mon-ius / docker-warp-socks Goto Github PK

View Code? Open in Web Editor NEW

302.0 2.0 32.0 161 KB

Connet to CloudFlare WARP, exposing `socks5` proxy all together.

Home Page: https://hub.docker.com/r/monius/docker-warp-socks

License: GNU General Public License v3.0

Dockerfile 17.91% Shell 82.09%

chatgpt cloudflare docker warp-plus wireguard

docker-warp-socks's Introduction

Docker-Warp-Socks

A lightweight Docker image, designed for easy connection to CloudFlare WARP, exposing socks5 proxy all together.

Multi-platform: linux/amd64, linux/arm64, linux/arm, and linux/s390x;

Ready to V2 features roadmap:

The new features will undergo pre-release testing at rws-cli.

+ 1. automatically enroll the WARP+ account plan
+ 2. eBFP featured wireguard implement
+ 3. more OS/platform support
+ 4. access to OpenAI Sora without effort
+ 5. 96.3% lighter(only 8MB) in alpine core run in more small devices!
+ 6. from 10s to 0.1s clone speed up from dockerhub!
+ 7. Enhance robustness to handle restartorreboot events!
+ 8. all in one caller written in Rust!!!
+ 9. Used to join in the SORA RED TEAM waitlist!
+ 10. Used to join in the Gemini 1.5 waitlist!
+ 11. Used to join in the SD 3.0 waitlist!
+ 12. Used to use the Claude 3 Opus!
+ 13. Enable to join Zero-Trust team plan with Unlimited traffic plan!
Automatically install and config CloudFlare WARP Client in Docker
Enable the access of WARP network from Docker Container's SOCKS5 port
Extend accessibility and avoid potential restrictions by using proxy services
Avoid looping verification in the Midjourney Discord Channel
Prevent being banned by proxying API calls
Successfully pre-process the AI WaitList
Develop apps with warp embedded
~~Bypass the New Bing wait-list~~
...

Why to use

The official warp-cli only support amd64 machines, and its guide is prone to causing potential connection loss risks on remote machines. It is recommended to experiment with fresh installations within a docker container, or you have to reboot it via the panel.

With any existed running proxy service, it acts just like a plugin that helps unlock public content such as OpenAI Sora, OpenAI ChatGPT,OpenAI GPT-4, OpenAI GPT-4V, Claude, Claude 2, Claude 3 Opus, ~~Google Bard~~, Google Gemini, Google Gemini Pro Vision, Google Gemini Advanced, ~~Google PaLM2 API~~, Google Vertex API, Google Scholar, and Netflix. No necessary to have any knowledge of CloudFlare, Warp, WireGuard, and WGCF before using this image.

Usage

The v1 image is built on debian:bookworm aka debian:12, we recently migrate from v1 to v2, which based on a more lighter container alpine:3.19. The main line will transition within a month, with minimal impact on the user side. As a contingency plan, users can revert to monius/docker-warp-socks:v1 if needed.

Please follow the EXAMPLES 1.1 and 2.1 To Get Start !

💾 Prerequisites

# in case, you have no docker-ce installed;
curl -fsSL "https://get.docker.com" | sudo bash

# to avoid `sudo` calling
sudo usermod -aG docker ${USER}
# or check https://docs.docker.com/engine/security/rootless 
# if required a rootless install with `dockerd-rootless-setuptool.sh install`

# in case, using Centos/RedHatEL
sudo systemctl enable docker && sudo systemctl start docker

1. Docker CLI

1.1 🎉 Quick Start

Run the following commands in your terminal:

docker run --privileged --restart=always -itd \
    --name warp_socks \
    --cap-add NET_ADMIN \
    --cap-add SYS_MODULE \
    --sysctl net.ipv6.conf.all.disable_ipv6=0 \
    --sysctl net.ipv4.conf.all.src_valid_mark=1 \
    -v /lib/modules:/lib/modules \
    -p 9091:9091 \
    monius/docker-warp-socks

The above command will create a background service that allows the entire container network to join the dual-stack cloudflare network pool without disconnecting from the host.

1.2 ⭐ WARP Plus Account(Advanced)

docker run --privileged --restart=always -itd \
    --name warp_socks_plus \
    -e WGCF_LICENSE_KEY=yourpluslicense \
    --cap-add NET_ADMIN \
    --cap-add SYS_MODULE \
    --sysctl net.ipv6.conf.all.disable_ipv6=0 \
    --sysctl net.ipv4.conf.all.src_valid_mark=1 \
    -v /lib/modules:/lib/modules \
    -p 9091:9091 \
    monius/docker-warp-socks

Run, curl -x "socks5h://127.0.0.1:9091" -fsSL "https://www.cloudflare.com/cdn-cgi/trace"; See plus means WARP Plus License Key applied success.

1.3 🔒 Tunnel Encryption(Advanced)

Run the following commands in your terminal:

docker run --privileged --restart=always -itd \
    --name warp_socks_passwd \
    -e SOCK_USER=monius \
    -e SOCK_PWD=passwd \
    --cap-add NET_ADMIN \
    --cap-add SYS_MODULE \
    --sysctl net.ipv6.conf.all.disable_ipv6=0 \
    --sysctl net.ipv4.conf.all.src_valid_mark=1 \
    -v /lib/modules:/lib/modules \
    -p 9091:9091 \
    monius/docker-warp-socks

The above command will add a little encryption to the existed socks connection, just a little~

Run, curl -U "monius:passwd" -x "socks5h://127.0.0.1:9091" -fsSL "https://www.cloudflare.com/cdn-cgi/trace" to go 🤗

1.4 🔧 Pre-Configuration Start (advanced)

To use your prepared config:

docker run --privileged --restart=always -itd \
    --name warp_socks \
    -e SOCK_USER=monius \
    -e SOCK_PWD=cool \
    --cap-add NET_ADMIN \
    --cap-add SYS_MODULE \
    --sysctl net.ipv6.conf.all.disable_ipv6=0 \
    --sysctl net.ipv4.conf.all.src_valid_mark=1 \
    -p 127.0.0.1:9091:9091 \
    -v /lib/modules:/lib/modules \
    -v ~/wireguard/:/opt/wireguard/:ro \
    monius/docker-warp-socks

It will also recognize the prepared wgcf-profile.conf and danted.conf if they are located in ~/wireguard/. Use -v ~/wireguard/:/opt/wireguard/:ro to map the directory.

