Mx4c Blog

四字先生

用Docker容器快速部署Hysteria服务

发布于 # Hysteria # Docker

Hysteria 协议相信大家都不陌生,由于官网对于docker容器部署的介绍比较少,这边只是做个记录,给到有需要的朋友。

1. 如果你的服务器上没有docker环境,首先要安装docker和docker compose

curl -sSL https://get.docker.com/ | sh

2. 创建容器目录并且进入

mkdir docker && cd docker

3.创建项目文件夹和相关配置文件

mkdir hysteria

创建docker-compose文件和config.yaml配置文件

cd hysteria
touch docker-compose.yml && config.yaml

docker-compose.yml 配置信息如下:

version: "3.8"
services:
  hysteria:
    image: 'tobyxdd/hysteria:latest'
    container_name: hysteria-server
    restart: always
    network_mode: host
    volumes:
      - '$PWD/:/etc/hysteria'
    environment:
      - HYSTERIA_DISABLE_UPDATE_CHECK = 1
    cap_add:
      - NET_ADMIN
      - NET_BIND_SERVICE
      - SYS_PTRACE
      - DAC_READ_SEARCH
    devices:
      - '/dev/net/tun:/dev/net/tun'
    ulimits:
      nofile:
        soft: 65535
        hard: 65535
    deploy:
      resources:
        limits:
          cpus: '0.5'
          memory: 256M
    command: ["server", "-c", "/etc/hysteria/config.yaml"]

hysteria 的配置文件config.yaml信息如下:

listen: :56003 # 这是服务端所使用的端口号,您可以按需修改(如可将56003修改为您所需要的端口号)


ignoreClientBandwidth: false
speedTest: false
disableUDP: false
udpIdleTimeout: 60s


tls: 
  cert: /etc/hysteria/server.crt  # 此处的cert和key放到上方步骤中提到的新建的目录下
  key: /etc/hysteria/server.key
  sniGuard: disable

quic:
  initStreamReceiveWindow: 1048576  # 如果您的server剩余资源充裕,且您需要达到100mbps以上的速率,请删除此处的quic字段
  maxStreamReceiveWindow: 1048576
  initConnReceiveWindow: 4194304
  maxConnReceiveWindow: 4194304 
  maxIdleTimeout: 30s 
  maxIncomingStreams: 65535
  disablePathMTUDiscovery: true

bandwidth:
  up: 100 mbps  # brutal速度限制
  down: 100 mbps

auth:
  type: password
  password: password1 # 认证密码,必须修改为别的值(不含特殊符号),请确保密码难以猜测

resolver:
  type: tls # 如果您需要让程序直接使用系统的DNS解析,请直接删除此字段
  tls:
    addr: 208.67.220.220:853
    timeout: 4s
    sni: dns.opendns.com
    insecure: true

sniff:
  enable: true 
  timeout: 2s 
  rewriteDomain: false 
  tcpPorts: 80,443,8000-9000 
  udpPorts: all

outbounds:
  - name: freedom # 若无特殊需要,则无需额外修改此处的字段
    type: direct
    direct:
      mode: auto 

masquerade: # 伪装字段,若不需要可删除,若需要可按需修改
  type: string
  string:
    content: Invalid request, please use correct method.
    headers: 
      Server: quic-server
      Content-Type: application/octet-stream; charset=UTF-8
      Cache-Control: no-store
      Content-Length: 8
      Content-Encoding: compress
      Connection: close
    statusCode: 200

4.这里选择生成自签证书:

openssl req -x509 -sha256 -nodes -days 3650 -newkey rsa:4096 -keyout server.key -out server.crt

5.最后是启动容器

docker compose up -d

最后验证日志输出结果

docker logs 容器ID
出现 server up and running   {"listen": ":56003"} 则代表成功