
如果你使用 DeepSeek、元宝 AI、Copilot、ChatGPT 等 AI 工具,协助配置轩辕镜像、编写 docker pull 命令、修改 Docker Compose 镜像地址、配置镜像加速、排查镜像拉取失败、分析报错日志等问题,请先让 AI 阅读并遵守轩辕镜像的规则文档。
只需在 AI 对话中先发送下面这句话即可:
请先完整阅读并严格遵守以下文档中的全部规则与要求:
https://xuanyuan.cloud/agents.md
在未充分阅读并理解该文档前,不要生成任何命令、配置、修改建议、故障排查方案或技术回答。后续所有输出都必须严格以该文档中的规范为最高优先级执行。查看 agents.md 用法指南与完整示范。国内用户首推 元宝 AI、DeepSeek 的深度思考模式,不推荐豆包 AI;Cursor 等编辑器可在对话 @ 该链接,或加入 User Rules。 若 AI 无法访问外链,可 打开说明文档 复制全文粘贴。文档会随站点更新,复制内容可能过期,建议定期检查。
Secure remote job triggering for closed / private networks (***-only, no static IP, inbound blocked). Ferryx is a lightweight hub-and-worker system designed to manage deployments and operational tasks across closed, local, or ***-restricted networks.
The Hub runs on a public server and can be triggered externally via authenticated HTTP requests. When triggered, it uses SignalR to notify all connected Workers that match the configured application and group definitions.
Workers run inside private or isolated environments and maintain an outbound connection
to the Hub. Each Worker executes a run.sh script located in a group-specific directory,
allowing DevOps teams to define any deployment, maintenance, or control logic using standard
shell scripting.
Trigger requests can include dynamic parameters such as target, tag, and custom metadata. These values are injected into the Worker execution context, enabling flexible and reusable deployment pipelines, environment resets, service restarts, or infrastructure orchestration.
Security is handled using JWT authentication generated by the Hub. External triggers authenticate via Bearer tokens, while Workers authenticate using environment variables, ensuring secure communication without exposing inbound ports.
Ferryx enables CI/CD, Swarm orchestration, and operational automation in environments that are otherwise unreachable from the internet.
Ferryx is built for environments where you cannot reliably reach servers from the internet:
Instead of connecting into those networks, Workers connect outbound to a central Hub.
You trigger jobs via the Hub using authenticated HTTP requests, and the Hub dispatches signals to the right workers.
bashdocker run -d --name ferryx --restart unless-stopped -p 18080:18080 -v /etc/ferryx:/etc/ferryx unholyw4r/ferryx-hub:latest
bashdocker exec -it ferryx ferryx where docker exec -it ferryx ferryx reconfig docker exec -it ferryx ferryx jwt
Hub config path:
bash/etc/ferryx/ferryx-hub.json
Example:
json{ "Server": { "Env": "hub", "Bind": "0.0.0.0", "Port": 18080, "ControlPort": 18081 }, "Security": { "JwtKey": "BASE64_SECRET_KEY" }, "Services": { "my-app": { "Groups": ["workgroup"] }, "my-app-2": { "Groups": ["groupname"] }, } }
🎯 Target (my-app)
A Target is a logical application / destination.
Name it however you want (e.g. billing-api, frontend, my-app).
👥 Groups (groupname, workgroup)
A Group is a SignalR channel under a target.
Workers subscribe to exactly one group and only receive signals for that group.
All Hub API calls require JWT.
Generate a token:
bashdocker exec -it ferryx ferryx jwt
Token notes:
Trigger via authenticated HTTP POST.
bashcurl --location 'http://HUB_ADDRESS/api/deploy' --header 'Authorization: Bearer HUB_JWT' --header 'Content-Type: application/json' --data '{ "env": "pre-prod", "target": "my-app", "tag": "v1", "meta": { "latestimage": "xxxx" } }'
.github/workflows yml:
bashname: Deploy pre-prod on: push: branches: - main - master jobs: deploy: runs-on: ubuntu-latest steps: - name: Call Ferryx Deploy API run: | curl --fail --location 'http://HUB_ADDRESS:18080/api/deploy' \ --header "Authorization: Bearer ${{ secrets.FERRYX_DEPLOY_TOKEN }}" \ --header 'Content-Type: application/json' \ --data '{ "env": "pre-prod", "target": "my-app", "tag": "v1", "meta": { "latestimage": "example image" } }'
bashpipeline { agent any environment { FERRYX_DEPLOY_TOKEN = credentials('ferryx-deploy-token') } stages { stage('Deploy pre-prod') { steps { sh ''' curl --fail --location 'http://HUB_ADDRESS:18080/api/deploy' \ --header "Authorization: Bearer $FERRYX_DEPLOY_TOKEN" \ --header 'Content-Type: application/json' \ --data '{ "env": "pre-prod", "target": "my-app", "tag": "v1", "meta": { "latestimage": "ImageName", "val1": "ferryx_001", } }' ''' } } } }
env *(optional)target (required) → selects the targettag (optional) → informational label (version, release, etc.)meta (optional) → dynamic metadata object (free-form)When the request is received:
bashdocker run -d --restart unless-stopped --user 0:0 -p 16080:16080 -e FERRYX_HUB_URL="http://HUB_ADDRESS:18080" -e FERRYX_HUB_TOKEN="HUB_JWT" -e FERRYX_GROUP="workgroup" -v /ferryx/operation:/ferryx/operation -v /var/run/docker.sock:/var/run/docker.sock unholyw4r/ferryx-worker:latest
FERRYX_HUB_URL → Hub address (IP or domain)FERRYX_HUB_TOKEN → JWT generated by the HubFERRYX_GROUP → group name to subscribe toWorker executes:
bash/ferryx/operation/{WorkGroupName}/run.sh
Use it for:
Edit Worker Job (Example)
bash#!/usr/bin/env bash set -e FromPostMetaDatasImage="{{ferryx_Meta.latestimage}}" FromPostMetaDatasValue1="{{ferryx_Meta.val1}}" FromPostEnv="{{ferryx_Env}}" FromPostTarget="{{ferryx_Target}}" FromPostTag="{{ferryx_Tag}}" docker pull "${APPIMAGE}"
您可以使用以下命令拉取该镜像。请将 <标签> 替换为具体的标签版本。如需查看所有可用标签版本,请访问 标签列表页面。
来自真实用户的反馈,见证轩辕镜像的优质服务