And, -p 127.0.0.1:9091:9091 will create a localhost(127.0.0.1) access-only 9091 port to secure the connection.

1.3 Test and Verify

To output the network test log:

# Host
curl -x "socks5h://127.0.0.1:9091" -fsSL "https://www.cloudflare.com/cdn-cgi/trace"
# See`warp=on` means success.

2. Docker Compose

docker-compose.yml could replace some args in a file to run a container.

💾 Download Standalone Docker-Compose V2 Binary

If you don't have Docker-Compose installed, following this:

sudo curl -fsSL <https://github.com/docker/compose/releases/download/v2.17.2/docker-compose->`uname -s`-`uname -m` > /usr/bin/docker-compose

sudo chmod +x /usr/bin/docker-compose

2.1 🎉 Compose up the container

#start
curl -fsSL https://bit.ly/docker-warp-socks-compose | docker-compose -f - up -d --wait && curl --proxy socks5h://127.0.0.1:9091 "https://www.cloudflare.com/cdn-cgi/trace"

#stop
curl -fsSL https://bit.ly/docker-warp-socks-compose | docker-compose -f - down

3. Docker Stack Deploy

Click the CLOSE button, Replace the $IP with the given one on the top side, then run: curl -x "socks5h://$IP:9091" -fsSL "https://www.cloudflare.com/cdn-cgi/trace"

3.1 Enable Swarm Mode

To use Docker Stack, first perform the Swarm Initialized by:

# create
docker swarm init

# leave
docker swarm leave --force

3.2 Service Creation

# create
curl -fsSL https://bit.ly/docker-warp-socks-compose | docker stack deploy -c - TEST

# remove
docker stack rm TEST

3.3 Check and Test

docker info
docker node ls
docker network ls
docker stack ps TEST
docker stack services TEST
docker service ls
docker service logs TEST_warp-socks
docker service inspect TEST_warp-socks

# in swarm mode, the ip addr is random

TID=`docker ps -aqf "name=^TEST_warp-socks"`
IF=`docker exec $TID sh -c "ip route show default" | awk '{print $5}'`
TIP=`docker exec $TID sh -c "ifconfig $IF" | awk '/inet /{print $2}' | cut -d' ' -f2`

curl -x "socks5h://127.0.0.1:9091" -fsSL "https://www.cloudflare.com/cdn-cgi/trace"

4. Official Implement

4.1.1 `Proxy` Mode for newbie

For those who has amd64 remote machine and don't need to use docker to secure network connection, I suggest to use the official warp-cli as following:

curl -fsSL https://pkg.cloudflareclient.com/pubkey.gpg \
    | sudo gpg --yes --dearmor --output /etc/apt/trusted.gpg.d/cloudflare-warp.gpg

echo "deb https://pkg.cloudflareclient.com $(lsb_release -cs) main" \
    | sudo tee /etc/apt/sources.list.d/cloudflare-warp.list  > /dev/null

sudo apt-get -qq update && sudo apt-get -qq install cloudflare-warp

echo y | warp-cli register
warp-cli set-mode proxy
warp-cli set-proxy-port 9091
warp-cli connect

# test
curl -x "socks5h://127.0.0.1:9091" -fsSL "https://www.cloudflare.com/cdn-cgi/trace"
# See`warp=on` means success.

4.1.2 `Proxy` Mode with `Plus`

Prepare WGCF_LICENSE_KEY="xxxxxxx"

curl -fsSL https://pkg.cloudflareclient.com/pubkey.gpg \
    | sudo gpg --yes --dearmor --output /etc/apt/trusted.gpg.d/cloudflare-warp.gpg

echo "deb https://pkg.cloudflareclient.com $(lsb_release -cs) main" \
    | sudo tee /etc/apt/sources.list.d/cloudflare-warp.list  > /dev/null

sudo apt-get -qq update && sudo apt-get -qq install cloudflare-warp

echo y | warp-cli registration new && warp-cli registration license "$WGCF_LICENSE_KEY"
warp-cli mode proxy
warp-cli proxy port 9091
warp-cli connect

# test
curl -x "socks5h://127.0.0.1:9091" -fsSL "https://www.cloudflare.com/cdn-cgi/trace"
# See`warp=plus` means success.

4.2 `Default` Global Mode for old man

For those who are ooold enough for Linux network management, try it for a global proxy mode, keep in mind that you have already back up or have second way or third way to save your remote VM's network!!!

CF_WARP="https://pkg.cloudflareclient.com/pubkey.gpg"
_WARP="deb https://pkg.cloudflareclient.com $(lsb_release -cs) main"
echo "$_WARP" | sudo tee /etc/apt/sources.list.d/cloudflare-warp.list  > /dev/null
curl -fsSL "$CF_WARP" | sudo gpg --yes --dearmor --output /etc/apt/trusted.gpg.d/cloudflare-warp.gpg
sudo apt-get -qq update && sudo apt-get -qq install cloudflare-warp

GATEWAY=$(ip route show default | awk '/default/ {print $3}')
IFACE=$(ip route get 8.8.8.8 | sed -n 's/.*dev \([^\ ]*\).*/\1/p' | head -n 1)
_IPv4=$(ip addr show dev "$IFACE" | awk '/inet /{print $2}' | cut -d' ' -f2)
_IPv6=$(ip addr show dev "$IFACE" | awk '/inet6 /{print $2}' | cut -d' ' -f2)
# Setting for VPC ip structure
_VPC=$(curl -fsSL https://www.cloudflare.com/cdn-cgi/trace | grep 'ip' | sed 's/ip=//') 

echo y | warp-cli registration new

# Setting for VPC internal
warp-cli add-excluded-route "$_IPv4"
warp-cli add-excluded-route "$_IPv6"
warp-cli add-excluded-route "$_VPC"
# Setting for external ssh
echo "$SSH_CONNECTION" | sed 's/ .*//' | sed 's/[0-9]*$/0\/24/' | xargs warp-cli add-excluded-route

warp-cli connect
# Whole network in WARP proxy, `warp=on` means success. 

