Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/hypnguyen1209/docker-container-socks

A program that creates a SOCKS5 proxy server to route all traffic through a Docker container's network namespace
https://github.com/hypnguyen1209/docker-container-socks

docker docker-container socks5-server

Last synced: 5 months ago
JSON representation

A program that creates a SOCKS5 proxy server to route all traffic through a Docker container's network namespace

Awesome Lists containing this project

README 

          
# Docker Container SOCKS



A Go program that creates a SOCKS5 proxy server to route all traffic through a Docker container's network namespace.



## Features



- Creates a SOCKS5 proxy server that routes traffic through a Docker container's network

- Supports both container names and container IDs

- Configurable listen address (supports all interfaces or localhost only)

- Custom Docker socket path support

- Network namespace switching for proper traffic routing



## Requirements



- Go 1.21+

- Docker running

- Root privileges (required for network namespace operations)

- Linux (uses netlink and netns libraries)



## Installation



```bash

# Clone or navigate to the project directory

cd docker-container-socks



# Download dependencies

go mod tidy



# Build the program

go build -o docker-container-socks main.go

```



## Usage



```bash

# Basic usage with container name

sudo ./docker-container-socks -container mycontainer



# Specify container ID and custom listen address

sudo ./docker-container-socks -container abc123def456 -listen :8080



# Listen on localhost only

sudo ./docker-container-socks -container mycontainer -listen 127.0.0.1:1080



# Use custom Docker socket path

sudo ./docker-container-socks -container mycontainer -unix /custom/path/docker.sock -listen :9090

```



### Command Line Arguments



- `-container` (required): Container name or container ID

- `-listen` (optional): Listen address for SOCKS5 proxy server (default: `:8080`)

  - `:8080` - Listen on all interfaces, port 8080

  - `127.0.0.1:1080` - Listen on localhost only, port 1080

  - `0.0.0.0:9090` - Listen on all interfaces, port 9090

- `-unix` (optional): Path to Docker socket (default: `/var/run/docker.sock`)



## How It Works



1. **Container Discovery**: The program connects to the Docker API and inspects the specified container to get its network information and process ID (PID).



2. **Network Namespace**: It uses the container's PID to access its network namespace using Linux netns functionality.



3. **SOCKS5 Proxy**: A SOCKS5 proxy server is created that intercepts connection requests.



4. **Traffic Routing**: For each connection through the proxy, the program:

   - Switches to the container's network namespace

   - Establishes the connection from within that namespace

   - Routes the traffic through the container's network stack

   - Switches back to the original namespace



## Example Use Cases



- Route web scraping through a VPN container

- Access services through a container with specific network configuration

- Test applications as if running from within a container's network

- Bypass network restrictions using a proxy container



## Security Notes



- This program requires root privileges to manipulate network namespaces

- All traffic through the proxy will have the same network identity as the target container

- Ensure the target container is trusted and secure



## Testing



You can test the proxy with curl:



```bash

# Start the proxy (in another terminal)

sudo ./docker-container-socks -container mycontainer -listen :1080



# Test with curl

curl --socks5 127.0.0.1:1080 http://httpbin.org/ip

```



## Troubleshooting



- **Permission denied**: Make sure to run with sudo/root privileges

- **Container not found**: Verify the container name/ID and that it's running

- **Network namespace errors**: Ensure the container is running and accessible

- **Docker socket errors**: Check that Docker is running and the socket path is correct



## Dependencies



- `github.com/docker/docker` - Docker API client

- `github.com/things-go/go-socks5` - SOCKS5 server implementation

- `github.com/vishvananda/netlink` - Linux netlink library

- `github.com/vishvananda/netns` - Network namespace utilities