Skip to content

Workflows: Refactor docker #4738

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Workflows: Refactor docker #4738

wants to merge 2 commits into from
+162 −62

Conversation

Meo597
Copy link
Contributor

@Meo597 Meo597 commented May 18, 2025
edited
Loading

解决了现有 docker 映像的这些问题:

  • 目前每当 main 分支有更新就 build 一次,实际上这些根本没人下载
    改成仅 release 时 build image
  • FROM chainguard 要求运行在非 root 用户下,现在破坏了这个设定
  • 配置文件是单个的,而且有默认内容,而且非 root 下不可能支持多文件(nonroot权限导致)
    改成多文件,处理目录和文件权限以支持 nonroot
  • docker.yml 有许多参数相互冲突,比如最开头规定只在 main 分支改动和 release 时运行,但下面又定义 PR 也可运行
    删掉无用的,改为仅 release
  • 默认时区是上海
    改成UTC,因为不只是中国人在用,而且服务器大多在非中国
  • 非 root 下不支持写日志文件(nonroot权限导致),没法持久化,导致销毁实例再建日志会丢
    改为默认写 error,自动创建卷来持久化,处理目录和文件权限以支持 nonroot
  • 各种路径跟 xray-install 脚本不一致
    改为一样的
  • 最终 image 全部都基于 chainguard/stable:amd64,实际上是应该分 arch 的,虽然里面这种 image 没有 ELF,但不清楚会有什么不好影响,这毕竟是非标准做法
    考虑到 chainguard 支持的架构不如 google distroless 多,因此改用后者,并且现在支持更多架构
  • geodat 分 v2fly 和 loyalsoldier,事实上早就弃用 v2fly 版了,docker 版再区分它们无意义
    改成 loyalsoldier,因此 没有 -ls 标签了
  • go 编译环境是 alpine,而 golang 官方说它是不受支持的
    所以换成 golang:latest,有需要的话也可以指定版本,以前是指定的,为啥yuhan改为latest了

用法:

docker volume create xray_conf
docker volume create xray_log

# 运行在非 root 模式,内部端口不能小于 1024
docker run -d -p 443:8443 --name xray \
    -v xray_conf:/usr/local/etc/xray \
    -v xray_log:/var/log/xray \
    ghcr.io/xtls/xray-core:版本号

# 卷模式,需要再另外启一个有 shell 的实例才能编辑配置文件
docker run -i -t --name xray-console \
    -v xray_conf:/usr/local/etc/xray \
    -v xray_log:/var/log/xray \
    alpine:latest

版本号是 latest、或者是 tag 去掉 v,比如 25.5.18

架构:

  • linux/amd64
  • linux/arm/v7
  • linux/arm64
  • linux/ppc64le
  • linux/s390x
  • linux/386
  • linux/arm/v6
  • linux/loong64
  • linux/riscv64

@Meo597 Meo597 force-pushed the refactor-docker branch from 3ff0ffe to f69801b Compare May 18, 2025 03:09
@Meo597 Meo597 force-pushed the refactor-docker branch from f69801b to d9a6d70 Compare May 18, 2025 14:34
@Meo597 Meo597 mentioned this pull request May 20, 2025
Closed
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Meo597