This is a really awesome example of both:

• A SOCKS proxy.
• A very small docker image.

I learned from your example in many ways. I incorporated your docker image in one of my "play around" projects. Feel free to check it out:

https://github.com/samrocketman/docker-compose-ha-consul-vault-ui/blob/99911b757517fca79bbe9b5d83467f74dbdb5301/docker-compose.yml#L176-L185

Thanks again!

Looks like you've been working on multi arch support.
https://github.com/serjs/socks5-server/blob/master/hooks/build#L3

I'm looking to use this as on arm. Is there anything I can do to help you finish up support?

docker run -d --name socks5 -p 443:443 -e PROXY_USER=test -e PROXY_PASSWORD=1234 -e PROXY_PORT=443 serjs/go-socks5-proxy

Tried some different Chrome Plugins:

• Proxy Helper
• FoxyProxy

always:
2018/09/22 10:53:41 [ERR] socks: Failed to authenticate: No supported authentication mechanism

2019/05/22 08:30:37 [ERR] socks: Unsupported SOCKS version: [4],
2019/05/22 08:30:37 [ERR] socks: Failed to authenticate: No supported authentication mechanism,

Port 1080 in the container, is it required?

Hi, from what i read restricting outgoing to an ip/fqdn is do able on socks5-server, is there any guide for it?

already tried "- ALLOWED_DEST_FQDN=(ip address) or - ALLOWED_DEST_FQDN=(cnn.com)" but nothing is working, the client cant open anything with that env enabled on compose.

`
From commit c30bfd3 (HEAD -> master, origin/master, origin/HEAD)
Merge: d034754 93554c0
Author: Sergey Bogatyrets [email protected]
Date: Mon Feb 26 07:09:16 2024 +0300

Merge pull request #48 from serjs/dependabot/go_modules/golang.org/x/net-0.17.0

Bump golang.org/x/net from 0.1.0 to 0.17.0

docker-compose -f docker-compose.build.yml up -d
Building socks5-build
DEPRECATED: The legacy builder is deprecated and will be removed in a future release.
Install the buildx component to build images with BuildKit:
https://docs.docker.com/go/buildx/

Sending build context to Docker daemon 2.504MB
Step 1/9 : ARG GOLANG_VERSION="1.19.1"
Step 2/9 : FROM golang:$GOLANG_VERSION-alpine as builder
1.19.1-alpine: Pulling from library/golang
213ec9aee27d: Pull complete
5299e6f78605: Pull complete
1cab0e43db0a: Pull complete
6569e6eb40cd: Pull complete
601c7710d0ea: Pull complete
Digest: sha256:d475cef843a02575ebdcb1416d98cd76bab90a5ae8bc2cd15f357fc08b6a329f
Status: Downloaded newer image for golang:1.19.1-alpine
---> 5dd973625d31
Step 3/9 : RUN apk --no-cache add tzdata
---> Running in 2eeaddb23f69
fetch https://dl-cdn.alpinelinux.org/alpine/v3.16/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.16/community/x86_64/APKINDEX.tar.gz
(1/1) Installing tzdata (2024a-r0)
Executing busybox-1.35.0-r17.trigger
OK: 9 MiB in 16 packages
Removing intermediate container 2eeaddb23f69
---> b79876ef213a
Step 4/9 : WORKDIR /go/src/github.com/serjs/socks5
---> Running in eeeabdf85c21
Removing intermediate container eeeabdf85c21
---> 9849b58fb02b
Step 5/9 : COPY . .
---> a01919e73682
Step 6/9 : RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -ldflags '-s' -o ./socks5
---> Running in 57662840a16a

github.com/serjs/socks5-server

./server.go:56:10: server.SetIPWhitelist undefined (type *socks5.Server has no field or method SetIPWhitelist)
The command '/bin/sh -c CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -ldflags '-s' -o ./socks5' returned a non-zero code: 2
ERROR: Service 'socks5-build' failed to build : Build failed`

Hi,
is there a way to change the timezone?
TZ = Europe/London is not working

Ralf

Hi, thanks for the great software!

When I use proxy on the same machine where the Docker container is running, everything works perfectly. But when I try to connect from the remove machine, I get the following:

Attaching to socks5-docker_go-socks5-proxy_1
go-socks5-proxy_1  | 2022/07/31 14:01:10 Start listening proxy service on port 1080
go-socks5-proxy_1  | 2022/07/31 14:01:26 [ERR] socks: Failed to handle request: Connect to 2606:4700:3033::ac43:9890:80 failed: dial tcp [2606:4700:3033::ac43:9890]:80: connect: cannot assign requested address

Could it be related to the mixing of ipv4 and ipv6? I've tried many things, ports are definitely up, and no firewall is involved. It seems that the proxy is just trying to use the IP of the sender, which would obviously fail, if the sender is not local.

Hi,
I can't configure with windows 11/Chrome. I can only with firefox.
What am I doing wrong

Thank!

this is a really good project you have here. there is 1 error i keep getting

2023/11/03 11:22:21 [ERR] socks: Failed to handle request: readfrom tcp 172.17.0.2:56490->MYIPHERE:443: splice: broken pip

what could be causing this problem. i ain't that good with go. so i could debug this problem.If any 1 as any ideas or could help me get this error fixed. let me know please.

Vendor folder is not required, since go mods where introduced, so it is just redundant in version control.

Thanks for the great image, I use this everyday!

This morning my watchtower grabbed your image a few minutes after it was pushed and then crashed.

