docker搭建xray网络代理

下面的例子是在国内vps上启动代理，用于身在国外时穿到国内网络。比如解决网易云播放问题。

docker-compose.yml

version: "3"

services:
  xray:
    image: teddysun/xray
    container_name: xray
    restart: unless-stopped
    volumes:
      - /root/dockerSpace/xray:/root
    ports:
      - "127.0.0.1:8849:8849"                   

端口使用”127.0.0.1:8849:8849″是为了不让外部直接访问xray，而是通过nginx走TLS中转。

xray config.json:

{
  "log": {
    "loglevel": "warning"
  },
  "inbounds": [
    {
      "port": 8849,
      "listen": "0.0.0.0",
      "protocol": "vless",
      "settings": {
        "clients": [
          {
            "id": "34f294a7-7f7a-4cf2-9bb8-4bfedcce4241",
            "flow": ""
          }
        ],
        "decryption": "none"
      },
      "streamSettings": {
        "network": "ws",
        "wsSettings": {
          "path": "/to_cn"
        }
      }
    }
  ],
  "outbounds": [
    {
      "protocol": "freedom",
      "settings": {}
    }
  ]
}

/etc/nginx/sites-available/

server {
    listen 443 ssl http2;
    server_name {域名};

    ssl_certificate {证书}; # managed by Certbot
    ssl_certificate_key {证书}; # managed by Certbot

    location /to_cn {
        proxy_redirect off;
        proxy_http_version 1.1;
        
	proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        
	proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

	proxy_pass http://127.0.0.1:8849;
    }


    location / {
        return 200 "OK";
    }
}