Deploy V2Ray with Docker Compose

Update from the original repo:

Add additional notes for trouble shooting
Update guidelines such as the latest usage of docker compose
Add more helper script to speed up and simplify deployment
(new) Add a simpler config of just V2Ray + WS (without DNS settings i.e. connect with IP directly)

Steps

1. Setup VPS

Using Azure as an example

Create a Virtual Machine
1. Any kind of Size (schema) will work, but you can use exactly the same as mine
  1. Size: Standard B2s (2 vcpus, 4 GiB memory)
  2. Operating system: Linux (ubuntu 20.04)
  3. Location: Japan East
  4. Disk: Standard SSD
2. Make sure you disable the auto-shutdown scheduling
Once the VM creation complete
1. Open necessary ports, in this case you need to open 80, 443
2. Create a DNS name: such as your-dns-name (optional: only required by TLS)
  1. You can use a dynamic IP address
  2. You will be able to connect to your machine by using your-dns-name.japaneast.cloudapp.azure.com depending on the machine's location

For GCP you might facing these steps

Add SSH keys to VMs | Compute Engine Documentation | Google Cloud

Create a VM instance with a custom hostname | Compute Engine Documentation | Google Cloud

Add, modify, and delete records | Cloud DNS | Google Cloud

DNS Propagation Checker - Global DNS Testing Tool

2. Setup Environment

ssh into your machine

Install docker with install_docker.sh

Legacy Steps

Install docker

Download the auto setup script and run: curl -fsSL https://get.docker.com -o get-docker.sh then sh get-docker.sh

Add user to the docker user group (so you don't need sudo to use docker): sudo gpasswd -a $USER docker

Make docker auto start on boot: sudo systemctl start docker then sudo systemctl enable docker

~~Install docker compose~~ (Install Docker Compose | Docker Documentation) (Currently docker compose is a built-in)

DOCKER_CONFIG=${DOCKER_CONFIG:-$HOME/.docker}

mkdir -p $DOCKER_CONFIG/cli-plugins

curl -SL https://github.com/docker/compose/releases/download/v2.4.1/docker-compose-linux-x86_64 -o $DOCKER_CONFIG/cli-plugins/docker-compose

chmod +x $DOCKER_CONFIG/cli-plugins/docker-compose

3. Clone Code and Config

Provide two ways of configuration

WS + TLS (will create certification for TLS connection)
WS Only

Common steps

Download some CLI tools
1. sudo apt update
2. sudo apt install git vim tmux
git clone https://github.com/daviddwlee84/DockerCompose-V2Ray.git and cd DockerCompose-V2Ray

3-A. WS + TLS (will create certification for TLS connection)

Pros

This will create certification for TLS connection

Your V2Ray server looks like normal website if you directly access it

Cons

You need to solve your DNS to make it reachable

Modify settings
1. Modify your_domain and your_email_address in initial_https.sh and execute (if you forgot this step you will have to manually modify the files, or just git reset --hard to revert the changes and try again)
2. docker-compose.yml
  1. No need to modify
3. data/v2ray/config.json
  1. Change id to use your own "id": "bae399d4-13a4-46a3-b144-4af2c0004c2e" (or you can leave it as what it is)
  2. You can generate a new UUID using this online tool: Online UUID Generator Tool (not sure what is the difference between different version UUIDs, seems not all UUID-like strings will work)
Start server
1. tmux
2. docker compose up --build (permission issue just add sudo in the front)
3. Exit you can use Ctrl + b then d to detach tmux and type exit to close the terminal

Legacy Steps

init-letsencrypt.sh

Modify domains and email to be your own

If you are using Azure, the domains is your-dns-name.japaneast.cloudapp.azure.com (DNS name).

Note that domains SHOULD BE AN ARRAY, that is you should keep the parenthesis there.

data/nginx/conf.d/v2ray.conf

Modify all your_domain

You can use vim :%s/your_domain/your-dns-name.japaneast.cloudapp.azure.com/g

Setup Nginx and HTTPS encryption stuff

chmod +x ./init-letsencrypt.sh

./init-letsencrypt.sh

if you can't use this, might because docker need sudo permission

must make sure the ports (firewall) are opened

3-B. WS Only

Pros

Simple, just start the docker and that's it

Cons

Your IP might get banned by GFW more easily (in theory). But you can just switch to new public IP at anytime.