# Check `/var/log/cloudflare-warp/cfwarp_service_log.txt` for logs details

Plz be aware that the VMs still has possibility to be lost due to the IP can still be changed after reboot!!!

DONT USE warp-cli tunnel ip add to exclude ip for now!!!

GATEWAY=$(ip route show default | awk '/default/ {print $3}')
IFACE=$(ip route get 8.8.8.8 | sed -n 's/.*dev \([^\ ]*\).*/\1/p' | head -n 1)
_IPv4=$(ip addr show dev "$IFACE" | awk '/inet /{print $2}' | cut -d' ' -f2 | sed 's/\([0-9.]*\)\/.*/\1/')
_IPv6=$(ip addr show dev "$IFACE" | awk '/inet6 /{print $2}' | cut -d' ' -f2 | sed 's/\([0-9.]*\)\/.*/\1/')
warp-cli tunnel ip add "$_IPv4"
warp-cli tunnel ip add "$_IPv6"
warp-cli tunnel ip add "$_VPC"
echo "$SSH_CONNECTION" | sed 's/ .*//' | sed 's/[0-9]*$/0\/24/' | sed 's/\([0-9.]*\)\/.*/\1/' | xargs warp-cli tunnel ip add

4.3 `Zero-Trust` official implement

Go to https://$TEAM.cloudflareaccess.com/warp and authenticate.
On the ‘Success’ page in the browser, right click and ‘Inspect’ the blue ‘Open Cloudflare WARP’ button. Copy the long url start with com.cloudflare.warp:// that’s shown linked to the button.
Assume you store it inside $TOKEN_URL
Go to one.dash.cloudflare.com
Find -> Setting -> WARP Client -> Device settings
Click Default -> Configure -> Split Tunnels -> Manage, then add exclude IPs which is same as warp-cli add-excluded-route

curl -fsSL https://pkg.cloudflareclient.com/pubkey.gpg \
    | sudo gpg --yes --dearmor --output /etc/apt/trusted.gpg.d/cloudflare-warp.gpg

echo "deb https://pkg.cloudflareclient.com $(lsb_release -cs) main" \
    | sudo tee /etc/apt/sources.list.d/cloudflare-warp.list  > /dev/null

sudo apt-get -qq update && sudo apt-get -qq install cloudflare-warp

TOKEN_URL="com.cloudflare.warp://xxx.cloudflareaccess.com/auth?token=xxxxx"

echo y | warp-cli registration token $TOKEN_URL

warp-cli connect

curl -fsSL "https://www.cloudflare.com/cdn-cgi/trace"
curl --proxy socks5h://127.0.0.1:9011 https://www.cloudflare.com/cdn-cgi/trace
curl -x "socks5h://127.0.0.1:9091" -fsSL "https://www.cloudflare.com/cdn-cgi/trace"

5. Debug Information

Debug commands for quick troubleshooting

docker rm -f $(docker ps -a -q) && docker rmi -f $(docker images -a -q)

docker run --privileged --restart=always -itd \
    --name warp_debug \
    --sysctl net.ipv6.conf.all.disable_ipv6=0 \
    --sysctl net.ipv4.conf.all.src_valid_mark=1 \
    --cap-add NET_ADMIN --cap-add SYS_MODULE \
    -p 9091:9091 \
    -v /lib/modules:/lib/modules \
    monius/docker-warp-socks:meta

docker exec -it warp_debug /bin/bash

IFACE=$(ip route show default | grep default | awk '{print $5}')
IPv4=$(ifconfig "$IFACE" | awk '/inet /{print $2}' | cut -d' ' -f2)
IPv6=$(ifconfig "$IFACE" | awk '/inet6 /{print $2}' | cut -d' ' -f2)
TAR="https://api.github.com/repos/Mon-ius/Docker-Warp-Socks/releases/latest"
ARCH=$(dpkg --print-architecture)
URL=$(curl -fsSL ${TAR} | grep 'browser_download_url' | cut -d'"' -f4 | grep linux | grep "${ARCH}")
curl -LSs "${URL}" -o ./wgcf && chmod +x ./wgcf && mv ./wgcf /usr/bin
wgcf register --accept-tos && wgcf generate && mv wgcf-profile.conf /etc/wireguard/warp.conf
sed -i "/\[Interface\]/a PostDown = ip -6 rule delete from ${IPv6}  lookup main" /etc/wireguard/warp.conf
sed -i "/\[Interface\]/a PostUp = ip -6 rule add from ${IPv6} lookup main" /etc/wireguard/warp.conf
sed -i "/\[Interface\]/a PostDown = ip -4 rule delete from ${IPv4} lookup main" /etc/wireguard/warp.conf
sed -i "/\[Interface\]/a PostUp = ip -4 rule add from ${IPv4} lookup main" /etc/wireguard/warp.conf

wg-quick up warp

curl "https://www.cloudflare.com/cdn-cgi/trace"
curl --interface eth0 "https://www.cloudflare.com/cdn-cgi/trace"
curl --interface warp "https://www.cloudflare.com/cdn-cgi/trace"

Known issues

CentOS/RedHat/Rocky Linux as Host, see https://github.com/uzairali001/docker-wireguard-rhel

Source

Docker-Warp-Socks

Credits

Notice of Non-Affiliation and Disclaimer

We are not affiliated, associated, authorized, endorsed by, or in any way officially connected with Cloudflare, or any of its subsidiaries or its affiliates. The official Cloudflare website can be found at https://www.cloudflare.com.

docker-warp-socks's People

Contributors

Stargazers

Watchers

docker-warp-socks's Issues

Add Proxy Authentication!