WARNING: The requested image's platform (linux/arm/v6) does not match the detected host platform (linux/amd64) and no specific platform was requested

exec /socks5: exec format error

This is true even when pulling serjs/go-socks5-proxy:bb9c21e67556 (which I checked in case I was pulling the wrong image somehow). Rolling back to serjs/go-socks5-proxy:v0.0.3 resolves.

Is it possible to also specify the IP address in the .env?

Is https supported? Cannot find a way to set it up...

udp proxy support

Got error like this, when try connect from iOS (iPhone)

From Mac OS

But curl test work fine

Hello there!
I really appreciate what you are doing, but I cannot use your solution because of the lack of a license.
Could you please clarify why the repository does not contain a license?

Thank you in advance!

Would you consider adding a helm chart for this and posting it to artifacthub.io?

Does anyone else have a need to restrict which destination addresses are allowed? How about using a regular expression?

Request udp fonction.

I have to use this proxy in a network where all UDP traffic is blocked. I have set up the docker container and the proxy works on the non-restricted network but doesn't work on the restricted network.

How do I check what is going wrong? How to use it in TCP only?

This is a great project and easy to deploy. I'm curious as to the best way to limit outbound ports in using this proxy project? I believe I can do it on the eth0 interface IPTables firewall but was wondering if it's possible within the container itself

2023/12/28 17:00:48 Start listening proxy service on port 1080
2023/12/28 17:00:48 listen tcp :1080: socket: permission denied

whats that, what can i do against it? it runs already with root

Hi there,
I would like to change the outbound port from 1080 to other (like 1234 as sample here).
Should I change the -p 1080:1080 into -p 1234:1234 ? Or do I need to make some changes on Dockerfile ?
Thanks!

How do I configure the timeout period of the client? serjs/go-socks5-proxy will close the connection. When the client initiates proxy requests intermittently, the timeout will occur

We had an issue with the last version of the docker images, the container keeps restarting with the following logs:

exec /socks5: exec format error
exec /socks5: exec format error
exec /socks5: exec format error
exec /socks5: exec format error
exec /socks5: exec format error
exec /socks5: exec format error
exec /socks5: exec format error
exec /socks5: exec format error

Is it possible to resolve container host name?

services:
   proxy-socks5:
    container_name: proxy-socks5
    image: serjs/go-socks5-proxy:latest
    ports:
      - 1080:1080
  db:
    container_name: db-something
    image: ...

Able to curl --socks5 127.0.0.1:1080 <container ip and port>
Not able to curl --socks5 127.0.0.1:1080 <container host name and port>

Environment:
Docker version 20.10.14 on Windows with WSL2 enabled

I would be a great to provide list of users/password, AFAIK go-socks5 supports this https://github.com/armon/go-socks5/blob/master/credentials_test.go

Hello,

I've started the container on my Raspberry Pi:
docker run -d --name socks5 -p 8888:8888 -e PROXY_USER=keunes -e PROXY_PASSWORD=[password] serjs/go-socks5-proxy and confirm that it's running:

CONTAINER ID   IMAGE                   COMMAND     CREATED          STATUS          PORTS                                       NAMES
babf826ab2cd   serjs/go-socks5-proxy   "/socks5"   45 minutes ago   Up 45 minutes   0.0.0.0:8888->8888/tcp, :::8888->8888/tcp   socks5

On my router I have opened the port, redirecting to my RaspberryPi (protocol: TCP):

However, when testing, I get a 'connection refused' error:

$ curl --socks5 xxx.x.xx.xx:8888 -U keunes:[password] http://ifcfg.co
curl: (7) Failed to connect to 185.6.51.97 port 8888: Connection refused

I'm also running a 'bare' nginx server on the RasPi but I think it shouldn't interfere as it's on another level. I've also set up UFW on the RasPi but I tried adding a rule to open port 8888 and that didn't help, and I think it shouldn't interfere anyway as docker manipulates iptables directly.

Any hints/ideas?

how to limit that only localhost apps can visit this socks proxy?

It's nice to have port configurable

curl example doesn't work with curl 7.54.0:

❯ curl --socks5 --user user:pass myhost.com:1111 http://ifcfg.co
curl: (3) Port number ended with 'b'
curl: (6) Could not resolve host: --user
curl: (6) Could not resolve host: --user

it should rather be:

❯ curl --socks5 user:[email protected]:1111 http://ifcfg.co
111.222.333.444

can it provide service without authentication?

We need to remake Actions for supporting legacy armv6 images, and distroless images.
Also we need to refactor master/release workflows to be more PR conditional.

For e.g.

• Build docker images but not publishing it for PR

Ive found the following issue. any idea of a workaround?

socks5_1  | 2022/01/31 12:04:22 [ERR] socks: Failed to handle request: Failed to resolve destination 'checkip.dyndns.org': lookup checkip.dyndns.org on 127.0.0.11:53: read udp 127.0.0.1:43353->127.0.0.11:53: i/o timeout

seems the socks proxy inside docker is trying to talk to one of the localhost ips for dns. any way to force this to some external dns?

[root@master-node commands]# docker run -d --restart=always -p 1080:1080 -e PROXY_USER=root -e PROXY_PASSWORD=root serjs/go-socks5-proxy --name socks5^C
[root@master-node commands]# curl --socks5 --user root:root 192.168.0.109:1080 http://ifcfg.co
curl: (3) Port number ended with 'r'
curl: (6) Could not resolve host: --user
curl: (6) Could not resolve host: --user
[root@master-node commands]#

thank you so much!!!