sing-box VPN Container

A lightweight Docker container running sing-box with TUN interface for VLESS-Reality protocol.
Allows other containers to route traffic through the VPN without affecting the host system.

Features

• Full TUN-based VPN inside Docker
• VLESS + Reality support (compatible with 3x-ui / X-UI panels)
• Simple network_mode: service:vpn_service sharing
• Works on Docker Desktop for Windows / Linux

Prerequisites

• Docker and Docker Compose
• Valid VLESS-Reality configuration from your 3x-ui panel

Quick Start

1. Clone or create the project directory.
2. Place your sing-box.json configuration file in the data/config/ folder.
3. Start the services:

docker compose up -d

4. Verify the VPN is working:

docker logs vpn_service
docker logs other_container

The other_container should display your VPS public IP. You can also check it by opening http://localhost:8088.

Usage

To route any container through the VPN, add it with:

services:
  your_service:
    image: your-image
    network_mode: service:vpn_service
    depends_on:
      - vpn_service

Note: If your service needs to be accessible from the host, don't forget to expose the ports in the vpn_service section (it acts as the network entrypoint).

Notes

• The container requires elevated privileges (privileged: true) for TUN interface creation.
• Works best on Docker Desktop (Windows) when run as Administrator.
• For production use, consider mounting configuration from a dedicated directory.

Troubleshooting

• Check docker logs vpn_service for configuration errors.
• Ensure UUID, Public Key, and Short ID in sing-box.json are correct.
• If TUN fails to create, verify Docker has necessary permissions.