tobychui · kjagosz · Mar 30, 2026 · PassiveLemon · Apr 1, 2026 · PassiveLemon
@@ -7,8 +7,11 @@ name: Build and push Docker image
 
 env:
   DOCKER_ACCOUNT: ${{ vars.DOCKER_ACCOUNT || 'zoraxydocker' }}
+  DOCKER_MAIN_IMAGE_WITH_ZEROTIER: ${{ vars.DOCKER_MAIN_IMAGE_WITH_ZEROTIER || 'true' }}
+  DOCKER_BUILD_ZEROTIER: ${{ vars.DOCKER_BUILD_ZEROTIER || 'true' }}
   DOCKER_REPO: ${{ vars.DOCKER_REPO || 'zoraxy' }}
-  DOCKER_REPO_TAG_CACHE_NAME: ${{ vars.DOCKER_REPO_TAG_CACHE_NAME || 'buildcache' }}
+  DOCKER_REPO_TAG_CACHE_NAME_BASE: ${{ vars.DOCKER_REPO_TAG_CACHE_NAME_BASE || 'buildcache-base' }}
+  DOCKER_REPO_TAG_CACHE_NAME_ZEROTIER: ${{ vars.DOCKER_REPO_TAG_CACHE_NAME_ZEROTIER || 'buildcache-zerotier' }}
   DOCKER_PLATFORMS: ${{ vars.DOCKER_PLATFORMS || 'linux/amd64,linux/arm64' }}
 permissions:
   contents: read
@@ -41,21 +44,67 @@ jobs:
       - name: Create tag list for docker image
         id: tags
         run: |
+          VERSION_TAG="${{ github.event.release.tag_name }}"
+          BASE_IMAGE="${{ env.DOCKER_ACCOUNT }}/${{ env.DOCKER_REPO }}:${VERSION_TAG}"
           if [ "${{ github.event.release.prerelease }}" = true ]; then
-            echo "docker=${{ env.DOCKER_ACCOUNT }}/${{ env.DOCKER_REPO }}:${{ github.event.release.tag_name }}" >> $GITHUB_OUTPUT
+            ZEROTIER_TAG_ARGS="-t ${{ env.DOCKER_ACCOUNT }}/${{ env.DOCKER_REPO }}:${VERSION_TAG}-zerotier"
           elif [[ "${{ github.event.release.tag_name }}" == *"-rc"* ]]; then
-            echo "docker=${{ env.DOCKER_ACCOUNT }}/${{ env.DOCKER_REPO }}:${{ github.event.release.tag_name }}" >> $GITHUB_OUTPUT
+            ZEROTIER_TAG_ARGS="-t ${{ env.DOCKER_ACCOUNT }}/${{ env.DOCKER_REPO }}:${VERSION_TAG}-zerotier"
           else
-            echo "docker=${{ env.DOCKER_ACCOUNT }}/${{ env.DOCKER_REPO }}:latest, ${{ env.DOCKER_ACCOUNT }}/${{ env.DOCKER_REPO }}:${{ github.event.release.tag_name }}" >> $GITHUB_OUTPUT
+            ZEROTIER_TAG_ARGS="-t ${{ env.DOCKER_ACCOUNT }}/${{ env.DOCKER_REPO }}:latest-zerotier -t ${{ env.DOCKER_ACCOUNT }}/${{ env.DOCKER_REPO }}:${VERSION_TAG}-zerotier"
+          fi
+          if [ "${{ github.event.release.prerelease }}" = true ]; then
+            echo "base=${BASE_IMAGE}" >> $GITHUB_OUTPUT
+            echo "zerotier=${{ env.DOCKER_ACCOUNT }}/${{ env.DOCKER_REPO }}:${VERSION_TAG}-zerotier" >> $GITHUB_OUTPUT
+          elif [[ "${{ github.event.release.tag_name }}" == *"-rc"* ]]; then
+            echo "base=${BASE_IMAGE}" >> $GITHUB_OUTPUT
+            echo "zerotier=${{ env.DOCKER_ACCOUNT }}/${{ env.DOCKER_REPO }}:${VERSION_TAG}-zerotier" >> $GITHUB_OUTPUT
+          else
+            echo "base=${{ env.DOCKER_ACCOUNT }}/${{ env.DOCKER_REPO }}:latest, ${BASE_IMAGE}" >> $GITHUB_OUTPUT
+            echo "zerotier=${{ env.DOCKER_ACCOUNT }}/${{ env.DOCKER_REPO }}:latest-zerotier, ${{ env.DOCKER_ACCOUNT }}/${{ env.DOCKER_REPO }}:${VERSION_TAG}-zerotier" >> $GITHUB_OUTPUT
+          fi
+          echo "base_ref=${BASE_IMAGE}" >> $GITHUB_OUTPUT
+          echo "zerotier_tag_args=${ZEROTIER_TAG_ARGS}" >> $GITHUB_OUTPUT
+
+      - name: Select main Docker build configuration
+        id: buildconfig
+        run: |
+          if [ "${{ env.DOCKER_MAIN_IMAGE_WITH_ZEROTIER }}" = "true" ]; then
+            echo "main_file=./docker/Dockerfile.zerotier" >> $GITHUB_OUTPUT
+            echo "main_cache=${{ env.DOCKER_REPO_TAG_CACHE_NAME_ZEROTIER }}" >> $GITHUB_OUTPUT
+          else
+            echo "main_file=./docker/Dockerfile" >> $GITHUB_OUTPUT
+            echo "main_cache=${{ env.DOCKER_REPO_TAG_CACHE_NAME_BASE }}" >> $GITHUB_OUTPUT
           fi
 