Hello, very good job!
Could the possibility of authenticating the proxy connection with username and password be added? If I didn't see wrong, Danted is used and I think it can be done but I don't know how to do it. Perhaps it would be very good to be able to add them as a parameter (username and password) when docker-compose is built.

Container not running correctly on Linux RPi-4B 6.1.25-v8+

The container restarts automatically a few seconds after it starts on both of my Raspberry Pi 4B, I couldn't keep up with the Log because it restarts too fast, while everything works like a charm on my ARM64 CentOS.

Additional information:

Raspberry Pi model: 4B
Linux distribution: RPi-4B 6.1.25-v8+
Kernel version: #1647 SMP PREEMPT Wed Apr 26 17:39:08 BST 2023
Architecture: aarch64

Resulting devices cgroup doesn't match target mode

Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error setting cgroup config for procHooks process: resulting devices cgroup doesn't match target mode: unknown

because of privileged mode
kernel 4.4.0

运行几天后sock5断连

vps内部可以curl --proxy socks5h://127.0.0.1:9091 https://www.cloudflare.com/cdn-cgi/trace 访问成功，但是外部设备无法连接这个端口

How many warp networks can a single server apply for? #6

Mar 11 10:34:10 (1710153250.679544) rws-cli[156]: info: block(1): tcp/accept ]: 172.28.0.1.48766 172.28.0.2.9091: error after
reading 1 byte in 0 seconds: unknown SOCKS version 71 in client request

I am working with the other docker image to use. Is there a problem with this configuration?

request a feature to change the endpoint ip:port

Sorry if i can't make myself clear, the thing is warp endpoint ips are heavily blocked in China, both ipv4 and ipv6, but it's still possible to find available endpoint ips to connect, as long as we can change it ourselves.
Like in this thread: ViRb3/wgcf#69

However, i cannot find a way to do it when deploying this project. Here is the log when I start the docker.

clientmethod: none

client pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: error
}

socks pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
}
[#] ip link add warp type wireguard
[#] wg setconf warp /dev/fd/63
[#] ip -4 address add 172.16.0.2/32 dev warp
[#] ip -6 address add 2606:4700:110:8e2d:31c0:2cfc:4dc5:518/128 dev warp
[#] ip link set mtu 1280 up dev warp
[#] resolvconf -a warp -m 0 -x
[#] wg set warp fwmark 51820
[#] ip -6 route add ::/0 dev warp table 51820
[#] ip -6 rule add not fwmark 51820 table 51820
[#] ip -6 rule add table main suppress_prefixlength 0
[#] ip6tables-restore -n
[#] ip -4 route add 0.0.0.0/0 dev warp table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
[#] iptables-restore -n
[#] ip -4 rule add from 172.21.0.2/16 lookup main
[#] ip -6 rule add from fe80::42:acff:fe15:2/64 lookup main
curl: (6) Could not resolve host: www.cloudflare.com
Jun 27 16:19:19 (1719505159.034517) rws-cli[1]: info: Dante/server[1/1] v1.4.3 running
Jun 27 16:24:53 (1719505493.027793) rws-cli[353]: info: block(1): tcp/connect ]: 127.0.0.1.34906 127.0.0.1.9091: could not resolve hostname "www.cloudflare.com": Try again
Jun 27 16:24:53 (1719505493.028577) rws-cli[353]: info: block(1): tcp/accept ]: 127.0.0.1.34906 127.0.0.1.9091: request was not performed due to error: could not resolve hostname "www.cloudflare.com": Try again
Jun 27 16:27:37 (1719505657.243113) rws-cli[1]: info: sigterm(): exiting on signal 15
Jun 27 16:27:37 (1719505657.245301) rws-cli[1]: alert: mother[1/1]: shutting down

So, i would like to know, is it possible to implement a feature to manually change the endpoint (Endpoint = engage.cloudflareclient.com:2408) before the docker starts?

Temporary failure in name resolution

Nov  2 19:35:03 (1698953703.002323) danted[153]: info: block(1): tcp/accept ]: 172.18.0.4.32900 172.18.0.2.9091: request was not performed due to error: could not resolve hostname "example.com": Temporary failure in name resolution

Temporary solution

docker exec -it opt-warp-socks-1 bash

and change DNS to 8.8.8.8 instead of 1.1.1.1

cat > /etc/resolv.conf << EOF
nameserver 8.8.8.8
EOF

Could not resolve host

I follow the README and set up docker like this:

# docker-compose.yml

  wireguard:
    image: monius/docker-warp-socks:latest
    container_name: wireguard
    privileged: true
    cap_add:
      - NET_ADMIN
      - SYS_ADMIN
    volumes:
      - "/lib/modules:/lib/modules"
      # - "./wgcf-account.toml:/opt/wireguard/wgcf-account.toml:ro"
      # - "./wgcf-profile.conf:/opt/wireguard/wgcf-profile.conf:ro"
    sysctls:
      net.ipv6.conf.all.disable_ipv6: 0
      net.ipv4.conf.all.src_valid_mark: 1
    ports:
      - "9091:9091"
    healthcheck:
      test:
        [
          "CMD",
          "curl",
          "-f",
          "https://www.cloudflare.com/cdn-cgi/trace"
        ]
      interval: 1m30s
      timeout: 10s
      retries: 5
      start_period: 30s

But I cannot access the network inside the container. Thad is, curl gets Could not resolve host problem inside the container:

root@5423e853d1e3:/# curl -f https://www.cloudflare.com/cdn-cgi/trace
curl: (6) Could not resolve host: www.cloudflare.com

And outside the container (on the host):

❯ curl --proxy socks5h://127.0.0.1:9091 https://www.cloudflare.com/cdn-cgi/trace
curl: (7) Can't complete SOCKS5 connection to www.cloudflare.com:443. (4)

How to solve this?

