Add new REQUIRE_AUTH config parameter, to disable running socks5 server without auth by default
This commit is contained in:
@@ -1,3 +1,2 @@
|
|||||||
PROXY_USER=someuser
|
PROXY_USER=someuser
|
||||||
PROXY_PASSWORD=somepass
|
PROXY_PASSWORD=somepass
|
||||||
PROXY_PORT=1080
|
|
||||||
@@ -1,7 +1,6 @@
|
|||||||
# go-socks5-proxy
|
# go-socks5-proxy
|
||||||
|
|
||||||

|

|
||||||

|
|
||||||
|
|
||||||
Simple socks5 server using go-socks5 with authentication, allowed ips list and destination FQDNs filtering
|
Simple socks5 server using go-socks5 with authentication, allowed ips list and destination FQDNs filtering
|
||||||
|
|
||||||
@@ -11,16 +10,15 @@ Simple socks5 server using go-socks5 with authentication, allowed ips list and d
|
|||||||
|
|
||||||
```docker run -d --name socks5 -p 1080:1080 -e PROXY_USER=<PROXY_USER> -e PROXY_PASSWORD=<PROXY_PASSWORD> serjs/go-socks5-proxy```
|
```docker run -d --name socks5 -p 1080:1080 -e PROXY_USER=<PROXY_USER> -e PROXY_PASSWORD=<PROXY_PASSWORD> serjs/go-socks5-proxy```
|
||||||
|
|
||||||
- Leave `PROXY_USER` and `PROXY_PASSWORD` empty for skip authentication options while running socks5 server, see example below
|
- Run docker container using specific container port and expose it to host port 1090
|
||||||
|
|
||||||
- Run docker container using specifit container port and expose it to host port 1090, without auth creds
|
```docker run -d --name socks5 -p 1090:9090 -e PROXY_USER=<PROXY_USER> -e PROXY_PASSWORD=<PROXY_PASSWORD> -e PROXY_PORT=9090 serjs/go-socks5-proxy```
|
||||||
|
|
||||||
```docker run -d --name socks5 -p 1090:9090 -e PROXY_PORT=9090 serjs/go-socks5-proxy```
|
|
||||||
|
|
||||||
# List of supported config parameters
|
# List of supported config parameters
|
||||||
|
|
||||||
|ENV variable|Type|Default|Description|
|
|ENV variable|Type|Default|Description|
|
||||||
|------------|----|-------|-----------|
|
|------------|----|-------|-----------|
|
||||||
|
|REQUIRE_AUTH|String|true|Allow accepting socks5 connections without auth creds. Not recommended untill you use other protections mechanisms like Whitelists Subnets using Firewall or Proxy itself|
|
||||||
|PROXY_USER|String|EMPTY|Set proxy user (also required existed PROXY_PASS)|
|
|PROXY_USER|String|EMPTY|Set proxy user (also required existed PROXY_PASS)|
|
||||||
|PROXY_PASSWORD|String|EMPTY|Set proxy password for auth, used with PROXY_USER|
|
|PROXY_PASSWORD|String|EMPTY|Set proxy password for auth, used with PROXY_USER|
|
||||||
|PROXY_PORT|String|1080|Set listen port for application inside docker container|
|
|PROXY_PORT|String|1080|Set listen port for application inside docker container|
|
||||||
@@ -30,7 +28,7 @@ Simple socks5 server using go-socks5 with authentication, allowed ips list and d
|
|||||||
|
|
||||||
# Build your own image:
|
# Build your own image:
|
||||||
`docker-compose -f docker-compose.build.yml up -d`\
|
`docker-compose -f docker-compose.build.yml up -d`\
|
||||||
Just don't forget to set parameters in the `.env` file.
|
Just don't forget to set parameters in the `.env` file (`cp .env.example .env)` and edit it with your config parameters
|
||||||
|
|
||||||
# Test running service
|
