分类容器安装下的文章

2026-04-09

一个端口添加sslh实现端口复用首选方案：Nginx Stream理由：1Panel 已经跑着 Nginx，你不需要安装任何额外软件，性能最好，最稳定，技术最“正统”。配置虽然要写几行代码，但结构非常清晰，一劳永逸。备选方案（简单场景）：sslh理由：如果你不太想动 Nginx 的配置，或者担心改错，sslh 是独立安装的，不影响现有服务，配置极其简单。备选方案（复杂场景）：FRP理由：只有当你的客户端机器没有公网 IP（比如你在家里的电脑上运行 rsync），或者你未来有更多内网穿透需求时，FRP 才是正确且唯一的选择。最终推荐：sslh考虑到你的场景（只有1个端口、服务器不能主动连外、面板可能直接用IP访问），sslh 是更稳妥、更简单的选择。{collapse}{collapse-item label="安装rsync-server" open}version: "3.8" services: rsync-server: image: eeacms/rsync container_name: rsync-server ports: - "5533:22" environment: SSH_AUTH_KEY_1: "ssh-rsa 秘== root@KylinV10" volumes: - /data/vdb/docker/compose/web/nginx/html/file:/data command: server restart: unless-stopped测试并能连接{/collapse-item}{collapse-item label="安装sslh和配置nginx" open}公网用户 → :38888 → sslh 分流 ├─ HTTPS/HTTP → Nginx(:8888) → 1Panel/Tomcat/WebDAV └─ SSH/rsync → rsync-server(:5533)1Panel 地址是 http://192.168.0.204:30900/，这是通过 IP 直接访问。但是 sslh 需要监听 38888 端口并转发 HTTP/HTTPS 流量。更新后的 docker-compose.yml使用 yrutschle/sslhversion: '3.3' services: sslh: image: ghcr.io/yrutschle/sslh:master container_name: sslh restart: always network_mode: "host" command: --listen 0.0.0.0:38888 --ssh 127.0.0.1:5533 --http 127.0.0.1:8888 --foreground参数值说明--listen 0.0.0.0:38888 监听公网端口--ssh 127.0.0.1:5533 转发到 rsync-server（SSH）--http 127.0.0.1:8888 转发到 Nginx（HTTP）--foreground - 容器前台运行（必须）注意！需要在 Nginx 配置中添加重定向重写规则，将返回的 Location 头中的端口和主机名修正。 location /webdav/ { proxy_pass http://192.168.0.204:32888/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; client_max_body_size 0; proxy_buffering off; proxy_request_buffering off; proxy_read_timeout 86400; # 关键：修改后端返回的重定向地址 proxy_redirect http://192.168.0.204:8888/ http://$host:38888/; proxy_redirect http://$host:8888/ http://$host:38888/; }各服务访问地址：服务地址1Panel 面板 http://192.168.0.204:38888/WebDAV http://192.168.0.204:38888/webdav/Tomcat 应用 http://192.168.0.204:38888/jxsj/Tomcat 应用 http://192.168.0.204:38888/tzsj/upstream tomcat { server tomcat9-jdk8:8080; } server { listen 8888; listen [::]:8888; server_name localhost; # 1Panel 面板路由（新增） location / { # 如果想让 / 直接访问 1Panel，用这个 proxy_pass http://192.168.0.204:30900/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # 1Panel 需要 WebSocket 支持 proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } # 或者保留原来的静态页，用 /panel/ 访问 1Panel # location /panel/ { # proxy_pass http://192.168.0.204:30900/; # proxy_set_header Host $host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header X-Forwarded-Proto $scheme; # proxy_http_version 1.1; # proxy_set_header Upgrade $http_upgrade; # proxy_set_header Connection "upgrade"; # } # WebDAV 路由 location /webdav/ { proxy_pass http://192.168.0.204:32888/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; client_max_body_size 0; proxy_buffering off; proxy_request_buffering off; proxy_read_timeout 86400; # 防止重定向跳转到 8888 proxy_redirect http://192.168.0.204:8888/ http://$host:38888/; proxy_redirect http://$host:8888/ http://$host:38888/; } # Tomcat 路由 location ~ ^/(jxsj|tzsj) { proxy_pass http://tomcat; proxy_set_header Host $host:$server_port; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_redirect http://$host:8888/ http://$host:38888/; } # 静态页（如果 location / 被 1Panel 占用，这个需要删除或移到其他路径） # location / { # root /usr/share/nginx/html; # index index.html index.htm; # } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } location ~* \.(lst|log|conf|config|bak|sql|git|svn)$ { deny all; return 404; } }{/collapse-item}{/collapse}

