From 1cdfcea4ad9dfca3305149038a3ae81edcc35e76 Mon Sep 17 00:00:00 2001 From: serj Date: Thu, 25 Sep 2025 14:40:25 +0300 Subject: [PATCH] Add new REQUIRE_AUTH config parameter, to disable running socks5 server without auth by default --- .env => .env.example | 1 - README.md | 18 ++++++++---------- server.go | 12 +++++++++--- 3 files changed, 17 insertions(+), 14 deletions(-) rename .env => .env.example (73%) diff --git a/.env b/.env.example similarity index 73% rename from .env rename to .env.example index 0100bdb..8946001 100644 --- a/.env +++ b/.env.example @@ -1,3 +1,2 @@ PROXY_USER=someuser PROXY_PASSWORD=somepass -PROXY_PORT=1080 diff --git a/README.md b/README.md index 79bfca0..b31124d 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,6 @@ # go-socks5-proxy ![Latest tag from master branch](https://github.com/serjs/socks5-server/workflows/Latest%20tag%20from%20master%20branch/badge.svg) -![Release tag](https://github.com/serjs/socks5-server/workflows/Release%20tag/badge.svg) Simple socks5 server using go-socks5 with authentication, allowed ips list and destination FQDNs filtering @@ -11,16 +10,15 @@ Simple socks5 server using go-socks5 with authentication, allowed ips list and d ```docker run -d --name socks5 -p 1080:1080 -e PROXY_USER= -e PROXY_PASSWORD= serjs/go-socks5-proxy``` - - Leave `PROXY_USER` and `PROXY_PASSWORD` empty for skip authentication options while running socks5 server, see example below +- Run docker container using specific container port and expose it to host port 1090 -- Run docker container using specifit container port and expose it to host port 1090, without auth creds - - ```docker run -d --name socks5 -p 1090:9090 -e PROXY_PORT=9090 serjs/go-socks5-proxy``` + ```docker run -d --name socks5 -p 1090:9090 -e PROXY_USER= -e PROXY_PASSWORD= -e PROXY_PORT=9090 serjs/go-socks5-proxy``` # List of supported config parameters |ENV variable|Type|Default|Description| |------------|----|-------|-----------| +|REQUIRE_AUTH|String|true|Allow accepting socks5 connections without auth creds. Not recommended untill you use other protections mechanisms like Whitelists Subnets using Firewall or Proxy itself| |PROXY_USER|String|EMPTY|Set proxy user (also required existed PROXY_PASS)| |PROXY_PASSWORD|String|EMPTY|Set proxy password for auth, used with PROXY_USER| |PROXY_PORT|String|1080|Set listen port for application inside docker container| @@ -30,7 +28,7 @@ Simple socks5 server using go-socks5 with authentication, allowed ips list and d # Build your own image: `docker-compose -f docker-compose.build.yml up -d`\ -Just don't forget to set parameters in the `.env` file. +Just don't forget to set parameters in the `.env` file (`cp .env.example .env)` and edit it with your config parameters # Test running service @@ -38,19 +36,19 @@ Assuming that you are using container on 1080 host docker port ## Without authentication -```curl --socks5 :1080 https://ifcfg.co``` - result must show docker host ip (for bridged network) +```curl --socks5 :1080 https://ipinfo.io``` - result must show docker host ip (for bridged network) or -```docker run --rm curlimages/curl:7.65.3 -s --socks5 :1080 https://ifcfg.co``` +```docker run --rm curlimages/curl:7.65.3 -s --socks5 :1080 https://ipinfo.io``` ## With authentication -```curl --socks5 :1080 -U : http://ifcfg.co``` +```curl --socks5 :1080 -U : https://ipinfo.io``` or -```docker run --rm curlimages/curl:7.65.3 -s --socks5 :@:1080 http://ifcfg.co``` +```docker run --rm curlimages/curl:7.65.3 -s --socks5 :@:1080 https://ipinfo.io``` # Authors diff --git a/server.go b/server.go index 7b1d633..93e77ba 100644 --- a/server.go +++ b/server.go @@ -14,7 +14,8 @@ type params struct { Port string `env:"PROXY_PORT" envDefault:"1080"` AllowedDestFqdn string `env:"ALLOWED_DEST_FQDN" envDefault:""` AllowedIPs []string `env:"ALLOWED_IPS" envSeparator:"," envDefault:""` - ListenIP string `env:"PROXY_LISTEN_IP" envDefault:"0.0.0.0"` + ListenIP string `env:"PROXY_LISTEN_IP" envDefault:"0.0.0.0"` + RequireAuth bool `env:"REQUIRE_AUTH" envDefault:"true"` } func main() { @@ -30,12 +31,17 @@ func main() { Logger: log.New(os.Stdout, "", log.LstdFlags), } - if cfg.User+cfg.Password != "" { + if cfg.RequireAuth { + if cfg.User == "" || cfg.Password == "" { + log.Fatalln("Error: REQUIRE_AUTH is true, but PROXY_USER and PROXY_PASSWORD are not set. The application will now exit.") + } creds := socks5.StaticCredentials{ - os.Getenv("PROXY_USER"): os.Getenv("PROXY_PASSWORD"), + cfg.User: cfg.Password, } cator := socks5.UserPassAuthenticator{Credentials: creds} socks5conf.AuthMethods = []socks5.Authenticator{cator} + } else { + log.Println("Warning: Running the proxy server without authentication. This is NOT recommended for public servers.") } if cfg.AllowedDestFqdn != "" {