftp]
type = tcp
local_ip = 192.168.110.136
local_port = 21
remote_port = 7702
[company_baota]
type = tcp
local_ip = 192.168.110.136
local_port = 10086
remote_port = 7703
[company_web]
type = tcp
local_ip = 192.168.110.136
local_port = 80
remote_port = 10001
[company_elasticsearch]
type = tcp
local_ip = 192.168.110.136
local_port = 9200
remote_port = 10002
[company_kibana]
type = tcp
local_ip = 192.168.110.136
local_port = 5601
remote_port = 10003
[company_jellfin]
type = tcp
local_ip = 192.168.110.136
local_port = 8096
remote_port = 10004
[company_panindex]
type = tcp
local_ip = 192.168.110.136
local_port = 5238
remote_port = 10005
ssh链接方式
ssh -oPort=remote_port 远程服务器账号@frp服务器ip
ssh -oPort=20001 orangbus@162.14.72.65
新版配置
server.toml
# A literal address or host name for IPv6 must be enclosed
# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
# For single "bind_addr" field, no need square brackets, like "bind_addr = ::".
bindAddr = "0.0.0.0"
bindPort = 7000
# udp port used for kcp protocol, it can be same with 'bind_port'.
# if not set, kcp is disabled in frps.
kcpBindPort = 7000
# udp port used for quic protocol.
# if not set, quic is disabled in frps.
# quicBindPort = 7002
# Specify which address proxy will listen for, default value is same with bind_addr
# proxy_bind_addr = "127.0.0.1"
# quic protocol options
# transport.quic.keepalivePeriod = 10
# transport.quic.maxIdleTimeout = 30
# transport.quic.maxIncomingStreams = 100000
# Heartbeat configure, it's not recommended to modify the default value
# The default value of heartbeat_timeout is 90. Set negative value to disable it.
# transport.heartbeatTimeout = 90
# Pool count in each proxy will keep no more than maxPoolCount.
transport.maxPoolCount = 5
# If tcp stream multiplexing is used, default is true
# transport.tcpMux = true
# Specify keep alive interval for tcp mux.
# only valid if tcpMux is true.
# transport.tcpMuxKeepaliveInterval = 60
# tcpKeepalive specifies the interval between keep-alive probes for an active network connection between frpc and frps.
# If negative, keep-alive probes are disabled.
# transport.tcpKeepalive = 7200
# transport.tls.force specifies whether to only accept TLS-encrypted connections. By default, the value is false.
tls.force = false
# transport.tls.certFile = "server.crt"
# transport.tls.keyFile = "server.key"
# transport.tls.trustedCaFile = "ca.crt"
# If you want to support virtual host, you must set the http port for listening (optional)
# Note: http port and https port can be same with bind_port
vhostHTTPPort = 80
vhostHTTPSPort = 443
# Response header timeout(seconds) for vhost http server, default is 60s
# vhostHTTPTimeout = 60
# tcpmuxHTTPConnectPort specifies the port that the server listens for TCP
# HTTP CONNECT requests. If the value is 0, the server will not multiplex TCP
# requests on one single port. If it's not - it will listen on this value for
# HTTP CONNECT requests. By default, this value is 0.
# tcpmuxHTTPConnectPort = 1337
# If tcpmux_passthrough is true, frps won't do any update on traffic.
# tcpmuxPassthrough = false
# Configure the web server to enable the dashboard for frps.
# dashboard is available only if webServer.port is set.
webServer.addr = "127.0.0.1"
webServer.port = 7500
webServer.user = "admin"
webServer.password = "admin"
# webServer.tls.certFile = "server.crt"
# webServer.tls.keyFile = "server.key"
# dashboard assets directory(only for debug mode)
# webServer.assetsDir = "./static"
# Enable golang pprof handlers in dashboard listener.
# Dashboard port must be set first
webServer.pprofEnable = false
# enablePrometheus will export prometheus metrics on webServer in /metrics api.
enablePrometheus = true
# console or real logFile path like ./frps.log
log.to = "./frps.log"
# trace, debug, info, warn, error
log.level = "info"
log.maxDays = 3
# disable log colors when log.to is console, default is false
log.disablePrintColor = false
# DetailedErrorsToClient defines whether to send the specific error (with debug info) to frpc. By default, this value is true.
