zzzhhh1/mg-koyeb

This project, written mostly in Chinese, is a step-by-step recipe for running a single private network relay on the free tier of a hosting service called Koyeb, with traffic routed through a Cloudflare tunnel. It uses the VLESS protocol, which is a way of forwarding network traffic, and packages everything inside a small Docker container so a beginner can copy the config files and follow along without writing code. The author frames it as a learning project for distributed container architecture, and says it is not for commercial use. The author claims three main improvements over older guides. First, the secret key, called a UUID, is never written into the public repository. Instead, the container reads it from a Koyeb environment variable at startup, so the repo can stay public without exposing anything sensitive. Second, two processes run inside one Alpine Linux container, managed by supervisord: the proxy server, sing-box, and the Cloudflare tunnel client, cloudflared. Because the tunnel sends regular heartbeat packets, the free container stays awake instead of sleeping after idle time. Third, on first boot the container reads the environment variables and prints a ready-to-import VLESS link directly into the Koyeb runtime logs, so the user can copy it in one click. The README walks through four parts. Part one is creating a public GitHub repository with four files, a config.json, an entrypoint.sh, a Dockerfile, and a supervisord.conf, and letting GitHub Actions build the container image. Part two is setting up a Cloudflare Zero Trust tunnel with a chosen subdomain, the path /blog, the HTTP service type, and the local target 127.0.0.1 on port 8080, then saving the tunnel token. Part three is creating a Koyeb service from the built Docker image, opening port 8080, choosing the free Nano instance size, and supplying four environment variables: UUID, SUBDOMAIN, TUNNEL_TOKEN, and PORT. Part four is opening the Runtime Logs after deploy, copying the printed vless:// link, and pasting it into a client app like v2rayN or Shadowrocket to test the connection. The project is shared under the MIT license, with a strong notice forbidding commercial resale.