{"id":22062147,"url":"https://github.com/belodetek/proxy-socks","last_synced_at":"2025-05-12T22:33:45.393Z","repository":{"id":92447871,"uuid":"129306068","full_name":"belodetek/proxy-socks","owner":"belodetek","description":"Desktop app to forward remote TCP port to a SOCKS proxy via SSH","archived":false,"fork":false,"pushed_at":"2022-11-25T17:32:46.000Z","size":1289,"stargazers_count":28,"open_issues_count":0,"forks_count":6,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-01T04:17:56.981Z","etag":null,"topics":["digitalocean","electron-app","nodejs","socks-proxy","ssh-tunnel"],"latest_commit_sha":null,"homepage":"http://app.belodetek.io","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/belodetek.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-04-12T20:12:02.000Z","updated_at":"2024-04-18T11:26:58.000Z","dependencies_parsed_at":"2023-06-01T03:15:19.586Z","dependency_job_id":null,"html_url":"https://github.com/belodetek/proxy-socks","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/belodetek%2Fproxy-socks","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/belodetek%2Fproxy-socks/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/belodetek%2Fproxy-socks/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/belodetek%2Fproxy-socks/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/belodetek","download_url":"https://codeload.github.com/belodetek/proxy-socks/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253833355,"owners_count":21971402,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["digitalocean","electron-app","nodejs","socks-proxy","ssh-tunnel"],"created_at":"2024-11-30T18:17:35.415Z","updated_at":"2025-05-12T22:33:45.382Z","avatar_url":"https://github.com/belodetek.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# proxy-socks\n\n\u003e **TL;DR** follow these [instructions](#instructions) to start building a flexible residential back-connect proxy network on any platform running [Electron](https://electronjs.org/).\n\n# about\n\n\u003cimg align=\"left\" src=\"https://raw.githubusercontent.com/ab77/proxy-socks/master/assets/app-icon/png/48.png\"\u003e  This [Electron](https://electronjs.org/) desktop app forwards `socksPort` and `squidPort` to `proxyRemote` IP on the remote server over [SSH](https://github.com/mscdex/ssh2) and in reverse, forwards a random port on a remote [Linux box](#server-config) to a [SOCKS](https://github.com/mscdex/socksv5) proxy running locally.\n\nClients connecting to `squidPort` or `socksPort` on the machine running the app, will be tunneled to `proxyRemote` on remote server. Similarly, remote SOCKS connections will be proxied out the local WAN interface of the machine running the app. It is up to you to handle incoming client connections on the remote server using HAProxy, Squid, etc.\n\n\n# instructions\n\n\u003cp align=\"left\"\u003e\u003ca href=\"https://m.do.co/c/937b01397c94\" target=\"_blank\"\u003e\u003cimg src=\"https://raw.githubusercontent.com/ab77/netflix-proxy/master/static/digitalocean.png\" width=\"300\"\u003e\u003c/a\u003e\u003c/p\u003e\n\n* deploy an Ubuntu or Debian box to be the proxy concentrator and note its public IP (e.g. on [DigitalOcean](https://m.do.co/c/937b01397c94))\n\n\n## client config\n* create SSH key locally and copy to the the proxy concentrator\n\n        mkdir -p ~/.proxy-socks\\\n          \u0026\u0026 echo -e 'y\\n' | ssh-keygen -f ~/.proxy-socks/id_rsa\\\n          \u0026\u0026 ssh-copy-id -i ~/.proxy-socks/id_rsa.pub root@{proxy-concentrator}\n\n* create `config.json`, with the hostname or IP address of the proxy concentrator and adjust ports if required\n\n```\ncat \u003c\u003c EOF \u003e ~/.proxy-socks/config.json\n{\n    \"username\": \"tunnel\",\n    \"host\": \"{proxy-concentrator}\",\n    \"port\": 22,\n    \"privateKey\": \"${HOME}/.proxy-socks/id_rsa\",\n    \"squidPort\": 3128,\n    \"socksPort\": 1080,\n    \"proxyRemote\": \"172.20.0.10\"\n}\nEOF\n```\n\n\n## server config\n* on the proxy concentrator create `tunnel` user, set a password and authorize keys\n\n        useradd -m tunnel -s /bin/bash\\\n          \u0026\u0026 mkdir -p /home/tunnel/.ssh\\\n          \u0026\u0026 cat ~/.ssh/authorized_keys \u003e /home/tunnel/.ssh/authorized_keys\n\n* create splash script and set permissions\n\n```\ncat \u003c\u003c EOF \u003e /home/tunnel/splash.sh\n#!/bin/sh\necho '+--------------------------+'\necho '|                          |'\necho '|  Nothing to see here...  |'\necho '|                          |'\necho '+--------------------------+'\nEOF\n\nchmod +x /home/tunnel/splash.sh\nchown tunnel:tunnel -hR /home/tunnel\n```\n\n* update sshd config and restart the service\n\n```\ncat \u003c\u003c EOF \u003e\u003e /etc/ssh/sshd_config\n\nMatch User tunnel\n  ForceCommand /home/tunnel/splash.sh\nEOF\n\nservice ssh restart\n```\n\n\n## installing\n\nThe Windows binary is not signed and modern Chrome/Windows will try to prevent it from running. If this is important to you, you can get a signing certificate from one of the [vendors](https://www.sslshopper.com/microsoft-authenticode-certificates.html) and build a signed release.\n\n|OS|release|\n|---|---|\n|Windows|[latest](https://github.com/ab77/proxy-socks/releases/download/v1.0.5/proxy-socks-setup-1.0.5.exe), [1.0.4](https://github.com/ab77/proxy-socks/releases/download/v1.0.4/proxy-socks-setup-1.0.4.exe), [1.0.3](https://github.com/ab77/proxy-socks/releases/download/v1.0.3/proxy-socks-setup-1.0.3.exe), [1.0.2](https://github.com/ab77/proxy-socks/releases/download/v1.0.2/proxy-socks-setup-1.0.2.exe), [1.0.1](https://github.com/ab77/proxy-socks/releases/download/v1.0.1/proxy-socks-setup-1.0.1.exe), [1.0.0](https://github.com/ab77/proxy-socks/releases/download/v1.0.0/proxy-socks-setup-1.0.0.exe)|\n|Linux (AppImage)|[latest](https://github.com/ab77/proxy-socks/releases/download/v1.0.5/proxy-socks-1.0.5-x86_64.AppImage), [1.0.4](https://github.com/ab77/proxy-socks/releases/download/v1.0.4/proxy-socks-1.0.4-x86_64.AppImage), [1.0.3](https://github.com/ab77/proxy-socks/releases/download/v1.0.3/proxy-socks-1.0.3-x86_64.AppImage), [1.0.2](https://github.com/ab77/proxy-socks/releases/download/v1.0.2/proxy-socks-1.0.2-x86_64.AppImage), [1.0.1](https://github.com/ab77/proxy-socks/releases/download/v1.0.1/proxy-socks-1.0.1-x86_64.AppImage), [1.0.0](https://github.com/ab77/proxy-socks/releases/download/v1.0.0/proxy-socks-1.0.0-x86_64.AppImage)|\n|Linux (Snap)|[latest](https://github.com/ab77/proxy-socks/releases/download/v1.0.5/proxy-socks_1.0.5_amd64.snap), [1.0.4](https://github.com/ab77/proxy-socks/releases/download/v1.0.4/proxy-socks_1.0.4_amd64.snap), [1.0.3](https://github.com/ab77/proxy-socks/releases/download/v1.0.3/proxy-socks_1.0.3_amd64.snap), [1.0.2](https://github.com/ab77/proxy-socks/releases/download/v1.0.2/proxy-socks_1.0.2_amd64.snap), [1.0.1](https://github.com/ab77/proxy-socks/releases/download/v1.0.1/proxy-socks_1.0.1_amd64.snap), [1.0.0](https://github.com/ab77/proxy-socks/releases/download/v1.0.0/proxy-socks_1.0.0_amd64.snap)|\n|Mac OS X|[latest](https://github.com/ab77/proxy-socks/releases/download/v1.0.5/proxy-socks-1.0.5.dmg), [1.0.4](https://github.com/ab77/proxy-socks/releases/download/v1.0.4/proxy-socks-1.0.4.dmg), [1.0.3](https://github.com/ab77/proxy-socks/releases/download/v1.0.3/proxy-socks-1.0.3.dmg), [1.0.2](https://github.com/ab77/proxy-socks/releases/download/v1.0.2/proxy-socks-1.0.2.dmg), [1.0.1](https://github.com/ab77/proxy-socks/releases/download/v1.0.1/proxy-socks-1.0.1.dmg), [1.0.0](https://github.com/ab77/proxy-socks/releases/download/v1.0.0/proxy-socks-1.0.0.dmg)|\n\n* launch the app and note the forwarded port number\n\n\u003cimg align=\"center\" src=\"https://raw.githubusercontent.com/ab77/proxy-socks/master/extra/proxy-socks.png\" width=\"400\"\u003e\n\n\u003e \u003cimg align=\"left\" src=\"https://raw.githubusercontent.com/ab77/proxy-socks/master/assets/app-icon/png/16.png\"\u003e  The app will attempt to insert itself into the appropriate start-up chain to start automatically with the operating system and appear minimised to tray.\n\n* test connectivity to the proxy from the proxy concentrator\n\n        # netstat -a -n -p | grep LISTEN | grep 127.0.0.1\n        tcp        0      0 127.0.0.1:{zzz}         0.0.0.0:* ...\n\n        root@ubuntu:# curl -4 ifconfig.co\n        {xxx}\n\n        root@ubuntu:# curl -4 --socks5 localhost:{zzz} ifconfig.co\n        {yyy}\n\n\u003e you should see a random TCP port and two different public IPs if everything is working correctly\n\n\n# IPv6\n\n\u003e the server is listening on both `AF_INET` and `AF_INET6` sockets\n\n        # netstat -a -n -p | grep LISTEN | grep ::1\n        tcp6       0      0 ::1:{zzz}               :::* ...\n\n        root@ubuntu:# curl -6 ifconfig.co\n        {xxx}\n\n        root@ubuntu:# curl -6 --socks5 localhost:{zzz} ifconfig.co\n        {yyy}\n\n\n# next steps\nEvery new installation of the app, will attempt to make a connection to the remote server and forward a random port to the local proxy. These proxies can then be exposed on the public interface of the server using [HAProxy](http://www.haproxy.org/), [OpenVPN](https://openvpn.net/) or a combination of tools.\n\nAn [example](https://raw.githubusercontent.com/ab77/proxy-socks/master/extra/update-haproxy) shell script can be used to automatically generate HAProxy configuration for all connected proxies.\n\n\u003e Once the ports are exposed, ensure appropriate ACLs are set.\n\n\u003chr\u003e\n\u003cp align=\"center\"\u003e\u0026copy; 2018 \u003ca href=\"https://anton.belodedenko.me/belodetek/\"\u003ebelodetek\u003c/a\u003e\u003c/p\u003e\n\u003cp align=\"center\"\u003e\u003ca href=\"http://anton.belodedenko.me/\"\u003e\u003cimg src=\"https://avatars2.githubusercontent.com/u/2033996?v=3\u0026s=50\"\u003e\u003c/a\u003e\u003c/p\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbelodetek%2Fproxy-socks","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbelodetek%2Fproxy-socks","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbelodetek%2Fproxy-socks/lists"}