feat: add Docker deployment support

- Add Dockerfile based on Debian bookworm-slim with all dependencies
- Add fake-systemctl to replace systemd in container environment
  - Supports xray, nginx, fail2ban, cron service management
  - Handles systemctl is-active --quiet syntax
  - Silently ignores unknown services (e.g. iptables)
- Add docker-entrypoint.sh with process management
  - Watchdog auto-restarts crashed services every 30s
  - Falls back to daemon mode after interactive menu exits
  - Supports idleleo/start/shell running modes
- Add docker-compose.yml with host network and data volumes
- Add .dockerignore to exclude unnecessary files from build context
- Add DOCKER.md deployment guide in 6 languages (zh, en, fr, ru, fa, ko)
- Add Docker deployment section to all README.md files

refactor: redesign Docker as pre-built image with env var config

- Rewrite Dockerfile to pre-install Xray and Nginx at build time
  - Xray installed via official install-release.sh
  - Nginx downloaded from project's custom build releases
  - Config templates copied from VLESS_reality/tls/xtls directories
- Rewrite docker-entrypoint.sh to generate config from env vars
  - Supports reality/tls/xtls modes via MODE env var
  - Auto-generates UUID and Reality keys if not provided
  - Uses jq to modify JSON templates, envsubst for Nginx config
  - Starts services directly (exec xray), no systemd needed
- Remove fake-systemctl (no longer needed)
- Add nginx-tls.conf template for TLS mode
- Simplify docker-compose.yml with env var configuration
- Update all DOCKER.md docs (6 languages) for new approach
- Update all README.md Docker sections (6 languages)

Revert "refactor: redesign Docker as pre-built image with env var config"

This reverts commit a2b9981.

Author: hello-yunshu

.dockerignore

@@ -0,0 +1,16 @@
+.github/
+.git/
+.gitignore
+.editorconfig
+LICENSE
+README.md
+DOCKER.md
+*.md
+po/
+Dockerfile
+docker-compose.yml
+docker-entrypoint.sh
+fake-systemctl
+.dockerignore
+translate.py
+translate_readme.py

DOCKER.md

@@ -0,0 +1,158 @@
+# Docker 部署指南
+
+简体中文 | [English](/languages/en/DOCKER.md) | [Français](/languages/fr/DOCKER.md) | [Русский](/languages/ru/DOCKER.md) | [فارسی](/languages/fa/DOCKER.md) | [한국어](/languages/ko/DOCKER.md)
+
+本文档介绍如何使用 Docker 部署 Xray 一键脚本。
+
+## 前提条件
+
+* 已安装 Docker 和 Docker Compose
+* 服务器具备公网 IP
+* 安装 Reality 协议：需准备符合 Xray 要求的目标域名
+* 安装 TLS 版本：需准备域名并添加 A 记录
+
+## 快速启动
+
+### 1. 克隆仓库
+
+```bash
+git clone https://github.com/hello-yunshu/Xray_bash_onekey.git
+cd Xray_bash_onekey
+```
+
+### 2. 构建并启动容器
+
+```bash
+docker compose up -d
+```
+
+### 3. 进入交互式安装菜单
+
+```bash
+docker attach xray-onekey
+```
+
+首次运行时，容器会自动启动安装脚本，按照提示完成配置即可。
+
+## 运行模式
+
+容器支持以下运行模式：
+
+| 模式 | 说明 | 命令 |
+|------|------|------|
+| `idleleo`（默认） | 启动服务并进入交互式管理菜单 | `docker compose up -d` |
+| `start` | 仅启动服务（守护模式） | 修改 `docker-compose.yml` 中的 `command: start` |
+| `shell` | 启动服务并进入 Shell | `docker exec -it xray-onekey bash` |
+
+## 管理操作
+
+### 进入管理菜单
+
+```bash
+docker exec -it xray-onekey idleleo
+```
+
+### 查看服务状态
+
+```bash
+docker exec -it xray-onekey systemctl status xray
+docker exec -it xray-onekey systemctl status nginx
+```
+
+### 重启服务
+
+```bash
+docker exec -it xray-onekey systemctl restart xray
+docker exec -it xray-onekey systemctl restart nginx
+```
+
+### 查看客户端配置
+
+```bash
+docker exec -it xray-onekey cat /etc/idleleo/info/xray_info.inf
+```
+
+### 查看日志
+
+```bash
+docker exec -it xray-onekey cat /var/log/xray/access.log
+docker exec -it xray-onekey cat /var/log/xray/error.log
+```
+
+## 使用 docker run（替代 docker compose）
+
+```bash
+docker build -t xray-onekey .
+
+docker run -d --name xray-onekey \
+  --network host \
+  --cap-add NET_ADMIN \
+  -e TZ=Asia/Shanghai \
+  -v xray-conf:/etc/idleleo/conf \
+  -v xray-cert:/etc/idleleo/cert \
+  -v xray-info:/etc/idleleo/info \
+  -v xray-logs:/var/log/xray \
+  -v acme-data:/root/.acme.sh \
+  -it xray-onekey
+```
+
+## 数据持久化
+
+容器使用 Docker Volume 保存数据，重建容器后配置不会丢失：
+
+| Volume | 容器路径 | 说明 |
+|--------|---------|------|
+| `xray-conf` | `/etc/idleleo/conf` | Xray 和 Nginx 配置文件 |
+| `xray-cert` | `/etc/idleleo/cert` | SSL 证书文件 |
+| `xray-info` | `/etc/idleleo/info` | 连接信息和状态文件 |
+| `xray-logs` | `/var/log/xray` | Xray 日志文件 |
+| `acme-data` | `/root/.acme.sh` | acme.sh 证书签发数据 |
+
+## 自定义证书
+
+将 `xray.crt` 和 `xray.key` 文件放入证书 Volume 对应的宿主机路径。使用 `docker volume inspect xray-cert` 查看宿主机路径。
+
+## 网络配置
+
+容器默认使用 `network_mode: host`，即直接使用宿主机网络。这对 Xray 代理服务至关重要：
+
+* Reality 模式需要看到真实客户端 IP
+* TLS 模式需要直接绑定 443/80 端口
+* 避免额外的 NAT 转发性能损耗
+
+## 注意事项
+
+* 容器内使用 `fake-systemctl` 替代 systemd，`systemctl` 命令可正常使用
+* 防火墙建议在宿主机层面管理，而非容器内
+* 容器内置看门狗（watchdog），每 30 秒检查服务状态，异常时自动重启
+* 证书自动续签在容器内可正常工作（需确保 80 端口可访问）
+* 如需使用 fail2ban，可通过管理菜单安装
+
+## 故障排查
+
+### 容器无法启动
+
+```bash
+docker logs xray-onekey
+```
+
+### 服务未运行
+
+```bash
+docker exec -it xray-onekey systemctl status xray
+docker exec -it xray-onekey systemctl start xray
+```
+
+### 重新进入安装菜单
+
+```bash
+docker exec -it xray-onekey idleleo
+```
+
+### 完全重置
+
+```bash
+docker compose down
+docker volume rm xray-conf xray-cert xray-info xray-logs acme-data
+docker compose up -d
+```