2026年04月09日
7 阅读
0 评论
0 点赞

2025-12-19

vsftpd日志问题挂载问题sudo touch /data/vdb/docker/compose/vsftpd/logs/vsftpd.log sudo chmod 600 /data/vdb/docker/compose/vsftpd/logs/vsftpd.log sudo chown 0:0 /data/vdb/docker/compose/vsftpd/logs/vsftpd.log 改 compose，把单文件挂进去 volumes: - /data/vdb/docker/compose/vsftpd/logs/vsftpd.log:/var/log/vsftpd.log切割日志新建配置文件注意权限将权限改为 0644 或 0600（推荐 0644）vi /etc/logrotate.d/vsftpd-docker/data/vdb/docker/compose/vsftpd/logs/vsftpd.log实际路径 { daily rotate 7 # compress # delaycompress missingok notifempty copytruncate # 关键：把旧文件截断，fd 不断 sharedscripts postrotate endscript }验证logrotate -d /etc/logrotate.d/vsftpd-docker # 调试模式，不会真切 logrotate -f /etc/logrotate.d/vsftpd-docker # 强制立即切一次

2025年12月19日
13 阅读
0 评论
0 点赞

2025-01-03

媒体自动化 version: "2.1" services: cloudnas: image: cloudnas/clouddrive2 container_name: clouddrive2-compose environment: - TZ=Asia/Shanghai - CLOUDDRIVE_HOME=/Config volumes: - /mnt/cache/appdata/clouddirve2/CloudNAS:/CloudNAS:shared - /mnt/cache/appdata/clouddirve2/Config:/Config - /mnt/user/media:/media:media devices: - /dev/fuse:/dev/fuse restart: unless-stopped pid: "host" privileged: true network_mode: "host" moviepilot: image: jxxghp/moviepilot-v2 container_name: moviepilot-v2 volumes: - /mnt/user/media:/media - /mnt/user/download:/download - /mnt/cache/appdata/clouddirve2/CloudNAS:/CloudNAS - /mnt/cache/appdata/moviepilot/config:/config - /mnt/cache/appdata/moviepilot/core:/moviepilot/.cache/ms-playwright - '/var/run/docker.sock:/var/run/docker.sock:ro' environment: - NGINX_PORT=3000 - MOVIEPILOT_AUTO_UPDATE = false - PUID=0 - PGID=0 - UMASK=022 - TZ=Asia/Shanghai - SUPERUSER=admin - PROXY_HOST=http://192.168.0.254:7890 - AUTH_SITE=audiences,zmpt - AUDIENCES_UID=14651 - AUDIENCES_PASSKEY=f05fdb706a793138ce391ec68b978627 - ZMPT_UID=16445 - ZMPT_PASSKEY=3f17fe3c7746e70c926cb2d73430e59d network_mode: bridge restart: always ports: - 8760:3000 privileged: true emby: image: emby/embyserver container_name: emby network_mode: bridge environment: - UID=0 - GID=0 - GIDLIST=0 - TZ=Asia/Shanghai # - NO_PROXY=172.17.0.1,127.0.0.1,localhost # - ALL_PROXY=http://192.168.100.208:7890 # - HTTP_PROXY=http://192.168.100.208:7890 volumes: - /mnt/cache/appdata/EmbyServer:/config - /mnt/user/media:/Media - /mnt/cache/link:/link - /mnt/cache/appdata/clouddirve2/CloudNAS:/mnt/cache/appdata/clouddirve2/CloudNAS - /mnt/cache/backup/emby_backup:/backup ports: - 8096:8096 devices: - /dev/dri:/dev/dri restart: unless-stopped auto_symlink: