Archive/shadowsocks-libev/docker/alpine/README.md

# Shadowsocks-libev Docker Image

[shadowsocks-libev][1] is a lightweight secured socks5 proxy for embedded
devices and low end boxes.  It is a port of [shadowsocks][2] created by
@clowwindy maintained by @madeye and @linusyang.

Docker images are built for quick deployment in various computing cloud providers. For more information on docker and containerization technologies, refer to [official document][9].

## Prepare the host

Many cloud providers offer docker-ready environments, for instance the [CoreOS Droplet in DigitalOcean][10] or the [Container-Optimized OS in Google Cloud][11].

If you need to install docker yourself, follow the [official installation guide][12].

## Pull the image

```bash
$ docker pull shadowsocks/shadowsocks-libev
```
This pulls the latest release of shadowsocks-libev.

You can also choose to pull a previous release or to try the bleeding edge build:
```bash
$ docker pull shadowsocks/shadowsocks-libev:<tag>
$ docker pull shadowsocks/shadowsocks-libev:edge
```
> A list of supported tags can be found at [Docker Hub][13].

## Start a container

```bash
$ docker run -p 8388:8388 -p 8388:8388/udp -d --restart always shadowsocks/shadowsocks-libev:latest
```
This starts a container of the latest release with all the default settings, which is equivalent to
```bash
$ ss-server -s 0.0.0.0 -p 8388 -k "$(hostname)" -m aes-256-gcm -t 300 -d "8.8.8.8,8.8.4.4" -u
```
> **Note**: It's the hostname in the container that is used as the password, not that of the host.

### With custom port

In most cases you'll want to change a thing or two, for instance the port which the server listens on. This is done by changing the `-p` arguments.

Here's an example to start a container that listens on `28388` (both TCP and UDP):
```bash
$ docker run -p 28388:8388 -p 28388:8388/udp -d --restart always shadowsocks/shadowsocks-libev
```

### With custom password

Another thing you may want to change is the password. To change that, you can pass your own password as an environment variable when starting the container.

Here's an example to start a container with `9MLSpPmNt` as the password:
```bash
$ docker run -e PASSWORD=9MLSpPmNt -p 8388:8388 -p 8388:8388/udp -d --restart always shadowsocks/shadowsocks-libev
```
> :warning: Click [here][6] to generate a strong password to protect your server.

### With password as a mounted file or a Docker secret (swarm only)

Instead of hardcoding a password to the docker-compose file or `docker run` command, you can mount in a file that contains the password. To do so, pass the path that you mounted to the container as the `PASSWORD_FILE` environment variable.

If you are running Docker Swarm, you can also utilize Docker secrets. To do so, pass the name of the secret as the `PASSWORD_SECRET` environment variable. If you specify both `PASSWORD_FILE` and `PASSWORD_SECRET`, the latter will take effect.

This is a sample `docker-compose.yml` file that uses the external Docker secret named `shadowsocks` as the password.

```yaml
shadowsocks:
  image: shadowsocks/shadowsocks-libev
  ports:
    - "8388:8388"
  environment:
    - METHOD=aes-256-gcm
    - PASSWORD_SECRET=shadowsocks
  secrets:
    - shadowsocks
```

This is a sample `docker service create` command that uses the external Docker secret named `shadowsocks` as the password.

```bash
docker service create -e PASSWORD_SECRET=shadowsocks -p 8388:8388 -p 8388:8388/udp --secret shadowsocks shadowsocks/shadowsocks-libev
```

### With other customizations
Besides `PASSWORD`, the image also defines the following environment variables that you can customize:
* `SERVER_ADDR`: the IP/domain to bind to, defaults to `0.0.0.0`
* `SERVER_ADDR_IPV6`: the IPv6 address to bind to, defaults to `::0`
* `METHOD`: encryption method to use, defaults to `aes-256-gcm`
* `TIMEOUT`: defaults to `300`
* `DNS_ADDRS`: DNS servers to redirect NS lookup requests to, defaults to `8.8.8.8,8.8.4.4`
* `TZ`: Timezone, defaults to `UTC`

Additional arguments supported by `ss-server` can be passed with the environment variable `ARGS`, for instance to start in verbose mode:
```bash
$ docker run -e ARGS=-v -p 8388:8388 -p 8388:8388/udp -d --restart always shadowsocks/shadowsocks-libev:latest
```

## Use docker-compose to manage (optional)

It is very handy to use [docker-compose][7] to manage docker containers.
You can download the binary at <https://github.com/docker/compose/releases>.

This is a sample `docker-compose.yml` file.

```yaml
shadowsocks:
  image: shadowsocks/shadowsocks-libev
  ports:
    - "8388:8388"
  environment:
    - METHOD=aes-256-gcm
    - PASSWORD=9MLSpPmNt
  restart: always
```

It is highly recommended that you setup a directory tree to make things easy to manage.

```bash
$ mkdir -p ~/fig/shadowsocks/
$ cd ~/fig/shadowsocks/
$ curl -sSLO https://github.com/shadowsocks/shadowsocks-libev/raw/master/docker/alpine/docker-compose.yml
$ docker-compose up -d
$ docker-compose ps
```

## Finish

At last, download shadowsocks client [here][8].
Don't forget to share internet with your friends.

```yaml
{
    "server": "your-vps-ip",
    "server_port": 8388,
    "local_address": "0.0.0.0",
    "local_port": 1080,
    "password": "9MLSpPmNt",
    "timeout": 600,
    "method": "aes-256-gcm"
}
```

[1]: https://github.com/shadowsocks/shadowsocks-libev
[2]: https://shadowsocks.org/en/index.html
[6]: https://duckduckgo.com/?q=password+12&t=ffsb&ia=answer
[7]: https://github.com/docker/compose
[8]: https://shadowsocks.org/en/download/clients.html
[9]: https://docs.docker.com/
[10]: https://www.digitalocean.com/products/linux-distribution/coreos/
[11]: https://cloud.google.com/container-optimized-os/
[12]: https://docs.docker.com/install/
[13]: https://hub.docker.com/r/shadowsocks/shadowsocks-libev/tags/