实现给一个容器分配一个公网ip,并且连接到国际网络,采用了clash,warp,tun2proxy三种实现方式。
更新了新版meta内核,安全性有保障。
通过订阅机场的连接或者使用自己搭建的节点进行流量透明代理。
编写 config.yaml
并添加节点,原有配置不要修改。
config.yaml实例
mode: rule
mixed-port: 7897
socks-port: 7898
port: 7899
allow-lan: false
log-level: info
ipv6: false
secret: ''
external-controller: 0.0.0.0:9097
bind-address: '*'
dns:
enable: true
ipv6: false
default-nameserver:
- 223.5.5.5
- 119.29.29.29
enhanced-mode: fake-ip
fake-ip-range: 198.18.0.1/16
use-hosts: true
nameserver:
- https://doh.pub/dns-query
- https://dns.alidns.com/dns-query
fallback:
- https://doh.dns.sb/dns-query
- https://dns.cloudflare.com/dns-query
- https://dns.twnic.tw/dns-query
- tls://8.8.4.4:853
fallback-filter:
geoip: true
ipcidr:
- 240.0.0.0/4
- 0.0.0.0/32
fake-ip-filter:
- dns.msftncsi.com
- www.msftncsi.com
- www.msftconnecttest.com
tun:
stack: gvisor
device: Meta
auto-route: true
auto-detect-interface: true
dns-hijack:
- any:53
strict-route: true
mtu: 9000
enable: true
proxies:
启动
cd tproxy-clash
docker compose up -d
这个代码实现通过warp网络给一个容器分配一个公网ip,并且连接到国际网络。
透明代理项目源码地址 Warp Tproxy For Docker 。
Docker Hub地址 jockerdragon/warp-tproxy。
免费密钥获取: geekery.cn。
适用于 free
或 warp+
和 Zero Trust
网络,因为不可明说的原因,大陆用户建议使用 Zero Trust
。
它可以让单个Docker容器内部具有透明代理,且拥有一个与本机公网ip不同的公网ip。
根据启动模式在 docker-compose.yaml
文件里设置变量。
启动命令
docker compose up -d
测试
docker exec -it warp-transparent-proxy-warp-tproxy-1 bash
apt update && apt install curl -y
curl ifconfig.icu
curl cip.cc
详细介绍看 Warp Tproxy For Docker
设置环境变量
# 使用zero trust方式
- WARP_ORG_ID=paperdragxx
- WARP_AUTH_CLIENT_ID=c4d31ea084c2940e17b714de890xxxxx.access
- WARP_AUTH_CLIENT_SECRET=7120f34bd52ce19a90534ca804cdaeaa72bb03e9c5da10ee0279fdc7bcdxxxxx
- WARP_UNIQUE_CLIENT_ID=aa7b5738-ff99-11ee-b4c1-72e2181b199b # 可选
[+] Starting dbus...
[+] warp's TOS already accepted!
[+] Starting warp-svc...
[!] warp-svc in debug mode
/entrypoint.sh: line 85: docker: command not found
[!] show warp svc log
nohup: appending output to 'nohup.out'
[!] wait for warp-svc to start in debug mode
[+] wait warp-svc show status ...
Status update: Connecting
[+] Set warp license to Y9U8f53G-0C8Z9d1j-C37hg8c9 ... Success
[+] New registration generated ... Error: Old registration is still around. Try running: "warp-cli registration delete"
[+] Set warp mode to warp ... Success
[+] Turn ON warp ... Success
[+] Waiting for warp to connect...
[+] warp connected!
[+] All services started!
---
warp-svc config: /var/lib/cloudflare-warp/conf.json
---
[+] warp status: Status update: Connected
[+] You can check it with warp local tproxy in container:
E.g.:
curl https://cloudflare.com/cdn-cgi/trace (inside container)
必须在宿主机内安装wireguard apt update && apt install wireguard -y
# 使用key方式
- WARP_LICENSE=Y9U8f53G-0C8Z9d1j-C37hg8c9
* 正在执行任务: docker compose --file '/root/docker-transparent-proxy/tproxy-warp/docker-compose.yaml' --project-name 'warp-transparent-proxy' logs --follow --tail '1000'
WARN[0000] /root/docker-transparent-proxy/tproxy-warp/docker-compose.yaml: `version` is obsolete
warp-tproxy-1 | [+] Starting dbus...
warp-tproxy-1 | [+] Bypassing warp's TOS ...
warp-tproxy-1 | [+] Starting warp-svc...
warp-tproxy-1 | [+] Waiting for warp to connect...
warp-tproxy-1 | Status update: Unable to connect. Reason: Registration Missing
warp-tproxy-1 | [+] New registration generated ... Success
warp-tproxy-1 | [+] Set warp mode to warp ... Success
warp-tproxy-1 | [+] Turn ON warp ... Success
warp-tproxy-1 | [+] Waiting for warp to connect...
[+] warp connected!
warp-tproxy-1 | [+] All services started!
warp-tproxy-1 | ---
warp-tproxy-1 | warp-svc config: /var/lib/cloudflare-warp/conf.json
warp-tproxy-1 | ---
warp-tproxy-1 | [+] warp status: Status update: Connected
warp-tproxy-1 |
warp-tproxy-1 | [+] You can check it with warp local tproxy in container:
warp-tproxy-1 | E.g.:
warp-tproxy-1 | curl https://cloudflare.com/cdn-cgi/trace (inside container)
在大陆地区极低概率连接成功,不建议使用。
仅支持socks或者http代理
cd tproxy-tun2proxy
# edit compose file filled proxy protocol
docker compose up -d
docker run -d \
-v /dev/net/tun:/dev/net/tun \
--sysctl net.ipv6.conf.default.disable_ipv6=0 \
--cap-add NET_ADMIN \
--name tun2proxy \
ghcr.io/tun2proxy/tun2proxy:latest --dns virtual --proxy proto://[username[:password]@]host:port
# proto is one of socks4, socks5, http. For example: socks5://myname:password@127.0.0.1:1080
通过共享网络命名空间将正在运行的容器的网络提供给另一个工作容器(类似于 Kubernetes sidecar):
docker run -it \
--network "container:tun2proxy" \
ubuntu:latest
这样,工作容器就可以访问 tun2proxy 容器的网络了。
本项目仅供学习,非法使用必追究法律责任,下载后请于24小时内删除。
自行下载所造成任何后果与作者无关!!
- Warp Tproxy For Docker
- Cloudflare
- MetaCubeX
- Docker
- Github
- GFW 🤣
MIT