How to install slipstream or dnstt with gost using docker
How to Install dnstt + gost Using Docker
This guide explains how to install and configure dnstt with gost using Docker and Docker Compose.
1. Install Docker
apt update
apt install docker.io docker-compose -y
systemctl enable docker
systemctl start docker
2. Create Docker Network
docker network create web_net
Main Setup (dnstt + gost)
3. Create compose.yml
---
name: dnstt-server
networks:
web_net:
name: web_net
external: true
services:
watchtower:
image: containrrr/watchtower
container_name: watchtower
command:
- "--cleanup"
- "--label-enable"
- "--interval"
- "3600"
- "--rolling-restart"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
restart: unless-stopped
networks:
- web_net
gost:
image: ginuerzh/gost
container_name: gost
restart: unless-stopped
command: "-L=username:password@:8088"
networks:
- web_net
labels:
- com.centurylinklabs.watchtower.enable=true
dnstt:
image: mk990/tun
container_name: dnstt
volumes:
- ./dnstt:/config
entrypoint: >
dnstt-server -udp :53
-privkey-file /config/server.key
${DNSTT_DOMAIN}
gost:8088
ports:
- 53:53/udp
restart: unless-stopped
networks:
- web_net
labels:
- com.centurylinklabs.watchtower.enable=true
4. Create .env File
DNSTT_DOMAIN=nstest.example.com
5. Generate Server and Client Keys
mkdir dnstt
docker run --rm -w /config -v ./dnstt:/config -it mk990/tun dnstt-server -gen-key -privkey-file server.key -pubkey-file client.key
Show the public key:
cat dnstt/client.key
Save the public key for client connection.
6. Disable systemd DNS Resolver (Ubuntu)
systemctl disable systemd-resolved.service
systemctl stop systemd-resolved.service
rm -f /etc/resolv.conf
echo -e "nameserver 1.1.1.1
nameserver 8.8.8.8" > /etc/resolv.conf
7. Configure Docker DNS
Edit /etc/docker/daemon.json:
{
"dns": ["1.1.1.1", "8.8.8.8"],
"log-opts": {
"max-file": "5",
"max-size": "10m"
}
}
Restart Docker:
systemctl restart docker
8. Configure DNS Records
Add these DNS records to your domain:
nstestip IN A SERVER_IP
nstest IN NS nstestip.example.com.
Replace SERVER_IP with your public server IP.
9. Start the Stack
docker compose up -d
10. Connect to the Server
./dnstt-client -udp 8.8.8.8:53 -pubkey YOUR_PUBLIC_KEY nstestip.example.com 127.0.0.1:7000
If everything is correct, you will have a SOCKS5 proxy at:
127.0.0.1:7000
Optional: Slipstream Setup
If you prefer using slipstream-server instead of dnstt, use the following compose configuration.
Slipstream compose.yml
---
name: dnstt-server
networks:
web_net:
name: web_net
external: true
services:
watchtower:
image: containrrr/watchtower
container_name: watchtower
command:
- "--cleanup"
- "--label-enable"
- "--interval"
- "3600"
- "--rolling-restart"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
restart: unless-stopped
networks:
- web_net
gost:
image: ginuerzh/gost
container_name: gost
restart: unless-stopped
command: "-L=username:password@:8088"
networks:
- web_net
labels:
- com.centurylinklabs.watchtower.enable=true
slipstream:
image: mk990/tun
container_name: slipstream
restart: unless-stopped
command: "slipstream-server --dns-listen-port 53 --target-address gost:8088 --domain ${DNSTT_DOMAIN} --cert /certs/cert.pem --key /certs/key.pem"
volumes:
- ./slipstream:/certs
networks:
- web_net
ports:
- 53:53/udp
labels:
- com.centurylinklabs.watchtower.enable=true
Create SSL Certificate for Slipstream
mkdir slipstream
cd slipstream
openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365 -subj "/CN=US"
Connect to the Server
./slipstream-client --tcp-listen-port 7000 --resolver 8.8.8.8:53 --domain nstestip.example.com.
Good luck and happy hacking.