detailedErrorsToClient = true
# auth.method specifies what authentication method to use authenticate frpc with frps.
# If "token" is specified - token will be read into login message.
# If "oidc" is specified - OIDC (Open ID Connect) token will be issued using OIDC settings. By default, this value is "token".
auth.method = "token"
# auth.additionalScopes specifies additional scopes to include authentication information.
# Optional values are HeartBeats, NewWorkConns.
# auth.additionalScopes = ["HeartBeats", "NewWorkConns"]
# auth token
auth.token = "12345678"
# oidc issuer specifies the issuer to verify OIDC tokens with.
auth.oidc.issuer = ""
# oidc audience specifies the audience OIDC tokens should contain when validated.
auth.oidc.audience = ""
# oidc skipExpiryCheck specifies whether to skip checking if the OIDC token is expired.
auth.oidc.skipExpiryCheck = false
# oidc skipIssuerCheck specifies whether to skip checking if the OIDC token's issuer claim matches the issuer specified in OidcIssuer.
auth.oidc.skipIssuerCheck = false
# userConnTimeout specifies the maximum time to wait for a work connection.
# userConnTimeout = 10
# Only allow frpc to bind ports you list. By default, there won't be any limit.
allowPorts = [
{ start = 2000, end = 3000 },
{ single = 3001 },
{ single = 3003 },
{ start = 4000, end = 50000 }
]
# Max ports can be used for each client, default value is 0 means no limit
maxPortsPerClient = 0
# If subDomainHost is not empty, you can set subdomain when type is http or https in frpc's configure file
# When subdomain is est, the host used by routing is test.frps.com
subDomainHost = "frps.com"
# custom 404 page for HTTP requests
# custom404Page = "/path/to/404.html"
# specify udp packet size, unit is byte. If not set, the default value is 1500.
# This parameter should be same between client and server.
# It affects the udp and sudp proxy.
udpPacketSize = 1500
# Retention time for NAT hole punching strategy data.
natholeAnalysisDataReserveHours = 168
[[httpPlugins]]
name = "user-manager"
addr = "127.0.0.1:9000"
path = "/handler"
ops = ["Login"]
[[httpPlugins]]
name = "port-manager"
addr = "127.0.0.1:9001"
path = "/handler"
ops = ["NewProxy"]
clien.toml
# your proxy name will be changed to {user}.{proxy}
user = "your_name"
# A literal address or host name for IPv6 must be enclosed
# in square brackets, as in "[::1]:80", "[ipv6-host]:http" or "[ipv6-host%zone]:80"
# For single serverAddr field, no need square brackets, like serverAddr = "::".
serverAddr = "0.0.0.0"
serverPort = 7000
# STUN server to help penetrate NAT hole.
# natHoleStunServer = "stun.easyvoip.com:3478"
# Decide if exit program when first login failed, otherwise continuous relogin to frps
# default is true
loginFailExit = true
# console or real logFile path like ./frpc.log
log.to = "./frpc.log"
# trace, debug, info, warn, error
log.level = "info"
log.maxDays = 3
# disable log colors when log.to is console, default is false
log.disablePrintColor = false
auth.method = "token"
# auth.additionalScopes specifies additional scopes to include authentication information.
# Optional values are HeartBeats, NewWorkConns.
# auth.additionalScopes = ["HeartBeats", "NewWorkConns"]
# auth token
auth.token = "12345678"
# oidc.clientID specifies the client ID to use to get a token in OIDC authentication.
# auth.oidc.clientID = ""
# oidc.clientSecret specifies the client secret to use to get a token in OIDC authentication.
# auth.oidc.clientSecret = ""
# oidc.audience specifies the audience of the token in OIDC authentication.
# auth.oidc.audience = ""
# oidc_scope specifies the permisssions of the token in OIDC authentication if AuthenticationMethod == "oidc". By default, this value is "".
