Closed NanoG6 closed 1 day ago
I think docker run ... -e EXTRA_CONFIG="external 192.168.1.1" ...
might be what you need, but I'm not entirely sure
I've tried both external
and internal
directive, but the container failed to start (restart loop). The goal is to set listening address to use my tailscale IP address, because last time it uses public IP address and somehow IPTABLES failed to protect the port and my server become public proxy server (!). For now, I'm using cloud provider firewall to block the port.
Strange. Using the internal
option (instead of external
) seems to make everything work as expected:
$ docker run --rm -p "3128:3128/tcp" -p "1080:1080/tcp" -e EXTRA_CONFIG="internal 127.0.0.1" ghcr.io/tarampampam/3proxy:latest
/bin/3proxy: Starting 3proxy
{"time_unix":1726130478, "proxy":{"type:":"PROXY", "port":3128}, "error":{"code":"00000"}, "auth":{"user":"-"}, "client":{"ip":"127.0.0.1", "port":3128}, "server":{"ip":"0.0.0.0", "port":0}, "bytes":{"sent":0, "received":0}, "request":{"hostname":"[0.0.0.0]"}, "message":"Accepting connections [7/3659003584]"}
{"time_unix":1726130478, "proxy":{"type:":"SOCKS", "port":1080}, "error":{"code":"00000"}, "auth":{"user":"-"}, "client":{"ip":"127.0.0.1", "port":1080}, "server":{"ip":"0.0.0.0", "port":0}, "bytes":{"sent":0, "received":0}, "request":{"hostname":"[0.0.0.0]"}, "message":"Accepting connections [7/3658950336]"}
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f72b19d1936f ghcr.io/tarampampam/3proxy:latest "/bin/mustpl -f /etc…" 4 seconds ago Up 4 seconds 0.0.0.0:1080->1080/tcp, :::1080->1080/tcp, 0.0.0.0:3128->3128/tcp, :::3128->3128/tcp quirky_antonelli
$ docker exec -ti f72b19d1936f netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:1080 0.0.0.0:* LISTEN 7/3proxy
tcp 0 0 127.0.0.1:3128 0.0.0.0:* LISTEN 7/3proxy
# ^^^^^^^^^
I'm using docker-compose like this; root@sg-ap2:/docker/3proxy# cat docker-compose.yml
name: 3proxy
services:
3proxy:
restart: always
ports:
- 8686:3128/tcp
environment:
- PRIMARY_RESOLVER=10.29.86.2
- EXTRA_CONFIG="internal 127.0.0.1"
image: ghcr.io/tarampampam/3proxy:latest
and the container in restart loop;
root@sg-ap2:/docker/3proxy# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
85d45d408c1b ghcr.io/tarampampam/3proxy:latest "/bin/mustpl -f /etc…" 42 seconds ago Restarting (1) 7 seconds ago 3proxy-3proxy-1
Could you run it using Docker and share the logs? Alternatively, could you show the output of docker compose logs
?
Hi, sorry I just got back. Yes, I can run the service using docker, and the container will listen at 127.0.0.1.
root@sg-ap2:/docker/3proxy# docker exec -ti d5afa8062075 netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:1080 0.0.0.0:* LISTEN 8/3proxy
tcp 0 0 127.0.0.1:3128 0.0.0.0:* LISTEN 8/3proxy
but in host level it's still listen on any IP/interface;
root@sg-ap2:/docker/3proxy# netstat -tulpen | grep 8686
tcp 0 0 0.0.0.0:8686 0.0.0.0:* LISTEN 0 3579664110 3452449/docker-prox
tcp6 0 0 :::8686 :::* LISTEN 0 3579665099 3452457/docker-prox
It seems you misunderstood my question, because what I need is for the 3proxy/container to listen on a specific IP belonging to the HOST. so what I do is like this in docker-compose;
name: 3proxy
services:
3proxy:
restart: always
ports:
- 100.82.99.129:8686:3128/tcp
environment:
- PRIMARY_RESOLVER=10.29.86.2
image: ghcr.io/tarampampam/3proxy:latest
root@sg-ap2:/docker/3proxy# netstat -tulpen | grep 8686
tcp 0 0 100.82.99.129:8686 0.0.0.0:* LISTEN 0 3579823987 3516402/docker-prox
Yeah I know it's basic docker question.. forgive my ignorance ;)
So, using 100.82.99.129:8686:3128/tcp
doesn't give you the results you need?
I've craft the following configuration, and it seems to work as expected:
services:
3proxy:
image: ghcr.io/tarampampam/3proxy:latest
ports: [127.0.0.55:8686:3128/tcp]
# ^^^^^^^^^^
$ docker compose up
3proxy-1 | /bin/3proxy: Starting 3proxy
3proxy-1 | {"time_unix":1726229163, "proxy":{"type:":"PROXY", "port":3128}, "error":{"code":"00000"}, "auth":{"user":"-"}, "client":{"ip":"0.0.0.0", "port":3128}, "server":{"ip":"0.0.0.0", "port":0}, "bytes":{"sent":0, "received":0}, "request":{"hostname":"[0.0.0.0]"}, "message":"Accepting connections [7/652854976]"}
3proxy-1 | {"time_unix":1726229163, "proxy":{"type:":"SOCKS", "port":1080}, "error":{"code":"00000"}, "auth":{"user":"-"}, "client":{"ip":"0.0.0.0", "port":1080}, "server":{"ip":"0.0.0.0", "port":0}, "bytes":{"sent":0, "received":0}, "request":{"hostname":"[0.0.0.0]"}, "message":"Accepting connections [7/652801728]"}
# in another shell:
$ netstat -tulpn | grep 8686
tcp 0 0 127.0.0.55:8686 0.0.0.0:* LISTEN -
# ^^^^^^^^^^
$ curl --proxy http://127.0.0.55:8686 https://www.cloudflare.com/robots.txt
# .__________________________.
# | .___________________. |==|
# | | ................. | | |
# | | ::[ Dear robot ]: | | |
# | | ::::[ be nice ]:: | | |
# | | ::::::::::::::::: | | |
# | | ::::::::::::::::: | | |
# | | ::::::::::::::::: | | |
# | | ::::::::::::::::: | | ,|
# | !___________________! |(c|
# !_______________________!__!
# / \
# / [][][][][][][][][][][][][] \
# / [][][][][][][][][][][][][][] \
#( [][][][][____________][][][][] )
# \ ------------------------------ /
# \______________________________/
# ...
If you change the IP address in the port binding like this:
- ports: [127.0.0.55:8686:3128/tcp]
+ ports: [192.168.100.18:8686:3128/tcp] # the IP addr of the external net
The container should then be accessible on the specified network interface (if I understand correctly, your external network). However, in this case, it will only be usable via the proxy from external machines. Is that correct, or am I mistaken?
Not an issue, but as in title, how to set the service listen only on specific IP address?