From d969075a95ffd88b0555589488d2148c6f62a14c Mon Sep 17 00:00:00 2001
From: Teddysun <i@teddysun.com>
Date: Wed, 5 Feb 2020 21:54:56 +0900
Subject: [PATCH] Added Trojan Docker Image

---
 docker/trojan/Dockerfile              | 28 ++++++++
 docker/trojan/Dockerfile.architecture | 28 ++++++++
 docker/trojan/README.md               | 96 +++++++++++++++++++++++++++
 docker/trojan/config.json             | 45 +++++++++++++
 4 files changed, 197 insertions(+)
 create mode 100644 docker/trojan/Dockerfile
 create mode 100644 docker/trojan/Dockerfile.architecture
 create mode 100644 docker/trojan/README.md
 create mode 100644 docker/trojan/config.json

diff --git a/docker/trojan/Dockerfile b/docker/trojan/Dockerfile
new file mode 100644
index 0000000..90e7dae
--- /dev/null
+++ b/docker/trojan/Dockerfile
@@ -0,0 +1,28 @@
+# Dockerfile for trojan based alpine
+# Copyright (C) 2020 Teddysun <i@teddysun.com>
+# Reference URL:
+# https://github.com/trojan-gfw/trojan
+# https://trojan-gfw.github.io/trojan/
+
+FROM alpine:latest AS builder
+WORKDIR /root
+RUN set -ex \
+	&& VERSION="v1.14.1" \
+	&& apk add --no-cache git build-base make cmake boost-dev openssl-dev mariadb-connector-c-dev \
+	&& git clone --branch ${VERSION} --single-branch https://github.com/trojan-gfw/trojan.git \
+	&& cd trojan \
+	&& cmake . \
+	&& make \
+	&& strip -s trojan
+
+FROM alpine:latest
+LABEL maintainer="Teddysun <i@teddysun.com>"
+
+RUN set -ex \
+	&& apk add --no-cache tzdata ca-certificates libstdc++ boost-system boost-program_options mariadb-connector-c
+
+COPY --from=builder /root/trojan/trojan /usr/bin
+COPY config.json /etc/trojan/config.json
+VOLUME /etc/trojan
+ENV TZ=Asia/Shanghai
+CMD [ "trojan", "-c", "/etc/trojan/config.json" ]
diff --git a/docker/trojan/Dockerfile.architecture b/docker/trojan/Dockerfile.architecture
new file mode 100644
index 0000000..9cea24d
--- /dev/null
+++ b/docker/trojan/Dockerfile.architecture
@@ -0,0 +1,28 @@
+# Dockerfile for trojan based alpine
+# Copyright (C) 2020 Teddysun <i@teddysun.com>
+# Reference URL:
+# https://github.com/trojan-gfw/trojan
+# https://trojan-gfw.github.io/trojan/
+
+FROM --platform=${TARGETPLATFORM} alpine:latest AS builder
+WORKDIR /root
+RUN set -ex \
+	&& VERSION="v1.14.1" \
+	&& apk add --no-cache git build-base make cmake boost-dev openssl-dev mariadb-connector-c-dev \
+	&& git clone --branch ${VERSION} --single-branch https://github.com/trojan-gfw/trojan.git \
+	&& cd trojan \
+	&& cmake . \
+	&& make \
+	&& strip -s trojan
+
+FROM --platform=${TARGETPLATFORM} alpine:latest
+LABEL maintainer="Teddysun <i@teddysun.com>"
+
+RUN set -ex \
+	&& apk add --no-cache tzdata ca-certificates libstdc++ boost-system boost-program_options mariadb-connector-c
+
+COPY --from=builder /root/trojan/trojan /usr/bin
+COPY config.json /etc/trojan/config.json
+VOLUME /etc/trojan
+ENV TZ=Asia/Shanghai
+CMD [ "trojan", "-c", "/etc/trojan/config.json" ]
diff --git a/docker/trojan/README.md b/docker/trojan/README.md
new file mode 100644
index 0000000..74754f5
--- /dev/null
+++ b/docker/trojan/README.md
@@ -0,0 +1,96 @@
+## Trojan Docker Image by Teddysun
+
+[Trojan][1] is An unidentifiable mechanism that helps you bypass [GFW](https://en.wikipedia.org/wiki/Great_Firewall).
