init

.gitignore

@@ -0,0 +1,2 @@
+.env
+goxray

Dockerfile

@@ -0,0 +1,14 @@
+FROM alpine:3
+
+RUN apk add --no-cache \
+	findutils openresolv iptables ip6tables iproute2 wget musl gcompat curl
+
+#WORKDIR /
+
+RUN wget -O /usr/bin/goxray https://github.com/goxray/tun/releases/download/v0.0.7/goxray_cli_linux_amd64 && \
+	chmod +x /usr/bin/goxray
+
+#COPY goxray /usr/bin/goxray
+COPY entrypoint.sh /entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]

docker-compose.yaml

@@ -0,0 +1,26 @@
+services:
+  vless_tun_client:
+    #image: vless-transparent-client
+    build: ./
+    #sysctls:
+    #  - net.ipv4.ip_forward=1
+#    devices:
+#      - /dev/net/tun:/dev/net/tun
+    devices:
+      - /dev/net/tun
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+    sysctls:
+      net.ipv4.conf.all.src_valid_mark: 1
+    env_file:
+      - .env
+#    environment:
+#      - SERVER_ADDRESS=your-server.com
+#      - UUID=your-uuid
+#      - PUBLIC_KEY=server-public-key
+#      - SERVER_NAME=real-website.com
+#  tester:
+#    image: alpine:latest
+#    network_mode: "service:vless_tun_client"
+#    command: sh -c "apk add curl && curl -s ifconfig.me"

entrypoint.sh

@@ -0,0 +1,38 @@
+#!/bin/sh
+
+set -e
+
+echo "Setup default route"
+default_route_ip=$(ip route | grep default | awk '{print $3}')
+if [[ -z "$default_route_ip" ]]; then
+	echo "No default route configured" >&2
+	exit 1
+fi
+echo "Default route $default_route_tp"
+
+echo "Check sysctl"
+if [[ "$(cat /proc/sys/net/ipv4/conf/all/src_valid_mark)" != "1" ]]; then
+	echo "sysctl net.ipv4.conf.all.src_valid_mark=1 is not set" >&2
+	exit 1
+fi
+
+/usr/bin/goxray "$URL" & \
+echo "runned"
+
+# Allow traffic to local subnets
+for local_subnet in ${LOCAL_SUBNETS//,/$IFS}
+do
+	echo "Allowing traffic to local subnet ${local_subnet}" >&2
+	ip route add $local_subnet via $default_route_ip
+	iptables -I OUTPUT -d $local_subnet -j ACCEPT
+done
+
+shutdown () {
+	killall goxray
+	exit 0
+}
+
+trap shutdown SIGTERM SIGINT SIGQUIT
+
+sleep infinity &
+wait $!