feat: add Docker support with Dockerfile and docker-compose configuration

2026-05-17 21:24:37 +03:00 · 2026-05-05 07:01:59 +03:30
parent e9fda55adf
commit e300493b85
5 changed files with 144 additions and 0 deletions
@@ -0,0 +1,18 @@
 # Never bake secrets or runtime state into the image.
 config.json
 ca/
 # Python runtime artifacts
 __pycache__/
 *.pyc
 *.pyo
 *.pyd
 .venv/
 venv/
 *.egg-info/
 # Development / OS clutter
 .git/
 .gitignore
 .vscode/
 *.log
@@ -0,0 +1,17 @@
 FROM python:3.13-slim
 WORKDIR /app
 # Install dependencies first (layer-cached until requirements.txt changes).
 COPY requirements.txt .
 RUN pip install --no-cache-dir -r requirements.txt
 # Copy source — config.json and ca/ are intentionally excluded (.dockerignore)
 # and mounted at runtime so secrets are never baked into the image.
 COPY . .
 EXPOSE 8085 1080
 # --host 0.0.0.0 is required inside a container so the proxy is reachable
 # from outside. The value in config.json is ignored for the host binding.
 CMD ["python", "main.py", "--host", "0.0.0.0"]
@@ -309,6 +309,47 @@ By default, the proxy only listens on `127.0.0.1` (localhost), meaning only your
 ---
 ## Docker (Optional)
 If you prefer running the proxy in a container instead of managing a Python environment, Docker is supported.
 **Requirements:** [Docker](https://docs.docker.com/get-docker/) and [Docker Compose](https://docs.docker.com/compose/)
 ### Setup
 1. Copy and fill in your config:
   ```bash
   cp config.example.json config.json
   # Edit config.json — set your script_id and auth_key
   ```
 2. Build and start:
   ```bash
   docker compose up -d
   ```
 The container automatically listens on `0.0.0.0`, so both ports are reachable from the host:
 - `127.0.0.1:8085` — HTTP proxy
 - `127.0.0.1:1080` — SOCKS5 proxy
 ### CA Certificate in Docker
 On first run, the container generates `ca/ca.crt` into the `./ca` volume on your host. Install it in your browser manually — see [Step 6](#step-6-install-the-ca-certificate-required-for-https) above. Running `--install-cert` inside the container has no effect on the host OS certificate store.
 ### Useful Commands
 ```bash
 docker compose up -d          # Start in background
 docker compose logs -f        # Follow logs
 docker compose restart        # Restart after config change
 docker compose down           # Stop and remove container
 docker compose build          # Rebuild image after code change
 ```
 > **`config.json` is mounted read-only** into the container and is never baked into the image, so your secrets stay on the host.
 ---
 ## Modes Overview
 This project is centered on the **Apps Script** relay (free, no VPS needed). For destinations that block Google egress, you can optionally chain an edge exit node (Cloudflare Workers, Deno Deploy, or your own VPS).
@@ -494,6 +535,8 @@ MasterHttpRelayVPN/
 ├── start.bat / start.sh       # One-click launcher (venv + deps + wizard + run)
 ├── config.example.json        # Copy to config.json and fill in your values
 ├── requirements.txt           # Python dependencies
 ├── Dockerfile                 # Container image definition
 ├── docker-compose.yml         # Compose config: ports, volumes, restart policy
 ├── apps_script/
 │   ├── Code.gs                # The relay script you deploy to Google Apps Script
 │   ├── cloudflare_worker.js   # Exit node template for Cloudflare Workers
@@ -260,7 +260,46 @@ json
 **در سایر دستگاه‌ها:** آن‌ها را طوری پیکربندی کنید که از آدرس IP کامپیوتر شما در شبکه محلی (که در لاگ راه‌اندازی نمایش داده می‌شود) و پورت 8085 به عنوان پروکسی HTTP استفاده کنند.
 ---
 ## Docker (اختیاری)
 اگر ترجیح می‌دهید پروکسی را در یک container اجرا کنید، Docker پشتیبانی می‌شود.
 **پیش‌نیاز:** [Docker](https://docs.docker.com/get-docker/) و [Docker Compose](https://docs.docker.com/compose/)
 ### راه‌اندازی
 ۱. فایل config را کپی و تکمیل کنید:
   ```bash
   cp config.example.json config.json
   # script_id و auth_key را پر کنید
   ```
 ۲. Build و start کنید:
   ```bash
   docker compose up -d
   ```
 Container به‌طور خودکار روی `0.0.0.0` گوش می‌دهد، پس هر دو پورت از host قابل دسترس هستند:
 - `127.0.0.1:8085` — HTTP proxy
 - `127.0.0.1:1080` — SOCKS5 proxy
 ### گواهی CA در Docker
 در اولین اجرا، container فایل `ca/ca.crt` را داخل volume مربوط به `./ca` روی host می‌سازد. آن را به صورت دستی در مرورگر نصب کنید — مرحله ۶ را ببینید. اجرای `--install-cert` داخل container تأثیری روی cert store سیستم host ندارد.
 ### دستورهای مفید
 ```bash
 docker compose up -d          # اجرا در پس‌زمینه
 docker compose logs -f        # دنبال کردن لاگ
 docker compose restart        # ری‌استارت بعد از تغییر config
 docker compose down           # توقف و حذف container
 docker compose build          # بازسازی image بعد از تغییر کد
 ```
 > **فایل `config.json` به صورت read-only** داخل container mount می‌شود و هرگز داخل image قرار نمی‌گیرد، پس اطلاعات شما روی host باقی می‌ماند.
 ---
 ## تنظیمات اصلی
 | تنظیم | توضیح |
@@ -0,0 +1,27 @@
 name: masterhttprelayvpn
 services:
  proxy:
    build: .
    container_name: masterhttprelayvpn
    restart: unless-stopped
    ports:
      - "8085:8085" # HTTP proxy
      - "1080:1080" # SOCKS5 proxy
    volumes:
      # Mount your config.json so secrets stay outside the image.
      - ./config.json:/app/config.json:ro
      # Persist the MITM CA certificate across container restarts.
      # On first run the container generates ca/ca.crt and ca/ca.key here.
      - ./ca:/app/ca
    networks:
      - proxy-net
 networks:
  proxy-net:
    name: masterhttprelayvpn-net
    driver: bridge