最后更新于:2026年1月
传统VPS部署需要手动安装配置,步骤繁琐且容易出错。使用Docker可以一键部署,5分钟完成全部配置,还支持自动备份、快速迁移。
本教程教你使用Docker部署X-UI、Trojan、Shadowsocks等主流服务。
🐳 为什么选择Docker?
优势
✅ 环境隔离:不污染宿主机
✅ 一键部署:单命令启动
✅ 易于备份:导出镜像即可
✅ 快速迁移:换服务器只需复制
✅ 版本管理:轻松回滚
✅ 资源控制:限制CPU/内存
对比传统部署
| 特性 | Docker | 传统方式 |
|---|---|---|
| 部署时间 | 5分钟 | 30-60分钟 |
| 出错概率 | 低 | 中 |
| 迁移难度 | 简单 | 复杂 |
| 备份难度 | 简单 | 中等 |
| 多服务共存 | 容易 | 困难 |
📦 前置准备
1. VPS要求
最低配置:
- CPU:1核
- 内存:512MB
- 硬盘:10GB
- 系统:Ubuntu 20.04+ / Debian 11+
推荐配置:
- CPU:2核
- 内存:1GB+
- 硬盘:20GB+
- 带宽:100Mbps+
2. 安装Docker
# 一键安装脚本
curl -fsSL https://get.docker.com | bash
# 启动Docker
systemctl enable docker
systemctl start docker
# 验证安装
docker --version
docker compose version# 一键安装脚本
curl -fsSL https://get.docker.com | bash
# 启动Docker
systemctl enable docker
systemctl start docker
# 验证安装
docker --version
docker compose version
3. 开放端口
# 防火墙设置
ufw allow 22/tcp # SSH
ufw allow 80/tcp # HTTP
ufw allow 443/tcp # HTTPS
ufw allow 54321/tcp # X-UI面板
ufw enable# 防火墙设置
ufw allow 22/tcp # SSH
ufw allow 80/tcp # HTTP
ufw allow 443/tcp # HTTPS
ufw allow 54321/tcp # X-UI面板
ufw enable
🚀 方案一:X-UI面板(推荐)
docker-compose.yml
创建目录:
mkdir -p ~/xui && cd ~/xui
nano docker-compose.ymlmkdir -p ~/xui && cd ~/xui
nano docker-compose.yml
粘贴内容:
version: '3'
services:
xui:
image: enwaiax/x-ui:latest
container_name: x-ui
restart: always
network_mode: host
volumes:
- ./db:/etc/x-ui
- ./cert:/root/cert
environment:
XRAY_VMESS_AEAD_FORCED: "false"
labels:
- "com.centurylinklabs.watchtower.enable=true"version: '3'
services:
xui:
image: enwaiax/x-ui:latest
container_name: x-ui
restart: always
network_mode: host
volumes:
- ./db:/etc/x-ui
- ./cert:/root/cert
environment:
XRAY_VMESS_AEAD_FORCED: "false"
labels:
- "com.centurylinklabs.watchtower.enable=true"
启动服务
# 启动
docker compose up -d
# 查看日志
docker logs -f x-ui
# 查看状态
docker ps# 启动
docker compose up -d
# 查看日志
docker logs -f x-ui
# 查看状态
docker ps
访问面板
浏览器访问:http://你的IP:54321
默认账号:
- 用户名:admin
- 密码:admin
立即修改密码!