       - name: Build and push Docker image
         uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294  # v7.0.0
         with:
           context: ./docker
+          file: ${{ steps.buildconfig.outputs.main_file }}
           push: true
           platforms: ${{ env.DOCKER_PLATFORMS }}
-          tags: ${{ steps.tags.outputs.docker }}
-          cache-from: type=registry,ref=${{ env.DOCKER_ACCOUNT }}/${{ env.DOCKER_REPO }}:${{ env.DOCKER_REPO_TAG_CACHE_NAME }}
-          cache-to: type=registry,ref=${{ env.DOCKER_ACCOUNT }}/${{ env.DOCKER_REPO }}:${{ env.DOCKER_REPO_TAG_CACHE_NAME }},mode=max
+          tags: ${{ steps.tags.outputs.base }}
+          cache-from: type=registry,ref=${{ env.DOCKER_ACCOUNT }}/${{ env.DOCKER_REPO }}:${{ steps.buildconfig.outputs.main_cache }}
+          cache-to: type=registry,ref=${{ env.DOCKER_ACCOUNT }}/${{ env.DOCKER_REPO }}:${{ steps.buildconfig.outputs.main_cache }},mode=max
 
+      - name: Build and push Docker image with ZeroTier
+        if: ${{ env.DOCKER_BUILD_ZEROTIER == 'true' && env.DOCKER_MAIN_IMAGE_WITH_ZEROTIER != 'true' }}
+        uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294  # v7.0.0
+        with:
+          context: ./docker
+          file: ./docker/Dockerfile.zerotier
+          push: true
+          platforms: ${{ env.DOCKER_PLATFORMS }}
+          build-args: |
+            ZORAXY_BASE_IMAGE=${{ steps.tags.outputs.base_ref }}
+          tags: ${{ steps.tags.outputs.zerotier }}
+          cache-from: type=registry,ref=${{ env.DOCKER_ACCOUNT }}/${{ env.DOCKER_REPO }}:${{ env.DOCKER_REPO_TAG_CACHE_NAME_ZEROTIER }}
+          cache-to: type=registry,ref=${{ env.DOCKER_ACCOUNT }}/${{ env.DOCKER_REPO }}:${{ env.DOCKER_REPO_TAG_CACHE_NAME_ZEROTIER }},mode=max
+
+      - name: Tag main Docker image as ZeroTier variant
+        if: ${{ env.DOCKER_BUILD_ZEROTIER == 'true' && env.DOCKER_MAIN_IMAGE_WITH_ZEROTIER == 'true' }}
+        run: |
+          docker buildx imagetools create \
+            ${{ steps.tags.outputs.zerotier_tag_args }} \
+            ${{ steps.tags.outputs.base_ref }}
@@ -1,3 +1,5 @@
+# syntax=docker/dockerfile:1.7
+
 ## Build Zoraxy
 FROM docker.io/golang:alpine AS build-zoraxy
 
@@ -9,31 +11,13 @@ COPY ./src/ /opt/zoraxy/source/
 
 WORKDIR /opt/zoraxy/source/
 
-RUN go mod tidy &&\
+RUN --mount=type=cache,target=/go/pkg/mod \
+    --mount=type=cache,target=/root/.cache/go-build \
+    go mod tidy &&\
     go build -o /usr/local/bin/zoraxy &&\
     chmod 755 /usr/local/bin/zoraxy
 