Dockerfile

@@ -0,0 +1,75 @@
+FROM debian:bookworm-slim
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    bc \
+    curl \
+    dbus \
+    git \
+    jq \
+    lsof \
+    python3 \
+    qrencode \
+    cron \
+    gettext \
+    socat \
+    nmap \
+    iputils-ping \
+    libpcre3 \
+    libpcre3-dev \
+    zlib1g \
+    zlib1g-dev \
+    iptables \
+    iptables-persistent \
+    procps \
+    psmisc \
+    ca-certificates \
+    gnupg \
+    unzip \
+    tar \
+    gzip \
+    vim \
+    netcat-openbsd \
+    sysvinit-utils \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN groupadd -f nogroup && \
+    id nobody >/dev/null 2>&1 || useradd -g nogroup -s /usr/sbin/nologin nobody
+
+RUN mkdir -p /etc/idleleo/conf/xray \
+    /etc/idleleo/conf/nginx \
+    /etc/idleleo/cert \
+    /etc/idleleo/info \
+    /etc/idleleo/logs \
+    /etc/idleleo/tmp \
+    /usr/local/bin \
+    /usr/local/etc/xray \
+    /usr/local/nginx \
+    /var/log/xray \
+    /var/spool/cron/crontabs
+
+COPY fake-systemctl /usr/local/bin/systemctl
+RUN chmod +x /usr/local/bin/systemctl
+
+COPY docker-entrypoint.sh /docker-entrypoint.sh
+RUN chmod +x /docker-entrypoint.sh
+
+WORKDIR /etc/idleleo
+
+COPY . /etc/idleleo/
+
+RUN ln -sf /etc/idleleo/install.sh /usr/bin/idleleo && \
+    ln -sf /etc/idleleo/conf/xray/config.json /usr/local/etc/xray/config.json && \
+    mkdir -p /root/.acme.sh && \
+    chmod +x /etc/idleleo/install.sh /etc/idleleo/auto_update.sh /etc/idleleo/ssl_update.sh /etc/idleleo/fail2ban_manager.sh /etc/idleleo/file_manager.sh
+
+RUN echo '* soft nofile 65536' >> /etc/security/limits.conf && \
+    echo '* hard nofile 65536' >> /etc/security/limits.conf
+
+EXPOSE 443 80
+
+VOLUME ["/etc/idleleo/conf", "/etc/idleleo/cert", "/etc/idleleo/info", "/var/log/xray", "/root/.acme.sh"]
+
+ENTRYPOINT ["/docker-entrypoint.sh"]
+CMD ["idleleo"]

