This guide explains how to deploy sing-box + Docker + Docker Compose for managing modern proxy connections (VLESS + WS + TLS), providing a lightweight and configuration-driven alternative to v2rayA. This setup is ideal for users who want a stable SOCKS proxy for browsers on Arch Linux with minimal system modification.
1. Preparation
1.1 Docker
Install Docker:
sudo pacman -S docker
Add your user to the Docker group:
sudo usermod -aG docker $(whoami)
Create Docker config directory:
sudo mkdir -p /etc/docker
Create /etc/docker/daemon.json to use a registry mirror:
cat <<EOF | sudo tee /etc/docker/daemon.json > /dev/null
{
"registry-mirrors": [
"https://dockerproxy.net"
]
}
EOF
Enable and start Docker:
sudo systemctl daemon-reload
sudo systemctl enable --now docker
Verify Docker:
docker ps
๐ก Tip: Adding your user to the Docker group avoids using sudo every time. ๐ก Tip: Registry mirrors help in restricted network environments.
1.2 Docker Compose
Install Docker Compose:
sudo pacman -S docker-compose
Verify installation:
docker-compose --version
๐ก Tip: Docker Compose simplifies managing sing-box containers.
2. sing-box
2.1 Prepare Directories
Create project directories:
mkdir -p software/sing-box/config
Create the Docker Compose file:
nvim software/sing-box/docker-compose.yml
2.2 Docker Compose Configuration
Example docker-compose.yml:
services:
sing-box:
image: ghcr.io/sagernet/sing-box
restart: always
container_name: sing-box
network_mode: host
volumes:
- ./config:/etc/sing-box
command: run -C /etc/sing-box
2.3 Start the Container
cd software/sing-box
docker-compose up -d
Verify:
docker ps | grep sing-box
๐ก Tip: Use docker logs sing-box to debug startup issues.
3. sing-box Configuration
3.1 Create Configuration File
Create config:
nvim software/sing-box/config/config.json
3.2 VLESS + WS + TLS Configuration
Example config:
{
"log": {
"level": "info"
},
"inbounds": [
{
"type": "socks",
"listen": "127.0.0.1",
"listen_port": 1080
}
],
"outbounds": [
{
"type": "vless",
"tag": "proxy",
"server": "yourdomain.com",
"server_port": 443,
"uuid": "your_uuid",
"tls": {
"enabled": true,
"server_name": "yourdomain.com"
"insecure": true
},
"transport": {
"type": "ws",
"path": "/ws/8f3a7b2c9d",
"headers": {
"Host": "yourdomain.com"
}
}
},
{
"type": "direct",
"tag": "direct"
}
],
"route": {
"final": "proxy"
}
}
๐ก Tip: path, Host, and UUID must match your VPS configuration exactly. Then restart your container.
4. Browser Proxy Configuration
4.1 Firefox Example
Open:
Settings โ Network Settings โ Manual Proxy
Set:
SOCKS Host: 127.0.0.1
Port: 1080
SOCKS v5: enabled
Enable:
โ Proxy DNS when using SOCKS v5
4.2 Chromium Example
google-chrome --proxy-server="socks5://127.0.0.1:1080"
๐ก Tip: Firefox is more stable for SOCKS DNS handling.
5. Security and Optimization Tips
- Do NOT expose port 1080 publicly
- Keep container bound to 127.0.0.1 only
- Keep VPS path and UUID secret
- Prefer WS + TLS over raw TCP
- Avoid system-wide iptables rules
6. Backup & Rollback
6.1 Backup Config
sudo mkdir -p /root/backup/sing-box
sudo cp -r software/sing-box/config /root/backup/sing-box/
6.2 Restore Backup
sudo rm -rf software/sing-box/config
sudo cp -r /root/backup/sing-box/config software/sing-box/
docker-compose restart
๐ก Tip: Always restart container after restoring config.
7. Troubleshooting
7.1 Container Not Starting
Check logs:
docker logs sing-box
Common causes:
- JSON syntax error
- Wrong UUID
- Wrong domain or TLS mismatch
7.2 Docker Compose Issues
Validate config:
docker-compose config
Restart:
docker-compose down
docker-compose up -d
7.3 Browser Cannot Connect
Check:
- SOCKS port = 1080
- Firefox DNS over SOCKS enabled
- Container running