+
+Trojan features multiple protocols over `TLS` to avoid both active/passive detections and ISP `QoS` limitations.
+
+Docker images are built for quick deployment in various computing cloud providers.
+
+For more information on docker and containerization technologies, refer to [official document][2].
+
+## Prepare the host
+
+If you need to install docker by yourself, follow the [official installation guide][3].
+
+## Pull the image
+
+```bash
+$ docker pull teddysun/trojan
+```
+
+This pulls the latest release of Trojan.
+
+It can be found at [Docker Hub][4].
+
+## Start a container
+
+You **must create a configuration file**  `/etc/trojan/config.json` in host at first:
+
+```
+$ mkdir -p /etc/trojan
+```
+
+A sample in JSON like below:
+
+```
+{
+    "run_type": "server",
+    "local_addr": "0.0.0.0",
+    "local_port": 443,
+    "remote_addr": "127.0.0.1",
+    "remote_port": 80,
+    "password": [
+        "password1",
+        "password2"
+    ],
+    "log_level": 1,
+    "ssl": {
+        "cert": "/path/to/certificate.crt",
+        "key": "/path/to/private.key",
+        "key_password": "",
+        "cipher": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384",
+        "cipher_tls13": "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384",
+        "prefer_server_cipher": true,
+        "alpn": [
+            "http/1.1"
+        ],
+        "reuse_session": true,
+        "session_ticket": false,
+        "session_timeout": 600,
+        "plain_http_response": "",
+        "curves": "",
+        "dhparam": ""
+    },
+    "tcp": {
+        "prefer_ipv4": false,
+        "no_delay": true,
+        "keep_alive": true,
+        "reuse_port": false,
+        "fast_open": false,
+        "fast_open_qlen": 20
+    },
+    "mysql": {
+        "enabled": false,
+        "server_addr": "127.0.0.1",
+        "server_port": 3306,
+        "database": "trojan",
+        "username": "trojan",
+        "password": ""
+    }
+}
+```
+
+An online documentation can be found [here](https://trojan-gfw.github.io/trojan/)
+
+There is an example to start a container that listen on port `443`, run as a Trojan server like below:
+
+```bash
+$ docker run -d -p 443:443 --name trojan --restart=always -v /etc/trojan:/etc/trojan teddysun/trojan
+```
+
+**Warning**: The port number `443` must be same as configuration and opened in firewall.
+
+[1]: https://github.com/trojan-gfw/trojan
+[2]: https://docs.docker.com/
+[3]: https://docs.docker.com/install/
+[4]: https://hub.docker.com/r/teddysun/trojan/
\ No newline at end of file
diff --git a/docker/trojan/config.json b/docker/trojan/config.json
new file mode 100644
index 0000000..be5522c
--- /dev/null
+++ b/docker/trojan/config.json
@@ -0,0 +1,45 @@
+{
+    "run_type": "server",
+    "local_addr": "0.0.0.0",
+    "local_port": 443,
+    "remote_addr": "127.0.0.1",
+    "remote_port": 80,
+    "password": [
+        "password1",
+        "password2"
+    ],
+    "log_level": 1,
+    "ssl": {
+        "cert": "/path/to/certificate.crt",
+        "key": "/path/to/private.key",
+        "key_password": "",
+        "cipher": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384",
+        "cipher_tls13": "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384",
+        "prefer_server_cipher": true,
+        "alpn": [
+            "http/1.1"
+        ],
+        "reuse_session": true,
+        "session_ticket": false,
+        "session_timeout": 600,
+        "plain_http_response": "",
+        "curves": "",
+        "dhparam": ""
+    },
+    "tcp": {
+        "prefer_ipv4": false,
+        "no_delay": true,
+        "keep_alive": true,
+        "reuse_port": false,
+        "fast_open": false,
+        "fast_open_qlen": 20
+    },
+    "mysql": {
+        "enabled": false,
+        "server_addr": "127.0.0.1",
+        "server_port": 3306,
+        "database": "trojan",
+        "username": "trojan",
+        "password": ""
+    }
+}