README.md

@@ -43,6 +43,17 @@
 bash <(curl -Ss https://raw.githubusercontent.com/hello-yunshu/Xray_bash_onekey/main/install.sh)
 ```
 
+## Docker 部署
+
+支持使用 Docker 部署，详见 [Docker 部署指南](/DOCKER.md)。
+
+```bash
+git clone https://github.com/hello-yunshu/Xray_bash_onekey.git
+cd Xray_bash_onekey
+docker compose up -d
+docker attach xray-onekey
+```
+
 ## 注意事项
 
 * 不了解各项设置含义时，除必填项外请使用默认值（全程回车即可）

docker-compose.yml

@@ -0,0 +1,27 @@
+services:
+  xray-onekey:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    container_name: xray-onekey
+    restart: unless-stopped
+    network_mode: host
+    cap_add:
+      - NET_ADMIN
+    environment:
+      - TZ=Asia/Shanghai
+    volumes:
+      - xray-conf:/etc/idleleo/conf
+      - xray-cert:/etc/idleleo/cert
+      - xray-info:/etc/idleleo/info
+      - xray-logs:/var/log/xray
+      - acme-data:/root/.acme.sh
+    stdin_open: true
+    tty: true
+
+volumes:
+  xray-conf:
+  xray-cert:
+  xray-info:
+  xray-logs:
+  acme-data:

docker-entrypoint.sh

@@ -0,0 +1,101 @@
+#!/bin/bash
+
+export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
+
+XRAY_BIN="/usr/local/bin/xray"
+NGINX_BIN="/usr/local/nginx/sbin/nginx"
+XRAY_CONF="/etc/idleleo/conf/xray/config.json"
+NGINX_CONF="/usr/local/nginx/conf/nginx.conf"
+XRAY_PID_FILE="/var/run/xray.pid"
+NGINX_PID_FILE="/usr/local/nginx/logs/nginx.pid"
+
+_start_cron() {
+    if ! pgrep -f "cron" >/dev/null 2>&1; then
+        cron
+    fi
+}
+
+_start_services() {
+    if [[ -f "$XRAY_CONF" ]] && [[ -x "$XRAY_BIN" ]]; then
+        echo "[entrypoint] Starting Xray..."
+        systemctl start xray
+    fi
+
+    if [[ -f "$NGINX_CONF" ]] && [[ -x "$NGINX_BIN" ]]; then
+        echo "[entrypoint] Starting Nginx..."
+        systemctl start nginx
+    fi
+}
+
+_stop_services() {
+    echo "[entrypoint] Stopping services..."
+    systemctl stop nginx 2>/dev/null
+    systemctl stop xray 2>/dev/null
+}
+
+_watchdog() {
+    while true; do
+        if [[ -f "$XRAY_CONF" ]] && [[ -x "$XRAY_BIN" ]]; then
+            if ! systemctl -q is-active xray 2>/dev/null; then
+                echo "[watchdog] Xray is not running, restarting..."
+                systemctl start xray
+            fi
+        fi
+
+        if [[ -f "$NGINX_CONF" ]] && [[ -x "$NGINX_BIN" ]]; then
+            if ! systemctl -q is-active nginx 2>/dev/null; then
+                echo "[watchdog] Nginx is not running, restarting..."
+                systemctl start nginx
+            fi
+        fi
+
+        sleep 30
+    done
+}
+
+trap '_stop_services; exit 0' SIGTERM SIGINT SIGQUIT
+
+_start_cron
+
+case "$1" in
+    idleleo)
+        if [[ -f "$XRAY_CONF" ]] && [[ -x "$XRAY_BIN" ]]; then
+            echo "[entrypoint] Detected existing Xray configuration, starting services..."
+            _start_services
+            echo "[entrypoint] Services started. Launching management script..."
+            echo "[entrypoint] Type 'exit' to return to daemon mode."
+            bash /etc/idleleo/install.sh
+            echo "[entrypoint] Management script exited. Entering daemon mode..."
+            _watchdog
+        else
+            echo "[entrypoint] No existing configuration found. Launching install script..."
+            bash /etc/idleleo/install.sh
+            if [[ -f "$XRAY_CONF" ]]; then
+                echo "[entrypoint] Installation complete. Starting services..."
+                _start_services
+                echo "[entrypoint] Services started. Entering daemon mode..."
+                _watchdog
+            else
+                echo "[entrypoint] No configuration found. Entering daemon mode (services not started)..."
+                _watchdog
+            fi
+        fi
+        ;;
+    start)
+        _start_services
+        echo "[entrypoint] Services started. Entering daemon mode..."
+        _watchdog
+        ;;
+    shell|bash)
+        _start_services
+        echo "[entrypoint] Services started. Opening shell..."
+        /bin/bash
+        echo "[entrypoint] Shell exited. Entering daemon mode..."
+        _watchdog
+        ;;
+    *)
+        _start_services
+        echo "[entrypoint] Services started. Executing: $*"
+        exec "$@"
+        ;;
+esac