image: shenxianmq/auto_symlink:latest container_name: auto_symlink network_mode: bridge environment: - TZ=Asia/Shanghai volumes: - /mnt/cache/appdata/auto_symlink/config:/app/config - /mnt/user/media:/Media - /mnt/cache/link:/link - /mnt/cache/appdata/clouddirve2/CloudNAS:/mnt/cache/appdata/clouddirve2/CloudNAS - /mnt/cache/backup/link_backup:/app/backup ports: - 8095:8095 user: 0:0 restart: unless-stopped媒体自动化编排模板转至微信公众号影视自动化version: '3' # === 全局配置 === networks: media_network: driver: bridge ipam: config: - subnet: 172.28.0.0/16 # === 服务定义 === services: # 1. Prowlarr - 电影元数据服务 prowlarr: image: linuxserver/prowlarr:latest container_name: prowlarr ports: - "9696:9696" environment: - PUID=1000 - PGID=100 - TZ=Asia/Shanghai volumes: - /config:/config restart: always networks: - media_network # 2. Sonarr - 电视剧管理 sonarr: image: linuxserver/sonarr:latest container_name: sonarr ports: - "8989:8989" environment: - PUID=1000 - PGID=100 - TZ=Asia/Shanghai volumes: - /config:/config - /downloads:/downloads - /media:/media restart: always networks: - media_network # 3. Radarr - 电影下载管理 radarr: image: linuxserver/radarr:latest container_name: radarr ports: - "7878:7878" environment: - PUID=1000 - PGID=100 - TZ=Asia/Shanghai volumes: - /downloads:/downloads - /media:/media - /config:/config restart: always networks: - media_network # 4. Flaresolverr - 下载链接解析工具 flaresolverr: image: flaresolverr/flaresolverr:latest container_name: flaresolverr ports: - "8191:8191" - "8192:8192" restart: always networks: - media_network # 5. qBittorrent - BT下载客户端 qbittorrent: image: linuxserver/qbittorrent:latest container_name: qbittorrent ports: - "52000:52000" - "52000:52000/udp" - "8080:8080" environment: - PUID=1000 - PGID=100 - TZ=Asia/Shanghai volumes: - /downloads:/downloads - /config:/config restart: always networks: - media_network # 6. chinesesubfinder - 字幕自动下载 chinesesubfinder: image: allanpk716/chinesesubfinder:latest container_name: chinesesubfinder ports: - "19035:19035" environment: - PUID=1000 - PGID=100 - TZ=Asia/Shanghai volumes: - /config:/config - /media:/media restart: always networks: - media_network # 7. Tiny Media Manager (v4) - 元数据管理 tinymediamanager: image: dzhuang/tinymediamanager:latest-v4 container_name: tinymm restart: always ports: - "5800:5800" # Web界面端口 environment: - TZ=Asia/Shanghai - USER_ID=1000 - GROUP_ID=100 - ENABLE_CJK_FONT=1 # 支持中文字体 volumes: - /media:/media # 媒体文件目录（与Sonarr/Radarr共享） - /config:/config # 配置目录 networks: - media_network

