search

v2fly / docker

docker build repo for v2fly
https://hub.docker.com/r/v2fly/v2fly-core
MIT License
724 stars 208 forks source link

can't access proxy outside of container #75

Closed k61n closed 1 month ago

k61n commented 1 month ago

Docker image is build with v5.16.1 flag. Tried on debian 11 having docker 20.10.5 and on ubuntu 20.04 having docker 24.0.5. Tried this proxy config

    "inbounds": [
        {
            "port": 1080,
            "listen": "127.0.0.1",
            "protocol": "socks",
            "settings": {
                "udp": true
            }
        }
    ],

And this

    "inbounds": [
        {
            "port": 1080,
            "listen": "127.0.0.1",
            "protocol": "socks",
            "settings": {
                "udp": false
            },
            "sniffing": {
                "enabled": false,
                "destOverride": ["http", "tls"]
            }
        }
    ],

docker ps:

CONTAINER ID   IMAGE                          COMMAND                  CREATED          STATUS                 PORTS                                                       NAMES
4b494c3a5182   v2ray-client                   "/usr/bin/v2ray run …"   14 minutes ago   Up 9 minutes           0.0.0.0:1080->1080/tcp, 0.0.0.0:1080->1080/udp              v2ray-client

I can run curl inside docker container to confirm client-server part works fine (server is in UK, me in another country):

# curl -v --socks5 localhost:1080 http://ifconfig.co/country
* Host localhost:1080 was resolved.
* IPv6: ::1
* IPv4: 127.0.0.1
*   Trying [::1]:1080...
* Immediate connect fail for ::1: Address not available
*   Trying 127.0.0.1:1080...
* Connected to localhost (127.0.0.1) port 1080
* Host ifconfig.co:80 was resolved.
* IPv6: 2606:4700:3037::6815:365b, 2606:4700:3030::ac43:a86a
* IPv4: 172.67.168.106, 104.21.54.91
* SOCKS5 connect to 172.67.168.106:80 (locally resolved)
* SOCKS5 request granted.
* Connected to localhost (127.0.0.1) port 1080
> GET /country HTTP/1.1
> Host: ifconfig.co
> User-Agent: curl/8.5.0
> Accept: */*
> 
< HTTP/1.1 200 OK
< Date: Wed, 22 May 2024 09:08:32 GMT
< Content-Type: text/plain; charset=utf-8
< Content-Length: 15
< Connection: keep-alive
< CF-Cache-Status: DYNAMIC
< Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cxdcWnXV1d1nJL%2F%2B3P4j7aMKbN2QfGERmEw8RRG6E43WWS9zO7BYwlYpsxeDp25SMuFEc1FutOUFp9lf2A9RIU88%2BBe%2FnIwQ8H7LAIOlim4Lnwgd2GsIniKgAdaBQg%3D%3D"}],"group":"cf-nel","max_age":604800}
< NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< Server: cloudflare
< CF-RAY: 887ba985ad259553-LHR
< alt-svc: h3=":443"; ma=86400
< 
United Kingdom
* Connection #0 to host localhost left intact

However when I run curl in the host system:

curl -v --socks5 localhost:1080 http://ifconfig.co/country
*   Trying 127.0.0.1:1080...
* TCP_NODELAY set
* SOCKS5 communication to ifconfig.co:80
* Unable to receive initial SOCKS5 response.
* Closing connection 0
curl: (7) Unable to receive initial SOCKS5 response.

I tried to add EXPOSE 1080 to the Dockerfile, but it didn't help. I wonder what could be the problem? The docker network is fine. The container gets its IP and is pingable. If I try curl over its IP address in the docker network the result is the same. Should I use other type of proxy rather than socks? I need it so it would work with Firefox or other browser without any additional plugins.

P.S. I have tried to setup proxy using http protocol. It works inside the docker container, however outside still something is wrong

curl -v --proxy localhost:1080 example.com
*   Trying 127.0.0.1:1080...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 1080 (#0)
> GET http://example.com/ HTTP/1.1
> Host: example.com
> User-Agent: curl/7.68.0
> Accept: */*
> Proxy-Connection: Keep-Alive
> 
* Recv failure: Connection reset by peer
* Closing connection 0
curl: (56) Recv failure: Connection reset by peer
k61n commented 1 month ago

I also tried to run the same configuration on mac with docker 4.30, even wrote following docker-compose.yaml file:

version: '3'

services:
  v2ray-service:
    build:
      context: ./docker
      dockerfile: Dockerfile
      args:
        TARGETPLATFORM: "linux/arm64"
        TAG: "v5.16.1"
    image: v2ray-client:v5.16.1
    container_name: v2ray-client
    ports:
      - "1080:1080"
    volumes:
      - /Users/kk/work/docker/v2ray-client/files/etc/v2ray:/etc/v2ray
    command: ["run", "-c", "/etc/v2ray/config.json"]

But without luck

k61n commented 1 month ago

I have managed to use the docker container as a proxy but only with http protocol:

    "inbounds": [
        {
            "port": 1080,
            "listen": "0.0.0.0",
            "protocol": "http"
        }
    ],

And run docker container with --network host argument instead exposing the 1080 port. For me this container runs on dedicated raspberry pi, but might not be a suitable case for everyone. So I believe the issue should stay open.

k61n commented 1 month ago

Ok, I think I got it. I had two issues. First issue is that config should listen 0.0.0.0, not 127.0.0.1. Otherwise one wouldn't be able to access the proxy outside of the container. The second problem might be the docker versions. I have v20 on debian11 and v24 on ubuntu20.04. It turns out that configuring socks protocol in ubuntu and running the container with -p 1080:1080 or --network host works fine, but not in debian11. In debian11 for some reason config with socks refuses to work. Tt is still possible to run using http protocol, tho.