Container cannot start after first start

Create the container and then exit/stop it, then start it again with docker container start warp_socks -a
You will get the following error and container fails.

2023/03/31 20:45:44 existing account detected
github.com/ViRb3/wgcf/cmd/register.registerAccount
        /home/runner/work/wgcf/wgcf/cmd/register/register.go:42
github.com/ViRb3/wgcf/cmd/register.glob..func1
        /home/runner/work/wgcf/wgcf/cmd/register/register.go:28
github.com/spf13/cobra.(*Command).execute
        /home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:860
github.com/spf13/cobra.(*Command).ExecuteC
        /home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:974
github.com/spf13/cobra.(*Command).Execute
        /home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:902
github.com/ViRb3/wgcf/cmd.Execute
        /home/runner/work/wgcf/wgcf/cmd/root.go:37
main.main
        /home/runner/work/wgcf/wgcf/main.go:11
runtime.main
        /opt/hostedtoolcache/go/1.18.3/x64/src/runtime/proc.go:250
runtime.goexit
        /opt/hostedtoolcache/go/1.18.3/x64/src/runtime/asm_amd64.s:1571
sed: can't read /opt/wgcf-profile.conf: No such file or directory```

[feature request] tailscale container integration

First of all, thank you for this great project!!

I'm not sure if it's possible to add integration with tailscale that acts as an exit node.
Basically the flow of traffic is as follows:
tailscale user => tailscale container => Docker-Warp-Socks using all_proxy env var => internet

Tailscale container and Docker-Warp-Socks are in the same machine
This doesn't work because tailscale container is also a VPN, I assume that's because of route table conflicts with this container..

How to use warp+ with your project？

I currently have the warp+ key, how can I use it through your project?

readme中, 示例命令存在风险: 打开了一个没有密码保护的socks5端口

最好修改为: -p 127.0.0.1:9091:9091 \

docker run --privileged --restart=always -itd \
    --name warp_socks \
    --sysctl net.ipv6.conf.all.disable_ipv6=0 \
    --sysctl net.ipv4.conf.all.src_valid_mark=1 \
    --cap-add NET_ADMIN --cap-add SYS_MODULE \
    -p 127.0.0.1:9091:9091 \
    -v /lib/modules:/lib/modules \
    monius/docker-warp-socks

How to prioritize connections to ipv6 sites

Currently warp ipv4 addresses are being abused, I'm using the wireguard feature of singbox who supports prioritized ipv6 address resolution, and was wondering if Docker-Warp-Socks supports prioritized ipv6 connections? Or is there any plan to consider supporting that feature?

Docker安装昨天突然不能用了

是里面有什么配置过期了吗？之前一直很稳定。除了socks无法连接看不到其他错误信息。

run container failed

2023/04/04 13:58:04 Using config file: wgcf-account.toml
2023/04/04 13:58:09 =======================================
2023/04/04 13:58:09 Device name : DCDE62
2023/04/04 13:58:09 Device model : PC
2023/04/04 13:58:09 Device active : true
2023/04/04 13:58:09 Account type : free
2023/04/04 13:58:09 Role : child
2023/04/04 13:58:09 Premium data : 0.00 B
2023/04/04 13:58:09 Quota : 0.00 B
2023/04/04 13:58:09 =======================================
2023/04/04 13:58:09 Successfully created Cloudflare Warp account
2023/04/04 13:58:09 Using config file: wgcf-account.toml
2023/04/04 13:58:10 =======================================
2023/04/04 13:58:10 Device name : DCDE62
2023/04/04 13:58:10 Device model : PC
2023/04/04 13:58:10 Device active : true
2023/04/04 13:58:10 Account type : free
2023/04/04 13:58:10 Role : child
2023/04/04 13:58:10 Premium data : 0.00 B
2023/04/04 13:58:10 Quota : 0.00 B
2023/04/04 13:58:10 =======================================
2023/04/04 13:58:10 Successfully generated WireGuard profile: wgcf-profile.conf
sed: -e expression #1, char 69: unknown command: `f'

Add support for external routes/devices

Hi there,

Would it be possible to add support to add routes for non local traffic? ie I want to run the proxy on a different server to the server that is going to be using it which is in a completely different subnet?
At the moment on container start I need to then log in add manually add a route to my external subnet via:
ip route add x.x.x.x/x via 172.17.0.1 dev eth0
but it would be great if the container can have an env say ALLOWED_SUBNETS=x.x.x.x/x,x.x.y.y/y which are then added as routes on container start.

Thank you for your consideration, much appreciated.

Protocol not supported

When I try to run it with docker compose, I get following error:
Unable to access interface: Protocol not supported
And the container exits.
Any Idea?

Any chance of integrating a http proxy as well?

If you could integrate something like privoxy https://www.privoxy.org/ it'd be great since it would help support applications that do not support socks proxies.

centos up warp exception RTNETLINK answers: Operation not supported

I followed the docker example command in the document, but the execution was abnormal. How should I fix it?

