Merge pull request #23 from ptjhuang/restrict-dest
Added Regex destination matching
This commit is contained in:
commit
84b9c49bc8
@ -7,7 +7,13 @@ Simple socks5 server using go-socks5 with authentication options
|
|||||||
|
|
||||||
## Start container with proxy
|
## Start container with proxy
|
||||||
|
|
||||||
```docker run -d --name socks5 -p 1080:1080 -e PROXY_USER=<PROXY_USER> -e PROXY_PASSWORD=<PROXY_PASSWORD> serjs/go-socks5-proxy```
|
```
|
||||||
|
docker run -d --name socks5 -p 1080:1080 \
|
||||||
|
-e PROXY_USER=<PROXY_USER> \
|
||||||
|
-e PROXY_PASSWORD=<PROXY_PASSWORD> \
|
||||||
|
-e ALLOWED_DEST_FQDN=<REGEX_PATTERN> \
|
||||||
|
serjs/go-socks5-proxy
|
||||||
|
```
|
||||||
|
|
||||||
Leave `PROXY_USER` and `PROXY_PASSWORD` empty for skip authentication options while running socks5 server.
|
Leave `PROXY_USER` and `PROXY_PASSWORD` empty for skip authentication options while running socks5 server.
|
||||||
|
|
||||||
@ -18,6 +24,7 @@ Leave `PROXY_USER` and `PROXY_PASSWORD` empty for skip authentication options wh
|
|||||||
|PROXY_USER|String|EMPTY|Set proxy user (also required existed PROXY_PASS)|
|
|PROXY_USER|String|EMPTY|Set proxy user (also required existed PROXY_PASS)|
|
||||||
|PROXY_PASSWORD|String|EMPTY|Set proxy password for auth, used with PROXY_USER|
|
|PROXY_PASSWORD|String|EMPTY|Set proxy password for auth, used with PROXY_USER|
|
||||||
|PROXY_PORT|String|1080|Set listen port for application inside docker container|
|
|PROXY_PORT|String|1080|Set listen port for application inside docker container|
|
||||||
|
|ALLOWED_DEST_FQDN|String|EMPTY|Allowed destination address regular expression pattern. Default allows all.|
|
||||||
|TZ|String|UTC|Set Timezone like in many common Operation Systems|
|
|TZ|String|UTC|Set Timezone like in many common Operation Systems|
|
||||||
|ALLOWED_IPS|String|Empty|Set allowed IP's that can connect to proxy, separator `,`|
|
|ALLOWED_IPS|String|Empty|Set allowed IP's that can connect to proxy, separator `,`|
|
||||||
|
|
||||||
|
24
ruleset.go
Normal file
24
ruleset.go
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"regexp"
|
||||||
|
|
||||||
|
"github.com/armon/go-socks5"
|
||||||
|
"golang.org/x/net/context"
|
||||||
|
)
|
||||||
|
|
||||||
|
// PermitDestAddrPattern returns a RuleSet which selectively allows addresses
|
||||||
|
func PermitDestAddrPattern(pattern string) socks5.RuleSet {
|
||||||
|
return &PermitDestAddrPatternRuleSet{pattern}
|
||||||
|
}
|
||||||
|
|
||||||
|
// PermitDestAddrPatternRuleSet is an implementation of the RuleSet which
|
||||||
|
// enables filtering supported destination address
|
||||||
|
type PermitDestAddrPatternRuleSet struct {
|
||||||
|
AllowedFqdnPattern string
|
||||||
|
}
|
||||||
|
|
||||||
|
func (p *PermitDestAddrPatternRuleSet) Allow(ctx context.Context, req *socks5.Request) (context.Context, bool) {
|
||||||
|
match, _ := regexp.MatchString(p.AllowedFqdnPattern, req.DestAddr.FQDN)
|
||||||
|
return ctx, match
|
||||||
|
}
|
11
server.go
11
server.go
@ -13,6 +13,7 @@ type params struct {
|
|||||||
User string `env:"PROXY_USER" envDefault:""`
|
User string `env:"PROXY_USER" envDefault:""`
|
||||||
Password string `env:"PROXY_PASSWORD" envDefault:""`
|
Password string `env:"PROXY_PASSWORD" envDefault:""`
|
||||||
Port string `env:"PROXY_PORT" envDefault:"1080"`
|
Port string `env:"PROXY_PORT" envDefault:"1080"`
|
||||||
|
AllowedDestFqdn string `env:"ALLOWED_DEST_FQDN" envDefault:""`
|
||||||
AllowedIPs []string `env:"ALLOWED_IPS" envSeparator:"," envDefault:""`
|
AllowedIPs []string `env:"ALLOWED_IPS" envSeparator:"," envDefault:""`
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -25,7 +26,7 @@ func main() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
//Initialize socks5 config
|
//Initialize socks5 config
|
||||||
socsk5conf := &socks5.Config{
|
socks5conf := &socks5.Config{
|
||||||
Logger: log.New(os.Stdout, "", log.LstdFlags),
|
Logger: log.New(os.Stdout, "", log.LstdFlags),
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -34,10 +35,14 @@ func main() {
|
|||||||
os.Getenv("PROXY_USER"): os.Getenv("PROXY_PASSWORD"),
|
os.Getenv("PROXY_USER"): os.Getenv("PROXY_PASSWORD"),
|
||||||
}
|
}
|
||||||
cator := socks5.UserPassAuthenticator{Credentials: creds}
|
cator := socks5.UserPassAuthenticator{Credentials: creds}
|
||||||
socsk5conf.AuthMethods = []socks5.Authenticator{cator}
|
socks5conf.AuthMethods = []socks5.Authenticator{cator}
|
||||||
}
|
}
|
||||||
|
|
||||||
server, err := socks5.New(socsk5conf)
|
if cfg.AllowedDestFqdn != "" {
|
||||||
|
socks5conf.Rules = PermitDestAddrPattern(cfg.AllowedDestFqdn)
|
||||||
|
}
|
||||||
|
|
||||||
|
server, err := socks5.New(socks5conf)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal(err)
|
log.Fatal(err)
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user