数据持久化
# 备份数据库
cp ~/xui/db/x-ui.db ~/backup/x-ui-$(date +%Y%m%d).db
# 恢复数据库
cp ~/backup/x-ui-20260101.db ~/xui/db/x-ui.db
docker restart x-ui# 备份数据库
cp ~/xui/db/x-ui.db ~/backup/x-ui-$(date +%Y%m%d).db
# 恢复数据库
cp ~/backup/x-ui-20260101.db ~/xui/db/x-ui.db
docker restart x-ui
自动更新
安装Watchtower:
docker run -d \
--name watchtower \
-v /var/run/docker.sock:/var/run/docker.sock \
containrrr/watchtower \
--cleanup \
--schedule "0 0 4 * * *"docker run -d \
--name watchtower \
-v /var/run/docker.sock:/var/run/docker.sock \
containrrr/watchtower \
--cleanup \
--schedule "0 0 4 * * *"
每天凌晨4点自动检查更新。
🔒 方案二:Trojan-Go
docker-compose.yml
version: '3'
services:
trojan:
image: teddysun/trojan-go:latest
container_name: trojan-go
restart: always
ports:
- "443:443"
volumes:
- ./config.json:/etc/trojan-go/config.json
- ./cert:/etc/ssl/certs
network_mode: bridgeversion: '3'
services:
trojan:
image: teddysun/trojan-go:latest
container_name: trojan-go
restart: always
ports:
- "443:443"
volumes:
- ./config.json:/etc/trojan-go/config.json
- ./cert:/etc/ssl/certs
network_mode: bridge
config.json
{
"run_type": "server",
"local_addr": "0.0.0.0",
"local_port": 443,
"remote_addr": "127.0.0.1",
"remote_port": 80,
"password": [
"你的密码"
],
"ssl": {
"cert": "/etc/ssl/certs/server.crt",
"key": "/etc/ssl/certs/server.key",
"sni": "你的域名.com"
}
}{
"run_type": "server",
"local_addr": "0.0.0.0",
"local_port": 443,
"remote_addr": "127.0.0.1",
"remote_port": 80,
"password": [
"你的密码"
],
"ssl": {
"cert": "/etc/ssl/certs/server.crt",
"key": "/etc/ssl/certs/server.key",
"sni": "你的域名.com"
}
}
启动
docker compose up -d
docker logs -f trojan-godocker compose up -d
docker logs -f trojan-go
🌐 方案三:Shadowsocks
docker-compose.yml
version: '3'
services:
ss:
image: shadowsocks/shadowsocks-libev:latest
container_name: shadowsocks
restart: always
ports:
- "8388:8388/tcp"
- "8388:8388/udp"
environment:
- PASSWORD=你的密码
- METHOD=aes-256-gcm
- SERVER_PORT=8388version: '3'
services:
ss:
image: shadowsocks/shadowsocks-libev:latest
container_name: shadowsocks
restart: always
ports:
- "8388:8388/tcp"
- "8388:8388/udp"
environment:
- PASSWORD=你的密码
- METHOD=aes-256-gcm
- SERVER_PORT=8388
启动
docker compose up -ddocker compose up -d
客户端配置:
- 服务器:你的IP
- 端口:8388
- 密码:你的密码
- 加密:aes-256-gcm
🔄 方案四:多协议共存
docker-compose.yml
version: '3'
networks:
vpn-network:
driver: bridge
services:
# X-UI面板
xui:
image: enwaiax/x-ui:latest
container_name: x-ui
restart: always
network_mode: host
volumes:
- ./xui-db:/etc/x-ui
depends_on:
- trojan
- ss
# Trojan
trojan:
image: teddysun/trojan-go:latest
container_name: trojan
restart: always
ports:
- "443:443"
volumes:
- ./trojan-config:/etc/trojan-go
- ./cert:/etc/ssl
networks:
- vpn-network
# Shadowsocks
ss:
image: shadowsocks/shadowsocks-libev:latest
container_name: ss
restart: always
ports:
- "8388:8388"
environment:
- PASSWORD=ss-password
- METHOD=aes-256-gcm
networks:
- vpn-network
# 自动更新
watchtower:
image: containrrr/watchtower
container_name: watchtower
volumes:
- /var/run/docker.sock:/var/run/docker.sock
command: --cleanup --schedule "0 0 4 * * *"version: '3'
networks:
vpn-network:
driver: bridge
services:
# X-UI面板
xui:
image: enwaiax/x-ui:latest
container_name: x-ui
restart: always
network_mode: host
volumes:
- ./xui-db:/etc/x-ui
depends_on:
- trojan
- ss
# Trojan
trojan:
image: teddysun/trojan-go:latest
container_name: trojan
restart: always
ports:
- "443:443"
volumes:
- ./trojan-config:/etc/trojan-go
- ./cert:/etc/ssl
networks:
- vpn-network
# Shadowsocks
ss:
image: shadowsocks/shadowsocks-libev:latest
container_name: ss
restart: always
