search

tarampampam / 3proxy-docker

:calling: Docker image with 3proxy - Tiny free proxy server
https://hub.docker.com/r/tarampampam/3proxy/
Do What The F*ck You Want To Public License
125 stars 37 forks source link

How to listen on specific IP #56

Closed NanoG6 closed 1 day ago

NanoG6 commented 6 days ago

Not an issue, but as in title, how to set the service listen only on specific IP address?

tarampampam commented 5 days ago

I think docker run ... -e EXTRA_CONFIG="external 192.168.1.1" ... might be what you need, but I'm not entirely sure

NanoG6 commented 5 days ago

I've tried both external and internal directive, but the container failed to start (restart loop). The goal is to set listening address to use my tailscale IP address, because last time it uses public IP address and somehow IPTABLES failed to protect the port and my server become public proxy server (!). For now, I'm using cloud provider firewall to block the port.

tarampampam commented 5 days ago

Strange. Using the internal option (instead of external) seems to make everything work as expected:

$ docker run --rm -p "3128:3128/tcp" -p "1080:1080/tcp" -e EXTRA_CONFIG="internal 127.0.0.1" ghcr.io/tarampampam/3proxy:latest

/bin/3proxy: Starting 3proxy
{"time_unix":1726130478, "proxy":{"type:":"PROXY", "port":3128}, "error":{"code":"00000"}, "auth":{"user":"-"}, "client":{"ip":"127.0.0.1", "port":3128}, "server":{"ip":"0.0.0.0", "port":0}, "bytes":{"sent":0, "received":0}, "request":{"hostname":"[0.0.0.0]"}, "message":"Accepting connections [7/3659003584]"}
{"time_unix":1726130478, "proxy":{"type:":"SOCKS", "port":1080}, "error":{"code":"00000"}, "auth":{"user":"-"}, "client":{"ip":"127.0.0.1", "port":1080}, "server":{"ip":"0.0.0.0", "port":0}, "bytes":{"sent":0, "received":0}, "request":{"hostname":"[0.0.0.0]"}, "message":"Accepting connections [7/3658950336]"}
$ docker ps
CONTAINER ID   IMAGE                               COMMAND                  CREATED         STATUS         PORTS                                                                                  NAMES
f72b19d1936f   ghcr.io/tarampampam/3proxy:latest   "/bin/mustpl -f /etc…"   4 seconds ago   Up 4 seconds   0.0.0.0:1080->1080/tcp, :::1080->1080/tcp, 0.0.0.0:3128->3128/tcp, :::3128->3128/tcp   quirky_antonelli

$ docker exec -ti f72b19d1936f netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:1080          0.0.0.0:*               LISTEN      7/3proxy
tcp        0      0 127.0.0.1:3128          0.0.0.0:*               LISTEN      7/3proxy
#                   ^^^^^^^^^
NanoG6 commented 5 days ago

I'm using docker-compose like this; root@sg-ap2:/docker/3proxy# cat docker-compose.yml

name: 3proxy
services:
    3proxy:
        restart: always
        ports:
            - 8686:3128/tcp
        environment:
            - PRIMARY_RESOLVER=10.29.86.2
            - EXTRA_CONFIG="internal 127.0.0.1"
        image: ghcr.io/tarampampam/3proxy:latest

and the container in restart loop;

root@sg-ap2:/docker/3proxy# docker ps
CONTAINER ID   IMAGE                               COMMAND                  CREATED          STATUS                         PORTS                                       NAMES
85d45d408c1b   ghcr.io/tarampampam/3proxy:latest   "/bin/mustpl -f /etc…"   42 seconds ago   Restarting (1) 7 seconds ago                                               3proxy-3proxy-1
tarampampam commented 5 days ago

Could you run it using Docker and share the logs? Alternatively, could you show the output of docker compose logs?

