Hysteria
官方网站
Docker方式安装
compose文件
services:
hysteria:
image: tobyxdd/hysteria
container_name: hysteria
restart: unless-stopped
network_mode: host
volumes:
- ${DOCKER_HOME}/hysteria/conf:/hysteria/conf
- ${DOCKER_HOME}/npm/letsencrypt/archive:/hysteria/letsencrypt/archive:ro
- ${DOCKER_HOME}/npm/letsencrypt/live:/hysteria/letsencrypt/live:ro
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
command: ["server", "-c", "/hysteria/conf/hysteria.yml"]
environment:
- HYSTERIA_DISABLE_UPDATE_CHECK=1
cap_add:
- NET_ADMIN
- NET_BIND_SERVICE
- SYS_PTRACE
- DAC_READ_SEARCH
devices:
- '/dev/net/tun:/dev/net/tun'
deploy:
resources:
limits:
cpus: '0.5'
memory: 256M
如下所示,这里挂载了 NPM 的两个目录,是为了可以取到对应域名的证书。
- ${DOCKER_HOME}/npm/letsencrypt/archive:/hysteria/letsencrypt/archive:ro
- ${DOCKER_HOME}/npm/letsencrypt/live:/hysteria/letsencrypt/live:ro
env文件
DOCKER_HOME=/home/username/docker
DOCKER_MY_NETWORK=npm_default
启动
docker compose up -d
配置文件
listen: :443 #默认端口443,可以修改为其他端口
# 以下 acme 和 tls 字段,二选一
# 有域名部署的选择 acme ,无域名的选择 tls
# 选择 acme,必须注释掉 tls,反之一样
#使用CA证书
#acme:
# domains:
# - your.domain.net #已经解析到服务器的域名
# email: your@email.com #你的邮箱
bandwidth:
up: 300 mbps
down: 300 mbps
ignoreClientBandwidth: true
speedTest: false
disableUDP: false
udpIdleTimeout: 120s
#使用自签证书 【小白推荐这个】,找到你对应域名的证书路径,由NPM管理,自动申请/续期。
tls:
cert: /hysteria/letsencrypt/live/npm-123/cert.pem
key: /hysteria/letsencrypt/live/npm-123/privkey.pem
# strict | disable | dns-san
sniGuard: strict
# 这里的认证方式是userpass,所以password这一行是多余的。请使用一个强密码进行替换
auth:
type: userpass
password: CjZ8o96eBxj4HXK5zVTt
userpass:
user1: sdwaqnEKUai85sBKFEj5
user2: YFoo8CxnHbuCSHXbHfEL
# auth:
# type: http
# http:
# url: http://127.0.0.1:8081/hui/hysteria2/auth
# insecure: true
resolver:
type: udp
tcp:
addr: 8.8.8.8:53
timeout: 4s
udp:
addr: 8.8.4.4:53
timeout: 4s
tls:
addr: 1.1.1.1:853
timeout: 10s
sni: cloudflare-dns.com
insecure: false
https:
addr: 1.1.1.1:443
timeout: 10s
sni: cloudflare-dns.com
insecure: false
# 域名嗅探,配合分流或者acl(出站的访问控制规则)使用,默认为开启
sniff:
enable: true
timeout: 2s
rewriteDomain: false
tcpPorts: 80,443,8000-9000
udpPorts: all
# 出站设置,若无特殊需要,则无需额外修改此处的字段
outbounds:
- name: freedom
type: direct
direct:
mode: auto
# obfs:
# type: salamander
# salamander:
# password: YFoo8CxnHbuCSHXbHfEL
# 伪装字段,若不需要可删除,若需要可参照官方文档按需修改
# 通过精心构造的报文回复可隐藏对应端口开放的服务是一个hysteria服务端程序的事实
# masquerade:
# type: string
# string:
# content: Invalid request, please use correct method.
# headers:
# Server: quic-server
# Content-Type: application/octet-stream; charset=UTF-8
# Cache-Control: no-store
# Content-Length: 8
# Content-Encoding: compress
# Connection: close
# statusCode: 200
重新启动
docker restart hysteria
备注
会走443端口的udp流量,需要UFW防火墙放行443端口UDP
sudo ufw allow 443/udp
另NPM需要开启HTTP2。