Directly start server with V2Ray only: docker compose -f docker-compose-v2ray-only.yml up -d

4. Config Your Client

4-1. Shadowrocket (iOS client)

Type: Vmess

Address: your-dns-name.japaneast.cloudapp.azure.com
Port: 443
UUID: bae399d4-13a4-46a3-b144-4af2c0004c2e
Alert ID: 64
Method: auto
TLS
1. enable
2. allow insecure
Transport: websocket
1. Path: /v2ray

NOTE

the 2. Port should be 80 if you use 3-B.

the 6. TLS is needed only if you follow 3-A; if you use 3-B you can skip it.

4-2. Clash for Windows (PC client)

NOTE: different client might use different config format, even though it look similar at a glance (using yaml...)

Clash for Windows:

# ...

# 3-A.
proxies:
  - name: "Your Customized Name"
    type: vmess
    server: your-dns-name.japaneast.cloudapp.azure.com
    port: 443
    uuid: bae399d4-13a4-46a3-b144-4af2c0004c2e
    alterId: 64
    cipher: auto
    udp: false
    tls: true
    skip-cert-verify: true
    network: ws
    ws-opts:
      path: /v2ray

# ...

# ...

# 3-B.
proxies:
  - name: "Your Customized Name"
    type: vmess
    server: your-ip-address
    port: 80
    uuid: bae399d4-13a4-46a3-b144-4af2c0004c2e
    alterId: 64
    cipher: auto
    udp: false
    network: ws
    ws-opts:
      path: /v2ray

# ...

4-3. Clash Core (CLI Client)

Releases · Kuingsmile/clash-core

Simply download binary for your machine and run
Modify ~/.config/clash/config.yaml => can consume Clash for Windows config!
Setup proxy export https_proxy=http://127.0.0.1:7890 http_proxy=http://127.0.0.1:7890 all_proxy=socks5://127.0.0.1:7890
(Optional) Make this a system service (systemctl)

Trouble Shooting

You can see logs/ folder

Use sudo tail -f ./path/to/log.log to see the error message then debug

If you forgot to open 80,443 ports, you will fail at certbot step. Remove data/certbot folder and try again.
If your Nginx server successfully running, you can connect to https://your-dns-name.japaneast.cloudapp.azure.com using a browser and see "Congratulation!" which basically is this HTML (data/nginx/html/v2ray/index.html)
You can connect to https://your-dns-name.japaneast.cloudapp.azure.com/v2ray
1. If you get a 502 error, that means your V2Ray server is not running correctly.
2. If you get the text "bad request", that means it is successfully running.
If you changed UUID and failed to connect but every other thing is fine (v2ray log can see traffic income), maybe change UUID back to the default value.
If you are using rootless docker you might found issue of binding ports < 1024. Error response from daemon: driver failed programming external connectivity on endpoint nginx (xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx): failed to bind port 0.0.0.0:80/tcp: Error starting userland proxy: error while calling PortManager.AddPort(): cannot expose privileged port 80, you can add 'net.ipv4.ip_unprivileged_port_start=80' to /etc/sysctl.conf (currently 1024), or set CAP_NET_BIND_SERVICE on rootlesskit binary, or choose a larger port number (>= 1024): listen tcp4 0.0.0.0:80: bind: permission denied
1. Run the Docker daemon as a non-root user (Rootless mode) | Docker Docs: sudo setcap cap_net_bind_service=ep $(which rootlesskit) then systemctl --user restart docker.
2. Check your 80 ports is working docker run -it -p 80:80 nginx and open your IP in a browser.
To test you client you can use What Is My IP Address - See Your Public Address - IPv4 & IPv6 to see if the IP is changed to the server IP

albertxiao/DockerCompose-V2Ray