NanoG6 commented 4 days ago

Hi, sorry I just got back. Yes, I can run the service using docker, and the container will listen at 127.0.0.1. 

root@sg-ap2:/docker/3proxy# docker exec -ti d5afa8062075 netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:1080          0.0.0.0:*               LISTEN      8/3proxy
tcp        0      0 127.0.0.1:3128          0.0.0.0:*               LISTEN      8/3proxy

but in host level it's still listen on any IP/interface;

root@sg-ap2:/docker/3proxy# netstat -tulpen | grep 8686
tcp        0      0 0.0.0.0:8686            0.0.0.0:*               LISTEN      0          3579664110 3452449/docker-prox
tcp6       0      0 :::8686                 :::*                    LISTEN      0          3579665099 3452457/docker-prox

It seems you misunderstood my question, because what I need is for the 3proxy/container to listen on a specific IP belonging to the HOST. so what I do is like this in docker-compose;

name: 3proxy
services:
    3proxy:
        restart: always
        ports:
            - 100.82.99.129:8686:3128/tcp
        environment:
            - PRIMARY_RESOLVER=10.29.86.2
        image: ghcr.io/tarampampam/3proxy:latest
root@sg-ap2:/docker/3proxy# netstat -tulpen | grep 8686
tcp        0      0 100.82.99.129:8686      0.0.0.0:*               LISTEN      0          3579823987 3516402/docker-prox

Yeah I know it's basic docker question.. forgive my ignorance ;)

tarampampam commented 4 days ago

So, using 100.82.99.129:8686:3128/tcp doesn't give you the results you need?

I've craft the following configuration, and it seems to work as expected:

services:
  3proxy:
    image: ghcr.io/tarampampam/3proxy:latest
    ports: [127.0.0.55:8686:3128/tcp]
    #       ^^^^^^^^^^
$ docker compose up
3proxy-1  | /bin/3proxy: Starting 3proxy
3proxy-1  | {"time_unix":1726229163, "proxy":{"type:":"PROXY", "port":3128}, "error":{"code":"00000"}, "auth":{"user":"-"}, "client":{"ip":"0.0.0.0", "port":3128}, "server":{"ip":"0.0.0.0", "port":0}, "bytes":{"sent":0, "received":0}, "request":{"hostname":"[0.0.0.0]"}, "message":"Accepting connections [7/652854976]"}
3proxy-1  | {"time_unix":1726229163, "proxy":{"type:":"SOCKS", "port":1080}, "error":{"code":"00000"}, "auth":{"user":"-"}, "client":{"ip":"0.0.0.0", "port":1080}, "server":{"ip":"0.0.0.0", "port":0}, "bytes":{"sent":0, "received":0}, "request":{"hostname":"[0.0.0.0]"}, "message":"Accepting connections [7/652801728]"}

# in another shell:

$ netstat -tulpn | grep 8686
tcp        0      0 127.0.0.55:8686         0.0.0.0:*               LISTEN      -
#                   ^^^^^^^^^^

$ curl --proxy http://127.0.0.55:8686 https://www.cloudflare.com/robots.txt
#    .__________________________.
#    | .___________________. |==|
#    | | ................. | |  |
#    | | ::[ Dear robot ]: | |  |
#    | | ::::[ be nice ]:: | |  |
#    | | ::::::::::::::::: | |  |
#    | | ::::::::::::::::: | |  |
#    | | ::::::::::::::::: | |  |
#    | | ::::::::::::::::: | | ,|
#    | !___________________! |(c|
#    !_______________________!__!
#   /                            \
#  /  [][][][][][][][][][][][][]  \
# /  [][][][][][][][][][][][][][]  \
#(  [][][][][____________][][][][]  )
# \ ------------------------------ /
#  \______________________________/

# ...

If you change the IP address in the port binding like this:

-     ports: [127.0.0.55:8686:3128/tcp]
+     ports: [192.168.100.18:8686:3128/tcp] # the IP addr of the external net

The container should then be accessible on the specified network interface (if I understand correctly, your external network). However, in this case, it will only be usable via the proxy from external machines. Is that correct, or am I mistaken?