9.2 KiB
Docker container guide
Table of content
Setup
-
Install
wgetif not already -
Run setup script
bash <(wget -qO- https://6uo.me/go-proxy-setup-docker)What it does:
- Create required directories
- Setup
config.ymlandcompose.yml
-
Verify folder structure and then
cd go-proxygo-proxy ├── certs ├── compose.yml └── config ├── config.yml └── providers.yml -
Enable HTTPs (optional)
-
To use autocert feature
- completing
autocertsection inconfig/config.yml - mount
certs/to/app/certsto store obtained certs
- completing
-
To use existing certificate
mount your wildcard (
*.y.z) SSL cert- cert / chain / fullchain ->
/app/certs/cert.crt - private key ->
/app/certs/priv.key
- cert / chain / fullchain ->
-
-
Modify
compose.ymlfit your needsAdd networks to make sure it is in the same network with other containers, or make sure
proxy.<alias>.hostis reachable -
Run
docker compose up -dto start the container -
Start editing config files in
http://<ip>:8080
Labels
-
proxy.aliases: comma separated aliases for subdomain matching- default: container name
-
proxy.*.<field>: wildcard label for all aliases
Below labels has a proxy.<alias>. prefix (i.e. proxy.nginx.scheme: http)
-
scheme: proxy protocol- default:
http - allowed:
http,https,tcp,udp
- default:
-
host: proxy host- default:
container_name
- default:
-
port: proxy port- default: first expose port (declared in
Dockerfileordocker-compose.yml) http(s): number in range og0 - 65535tcp/udp:[<listeningPort>:]<targetPort>listeningPort: number, when it is omitted (not suggested), a free port starting from 20000 will be used.targetPort: number, or predefined names (see constants.go:14)
- default: first expose port (declared in
-
no_tls_verify: whether skip tls verify when scheme is https- default:
false
- default:
-
path: proxy path (http(s) proxy only)- default: empty
-
path_mode: mode for path handling-
default: empty
-
allowed: empty,
forward,subempty: remove path prefix from URL when proxying- apps.y.z/webdav -> webdav:80
- apps.y.z./webdav/path/to/file -> webdav:80/path/to/file
forward: path remain unchanged- apps.y.z/webdav -> webdav:80/webdav
- apps.y.z./webdav/path/to/file -> webdav:80/webdav/path/to/file
sub: (experimental) remove path prefix from URL and also append path to HTML link attributes (src,hrefandaction) and Javascriptfetch(url)by response body substitution e.g. apps.y.z/app1 -> webdav:80,href="/app1/path/to/file"->href="/path/to/file"
-
set_headers: a list of header to set, (key:value, one by line)Duplicated keys will be treated as multiple-value headers
labels: proxy.app.set_headers: | X-Custom-Header1: value1 X-Custom-Header1: value2 X-Custom-Header2: value2 -
hide_headers: comma seperated list of headers to hide
-
Labels (docker specific)
Below labels has a proxy.<alias>. prefix (i.e. proxy.app.load_balance=1)
load_balance: enable load balance- allowed:
1,true
- allowed:
Troubleshooting
-
Firewall issues
If you are using
ufwwith vpn that drop all inbound traffic except vpn, run below:sudo ufw allow from 172.16.0.0/16 to 100.64.0.0/10Explaination:
Docker network is usually
172.16.0.0/16Tailscale is used as an example,
100.64.0.0/10will be the CIDRYou can also list CIDRs of all docker bridge networks by:
docker network inspect $(docker network ls | awk '$3 == "bridge" { print $1}') | jq -r '.[] | .Name + " " + .IPAM.Config[0].Subnet' -
Docker compose examples
Local docker provider in bridge network
volumes:
adg-work:
adg-conf:
mc-data:
palworld:
nginx:
services:
adg:
image: adguard/adguardhome
restart: unless-stopped
labels:
- proxy.aliases=adg,adg-dns,adg-setup
- proxy.adg.port=80
- proxy.adg-setup.port=3000
- proxy.adg-dns.scheme=udp
- proxy.adg-dns.port=20000:dns
volumes:
- adg-work:/opt/adguardhome/work
- adg-conf:/opt/adguardhome/conf
mc:
image: itzg/minecraft-server
tty: true
stdin_open: true
container_name: mc
restart: unless-stopped
labels:
- proxy.mc.scheme=tcp
- proxy.mc.port=20001:25565
environment:
- EULA=TRUE
volumes:
- mc-data:/data
palworld:
image: thijsvanloef/palworld-server-docker:latest
restart: unless-stopped
container_name: pal
stop_grace_period: 30s
labels:
- proxy.aliases=pal1,pal2
- proxy.*.scheme=udp
- proxy.pal1.port=20002:8211
- proxy.pal2.port=20003:27015
environment: ...
