diff --git a/Dockerfile b/Dockerfile index 4696548..c39ffa6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,4 +8,5 @@ RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -ldflags '-s' -o ./s FROM gcr.io/distroless/static:nonroot COPY --from=builder /go/src/github.com/serjs/socks5/socks5 / + ENTRYPOINT ["/socks5"] diff --git a/README.md b/README.md index 79bfca0..5e3a1fe 100644 --- a/README.md +++ b/README.md @@ -9,26 +9,31 @@ Simple socks5 server using go-socks5 with authentication, allowed ips list and d - Run docker container using default container port 1080 and expose it to world using host port 1080, with auth creds - ```docker run -d --name socks5 -p 1080:1080 -e PROXY_USER= -e PROXY_PASSWORD= serjs/go-socks5-proxy``` + `docker run -d --name socks5 -p 1080:1080 -e PROXY_USER= -e PROXY_PASSWORD= serjs/go-socks5-proxy` - - Leave `PROXY_USER` and `PROXY_PASSWORD` empty for skip authentication options while running socks5 server, see example below + - Leave `PROXY_USER` and `PROXY_PASSWORD` empty for skip authentication options while running socks5 server, see example below - Run docker container using specifit container port and expose it to host port 1090, without auth creds - ```docker run -d --name socks5 -p 1090:9090 -e PROXY_PORT=9090 serjs/go-socks5-proxy``` + `docker run -d --name socks5 -p 1090:9090 -e PROXY_PORT=9090 serjs/go-socks5-proxy` + +- Run docker container using default container port 1080 and expose it to world using host port 1080, with PROXY_CREDENTIALS multi-user authentication + + `docker run -d --name socks5 -p 1080:1080 -e PROXY_CREDENTIALS='[{"username":"TEST_USERNAME","password":"password123"}]' serjs/go-socks5-proxy` # List of supported config parameters -|ENV variable|Type|Default|Description| -|------------|----|-------|-----------| -|PROXY_USER|String|EMPTY|Set proxy user (also required existed PROXY_PASS)| -|PROXY_PASSWORD|String|EMPTY|Set proxy password for auth, used with PROXY_USER| -|PROXY_PORT|String|1080|Set listen port for application inside docker container| -|ALLOWED_DEST_FQDN|String|EMPTY|Allowed destination address regular expression pattern. Default allows all.| -|ALLOWED_IPS|String|Empty|Set allowed IP's that can connect to proxy, separator `,`| - +| ENV variable | Type | Default | Description | +| ----------------- | ----------- | ------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| PROXY_CREDENTIALS | Json Object | EMPTY | Provide a JSON stringified object representing a list of allowed user/password credential pairs. The form of this object is `{ password: string, username: string }[]`. See | +| PROXY_USER | String | EMPTY | Set proxy user (also required existed PROXY_PASS) | +| PROXY_PASSWORD | String | EMPTY | Set proxy password for auth, used with PROXY_USER | +| PROXY_PORT | String | 1080 | Set listen port for application inside docker container | +| ALLOWED_DEST_FQDN | String | EMPTY | Allowed destination address regular expression pattern. Default allows all. | +| ALLOWED_IPS | String | Empty | Set allowed IP's that can connect to proxy, separator `,` | # Build your own image: + `docker-compose -f docker-compose.build.yml up -d`\ Just don't forget to set parameters in the `.env` file. @@ -38,22 +43,22 @@ Assuming that you are using container on 1080 host docker port ## Without authentication -```curl --socks5 :1080 https://ifcfg.co``` - result must show docker host ip (for bridged network) +`curl --socks5 :1080 https://ifcfg.co` - result must show docker host ip (for bridged network) or -```docker run --rm curlimages/curl:7.65.3 -s --socks5 :1080 https://ifcfg.co``` +`docker run --rm curlimages/curl:7.65.3 -s --socks5 :1080 https://ifcfg.co` ## With authentication -```curl --socks5 :1080 -U : http://ifcfg.co``` +`curl --socks5 :1080 -U : http://ifcfg.co` or -```docker run --rm curlimages/curl:7.65.3 -s --socks5 :@:1080 http://ifcfg.co``` +`docker run --rm curlimages/curl:7.65.3 -s --socks5 :@:1080 http://ifcfg.co` # Authors -* **Sergey Bogayrets** +- **Sergey Bogayrets** See also the list of [contributors](https://github.com/serjs/socks5-server/graphs/contributors) who participated in this project. diff --git a/credentials.go b/credentials.go index 03823be..5f3c039 100644 --- a/credentials.go +++ b/credentials.go @@ -2,26 +2,19 @@ package main import ( "encoding/json" - - "github.com/armon/go-socks5" ) -type credentials struct { +type Credentials struct { Username string `json:"username"` Password string `json:"password"` } -func parseCredentials(credsString string) (socks5.StaticCredentials, error) { - var creds []credentials +func parseCredentials(credsString string) ([]Credentials, error) { + var creds []Credentials err := json.Unmarshal([]byte(credsString), &creds) if err != nil { return nil, err } - var credsMap socks5.StaticCredentials - for _, cred := range creds { - credsMap[cred.Username] = cred.Password - } - - return credsMap, nil + return creds, nil } diff --git a/server.go b/server.go index 8c148aa..f171d9f 100644 --- a/server.go +++ b/server.go @@ -31,12 +31,19 @@ func main() { Logger: log.New(os.Stdout, "", log.LstdFlags), } + log.Printf(cfg.Creds) + var creds socks5.StaticCredentials if cfg.Creds != "" { - creds, err = parseCredentials(cfg.Creds) - if err != nil { + var uname_pw_pairs, creds_err = parseCredentials(cfg.Creds) + + if creds_err != nil { log.Printf("%+v\n", err) } + + for _, kv := range uname_pw_pairs { + creds[kv.Username] = kv.Password + } } if cfg.User+cfg.Password != "" { creds[cfg.User] = cfg.Password