 
-## Build ZeroTier
-FROM docker.io/rust:1.79-alpine AS build-zerotier
-
-RUN mkdir -p /opt/zerotier/source/ &&\
-    mkdir -p /usr/local/bin/
-
-WORKDIR /opt/zerotier/source/
-
-RUN apk add --update --no-cache curl make gcc g++ linux-headers openssl-dev nano
-
-RUN curl -Lo ZeroTierOne.tar.gz https://codeload.github.com/zerotier/ZeroTierOne/tar.gz/refs/tags/1.10.6 &&\
-    tar -xzvf ZeroTierOne.tar.gz &&\
-    cd ZeroTierOne-*/zeroidc &&\
-    cargo update -p getrandom &&\
-    cd .. &&\
-    make -f make-linux.mk &&\
-    mv ./zerotier-one /usr/local/bin/zerotier-one &&\
-    chmod 755 /usr/local/bin/zerotier-one
-
-
 ## Main
 FROM docker.io/alpine:latest
 
@@ -42,7 +26,6 @@ RUN apk add --update --no-cache tzdata python3 sudo netcat-openbsd libressl-dev
 
 COPY --chmod=700 ./entrypoint.py /opt/zoraxy/
 
-COPY --from=build-zerotier /usr/local/bin/zerotier-one /usr/local/bin/zerotier-one
 COPY --from=build-zoraxy /usr/local/bin/zoraxy /usr/local/bin/zoraxy
 
 RUN mkdir -p /opt/zoraxy/plugin/ &&\
@@ -52,6 +35,7 @@ WORKDIR /opt/zoraxy/config/
 
 ENV TZ="Etc/UTC"
 ENV ZEROTIER="false"
+ENV ZEROTIER_BIN="/usr/local/bin/zerotier-one"
 
 ENV AUTORENEW="86400"
 ENV CFGUPGRADE="true"
@@ -77,4 +61,3 @@ LABEL com.imuslab.zoraxy.container-identifier="Zoraxy"
 ENTRYPOINT [ "python3", "-u", "/opt/zoraxy/entrypoint.py" ]
 
 HEALTHCHECK --interval=15s --timeout=5s --start-period=10s --retries=3 CMD nc -vz 127.0.0.1 $PORT || exit 1
-
@@ -0,0 +1,90 @@
+# syntax=docker/dockerfile:1.7
+
+ARG ZORAXY_BASE_IMAGE=zoraxy-base
+
+## Build Zoraxy
+FROM docker.io/golang:alpine AS build-zoraxy
+
+RUN mkdir -p /opt/zoraxy/source/ &&\
+    mkdir -p /usr/local/bin/
+
+# If you build it yourself, you will need to add the src directory into the docker directory.
+COPY ./src/ /opt/zoraxy/source/
+
+WORKDIR /opt/zoraxy/source/
+
+RUN --mount=type=cache,target=/go/pkg/mod \
+    --mount=type=cache,target=/root/.cache/go-build \
+    go mod tidy &&\
+    go build -o /usr/local/bin/zoraxy &&\
+    chmod 755 /usr/local/bin/zoraxy
+
+
+## Base Zoraxy image for standalone ZeroTier builds
+FROM docker.io/alpine:latest AS zoraxy-base
+
+RUN apk add --update --no-cache tzdata python3 sudo netcat-openbsd libressl-dev openssh ca-certificates libc6-compat libstdc++ &&\
+    rm -rf /var/cache/apk/* /tmp/*
+
+COPY --chmod=700 ./entrypoint.py /opt/zoraxy/
+
+COPY --from=build-zoraxy /usr/local/bin/zoraxy /usr/local/bin/zoraxy
+
+RUN mkdir -p /opt/zoraxy/plugin/ &&\
+    echo "tun" | tee -a /etc/modules
+
+WORKDIR /opt/zoraxy/config/
+
+ENV TZ="Etc/UTC"
+ENV ZEROTIER="false"
+ENV ZEROTIER_BIN="/usr/local/bin/zerotier-one"
+
+ENV AUTORENEW="86400"
+ENV CFGUPGRADE="true"
+ENV DB="auto"
+ENV DOCKER="true"
+ENV EARLYRENEW="30"
+ENV ENABLELOG="true"
+ENV FASTGEOIP="false"
+ENV MDNS="true"
+ENV MDNSNAME="''"
+ENV NOAUTH="false"
+ENV PLUGIN="/opt/zoraxy/plugin/"
+ENV PORT="8000"
+ENV SSHLB="false"
+ENV UPDATE_GEOIP="false"
+ENV VERSION="false"
+ENV WEBROOT="./www"
+
+VOLUME [ "/opt/zoraxy/config/" ]
+
+LABEL com.imuslab.zoraxy.container-identifier="Zoraxy"
+
+ENTRYPOINT [ "python3", "-u", "/opt/zoraxy/entrypoint.py" ]
+
+HEALTHCHECK --interval=15s --timeout=5s --start-period=10s --retries=3 CMD nc -vz 127.0.0.1 $PORT || exit 1
+
+## Build ZeroTier
+FROM docker.io/rust:1.79-alpine AS build-zerotier
+
+RUN mkdir -p /opt/zerotier/source/ &&\
+    mkdir -p /usr/local/bin/
+
+WORKDIR /opt/zerotier/source/
+
+RUN apk add --update --no-cache curl make gcc g++ linux-headers openssl-dev nano
+
+RUN --mount=type=cache,target=/root/.cargo/registry \
+    --mount=type=cache,target=/root/.cargo/git \
+    curl -Lo ZeroTierOne.tar.gz https://codeload.github.com/zerotier/ZeroTierOne/tar.gz/refs/tags/1.10.6 &&\
+    tar -xzvf ZeroTierOne.tar.gz &&\
+    cd ZeroTierOne-*/zeroidc &&\
+    cargo update -p getrandom &&\
+    cd .. &&\
+    make -f make-linux.mk &&\
+    mv ./zerotier-one /usr/local/bin/zerotier-one &&\
+    chmod 755 /usr/local/bin/zerotier-one
+
+FROM ${ZORAXY_BASE_IMAGE}
+
+COPY --from=build-zerotier /usr/local/bin/zerotier-one /usr/local/bin/zerotier-one
@@ -2,6 +2,7 @@
 
