commit 74304f975f336b3c37b69c83b02a1d8de1e73dfc Author: Reza Behzadan Date: Fri Jan 3 09:56:20 2025 -0500 Initial commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..8c4cb47 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +wg0.conf diff --git a/3proxy.cfg b/3proxy.cfg new file mode 100644 index 0000000..45c2cb3 --- /dev/null +++ b/3proxy.cfg @@ -0,0 +1,15 @@ +## DNS servers +# nserver 1.1.1.1 +# nserver 8.8.8.8 +nscache 65536 + +## Log settings +log +logformat "L%Y-%m-%d %H:%M:%S %U %C:%c %R:%r %O %I %h %T" + +## Set up the HTTP proxy on port 3128 +proxy -p3128 + +## Set up the SOCKS5 proxy on port 1080 +socks -p1080 + diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..d2143aa --- /dev/null +++ b/Dockerfile @@ -0,0 +1,47 @@ +# Stage 1: Build 3proxy +FROM debian:bullseye-slim AS builder + +# Install build dependencies +RUN apt-get update && apt-get install -y --no-install-recommends \ + build-essential \ + git \ + ca-certificates \ + && apt-get clean && rm -rf /var/lib/apt/lists/* + +# Clone and build 3proxy +WORKDIR /usr/src/3proxy +RUN git clone https://github.com/3proxy/3proxy.git . && \ + ln -s Makefile.Linux Makefile && \ + make -f Makefile + +# Stage 2: Runtime Image +FROM debian:bullseye-slim + +# Install runtime dependencies +RUN apt-get update && apt-get install -y --no-install-recommends \ + openresolv \ + iproute2 \ + iptables \ + wireguard-tools \ + ca-certificates \ + procps \ + && apt-get clean && rm -rf /var/lib/apt/lists/* + +# Copy 3proxy from the builder stage +COPY --from=builder /usr/src/3proxy/bin/ /usr/local/bin/ + +# Create necessary directories +RUN mkdir -p /etc/3proxy /var/log/3proxy && \ + chown -R nobody:nogroup /var/log/3proxy + +# Copy configuration files +COPY 3proxy.cfg /etc/3proxy/3proxy.cfg +COPY entrypoint.sh /entrypoint.sh +RUN chmod +x /entrypoint.sh + +# Expose proxy ports +EXPOSE 3128 1080 + +# Set entrypoint +ENTRYPOINT ["/entrypoint.sh"] + diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..e54bd9b --- /dev/null +++ b/Makefile @@ -0,0 +1,35 @@ +CONTAINER_MANAGER := docker +COMPOSE := $(CONTAINER_MANAGER) compose +DC_FILE := compose.yaml + +.PHONY: ps +ps: + $(COMPOSE) -f $(DC_FILE) ps + +.PHONY: config +config: + $(COMPOSE) -f $(DC_FILE) config + +.PHONY: up +up: + $(COMPOSE) -f $(DC_FILE) up -d + +.PHONY: down +down: + $(COMPOSE) -f $(DC_FILE) down + +.PHONY: start +start: + $(COMPOSE) -f $(DC_FILE) start + +.PHONY: stop +stop: + $(COMPOSE) -f $(DC_FILE) stop + +.PHONY: restart +restart: + $(COMPOSE) -f $(DC_FILE) restart + +.PHONY: logs +logs: + $(COMPOSE) -f $(DC_FILE) logs -f diff --git a/README.md b/README.md new file mode 100644 index 0000000..8d8293e --- /dev/null +++ b/README.md @@ -0,0 +1,87 @@ +# wireguard-3proxy-docker + +Docker container combining WireGuard VPN with 3proxy to provide HTTP and SOCKS5 proxy services through an encrypted tunnel. + +## Features + +- WireGuard VPN for secure, encrypted tunneling +- HTTP proxy (port 3128) +- SOCKS5 proxy (port 1080) +- DNS resolution through VPN +- Container logs to stdout +- Multi-stage build for minimal image size + +## Requirements + +- Docker +- Docker Compose +- WireGuard configuration file (`wg0.conf`) + +## Quick Start + +1. Clone the repository: +```bash +git clone https://github.com/rbehzadan/wireguard-3proxy-docker.git +cd wireguard-3proxy-docker +``` + +2. Create WireGuard configuration file `wg0.conf`: +```ini +[Interface] +PrivateKey = your_private_key +Address = your_ip_address +DNS = 1.1.1.1, 8.8.8.8 + +[Peer] +PublicKey = peer_public_key +AllowedIPs = 0.0.0.0/0 +Endpoint = peer_endpoint:port +``` + +3. Start the container: +```bash +docker compose up -d +``` + +## Docker Compose Configuration + +```yaml +services: + wireguard: + image: rbehzadan/wireguard-3proxy + container_name: wireguard + cap_add: + - NET_ADMIN + - SYS_MODULE + devices: + - /dev/net/tun + privileged: true + volumes: + - ./wg0.conf:/etc/wireguard/wg0.conf + ports: + - "3128:3128" + - "1080:1080" +``` + +## Build from Source + +```bash +git clone https://github.com/rbehzadan/wireguard-3proxy-docker.git +cd wireguard-3proxy-docker +docker build -t wireguard-3proxy:latest . +``` + +## Security Notes + +- Container runs with privileged access (required for WireGuard) +- No authentication configured by default +- All traffic routed through VPN tunnel +- DNS queries resolved through VPN DNS servers + +## Contributing + +Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change. + +## License + +This project is licensed under the MIT License. diff --git a/README_DOCKER_HUB.md b/README_DOCKER_HUB.md new file mode 100644 index 0000000..ffcdf09 --- /dev/null +++ b/README_DOCKER_HUB.md @@ -0,0 +1,103 @@ +# WireGuard with 3proxy Docker Image + +This Docker image combines WireGuard VPN with 3proxy to provide both HTTP and SOCKS5 proxy services through a VPN tunnel. + +## Features + +- WireGuard VPN connectivity +- HTTP proxy (port 3128) +- SOCKS5 proxy (port 1080) +- DNS resolution through VPN +- Logging to stdout for container monitoring + +## Prerequisites + +- Docker +- Docker Compose +- WireGuard configuration file (`wg0.conf`) + +## Usage + +1. Prepare your WireGuard configuration file `wg0.conf`. Example: +```ini +[Interface] +PrivateKey = your_private_key +Address = your_ip_address +DNS = 1.1.1.1, 8.8.8.8 + +[Peer] +PublicKey = peer_public_key +AllowedIPs = 0.0.0.0/0 +Endpoint = peer_endpoint:port +``` + +2. Run with Docker Compose: +```bash +docker compose up -d +``` + +## Docker Compose Configuration + +```yaml +services: + wireguard: + image: rbehzadan/wireguard-3proxy + container_name: wireguard + cap_add: + - NET_ADMIN + - SYS_MODULE + devices: + - /dev/net/tun + privileged: true + volumes: + - ./wg0.conf:/etc/wireguard/wg0.conf + ports: + - "3128:3128" + - "1080:1080" +``` + +## Configuration + +The image uses the following default ports: +- HTTP Proxy: 3128 +- SOCKS5 Proxy: 1080 + +### Environment Variables +None required. + +### Volumes +Mount your WireGuard configuration: +```yaml +volumes: + - ./wg0.conf:/etc/wireguard/wg0.conf +``` + +### Required Capabilities +```yaml +cap_add: + - NET_ADMIN + - SYS_MODULE +devices: + - /dev/net/tun +privileged: true +``` + +## Security Considerations + +- The container runs in privileged mode due to WireGuard requirements +- No authentication is configured by default +- All traffic is routed through the VPN tunnel +- DNS queries are resolved through the VPN's DNS servers + +## Building + +```bash +docker build -t rbehzadan/wireguard-3proxy:tag . +``` + +## License + +This project is licensed under the MIT License. + +## Similar Projects +[linuxserver/wireguard](https://hub.docker.com/r/linuxserver/wireguard) - A robust WireGuard container that focuses on VPN functionality. Our project extends this concept by adding HTTP and SOCKS5 proxy capabilities through 3proxy. diff --git a/compose.yaml b/compose.yaml new file mode 100644 index 0000000..d7b8dca --- /dev/null +++ b/compose.yaml @@ -0,0 +1,16 @@ +services: + wireguard: + image: rbehzadan/wireguard-3proxy + container_name: wireguard + cap_add: + - NET_ADMIN + - SYS_MODULE + devices: + - /dev/net/tun + privileged: true + volumes: + - ./wg0.conf:/etc/wireguard/wg0.conf + ports: + - "3128:3128" + - "1080:1080" + diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 0000000..d1c20d9 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +# Start WireGuard +wg-quick up /etc/wireguard/wg0.conf + +# Wait for WireGuard interface to be up +sleep 1 + +exec /usr/local/bin/3proxy /etc/3proxy/3proxy.cfg