ports:
- "8388:8388"
environment:
- PASSWORD=ss-password
- METHOD=aes-256-gcm
networks:
- vpn-network
# 自动更新
watchtower:
image: containrrr/watchtower
container_name: watchtower
volumes:
- /var/run/docker.sock:/var/run/docker.sock
command: --cleanup --schedule "0 0 4 * * *"
启动所有服务
docker compose up -ddocker compose up -d
📊 监控与管理
资源监控
# 查看所有容器
docker ps
# 查看资源使用
docker stats
# 查看日志
docker logs -f x-ui
docker logs -f trojan# 查看所有容器
docker ps
# 查看资源使用
docker stats
# 查看日志
docker logs -f x-ui
docker logs -f trojan
常用命令
# 停止服务
docker compose down
# 重启服务
docker compose restart
# 更新镜像
docker compose pull
docker compose up -d
# 清理无用镜像
docker image prune -a
# 查看磁盘占用
docker system df# 停止服务
docker compose down
# 重启服务
docker compose restart
# 更新镜像
docker compose pull
docker compose up -d
# 清理无用镜像
docker image prune -a
# 查看磁盘占用
docker system df
备份脚本
创建 backup.sh:
#!/bin/bash
BACKUP_DIR=~/backup
DATE=$(date +%Y%m%d_%H%M%S)
mkdir -p $BACKUP_DIR
# 备份X-UI数据库
docker cp x-ui:/etc/x-ui/x-ui.db $BACKUP_DIR/x-ui_$DATE.db
# 备份配置文件
tar czf $BACKUP_DIR/config_$DATE.tar.gz \
~/xui/docker-compose.yml \
~/trojan/config.json
# 保留最近7天备份
find $BACKUP_DIR -name "*.db" -mtime +7 -delete
find $BACKUP_DIR -name "*.tar.gz" -mtime +7 -delete
echo "Backup completed: $DATE"#!/bin/bash
BACKUP_DIR=~/backup
DATE=$(date +%Y%m%d_%H%M%S)
mkdir -p $BACKUP_DIR
# 备份X-UI数据库
docker cp x-ui:/etc/x-ui/x-ui.db $BACKUP_DIR/x-ui_$DATE.db
# 备份配置文件
tar czf $BACKUP_DIR/config_$DATE.tar.gz \
~/xui/docker-compose.yml \
~/trojan/config.json
# 保留最近7天备份
find $BACKUP_DIR -name "*.db" -mtime +7 -delete
find $BACKUP_DIR -name "*.tar.gz" -mtime +7 -delete
echo "Backup completed: $DATE"
设置定时任务:
crontab -e
# 每天凌晨3点备份
0 3 * * * /bin/bash ~/backup.shcrontab -e
# 每天凌晨3点备份
0 3 * * * /bin/bash ~/backup.sh
🏠 NAS部署特别版
Synology NAS
步骤:
- 安装Docker套件
- 下载docker-compose.yml
- SSH连接到NAS
- 执行
docker compose up -d
注意:
- 使用host网络模式
- 确保端口不冲突
- 定期备份volume
QNAP NAS
类似Synology,使用Container Station。
⚠️ 常见问题
Q: 容器启动失败?
排查:
# 查看日志
docker logs x-ui
# 检查端口占用
netstat -tlnp | grep 54321
# 检查权限
ls -la ~/xui/db# 查看日志
docker logs x-ui
# 检查端口占用
netstat -tlnp | grep 54321
# 检查权限
ls -la ~/xui/db
解决:
- 端口冲突:修改端口
- 权限问题:chmod 755
- 配置错误:检查yaml语法
Q: 如何迁移到新服务器?
步骤:
- 旧服务器备份:
tar czf backup.tar.gz ~/xuitar czf backup.tar.gz ~/xui
- 传输到新服务器:
scp backup.tar.gz user@new-server:~scp backup.tar.gz user@new-server:~
- 新服务器恢复:
tar xzf backup.tar.gz
cd ~/xui
docker compose up -dtar xzf backup.tar.gz
cd ~/xui
docker compose up -d
Q: 如何限制资源使用?
docker-compose.yml中添加:
services:
xui:
deploy:
resources:
limits:
cpus: '0.5'
memory: 512M
reservations:
cpus: '0.25'
memory: 256Mservices:
xui:
deploy:
resources:
limits:
cpus: '0.5'
memory: 512M
reservations:
cpus: '0.25'
memory: 256M
Q: 如何查看实时流量?
安装Portainer:
docker volume create portainer_data
docker run -d \
-p 9000:9000 \
--name portainer \
--restart always \
-v /var/run/docker.sock:/var/run/docker.sock \
-v portainer_data:/data \
portainer/portainer-cedocker volume create portainer_data
docker run -d \
-p 9000:9000 \
--name portainer \
--restart always \
-v /var/run/docker.sock:/var/run/docker.sock \
-v portainer_data:/data \
portainer/portainer-ce
访问 http://IP:9000,图形化管理界面。
总结
Docker部署的核心优势:
✅ 5分钟快速部署
✅ 一键备份恢复
✅ 自动更新维护
✅ 多服务共存
✅ 资源隔离可控
推荐方案:
- 🎯 新手:X-UI Docker(最简单)
- 🎯 进阶:多协议共存
- 🎯 NAS用户:Docker Compose
- 🎯 企业:Kubernetes集群
👉 下一课: 2026科学上网年度报告:趋势与预测
快速参考
常用镜像:
- X-UI:
enwaiax/x-ui:latest - Trojan:
teddysun/trojan-go:latest - SS:
shadowsocks/shadowsocks-libev:latest
管理工具:
- Portainer(图形界面)
- Watchtower(自动更新)
- cAdvisor(资源监控)
文档链接:
- Docker官方文档
- X-UI GitHub
- Trojan-Go文档