# auth.oidc.scope = ""
# oidc.tokenEndpointURL specifies the URL which implements OIDC Token Endpoint.
# It will be used to get an OIDC token.
# auth.oidc.tokenEndpointURL = ""
# oidc.additionalEndpointParams specifies additional parameters to be sent to the OIDC Token Endpoint.
# For example, if you want to specify the "audience" parameter, you can set as follow.
# frp will add "audience=<value>" "var1=<value>" to the additional parameters.
# auth.oidc.additionalEndpointParams.audience = "https://dev.auth.com/api/v2/"
# auth.oidc.additionalEndpointParams.var1 = "foobar"
# Set admin address for control frpc's action by http api such as reload
webServer.addr = "127.0.0.1"
webServer.port = 7400
webServer.user = "admin"
webServer.password = "admin"
# Admin assets directory. By default, these assets are bundled with frpc.
# webServer.assetsDir = "./static"
# Enable golang pprof handlers in admin listener.
webServer.pprofEnable = false
# The maximum amount of time a dial to server will wait for a connect to complete. Default value is 10 seconds.
# transport.dialServerTimeout = 10
# dialServerKeepalive specifies the interval between keep-alive probes for an active network connection between frpc and frps.
# If negative, keep-alive probes are disabled.
# transport.dialServerKeepalive = 7200
# connections will be established in advance, default value is zero
transport.poolCount = 5
# If tcp stream multiplexing is used, default is true, it must be same with frps
# transport.tcpMux = true
# Specify keep alive interval for tcp mux.
# only valid if tcpMux is enabled.
# transport.tcpMuxKeepaliveInterval = 60
# Communication protocol used to connect to server
# supports tcp, kcp, quic, websocket and wss now, default is tcp
transport.protocol = "tcp"
# set client binding ip when connect server, default is empty.
# only when protocol = tcp or websocket, the value will be used.
transport.connectServerLocalIP = "0.0.0.0"
# if you want to connect frps by http proxy or socks5 proxy or ntlm proxy, you can set proxyURL here or in global environment variables
# it only works when protocol is tcp
# transport.proxyURL = "http://user:passwd@192.168.1.128:8080"
# transport.proxyURL = "socks5://user:passwd@192.168.1.128:1080"
# transport.proxyURL = "ntlm://user:passwd@192.168.1.128:2080"
# quic protocol options
# transport.quic.keepalivePeriod = 10
# transport.quic.maxIdleTimeout = 30
# transport.quic.maxIncomingStreams = 100000
# If tls.enable is true, frpc will connect frps by tls.
# Since v0.50.0, the default value has been changed to true, and tls is enabled by default.
transport.tls.enable = true
# transport.tls.certFile = "client.crt"
# transport.tls.keyFile = "client.key"
# transport.tls.trustedCaFile = "ca.crt"
# transport.tls.serverName = "example.com"
# If the disableCustomTLSFirstByte is set to false, frpc will establish a connection with frps using the
# first custom byte when tls is enabled.
# Since v0.50.0, the default value has been changed to true, and the first custom byte is disabled by default.
# transport.tls.disableCustomTLSFirstByte = true
# Heartbeat configure, it's not recommended to modify the default value.
# The default value of heartbeat_interval is 10 and heartbeat_timeout is 90. Set negative value
# to disable it.
# transport.heartbeatInterval = 30
# transport.heartbeatTimeout = 90
# Specify a dns server, so frpc will use this instead of default one
# dnsServer = "8.8.8.8"
# Proxy names you want to start.
# Default is empty, means all proxies.
# start = ["ssh", "dns"]
# Specify udp packet size, unit is byte. If not set, the default value is 1500.
# This parameter should be same between client and server.
# It affects the udp and sudp proxy.
udpPacketSize = 1500
# Additional metadatas for client.
metadatas.var1 = "abc"
metadatas.var2 = "123"