 import os
 import signal
+import shutil
 import subprocess
 import sys
 import time
@@ -68,6 +69,15 @@ def start_zerotier():
 
   global zerotier_proc
 
+  zerotier_bin = getenv("ZEROTIER_BIN", "/usr/local/bin/zerotier-one")
+  resolved_zerotier_bin = zerotier_bin if "/" in zerotier_bin else shutil.which(zerotier_bin)
+  if not resolved_zerotier_bin or not os.path.exists(resolved_zerotier_bin):
+    print(
+      f"ZeroTier requested but binary was not found at {zerotier_bin}. "
+      "Use the zoraxydocker/zoraxy:<tag>-zerotier image or mount a binary and set ZEROTIER_BIN."
+    )
+    sys.exit(1)
+
   config_dir = "/opt/zoraxy/config/zerotier/"
   zt_path = "/var/lib/zerotier-one"
 
@@ -78,13 +88,15 @@ def start_zerotier():
   except FileExistsError:
     print(f"Symlink {zt_path} already exists, skipping creation.")
 
-  zerotier_proc = popen(["zerotier-one"])
+  zerotier_proc = popen([resolved_zerotier_bin])
 
 def start_zoraxy():
   print("Starting Zoraxy...")
 
   global zoraxy_proc
 
+  mdns_name = getenv("MDNSNAME", "''")
+
   zoraxy_args = [
     "zoraxy",
     f"-autorenew={ getenv('AUTORENEW', '86400') }",
@@ -95,7 +107,7 @@ def start_zoraxy():
     f"-enablelog={ getenv('ENABLELOG', 'true') }",
     f"-fastgeoip={ getenv('FASTGEOIP', 'false') }",
     f"-mdns={ getenv('MDNS', 'true') }",
-    f"-mdnsname={ getenv('MDNSNAME', "''") }",
+    f"-mdnsname={ mdns_name }",
     f"-noauth={ getenv('NOAUTH', 'false') }",
     f"-plugin={ getenv('PLUGIN', '/opt/zoraxy/plugin/') }",
     f"-port=:{ getenv('PORT', '8000') }",
@@ -128,4 +140,3 @@ def main():
 
 if __name__ == "__main__":
   main()
-
@@ -417,6 +417,13 @@ <h1 i18n>
                 </div>
             </div>
         </div>
+        <div class="ui info message" style="margin-top: 1.5em;">
+            <p i18n>
+                Docker images are published as a standard image and a ZeroTier-enabled variant (`zoraxydocker/zoraxy:latest-zerotier`).
+                // Docker 映像會同時提供標準版本及包含 ZeroTier 的版本（`zoraxydocker/zoraxy:latest-zerotier`）。
+                // Docker-Images werden sowohl als Standard-Image als auch als ZeroTier-Variante (`zoraxydocker/zoraxy:latest-zerotier`) veröffentlicht.
+            </p>
+        </div>
         <p>
             <span i18n>After Zoraxy is started, navigate to 
                 // 當 Zoraxy 執行檔 / 服務啟動後，使用瀏覽器開啟
@@ -596,4 +603,4 @@ <h1 i18n>Learn More
     <!-- Locales -->
     <script src="main.js" defer></script>
   </body>
-</html>
+</html>