Usage environment

cat /etc/redhat-release 
CentOS Linux release 7.9.2009 (Core)

docker --version
Docker version 24.0.7, build afdd53b

Debug log

[root@centos-s-1vcpu-1gb-amd-sfo3-01 ~]# docker rm -f $(docker ps -a -q) && docker rmi -f $(docker images -a -q)^C
[root@centos-s-1vcpu-1gb-amd-sfo3-01 ~]# docker run --privileged --restart=always -itd \
>     --name warp_debug \
>     --sysctl net.ipv6.conf.all.disable_ipv6=0 \
>     --sysctl net.ipv4.conf.all.src_valid_mark=1 \
>     --cap-add NET_ADMIN --cap-add SYS_MODULE \
>     -p 9091:9091 \
>     -v /lib/modules:/lib/modules \
>     monius/docker-warp-socks:meta
Unable to find image 'monius/docker-warp-socks:meta' locally
meta: Pulling from monius/docker-warp-socks
47c764472391: Pull complete 
ced562320f97: Pull complete 
Digest: sha256:973bf192ba649ffdb02f9bef183cb90b786a3bfb9d82ff379c63e0c6b46d647c
Status: Downloaded newer image for monius/docker-warp-socks:meta
5f8c06f1722cbe09e3bb5d94e7d3a4db4ada1c5da15157b128204d82b5818ccc
[root@centos-s-1vcpu-1gb-amd-sfo3-01 ~]# docker exec -it warp_debug /bin/bash
root@5f8c06f1722c:/# IFACE=$(ip route show default | grep default | awk '{print $5}')
root@5f8c06f1722c:/# IPv4=$(ifconfig "$IFACE" | awk '/inet /{print $2}' | cut -d' ' -f2)
root@5f8c06f1722c:/# IPv6=$(ifconfig "$IFACE" | awk '/inet6 /{print $2}' | cut -d' ' -f2)
root@5f8c06f1722c:/# TAR="https://api.github.com/repos/ViRb3/wgcf/releases/latest"
root@5f8c06f1722c:/# ARCH=$(dpkg --print-architecture)
root@5f8c06f1722c:/# URL=$(curl -fsSL ${TAR} | grep 'browser_download_url' | cut -d'"' -f4 | grep linux | grep "${ARCH}")
root@5f8c06f1722c:/# curl -LSs "${URL}" -o ./wgcf && chmod +x ./wgcf && mv ./wgcf /usr/bin
root@5f8c06f1722c:/# wgcf register --accept-tos && wgcf generate && mv wgcf-profile.conf /etc/wireguard/warp.conf
2024/01/18 11:18:00 Using config file: wgcf-account.toml
2024/01/18 11:18:02 =======================================
2024/01/18 11:18:02 Device name   : 3FE63B
2024/01/18 11:18:02 Device model  : PC
2024/01/18 11:18:02 Device active : true
2024/01/18 11:18:02 Account type  : free
2024/01/18 11:18:02 Role          : child
2024/01/18 11:18:02 Premium data  : 0.00 B
2024/01/18 11:18:02 Quota         : 0.00 B
2024/01/18 11:18:02 =======================================
2024/01/18 11:18:02 Successfully created Cloudflare Warp account
2024/01/18 11:18:02 Using config file: wgcf-account.toml
2024/01/18 11:18:02 =======================================
2024/01/18 11:18:02 Device name   : 3FE63B
2024/01/18 11:18:02 Device model  : PC
2024/01/18 11:18:02 Device active : true
2024/01/18 11:18:02 Account type  : free
2024/01/18 11:18:02 Role          : child
2024/01/18 11:18:02 Premium data  : 0.00 B
2024/01/18 11:18:02 Quota         : 0.00 B
2024/01/18 11:18:02 =======================================
2024/01/18 11:18:02 Successfully generated WireGuard profile: wgcf-profile.conf
root@5f8c06f1722c:/# sed -i "/\[Interface\]/a PostDown = ip -6 rule delete from ${IPv6}  lookup main" /etc/wireguard/warp.conf
root@5f8c06f1722c:/# sed -i "/\[Interface\]/a PostUp = ip -6 rule add from ${IPv6} lookup main" /etc/wireguard/warp.conf
root@5f8c06f1722c:/# sed -i "/\[Interface\]/a PostDown = ip -4 rule delete from ${IPv4} lookup main" /etc/wireguard/warp.conf
root@5f8c06f1722c:/# sed -i "/\[Interface\]/a PostUp = ip -4 rule add from ${IPv4} lookup main" /etc/wireguard/warp.conf
root@5f8c06f1722c:/# wg-quick up warp
[#] ip link add warp type wireguard
RTNETLINK answers: Operation not supported
Unable to access interface: Protocol not supported
[#] ip link delete dev warp
Cannot find device "warp"

My English is not good, sorry.

RTNETLINK error

I meet this error when run docker-compose. My platform is ubuntu 18.04 TLS.

fog@Docker-Warp-Socks$ sudo /home/fog/bin/docker-compose up
Starting docker-warp-socks_warp-socks_1 ... done
Attaching to docker-warp-socks_warp-socks_1
warp-socks_1  | [#] ip link add warp type wireguard
warp-socks_1  | RTNETLINK answers: Operation not supported
warp-socks_1  | Unable to access interface: Protocol not supported
warp-socks_1  | [#] ip link delete dev warp
warp-socks_1  | Cannot find device "warp"
docker-warp-socks_warp-socks_1 exited with code 1

But with another pc, which also installed with the same linux os (different minor version, which is 18.04.4), it works fine.