# Include other config files for proxies.
# includes = ["./confd/*.ini"]
[[proxies]]
# 'ssh' is the unique proxy name
# If global user is not empty, it will be changed to {user}.{proxy} such as 'your_name.ssh'
name = "ssh"
type = "tcp"
localIP = "127.0.0.1"
localPort = 22
# Limit bandwidth for this proxy, unit is KB and MB
transport.bandwidthLimit = "1MB"
# Where to limit bandwidth, can be 'client' or 'server', default is 'client'
transport.bandwidthLimitMode = "client"
# If true, traffic of this proxy will be encrypted, default is false
transport.useEncryption = false
# If true, traffic will be compressed
transport.useCompression = false
# Remote port listen by frps
remotePort = 6001
# frps will load balancing connections for proxies in same group
loadBalancer.group = "test_group"
# group should have same group key
loadBalancer.groupKey = "123456"
# Enable health check for the backend service, it supports 'tcp' and 'http' now.
# frpc will connect local service's port to detect it's healthy status
healthCheck.type = "tcp"
# Health check connection timeout
healthCheck.timeoutSeconds = 3
# If continuous failed in 3 times, the proxy will be removed from frps
healthCheck.maxFailed = 3
# every 10 seconds will do a health check
healthCheck.intervalSeconds = 10
# additional meta info for each proxy
metadatas.var1 = "abc"
metadatas.var2 = "123"
[[proxies]]
name = "ssh_random"
type = "tcp"
localIP = "192.168.31.100"
localPort = 22
# If remote_port is 0, frps will assign a random port for you
remotePort = 0
[[proxies]]
name = "dns"
type = "udp"
localIP = "114.114.114.114"
localPort = 53
remotePort = 6002
# Resolve your domain names to [server_addr] so you can use http://web01.yourdomain.com to browse web01 and http://web02.yourdomain.com to browse web02
[[proxies]]
name = "web01"
type = "http"
localIP = "127.0.0.1"
localPort = 80
# http username and password are safety certification for http protocol
# if not set, you can access this custom_domains without certification
httpUser = "admin"
httpPassword = "admin"
# if domain for frps is frps.com, then you can access [web01] proxy by URL http://web01.frps.com
subdomain = "web01"
customDomains = ["web01.yourdomain.com"]
# locations is only available for http type
locations = ["/", "/pic"]
# route requests to this service if http basic auto user is abc
# route_by_http_user = abc
hostHeaderRewrite = "example.com"
# params with prefix "header_" will be used to update http request headers
requestHeaders.set.x-from-where = "frp"
healthCheck.type = "http"
# frpc will send a GET http request '/status' to local http service
# http service is alive when it return 2xx http response code
healthCheck.path = "/status"
healthCheck.intervalSeconds = 10
healthCheck.maxFailed = 3
healthCheck.timeoutSeconds = 3
[[proxies]]
name = "web02"
type = "https"
localIP = "127.0.0.1"
localPort = 8000
subdomain = "web02"
customDomains = ["web02.yourdomain.com"]
# if not empty, frpc will use proxy protocol to transfer connection info to your local service
# v1 or v2 or empty
transport.proxyProtocolVersion = "v2"
[[proxies]]
name = "tcpmuxhttpconnect"
type = "tcpmux"
multiplexer = "httpconnect"
localIP = "127.0.0.1"
localPort = 10701
customDomains = ["tunnel1"]
# routeByHTTPUser = "user1"
[[proxies]]
name = "plugin_unix_domain_socket"
type = "tcp"
remotePort = 6003