2025年01月03日
50 阅读
0 评论
0 点赞

2024-07-09

WireGuard docker容器安装与使用安装dockerDocker 一键安装脚本bash <(curl -sSL https://linuxmirrors.cn/docker.sh)开始安装 docker run -d \ --name=wg-easy \ -e LANG=de \ -e WG_HOST=<🚨YOUR_SERVER_IP域名或者ip> \ -e PASSWORD_HASH=<🚨YOUR_ADMIN_PASSWORD_HASH管理页面密码> \ -e PORT=51821 \ -e WG_PORT=51820 \ -v ~/.wg-easy:/etc/wireguard \ -p 51820:51820/udp \ -p 51821:51821/tcp \ --cap-add=NET_ADMIN \ --cap-add=SYS_MODULE \ --sysctl="net.ipv4.conf.all.src_valid_mark=1" \ --sysctl="net.ipv4.ip_forward=1" \ --restart unless-stopped \ ghcr.io/wg-easy/wg-easyWireGuard Easy项目地址开放51821/tcp 和51820/udp端口管理页面访问地址：http://ip:51821/下载客户端官方下载地址：https://www.wireguard.com/install/{collapse}{collapse-item label="生成密码哈希（必需）" open}用 bcrypt 生成密码哈希docker run -it --rm ghcr.io/wg-easy/wg-easy wgpw '你的密码'输出类似：$2b$12$xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx！！！注意PASSWORD_HASH 格式问题。常见原因和解决方法哈希格式错误（最常见）生成哈希时必须包含单引号，但复制到 Docker 命令时要去掉单引号。{/collapse-item}{collapse-item label="Docker Compose 版本"}version: "3.8" services: wg-easy: image: ghcr.io/wg-easy/wg-easy container_name: wg-easy restart: unless-stopped environment: - LANG=zh # ← 改成中文 - WG_HOST=111.111.000.111``` - PASSWORD_HASH=$$2a$$12$$esxgDWpXmPA`````````````````````` - PORT=51821 - WG_PORT=51820 volumes: - /data/vdb/docker/compose/wg-easy:/etc/wireguard ports: - "51820:51820/udp" - "51821:51821/tcp" cap_add: - NET_ADMIN - SYS_MODULE sysctls: - net.ipv4.conf.all.src_valid_mark=1 - net.ipv4.ip_forward=1{/collapse-item}{/collapse}

2024年07月09日
14 阅读
0 评论
0 点赞

2024-05-31

Docker部署Clash服务与管理面板镜像地址 laoyutang/clash-and-dashboard {lamp/}方式一常规安装1、拉取镜像：docker pull laoyutang/clash-and-dashboard:latest2、启动容器 docker run -d \ --name clash \ --restart=always \ --log-opt max-size=1m \ -v /mnt/user/appdata/clash/clash.yaml:/root/.config/clash/config.yaml \ -p 7888:8080 -p 7890:7890 \ laoyutang/clash-and-dashboard:latest方式二Unraid安装{timeline}{timeline-item color="#19be6b"}docker页面点击“添加容器”进入添加容器页面{/timeline-item}{timeline-item color="#a1be6b"}右上角点击“基本视图”切换到高级视图{/timeline-item}{timeline-item color="#1ide6b"}按选项填入要素存储库: laoyutang/clash-and-dashboard:latest{/timeline-item}{timeline-item color="#1hbe6b"}添加路径：容器路径/root/.config/clash/config.yaml主机路径/mnt/user/appdata/clash/clash.yaml{/timeline-item}{timeline-item color="#19b26b"}添加端口1：主机端口7890容器端口7890{/timeline-item}{timeline-item color="#c9be6b"}添加端口2：主机端口7888容器端口8080{/timeline-item}{timeline-item color="#a9be6b"}添加变量：键：log-opt max-size值：1m{/timeline-item}{timeline-item color="#ea4014"}完成{/timeline-item}{/timeline}{lamp/}-v /mnt/user/appdata/clash/clash.yaml:/root/.config/clash/config.yaml 提供clash的yaml文件，文件如何获取请读者自行解决-p 7888:8080 管理页面端口-p 7890:7890 http代理端口 socks端口使用7891laoyutang/clash-and-dashboard:latest 博主修改后的镜像访问Ip:7888管理页面即可，注意非本机使用，请勾选允许局域网连接原文地址自动更新yaml文件建议直接使用crontab启动定时任务每日更新，脚本可参考如下：#!/bin/bash curl -o /mnt/user/appdata/clash/clash.yaml https://cloudupup05.com/auth/register?code=g9Rq docker restart clash

2024年05月31日
27 阅读
0 评论
0 点赞