Issue on arm64 centos with latest docker Module ip6_tables not found in directory

Tried docker compose

[opc@instance-20240208-2225 dev]$ docker compose -f warp-socks.yml logs
warp-socks-1 | 2024/02/12 23:22:14 Using config file: wgcf-account.toml
warp-socks-1 | 2024/02/12 23:22:16 =======================================
warp-socks-1 | 2024/02/12 23:22:16 Device name : 9CFD7F
warp-socks-1 | 2024/02/12 23:22:16 Device model : PC
warp-socks-1 | 2024/02/12 23:22:16 Device active : true
warp-socks-1 | 2024/02/12 23:22:16 Account type : free
warp-socks-1 | 2024/02/12 23:22:16 Role : child
warp-socks-1 | 2024/02/12 23:22:16 Premium data : 0.00 B
warp-socks-1 | 2024/02/12 23:22:16 Quota : 0.00 B
warp-socks-1 | 2024/02/12 23:22:16 =======================================
warp-socks-1 | 2024/02/12 23:22:16 Successfully created Cloudflare Warp account
warp-socks-1 | 2024/02/12 23:22:16 Using config file: wgcf-account.toml
warp-socks-1 | 2024/02/12 23:22:16 =======================================
warp-socks-1 | 2024/02/12 23:22:16 Device name : 9CFD7F
warp-socks-1 | 2024/02/12 23:22:16 Device model : PC
warp-socks-1 | 2024/02/12 23:22:16 Device active : true
warp-socks-1 | 2024/02/12 23:22:16 Account type : free
warp-socks-1 | 2024/02/12 23:22:16 Role : child
warp-socks-1 | 2024/02/12 23:22:16 Premium data : 0.00 B
warp-socks-1 | 2024/02/12 23:22:16 Quota : 0.00 B
warp-socks-1 | 2024/02/12 23:22:16 =======================================
warp-socks-1 | 2024/02/12 23:22:16 Successfully generated WireGuard profile: wgcf-profile.conf
warp-socks-1 | [#] ip link add warp type wireguard
warp-socks-1 | [#] wg setconf warp /dev/fd/63
warp-socks-1 | [#] ip -4 address add 172.16.0.2/32 dev warp
warp-socks-1 | [#] ip -6 address add 2606:4700:110:8572:30f3:d37c:e33b:71dd/128 dev warp
warp-socks-1 | [#] ip link set mtu 1280 up dev warp
warp-socks-1 | [#] resolvconf -a warp -m 0 -x
warp-socks-1 | [#] wg set warp fwmark 51820
warp-socks-1 | [#] ip -6 route add ::/0 dev warp table 51820
warp-socks-1 | [#] ip -6 rule add not fwmark 51820 table 51820
warp-socks-1 | [#] ip -6 rule add table main suppress_prefixlength 0
warp-socks-1 | [#] ip6tables-restore -n
warp-socks-1 | modprobe: FATAL: Module ip6_tables not found in directory /lib/modules/5.15.0-202.135.2.el8uek.aarch64
warp-socks-1 | ip6tables-restore v1.8.4 (legacy): ip6tables-restore: unable to initialize table 'raw'
warp-socks-1 |
warp-socks-1 | Error occurred at line: 1
warp-socks-1 | Try ip6tables-restore -h' or 'ip6tables-restore --help' for more information. warp-socks-1 | [#] resolvconf -d warp -f warp-socks-1 | [#] ip -6 rule delete table 51820 warp-socks-1 | [#] ip -6 rule delete table main suppress_prefixlength 0 warp-socks-1 | [#] ip link delete dev warp [opc@instance-20240208-2225 dev]$ docker compose -f warp-socks.yml logs warp-socks-1 | 2024/02/12 23:22:14 Using config file: wgcf-account.toml warp-socks-1 | 2024/02/12 23:22:16 ======================================= warp-socks-1 | 2024/02/12 23:22:16 Device name : 9CFD7F warp-socks-1 | 2024/02/12 23:22:16 Device model : PC warp-socks-1 | 2024/02/12 23:22:16 Device active : true warp-socks-1 | 2024/02/12 23:22:16 Account type : free warp-socks-1 | 2024/02/12 23:22:16 Role : child warp-socks-1 | 2024/02/12 23:22:16 Premium data : 0.00 B warp-socks-1 | 2024/02/12 23:22:16 Quota : 0.00 B warp-socks-1 | 2024/02/12 23:22:16 ======================================= warp-socks-1 | 2024/02/12 23:22:16 Successfully created Cloudflare Warp account warp-socks-1 | 2024/02/12 23:22:16 Using config file: wgcf-account.toml warp-socks-1 | 2024/02/12 23:22:16 ======================================= warp-socks-1 | 2024/02/12 23:22:16 Device name : 9CFD7F warp-socks-1 | 2024/02/12 23:22:16 Device model : PC warp-socks-1 | 2024/02/12 23:22:16 Device active : true warp-socks-1 | 2024/02/12 23:22:16 Account type : free warp-socks-1 | 2024/02/12 23:22:16 Role : child warp-socks-1 | 2024/02/12 23:22:16 Premium data : 0.00 B warp-socks-1 | 2024/02/12 23:22:16 Quota : 0.00 B warp-socks-1 | 2024/02/12 23:22:16 ======================================= warp-socks-1 | 2024/02/12 23:22:16 Successfully generated WireGuard profile: wgcf-profile.conf warp-socks-1 | [#] ip link add warp type wireguard warp-socks-1 | [#] wg setconf warp /dev/fd/63 warp-socks-1 | [#] ip -4 address add 172.16.0.2/32 dev warp warp-socks-1 | [#] ip -6 address add 2606:4700:110:8572:30f3:d37c:e33b:71dd/128 dev warp warp-socks-1 | [#] ip link set mtu 1280 up dev warp warp-socks-1 | [#] resolvconf -a warp -m 0 -x warp-socks-1 | [#] wg set warp fwmark 51820 warp-socks-1 | [#] ip -6 route add ::/0 dev warp table 51820 warp-socks-1 | [#] ip -6 rule add not fwmark 51820 table 51820 warp-socks-1 | [#] ip -6 rule add table main suppress_prefixlength 0 warp-socks-1 | [#] ip6tables-restore -n warp-socks-1 | modprobe: FATAL: Module ip6_tables not found in directory /lib/modules/5.15.0-202.135.2.el8uek.aarch64 warp-socks-1 | ip6tables-restore v1.8.4 (legacy): ip6tables-restore: unable to initialize table 'raw' warp-socks-1 | warp-socks-1 | Error occurred at line: 1 warp-socks-1 | Try ip6tables-restore -h' or 'ip6tables-restore --help' for more information.
warp-socks-1 | [#] resolvconf -d warp -f
warp-socks-1 | [#] ip -6 rule delete table 51820
warp-socks-1 | [#] ip -6 rule delete table main suppress_prefixlength 0
warp-socks-1 | [#] ip link delete dev warp
[opc@instance-20240208-2225 dev]$ docker compose -f warp-socks.yml logs
warp-socks-1 | 2024/02/12 23:22:14 Using config file: wgcf-account.toml
warp-socks-1 | 2024/02/12 23:22:16 =======================================
warp-socks-1 | 2024/02/12 23:22:16 Device name : 9CFD7F
warp-socks-1 | 2024/02/12 23:22:16 Device model : PC
warp-socks-1 | 2024/02/12 23:22:16 Device active : true
warp-socks-1 | 2024/02/12 23:22:16 Account type : free
warp-socks-1 | 2024/02/12 23:22:16 Role : child
warp-socks-1 | 2024/02/12 23:22:16 Premium data : 0.00 B
warp-socks-1 | 2024/02/12 23:22:16 Quota : 0.00 B
warp-socks-1 | 2024/02/12 23:22:16 =======================================
warp-socks-1 | 2024/02/12 23:22:16 Successfully created Cloudflare Warp account
warp-socks-1 | 2024/02/12 23:22:16 Using config file: wgcf-account.toml
warp-socks-1 | 2024/02/12 23:22:16 =======================================
warp-socks-1 | 2024/02/12 23:22:16 Device name : 9CFD7F
warp-socks-1 | 2024/02/12 23:22:16 Device model : PC
warp-socks-1 | 2024/02/12 23:22:16 Device active : true
warp-socks-1 | 2024/02/12 23:22:16 Account type : free
warp-socks-1 | 2024/02/12 23:22:16 Role : child
warp-socks-1 | 2024/02/12 23:22:16 Premium data : 0.00 B
warp-socks-1 | 2024/02/12 23:22:16 Quota : 0.00 B
warp-socks-1 | 2024/02/12 23:22:16 =======================================
warp-socks-1 | 2024/02/12 23:22:16 Successfully generated WireGuard profile: wgcf-profile.conf
warp-socks-1 | [#] ip link add warp type wireguard
warp-socks-1 | [#] wg setconf warp /dev/fd/63
warp-socks-1 | [#] ip -4 address add 172.16.0.2/32 dev warp
warp-socks-1 | [#] ip -6 address add 2606:4700:110:8572:30f3:d37c:e33b:71dd/128 dev warp
warp-socks-1 | [#] ip link set mtu 1280 up dev warp
warp-socks-1 | [#] resolvconf -a warp -m 0 -x
warp-socks-1 | [#] wg set warp fwmark 51820
warp-socks-1 | [#] ip -6 route add ::/0 dev warp table 51820
warp-socks-1 | [#] ip -6 rule add not fwmark 51820 table 51820
warp-socks-1 | [#] ip -6 rule add table main suppress_prefixlength 0
warp-socks-1 | [#] ip6tables-restore -n
warp-socks-1 | modprobe: FATAL: Module ip6_tables not found in directory /lib/modules/5.15.0-202.135.2.el8uek.aarch64
warp-socks-1 | ip6tables-restore v1.8.4 (legacy): ip6tables-restore: unable to initialize table 'raw'
warp-socks-1 |
warp-socks-1 | Error occurred at line: 1
warp-socks-1 | Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.
warp-socks-1 | [#] resolvconf -d warp -f
warp-socks-1 | [#] ip -6 rule delete table 51820
warp-socks-1 | [#] ip -6 rule delete table main suppress_prefixlength 0