volumes:
- palworld:/palworld
nginx:
image: nginx
container_name: nginx
volumes:
- nginx:/usr/share/nginx/html
go-proxy:
image: ghcr.io/yusing/go-proxy
container_name: go-proxy
restart: always
ports:
- 80:80 # http
- 443:443 # optional, https
- 8080:8080 # http panel
- 8443:8443 # optional, https panel
- 53:20000/udp # adguardhome
- 25565:20001/tcp # minecraft
- 8211:20002/udp # palworld
- 27015:20003/udp # palworld
volumes:
- ./config:/app/config
- /var/run/docker.sock:/var/run/docker.sock:ro
labels:
- proxy.aliases=gp
- proxy.gp.port=8080
Remote docker provider
Explaination
- Expose container ports to random port in remote host
- Use container port with an asterisk sign (*) before to find remote port automatically
Remote setup
volumes:
adg-work:
adg-conf:
mc-data:
palworld:
nginx:
services:
adg:
image: adguard/adguardhome
restart: unless-stopped
ports: # map container ports
- 80
- 3000
- 53/udp
- 53/tcp
labels:
- proxy.aliases=adg,adg-dns,adg-setup
# add an asterisk (*) before to find host port automatically
- proxy.adg.port=*80
- proxy.adg-setup.port=*3000
- proxy.adg-dns.scheme=udp
- proxy.adg-dns.port=*53
volumes:
- adg-work:/opt/adguardhome/work
- adg-conf:/opt/adguardhome/conf
mc:
image: itzg/minecraft-server
tty: true
stdin_open: true
container_name: mc
restart: unless-stopped
ports:
- 25565
labels:
- proxy.mc.scheme=tcp
- proxy.mc.port=*25565
environment:
- EULA=TRUE
volumes:
- mc-data:/data
palworld:
image: thijsvanloef/palworld-server-docker:latest
restart: unless-stopped
container_name: pal
stop_grace_period: 30s
ports:
- 8211/udp
- 27015/udp
labels:
- proxy.aliases=pal1,pal2
- proxy.*.scheme=udp
- proxy.pal1.port=*8211
- proxy.pal2.port=*27015
environment: ...
volumes:
- palworld:/palworld
nginx:
image: nginx
container_name: nginx
# for single port container, host port will be found automatically
ports:
- 80
volumes:
- nginx:/usr/share/nginx/html
Proxy setup
go-proxy:
image: ghcr.io/yusing/go-proxy
container_name: go-proxy
restart: always
network_mode: host
volumes:
- ./config:/app/config
- /var/run/docker.sock:/var/run/docker.sock:ro
labels:
- proxy.aliases=gp
- proxy.gp.port=8080
Local docker provider in host network
Mostly as remote docker setup, see remote setup
With GOPROXY_HOST_NETWORK=1 to treat it as remote docker provider
Proxy setup
go-proxy:
image: ghcr.io/yusing/go-proxy
container_name: go-proxy
restart: always
network_mode: host
environment: # this part is needed for local docker in host mode
- GOPROXY_HOST_NETWORK=1
volumes:
- ./config:/app/config
- /var/run/docker.sock:/var/run/docker.sock:ro
labels:
- proxy.aliases=gp
- proxy.gp.port=8080
Services URLs for above examples
gp.yourdomain.com: go-proxy web paneladg-setup.yourdomain.com: adguard setup (first time setup)adg.yourdomain.com: adguard dashboardnginx.yourdomain.com: nginxyourdomain.com:53: adguard dnsyourdomain.com:25565: minecraft serveryourdomain.com:8211: palworld server