{"id":21450628,"url":"https://github.com/mietzen/docker-redsocks-proxy","last_synced_at":"2025-07-14T21:32:15.802Z","repository":{"id":251609373,"uuid":"837904167","full_name":"mietzen/docker-redsocks-proxy","owner":"mietzen","description":"Docker Redsocks Proxy Image with Example","archived":false,"fork":false,"pushed_at":"2024-10-17T14:36:58.000Z","size":54,"stargazers_count":5,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-10-19T21:09:18.383Z","etag":null,"topics":["docker","proxy","socks5","vpn"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mietzen.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-08-04T11:47:04.000Z","updated_at":"2024-10-17T14:37:11.000Z","dependencies_parsed_at":"2024-08-13T17:28:53.259Z","dependency_job_id":null,"html_url":"https://github.com/mietzen/docker-redsocks-proxy","commit_stats":null,"previous_names":["mietzen/docker-redsocks-proxy"],"tags_count":5,"template":false,"template_full_name":"mietzen/docker-ci-template","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mietzen%2Fdocker-redsocks-proxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mietzen%2Fdocker-redsocks-proxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mietzen%2Fdocker-redsocks-proxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mietzen%2Fdocker-redsocks-proxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mietzen","download_url":"https://codeload.github.com/mietzen/docker-redsocks-proxy/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225998802,"owners_count":17557473,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","proxy","socks5","vpn"],"created_at":"2024-11-23T04:16:01.955Z","updated_at":"2025-07-14T21:32:15.794Z","avatar_url":"https://github.com/mietzen.png","language":"Shell","readme":"# Docker Redsocks Proxy\n\nWith this container, you can redirect all TCP traffic through a SOCKS5 proxy, with optional DNSCrypt integration for secure DNS resolution.\n\n## Features:\n\n- Route all TCP traffic or just specific ports through the proxy\n- DNSCrypt for DoH (DNS over HTTPS) name resolution through the proxy (can be disabled)\n- Easy configuration via environment variables\n\n## Example Usage\n\nIn this example, the HTTP and HTTPS traffic of the `debian` container will always be redirected through the configured proxy. This requires that your Docker host is already connected to the VPN network (in this case, Mullvad VPN).\n\n```yaml\nservices:\n  redsocks:\n    image: mietzen/redsocks-proxy:stable\n    hostname: redsocks\n    cap_add:\n      - NET_ADMIN\n      - NET_RAW\n    environment:\n      - PROXY_SERVER=de-ber-wg-socks5-005.relays.mullvad.net\n      - PROXY_PORT=1080\n      # Optional:\n      # DNSCrypt:\n      - DNSCrypt_Active=true\n      - DOH_SERVERS=quad9-doh-ip4-port443-nofilter-ecs-pri, quad9-doh-ip4-port443-nofilter-pri # Server-List: https://dnscrypt.info/public-servers/\n      - FALL_BACK_DNS=9.9.9.9\n      # FIREWALL:\n      - REDIRECT_PORTS=all # Only certain port, e.g. REDIRECT_PORTS=21,80,443\n      - ALLOW_DOCKER_CIDR=true # Allow networking between containers\n      - LIMIT_UDP=true # Drop outgoing UDP traffic (DNS is whitelisted)\n      # REDSOCKS:\n      # - LOGIN=myuser\n      # - PASSWORD=mypass\n      - LOCAL_IP=127.0.0.1\n      - LOCAL_PORT=8081\n      - PROXY_TYPE=socks5\n      - LOG_DEBUG=off\n      - LOG_INFO=on\n      - CONNPRES_IDLE_TIMEOUT=7440\n      - DISCLOSE_SRC=false\n      - LISTENQ=128\n      - MAX_ACCEPT_BACKOFF=60000\n      - ON_PROXY_FAIL=close\n      - REDSOCKS_CONN_MAX=500\n      - RLIMIT_NOFILE=1024\n      - SPLICE=false\n      - TCP_KEEPALIVE_INTVL=75\n      - TCP_KEEPALIVE_PROBES=9\n      - TCP_KEEPALIVE_TIME=300\n    dns: 9.9.9.9 # Optional, but recommended if not using DNSCrypt\n    restart: unless-stopped\n\n  debian:\n    image: mietzen/debian-curl-jq:stable\n    depends_on:\n      redsocks:\n        condition: service_healthy\n    network_mode: service:redsocks\n    command: /bin/bash -c 'while true; do echo \"[Deb-cURL] $$(date '\"'\"'+[%Y-%m-%d %H:%M:%S]'\"'\"') [INFO]   $$(curl -sSL https://am.i.mullvad.net/connected)\" \u0026\u0026 sleep 10; done'\n    restart: unless-stopped\n```\n\n```shell\nredsocks-1  | ================== Log ==================\nredsocks-1  | \nredsocks-1  | [Redsocks] [2024-12-06 19:29:24] [NOTICE] main.c:165 main(...) redsocks started, conn_max=393216\nredsocks-1  | [DNSCrypt] [2024-12-06 19:29:24] [NOTICE] dnscrypt-proxy 2.1.5\nredsocks-1  | [Redsocks] [2024-12-06 19:29:24] [INFO]   redsocks.c:1243 redsocks_accept_client(...) [172.19.0.2:47174-\u003e149.112.112.12:443]: accepted\nredsocks-1  | [DNSCrypt] [2024-12-06 19:29:24] [NOTICE] Network connectivity detected\nredsocks-1  | [DNSCrypt] [2024-12-06 19:29:24] [NOTICE] Now listening to 127.0.0.1:5533 [UDP]\nredsocks-1  | [DNSCrypt] [2024-12-06 19:29:24] [NOTICE] Now listening to 127.0.0.1:5533 [TCP]\nredsocks-1  | [DNSCrypt] [2024-12-06 19:29:24] [NOTICE] Firefox workaround initialized\nredsocks-1  | [DNSCrypt] [2024-12-06 19:29:24] [NOTICE] [quad9-doh-ip4-port443-nofilter-pri] OK (DoH) - rtt: 26ms\nredsocks-1  | [DNSCrypt] [2024-12-06 19:29:24] [NOTICE] [quad9-doh-ip4-port443-nofilter-ecs-pri] OK (DoH) - rtt: 38ms\nredsocks-1  | [DNSCrypt] [2024-12-06 19:29:24] [NOTICE] Sorted latencies:\nredsocks-1  | [DNSCrypt] [2024-12-06 19:29:24] [NOTICE] -    26ms quad9-doh-ip4-port443-nofilter-pri\nredsocks-1  | [DNSCrypt] [2024-12-06 19:29:25] [NOTICE] -    38ms quad9-doh-ip4-port443-nofilter-ecs-pri\nredsocks-1  | [DNSCrypt] [2024-12-06 19:29:25] [NOTICE] Server with the lowest initial latency: quad9-doh-ip4-port443-nofilter-pri (rtt: 26ms)\nredsocks-1  | [DNSCrypt] [2024-12-06 19:29:25] [NOTICE] dnscrypt-proxy is ready - live servers: 2\nredsocks-1  | [Redsocks] [2024-12-06 19:29:29] [INFO]   redsocks.c:1243 redsocks_accept_client(...) [172.19.0.2:57850-\u003e45.83.223.233:443]: accepted\ndebian-1    | [Deb-cURL] [2024-12-06 19:29:29] [INFO]   You are connected to Mullvad (server de-ber-wg-socks5-005). Your IP address is 193.32.248.181\nredsocks-1  | [Redsocks] [2024-12-06 19:29:29] [INFO]   redsocks.c:671 redsocks_drop_client(...) [172.19.0.2:57850-\u003e45.83.223.233:443]: connection closed\n```\n\n### Published Ports\n\nIf your container behind `redsocks` exposes a port, that port is mirrored to the `redsocks` container. You can access it by opening the port on the `redsocks` container:\n\n```yaml\nservices:\n  redsocks:\n    image: mietzen/redsocks-proxy:stable\n    hostname: redsocks\n    ports:\n      - \"8080:2001\" # Port exposure on redsocks\n    cap_add:\n      - NET_ADMIN\n      - NET_RAW\n    environment:\n      - PROXY_SERVER=de-ber-wg-socks5-005.relays.mullvad.net\n      - PROXY_PORT=1080\n    dns: 9.9.9.9\n    restart: unless-stopped\n  whoami:\n    image: traefik/whoami\n    depends_on:\n      redsocks:\n        condition: service_healthy\n    command:\n       - --port=2001\n    network_mode: service:redsocks\n    restart: unless-stopped\n```\n\n```shell\n$ curl http://localhost:8080/\nHostname: redsocks\nIP: 127.0.0.1\nIP: ::1\nIP: 172.20.0.2\nIP: fe80::42:acff:fe14:2\nRemoteAddr: 172.16.0.1:59666\nGET / HTTP/1.1\nHost: localhost:8080\nUser-Agent: curl/8.9.1\nAccept: */*\n```\n\n**Sources:**\n- [PXke's blog: Using redsocks to proxy a docker container traffic](https://web.archive.org/web/20240302223218/https://blog.pxke.me/redsocksdocker.html)\n- [SO Answer from marlar: How to make docker container connect everything through proxy](https://stackoverflow.com/a/71099635)\n- [Docker Community Forums: Difficulty finding documentation about how network_mode: “service:\u003cservice_name\u003e” works](https://web.archive.org/web/20240721062403/https://forums.docker.com/t/difficulty-finding-documentation-about-how-network-mode-service-service-name-works/137008)\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmietzen%2Fdocker-redsocks-proxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmietzen%2Fdocker-redsocks-proxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmietzen%2Fdocker-redsocks-proxy/lists"}