From 963ec7206b29e1df2d1c4a37a6c572be3f252198 Mon Sep 17 00:00:00 2001 From: sou1jacker <149331898+sou1jacker@users.noreply.github.com> Date: Fri, 13 Feb 2026 21:06:06 +0300 Subject: [PATCH] Added Docker support, updated README.md --- Dockerfile | 42 ++++++++++++++++++++++++++++++++++++++++++ README.md | 35 +++++++++++++++++++++++++++++++++++ docker-compose.yml | 20 ++++++++++++++++++++ 3 files changed, 97 insertions(+) create mode 100644 Dockerfile create mode 100644 docker-compose.yml diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..9e600c2 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,42 @@ +# ========================== +# Stage 1: Build +# ========================== +FROM rust:1.85-slim-bookworm AS builder + +RUN apt-get update && apt-get install -y --no-install-recommends \ + pkg-config \ + && rm -rf /var/lib/apt/lists/* + +WORKDIR /build + +COPY Cargo.toml Cargo.lock* ./ +RUN mkdir src && echo 'fn main() {}' > src/main.rs && \ + cargo build --release 2>/dev/null || true && \ + rm -rf src + +COPY . . +RUN cargo build --release && strip target/release/telemt + +# ========================== +# Stage 2: Runtime +# ========================== +FROM debian:bookworm-slim + +RUN apt-get update && apt-get install -y --no-install-recommends \ + ca-certificates \ + && rm -rf /var/lib/apt/lists/* + +RUN useradd -r -s /usr/sbin/nologin telemt + +WORKDIR /app + +COPY --from=builder /build/target/release/telemt /app/telemt +COPY config.toml /app/config.toml + +RUN chown -R telemt:telemt /app +USER telemt + +EXPOSE 443 + +ENTRYPOINT ["/app/telemt"] +CMD ["config.toml"] \ No newline at end of file diff --git a/README.md b/README.md index 1df8bb0..6bf9591 100644 --- a/README.md +++ b/README.md @@ -45,6 +45,7 @@ If you have expertise in asynchronous network applications – we are open to id - [DPI](#how-does-dpi-see-mtproxy-tls) - [Whitelist on Network Level](#whitelist-on-ip) - [Build](#build) +- [Docker](#docker) - [Why Rust?](#why-rust) ## Features @@ -395,6 +396,40 @@ chmod +x /bin/telemt telemt config.toml ``` +## Docker +**Quick start (Docker Compose)** + +1. Edit `config.toml` in repo root (at least: port, users secrets, tls_domain) +2. Start container: +```bash +docker compose up -d --build +``` +3. Check logs: +```bash +docker compose logs -f telemt +``` +4. Stop: +```bash +docker compose down +``` + +**Notes** +- `docker-compose.yml` maps `./config.toml` to `/app/config.toml` (read-only) +- By default it publishes `443:443` and runs with dropped capabilities (only `NET_BIND_SERVICE` is added) +- If you really need host networking (usually only for some IPv6 setups) uncomment `network_mode: host` + +**Run without Compose** +```bash +docker build -t telemt:local . +docker run --name telemt --restart unless-stopped \ + -p 443:443 \ + -e RUST_LOG=info \ + -v "$PWD/config.toml:/app/config.toml:ro" \ + --read-only \ + --cap-drop ALL --cap-add NET_BIND_SERVICE \ + telemt:local +``` + ## Why Rust? - Long-running reliability and idempotent behavior - Rust’s deterministic resource management - RAII diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..229d80a --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,20 @@ +services: + telemt: + build: . + container_name: telemt + restart: unless-stopped + ports: + - "443:443" + volumes: + - ./config.toml:/app/config.toml:ro + environment: + - RUST_LOG=info + # Uncomment this line if you want to use host network for IPv6, but bridge is default and usually better + # network_mode: host + cap_drop: + - ALL + cap_add: + - NET_BIND_SERVICE # allow binding to port 443 + read_only: true + security_opt: + - no-new-privileges:true \ No newline at end of file