在树莓派用Docker部署<SS>服务器
非敏感词版本: https://outgoing-muenster-d9f.notion.site/Docker-6a46bbd360594eb893972abf774b515a
近日折腾了了一下在树莓派上用Docker部署<SS>服务器,踩了一些坑,也记录一下解决办法,希望能帮助有需要的朋友。
安装Docker
由于我的树莓派用的是自带的Raspbian系统,属于Debian系列,因此要安装Docker并不复杂,只需要按照官方文档操作。
https://docs.docker.com/engine/install/debian/
文档提到了几种方法,最简单的也是我采用的是Install using the repository,其中分成两个步骤:
1. Set up the repository
按官方文档依次运行以下命令即可:
sudo apt-get update sudo apt-get install \ ca-certificates \ curl \ gnupg \ lsb-release
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian \ $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
这一步的目的是生成/etc/apt/sources.list.d/docker.list,为之后的apt-get命令提供仓库地址。
由于我之前瞎折腾,不小心用了ubuntu的版本,因此之后一直报错显示找不到docker-ce这个package。解决方法是删掉/etc/apt/sources.list.d/docker.list重新生成一次即可。
2. Install Docker Engine
只需要用apt-get安装docker相关的软件即可,命令行如下:
sudo apt-get update sudo apt-get install docker-ce docker-ce-cli containerd.io
3. 验证
安装完成后可以运行以下命令验证是否成功:
sudo docker run hello-world
成功的话应该能输出“Hello from Docker!” 和一些其他说明(不重要)。
部署<SS>
<SS>有几个不同的版本,分别是不同的语言实现的。这里有一个个版本的比较
https://github.com/<SS>/<SS>/wiki/Feature-Comparison-across-Different-Versions
这里我选择的是libev版本,Git仓库地址:https://github.com/<SS>/<SS>-libev
官方文档提供了几种安装方式,其中包含使用Docker:https://github.com/<SS>/<SS>-libev#docker
但由于树莓派的系统架构属于/linux/arm/v7,libev官方Docker镜像只有linux/amd64和linux/arm64,因此直接pull官方镜像下来并不能运行,我们需要自己build一个镜像。
首先我们把libev镜像拉取到本地:
git clone https://github.com/<SS>/<SS>-libev.git
虽然libev在路径./docker/alpine/里提供了Dockerfile,但直接编译会遇到错误(其中ss-libev是自己起的镜像名):
sudo docker build -f ./docker/alpine/Dockerfile -t ss-libev .
+ apk add --no-cache --virtual .build-deps autoconf automake build-base c-ares-dev libcap libev-dev libtool libsodium-dev linux-headers mbedtls-dev pcre-dev fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/main/armv7/APKINDEX.tar.gz WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.15/main: temporary error (try again later) fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/community/armv7/APKINDEX.tar.gz WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.15/community: temporary error (try again later) ERROR: unable to select packages: autoconf (no such package): required by: .build-deps-19700101.000000[autoconf] automake (no such package): required by: .build-deps-19700101.000000[automake] build-base (no such package): required by: .build-deps-19700101.000000[build-base] c-ares-dev (no such package): required by: .build-deps-19700101.000000[c-ares-dev] libcap (no such package): required by: .build-deps-19700101.000000[libcap] libev-dev (no such package): required by: .build-deps-19700101.000000[libev-dev] libtool (no such package): required by: .build-deps-19700101.000000[libtool] libsodium-dev (no such package): required by: .build-deps-19700101.000000[libsodium-dev] linux-headers (no such package): required by: .build-deps-19700101.000000[linux-headers] mbedtls-dev (no such package): required by: .build-deps-19700101.000000[mbedtls-dev] pcre-dev (no such package): required by: .build-deps-19700101.000000[pcre-dev] The command '/bin/sh -c set -ex && apk add --no-cache --virtual .build-deps autoconf automake build-base c-ares-dev libcap libev-dev libtool libsodium-dev linux-headers mbedtls-dev pcre-dev && cd /tmp/repo && ./autogen.sh && ./configure --prefix=/usr --disable-documentation && make install && ls /usr/bin/ss-* | xargs -n1 setcap cap_net_bind_service+ep && apk del .build-deps && apk add --no-cache ca-certificates rng-tools tzdata $(scanelf --needed --nobanner /usr/bin/ss-* | awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' | sort -u) && rm -rf /tmp/repo' returned a non-zero code: 12
这个错误是因为alpine3.13及以后的版本在树莓派上有莫名其妙的bug,表现为没有网络连接,且系统时间是乱的。可以看这里了解详细内容。
要解决这个问题,只需要在Dockerfile里指定一下alpine为3.12版本,把"FROM alpine"改为:
FROM alpine:3.12
保存之后重新build一下镜像:
sudo docker build -f ./docker/alpine/Dockerfile -t ss-libev .
成功之后我们可以查看一下镜像:
pi@raspberrypi:~/repo/<SS>-libev $ docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE ss-libev latest ed5bde0531e6 5 minutes ago 30.9MB alpine 3.12 ad303560139e 12 days ago 3.78MB
一切顺利的话我们就可以把服务器起起来了:
docker run -e PASSWORD=test -p 8388:8388 -p 8388:8388/udp -d --restart always ss-libev:latest
注意默认的加密算法是aes-256-gcm。更多的用法可以在docker/alpine/README.md找到。