Is there any docker-compose example ?

Something like this:

warp:

image: Mon-ius/Docker-Warp-Socks
container_name: warp
restart: unless-stopped
ports:
  - '127.0.0.1:1918:1080'
environment:
  - WARP_SLEEP=2
  # - WARP_LICENSE_KEY= # optional
cap_add:
  - NET_ADMIN
sysctls:
  - net.ipv6.conf.all.disable_ipv6=1
  - net.ipv4.conf.all.src_valid_mark=1
volumes:
  - ./warp:/var/lib/cloudflare-warp

And then we could put mdm.xml like warp folder, and write the settings like :

organization xx auth_client_id xx auth_client_secret xx

And finally we could access this network from other app, use some Environment in docker-compse for other app like:

PROXY=socks5://warp:1080

mon-ius / docker-warp-socks Goto Github PK

docker-warp-socks's Introduction

Docker-Warp-Socks

Ready to V2 features roadmap:

Why to use

Usage

💾 Prerequisites

1. Docker CLI

1.1 🎉 Quick Start

1.2 ⭐ WARP Plus Account(Advanced)

1.3 🔒 Tunnel Encryption(Advanced)

1.4 🔧 Pre-Configuration Start (advanced)

1.3 Test and Verify

2. Docker Compose

💾 Download Standalone Docker-Compose V2 Binary

2.1 🎉 Compose up the container

3. Docker Stack Deploy

3.1 Enable Swarm Mode

3.2 Service Creation

3.3 Check and Test

4. Official Implement

4.1.1 Proxy Mode for newbie

4.1.2 Proxy Mode with Plus

4.2 Default Global Mode for old man

4.3 Zero-Trust official implement

5. Debug Information

Known issues

Source

Credits

Notice of Non-Affiliation and Disclaimer

docker-warp-socks's People

Contributors

Stargazers

Watchers

Forkers

docker-warp-socks's Issues

Recommend Projects

Recommend Topics

Recommend Org

4.1.1 `Proxy` Mode for newbie

4.1.2 `Proxy` Mode with `Plus`

4.2 `Default` Global Mode for old man

4.3 `Zero-Trust` official implement