# if plugin is defined, local_ip and local_port is useless
# plugin will handle connections got from frps
[proxies.plugin]
type = "unix_domain_socket"
unixPath = "/var/run/docker.sock"
[[proxies]]
name = "plugin_http_proxy"
type = "tcp"
remotePort = 6004
[proxies.plugin]
type = "http_proxy"
httpUser = "abc"
httpPassword = "abc"
[[proxies]]
name = "plugin_socks5"
type = "tcp"
remotePort = 6005
[proxies.plugin]
type = "socks5"
username = "abc"
password = "abc"
[[proxies]]
name = "plugin_static_file"
type = "tcp"
remotePort = 6006
[proxies.plugin]
type = "static_file"
localPath = "/var/www/blog"
stripPrefix = "static"
httpUser = "abc"
httpPassword = "abc"
[[proxies]]
name = "plugin_https2http"
type = "https"
customDomains = ["test.yourdomain.com"]
[proxies.plugin]
type = "https2http"
localAddr = "127.0.0.1:80"
crtPath = "./server.crt"
keyPath = "./server.key"
hostHeaderRewrite = "127.0.0.1"
requestHeaders.set.x-from-where = "frp"
[[proxies]]
name = "plugin_https2https"
type = "https"
customDomains = ["test.yourdomain.com"]
[proxies.plugin]
type = "https2https"
localAddr = "127.0.0.1:443"
crtPath = "./server.crt"
keyPath = "./server.key"
hostHeaderRewrite = "127.0.0.1"
requestHeaders.set.x-from-where = "frp"
[[proxies]]
name = "plugin_http2https"
type = "http"
customDomains = ["test.yourdomain.com"]
[proxies.plugin]
type = "http2https"
localAddr = "127.0.0.1:443"
hostHeaderRewrite = "127.0.0.1"
requestHeaders.set.x-from-where = "frp"
[[proxies]]
name = "secret_tcp"
# If the type is secret tcp, remote_port is useless
# Who want to connect local port should deploy another frpc with stcp proxy and role is visitor
type = "stcp"
# secretKey is used for authentication for visitors
secretKey = "abcdefg"
localIP = "127.0.0.1"
localPort = 22
# If not empty, only visitors from specified users can connect.
# Otherwise, visitors from same user can connect. '*' means allow all users.
allowUsers = ["*"]
[[proxies]]
name = "p2p_tcp"
type = "xtcp"
secretKey = "abcdefg"
localIP = "127.0.0.1"
localPort = 22
# If not empty, only visitors from specified users can connect.
# Otherwise, visitors from same user can connect. '*' means allow all users.
allowUsers = ["user1", "user2"]
# frpc role visitor -> frps -> frpc role server
[[visitors]]
name = "secret_tcp_visitor"
type = "stcp"
# the server name you want to visitor
serverName = "secret_tcp"
secretKey = "abcdefg"
# connect this address to visitor stcp server
bindAddr = "127.0.0.1"
# bindPort can be less than 0, it means don't bind to the port and only receive connections redirected from
# other visitors. (This is not supported for SUDP now)
bindPort = 9000
[[visitors]]
name = "p2p_tcp_visitor"
type = "xtcp"
# if the server user is not set, it defaults to the current user
serverUser = "user1"
serverName = "p2p_tcp"
secretKey = "abcdefg"
bindAddr = "127.0.0.1"
# bindPort can be less than 0, it means don't bind to the port and only receive connections redirected from
# other visitors. (This is not supported for SUDP now)
bindPort = 9001
# when automatic tunnel persistence is required, set it to true
keepTunnelOpen = false
# effective when keep_tunnel_open is set to true, the number of attempts to punch through per hour
maxRetriesAnHour = 8
minRetryInterval = 90
# fallbackTo = "stcp_visitor"
# fallbackTimeoutMs = 500
frp0.5x
server
version: "3.5"
services:
serve:
image: snowdreamtech/frps
restart: unless-stopped