# Test running service
|
||||||
|
|
||||||
@@ -38,19 +36,19 @@ Assuming that you are using container on 1080 host docker port
|
|||||||
|
|
||||||
## Without authentication
|
## Without authentication
|
||||||
|
|
||||||
```curl --socks5 <docker host ip>:1080 https://ifcfg.co``` - result must show docker host ip (for bridged network)
|
```curl --socks5 <docker host ip>:1080 https://ipinfo.io``` - result must show docker host ip (for bridged network)
|
||||||
|
|
||||||
or
|
or
|
||||||
|
|
||||||
```docker run --rm curlimages/curl:7.65.3 -s --socks5 <docker host ip>:1080 https://ifcfg.co```
|
```docker run --rm curlimages/curl:7.65.3 -s --socks5 <docker host ip>:1080 https://ipinfo.io```
|
||||||
|
|
||||||
## With authentication
|
## With authentication
|
||||||
|
|
||||||
```curl --socks5 <docker host ip>:1080 -U <PROXY_USER>:<PROXY_PASSWORD> http://ifcfg.co```
|
```curl --socks5 <docker host ip>:1080 -U <PROXY_USER>:<PROXY_PASSWORD> https://ipinfo.io```
|
||||||
|
|
||||||
or
|
or
|
||||||
|
|
||||||
```docker run --rm curlimages/curl:7.65.3 -s --socks5 <PROXY_USER>:<PROXY_PASSWORD>@<docker host ip>:1080 http://ifcfg.co```
|
```docker run --rm curlimages/curl:7.65.3 -s --socks5 <PROXY_USER>:<PROXY_PASSWORD>@<docker host ip>:1080 https://ipinfo.io```
|
||||||
|
|
||||||
# Authors
|
# Authors
|
||||||
|
|
||||||
|
|||||||
@@ -14,7 +14,8 @@ type params struct {
|
|||||||
Port string `env:"PROXY_PORT" envDefault:"1080"`
|
Port string `env:"PROXY_PORT" envDefault:"1080"`
|
||||||
AllowedDestFqdn string `env:"ALLOWED_DEST_FQDN" envDefault:""`
|
AllowedDestFqdn string `env:"ALLOWED_DEST_FQDN" envDefault:""`
|
||||||
AllowedIPs []string `env:"ALLOWED_IPS" envSeparator:"," envDefault:""`
|
AllowedIPs []string `env:"ALLOWED_IPS" envSeparator:"," envDefault:""`
|
||||||
ListenIP string `env:"PROXY_LISTEN_IP" envDefault:"0.0.0.0"`
|
ListenIP string `env:"PROXY_LISTEN_IP" envDefault:"0.0.0.0"`
|
||||||
|
RequireAuth bool `env:"REQUIRE_AUTH" envDefault:"true"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
@@ -30,12 +31,17 @@ func main() {
|
|||||||
Logger: log.New(os.Stdout, "", log.LstdFlags),
|
Logger: log.New(os.Stdout, "", log.LstdFlags),
|
||||||
}
|
}
|
||||||
|
|
||||||
if cfg.User+cfg.Password != "" {
|
if cfg.RequireAuth {
|
||||||
|
if cfg.User == "" || cfg.Password == "" {
|
||||||
|
log.Fatalln("Error: REQUIRE_AUTH is true, but PROXY_USER and PROXY_PASSWORD are not set. The application will now exit.")
|
||||||
|
}
|
||||||
creds := socks5.StaticCredentials{
|
creds := socks5.StaticCredentials{
|
||||||
os.Getenv("PROXY_USER"): os.Getenv("PROXY_PASSWORD"),
|
cfg.User: cfg.Password,
|
||||||
}
|
}
|
||||||
cator := socks5.UserPassAuthenticator{Credentials: creds}
|
cator := socks5.UserPassAuthenticator{Credentials: creds}
|
||||||
socks5conf.AuthMethods = []socks5.Authenticator{cator}
|
socks5conf.AuthMethods = []socks5.Authenticator{cator}
|
||||||
|
} else {
|
||||||
|
log.Println("Warning: Running the proxy server without authentication. This is NOT recommended for public servers.")
|
||||||
}
|
}
|
||||||
|
|
||||||
if cfg.AllowedDestFqdn != "" {
|
if cfg.AllowedDestFqdn != "" {
|
||||||
|
|||||||
Reference in New Issue
Block a user