使用docker搭建socks5代理

我参考MuleSoft Help Center成功搭建了socks5代理服务器

文字内容如下（怕以后访问不了）

How to set up a testing SOCKS5 proxy (dante) for Anypoint monitoring in RTF (Runtime Fabric)

A demonstration to set up a SockS5 proxy with Dante and set up the proxy in RTF. This KB involves none standard MuleSoft offering product. Technical assistance for such products is limited to this article. Please use at your own risk.

Jul 23, 2019•Knowledge

Content

GOAL

Usually, RTF is running in a secured environment with proxies for communications between the Anypoint control plane. Most of the communications are HTTP/HTTPS and require an HTTP/HTTPS proxy. However, Anypoint Monitoring uses SOCKS5 proxies for sending metrics and logs out to the control plane.

This KB demonstrates how to set up a Dante SOCKS5 server for Anypoint Monitoring in RTF. Please note Dante is not part of the MuleSoft product set. Technical assistance for such products is limited to this article.

PROCEDURE

Set up a Dante proxy

We recommend using a docker-compose file to set up the Dante server, which is suggested here at https://hub.docker.com/r/vimagick/dante.

Create a folder and change the working directory to the folder. create docker-compose.yml

dante:image: vimagick/danteports:- "1080:1080"volumes:- ./sockd.conf:/etc/sockd.confrestart: always

Create sockd.conf. Update 172.19.0.0/16 to the CIDR of RTF cluster

debug: 0
logoutput: stderr
internal: 0.0.0.0 port = 1080
external: eth0
socksmethod: username none
clientmethod: none
user.privileged: root
user.unprivileged: nobodyclient pass {from: 0.0.0.0/0 port 1-65535 to: 0.0.0.0/0log: error
}socks pass {from: 172.19.0.0/16 to: 0.0.0.0/0socksmethod: usernamelog: error
}

Bring up the Dante server and set the credentials. Replace "user1" and "password" with your own username and password.

$ docker-compose up -d
$ docker exec -it dante_dante_1 bash
>>> useradd user1
>>> echo user1:password | chpasswd
>>> exit

Set up a firewall rule to allow traffic from the RTF nodes to port 1080 on the proxy firewall

Test the proxy on your RTF cluster. Replace the 172.19.0.23 with the IP of the proxy server. "client certificate not found" shows no client certificate is sent but it means the connectivity via the proxy is good.

curl -kx socks5h://user1:password@172.19.0.23:1080 https://dias-ingestor-nginx.prod.cloudhub.io:5044
curl: (52) NSS: client certificate not found (nickname not specified)

Update monitoring proxy on RTF

Follow the instructions here to set up the proxy on RTF.

> rtfctl apply monitoring-proxy "socks5://user1:password@172.19.0.23:1080"

Restart applications to pick up the proxy. In the anypoint-monitoring container log, it should show the connection established.

2019-07-22T03:55:56.037Z	INFO	transport/proxy.go:70	
proxy host: '172.19.0.23:1080'
...
2019-07-22T03:56:17.241Z	INFO	pipeline/output.go:95	
Connecting to backoff(async(tcp://dias-ingestor-nginx.prod.cloudhub.io:5044))
2019-07-22T03:56:18.344Z	INFO	pipeline/output.go:105	
Connection to backoff(async(tcp://dias-ingestor-nginx.prod.cloudhub.io:5044)) established
...

Disclaimer: This article involves products and technologies which do not form part of the MuleSoft product set. Technical assistance for such products is limited to this article.

Attachments

而我不想有用户密码验证和ip地址限制，所以修改配置如下：

debug: 0
logoutput: stderr
internal: 0.0.0.0 port = 1080
external: eth0
socksmethod: username none
clientmethod: none
user.privileged: root
user.unprivileged: nobodyclient pass {from: 0.0.0.0/0 port 1-65535 to: 0.0.0.0/0log: error
}socks pass {from: 0.0.0.0/0 to: 0.0.0.0/0socksmethod: username nonelog: error
}

祝你好运，畅游网络