container_name: frps-server
network_mode: host
ports:
- "7700:7700"
- "7800:7800"
environment:
- PUID=1000
- PGID=1000
volumes:
- ./frps.toml:/etc/frp/frps.toml
frps.toml
bindPort = 7000 # 服务端与客户端通信端口
transport.tls.force = true # 服务端将只接受 TLS链接
auth.token = "public" # 身份验证令牌,frpc要与frps一致
# Server Dashboard,可以查看frp服务状态以及统计信息
webServer.addr = "0.0.0.0" # 后台管理地址
webServer.port = 7500 # 后台管理端口
webServer.user = "admin" # 后台登录用户名
webServer.password = "admin" # 后台登录密码
client
version: "3.5"
services:
client:
image: snowdreamtech/frpc:0.38.0
restart: unless-stopped
container_name: frpc-client
network_mode: host
environment:
- PUID=1000
- PGID=1000
volumes:
- ./frpc.toml:/etc/frp/frpc.toml
frpc.toml
transport.tls.enable = true # 从 v0.50.0版本开始,transport.tls.enable的默认值为 true
serverAddr = "x.x.x.x" # 公网ip地址
serverPort = 7000 # 公网服务端通信端口
auth.token = "public" # 令牌,与公网服务端保持一致
[[proxies]]
name = "test-http"
type = "tcp"
localIP = "127.0.0.1" # 需要暴露的服务的IP
localPort = 9000 # 将本地9000端口的服务暴露在公网的6060端口
remotePort = 6060 # 暴露服务的公网入口
[[proxies]]
name = "ssh"
type = "tcp"
localIP = "127.0.0.1"
localPort = 22
remotePort = 6000
nginx-manager
version: "3.5"
networks:
backend:
driver: bridge
services:
proxy:
image: jc21/nginx-proxy-manager:latest
restart: unless-stopped
ports:
- '80:80'
- '81:81'
- '443:443'
volumes:
- ./proxy/data:/data
- ./proxy/letsencrypt:/etc/letsencrypt
hbase
version: "3.5"
services:
hbase:
image: harisekhon/hbase:latest
container_name: hbase
restart: always
network_mode: bridge
ports:
- "2181:2181"
- "16010:16010"
volumes:
- ./data:/data
Jellyfin
version: '3.5'
services:
jellyfin:
image: jellyfin/jellyfin
container_name: jellyfin
restart: 'unless-stopped'
user: uid:gid
network_mode: 'host'
volumes:
- ./data/jellyfin/config:/config
- ./data/jellyfin/cache:/cache
- ${jellyfin_data}:/media:ro
environment:
- JELLYFIN_PublishedServerUrl=http://example.com
extra_hosts:
- "host.docker.internal:host-gateway"
jellyfin_data=/data/jellyfin # 8096
alist
version: '3.3'
services:
alist:
image: 'xhofe/alist:latest'
container_name: alist
volumes:
- '/etc/alist:/opt/alist/data'
ports:
- '5244:5244'
environment:
- PUID=0
- PGID=0
- UMASK=022
restart: unless-stopped
webui
docker run --rm \
-e OLLAMA_API_BASE_URL=http://127.0.0.1:11434/api \
--add-host=127.0.0.1:host-gateway \
--net=host \
--name open-webui \
ghcr.io/open-webui/open-webui:main
docker run -d --add-host=host.docker.internal:host-gateway -v open-webui:/app/backend/data --network=host --name open-webui --restart always ghcr.io/open-webui/open-webui:main
mysql
services:
mysql:
image: mysql:5.7
command: ["--character-set-server=utf8mb4", "--collation-server=utf8mb4_unicode_ci"]
restart: unless-stopped
environment:
TZ: Asia/Shanghai # 设置时区
MYSQL_ROOT_PASSWORD: admin666 # 这里设置root用户的密码
MYSQL_DATABASE: golang # 启动时创建的数据库名
MYSQL_USER: user # 创建的用户
MYSQL_PASSWORD: user666 # 上述用户的密码
ports:
- "33060:3306" # 映射宿主机端口到容器端口
volumes:
- ./data:/var/lib/mysql # 持久化MySQL数据
- ./conf/my.cnf:/etc/mysql/conf.d/my.cnf # 挂载配置文件
network_mode: bridge
my.cnf
[mysqld]
skip-log-bin
# log-bin=mysql-bin
# binlog_format=mixed
server-id = 1
slow_query_log=1 # 开启蛮日志
slow-query-log-file=mysql-slow.log
expire_logs_days = 10
long_query_time=3 # 设置慢查询的阈值为 2 秒,即查询时间超过 2 秒的会被记录
导出所有mysql数据
docker exec some-mysql sh -c 'exec mysqldump --all-databases -uroot -p"$MYSQL_ROOT_PASSWORD"' > /home/data/all-databases.sql