Add new REQUIRE_AUTH config parameter, to disable running socks5 server without auth by default

This commit is contained in:
serj
2025-09-25 14:40:25 +03:00
parent 1f5e188a14
commit 1cdfcea4ad
3 changed files with 17 additions and 14 deletions
-1
View File
@@ -1,3 +1,2 @@
PROXY_USER=someuser
PROXY_PASSWORD=somepass
PROXY_PORT=1080
+8 -10
View File
@@ -1,7 +1,6 @@
# go-socks5-proxy
![Latest tag from master branch](https://github.com/serjs/socks5-server/workflows/Latest%20tag%20from%20master%20branch/badge.svg)
![Release tag](https://github.com/serjs/socks5-server/workflows/Release%20tag/badge.svg)
Simple socks5 server using go-socks5 with authentication, allowed ips list and destination FQDNs filtering
@@ -11,16 +10,15 @@ Simple socks5 server using go-socks5 with authentication, allowed ips list and d
```docker run -d --name socks5 -p 1080:1080 -e PROXY_USER=<PROXY_USER> -e PROXY_PASSWORD=<PROXY_PASSWORD> serjs/go-socks5-proxy```
- Leave `PROXY_USER` and `PROXY_PASSWORD` empty for skip authentication options while running socks5 server, see example below
- Run docker container using specific container port and expose it to host port 1090
- Run docker container using specifit container port and expose it to host port 1090, without auth creds
```docker run -d --name socks5 -p 1090:9090 -e PROXY_PORT=9090 serjs/go-socks5-proxy```
```docker run -d --name socks5 -p 1090:9090 -e PROXY_USER=<PROXY_USER> -e PROXY_PASSWORD=<PROXY_PASSWORD> -e PROXY_PORT=9090 serjs/go-socks5-proxy```
# List of supported config parameters
|ENV variable|Type|Default|Description|
|------------|----|-------|-----------|
|REQUIRE_AUTH|String|true|Allow accepting socks5 connections without auth creds. Not recommended untill you use other protections mechanisms like Whitelists Subnets using Firewall or Proxy itself|
|PROXY_USER|String|EMPTY|Set proxy user (also required existed PROXY_PASS)|
|PROXY_PASSWORD|String|EMPTY|Set proxy password for auth, used with PROXY_USER|
|PROXY_PORT|String|1080|Set listen port for application inside docker container|
@@ -30,7 +28,7 @@ Simple socks5 server using go-socks5 with authentication, allowed ips list and d
# Build your own image:
`docker-compose -f docker-compose.build.yml up -d`\
Just don't forget to set parameters in the `.env` file.
Just don't forget to set parameters in the `.env` file (`cp .env.example .env)` and edit it with your config parameters
# Test running service
@@ -38,19 +36,19 @@ Assuming that you are using container on 1080 host docker port
## Without authentication
```curl --socks5 <docker host ip>:1080 https://ifcfg.co``` - result must show docker host ip (for bridged network)
```curl --socks5 <docker host ip>:1080 https://ipinfo.io``` - result must show docker host ip (for bridged network)
or
```docker run --rm curlimages/curl:7.65.3 -s --socks5 <docker host ip>:1080 https://ifcfg.co```
```docker run --rm curlimages/curl:7.65.3 -s --socks5 <docker host ip>:1080 https://ipinfo.io```
## With authentication
```curl --socks5 <docker host ip>:1080 -U <PROXY_USER>:<PROXY_PASSWORD> http://ifcfg.co```
```curl --socks5 <docker host ip>:1080 -U <PROXY_USER>:<PROXY_PASSWORD> https://ipinfo.io```
or
```docker run --rm curlimages/curl:7.65.3 -s --socks5 <PROXY_USER>:<PROXY_PASSWORD>@<docker host ip>:1080 http://ifcfg.co```
```docker run --rm curlimages/curl:7.65.3 -s --socks5 <PROXY_USER>:<PROXY_PASSWORD>@<docker host ip>:1080 https://ipinfo.io```
# Authors
+9 -3
View File
@@ -14,7 +14,8 @@ type params struct {
Port string `env:"PROXY_PORT" envDefault:"1080"`
AllowedDestFqdn string `env:"ALLOWED_DEST_FQDN" envDefault:""`
AllowedIPs []string `env:"ALLOWED_IPS" envSeparator:"," envDefault:""`
ListenIP string `env:"PROXY_LISTEN_IP" envDefault:"0.0.0.0"`
ListenIP string `env:"PROXY_LISTEN_IP" envDefault:"0.0.0.0"`
RequireAuth bool `env:"REQUIRE_AUTH" envDefault:"true"`
}
func main() {
@@ -30,12 +31,17 @@ func main() {
Logger: log.New(os.Stdout, "", log.LstdFlags),
}
if cfg.User+cfg.Password != "" {
if cfg.RequireAuth {
if cfg.User == "" || cfg.Password == "" {
log.Fatalln("Error: REQUIRE_AUTH is true, but PROXY_USER and PROXY_PASSWORD are not set. The application will now exit.")
}
creds := socks5.StaticCredentials{
os.Getenv("PROXY_USER"): os.Getenv("PROXY_PASSWORD"),
cfg.User: cfg.Password,
}
cator := socks5.UserPassAuthenticator{Credentials: creds}
socks5conf.AuthMethods = []socks5.Authenticator{cator}
} else {
log.Println("Warning: Running the proxy server without authentication. This is NOT recommended for public servers.")
}
if cfg.AllowedDestFqdn != "" {