cmj2002/warp-docker

Can't complete SOCKS5 connection

Lumysia opened this issue · 5 comments

Hi, I am reaching out to report an issue I encountered while running a Docker Compose file. Specifically, when I run the following Docker Compose configuration

version: "3.9"

services:
  warp:
    image: caomingjun/warp
    container_name: warp
    restart: always
    ports:
      - '1080:1080'
    environment:
      - WARP_SLEEP=2
      - WARP_LICENSE_KEY=<OBSECURED>
    cap_add:
      - NET_ADMIN
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=0
      - net.ipv4.conf.all.src_valid_mark=1
    volumes:
      - ${DATA_PATH}/cloudflare-warp:/var/lib/cloudflare-warp

The container runs successfully and appears to be healthy. However, when I attempt to execute the command curl --socks5 127.0.0.1:1080 https://cloudflare.com/cdn-cgi/trace within the warp container and the host, it returns the following error: curl: (97) Can't complete SOCKS5 connection to www.cloudflare.com. (4)

I have verified that the necessary environment variables. Could you please assist me in understanding why the SOCKS5 connection is not functioning as expected within the warp container? I have reviewed the documentation and searched for similar issues, but haven't found a solution yet.

Additionally, I would like to mention that my network connection is working properly, as I am able to access other websites and services without any issues.

Thank you for your attention to this matter.

Here is my warp container logs.
warp.log

Might be DNS pollution, try use curl --socks5-hostname 127.0.0.1:1080 https://cloudflare.com/cdn-cgi/trace. By default, curl resolves domain names through the local DNS instead of the SOCKS5 proxy. If it still fails, you can add the '--verbose' option to display detailed error information and paste it here.

You're right! When I try the command curl --socks5-hostname 127.0.0.1:1080 https://cloudflare.com/cdn-cgi/trace, I get this response:

root@HOST:~# curl --socks5-hostname 127.0.0.1:1080 https://cloudflare.com/cdn-cgi/trace
fl=22f469
h=cloudflare.com
ip=104.28.211.105
ts=1698542840.984
visit_scheme=https
uag=curl/7.81.0
colo=NRT
sliver=none
http=http/2
loc=JP
tls=TLSv1.3
sni=plaintext
warp=plus
gateway=off
rbi=off
kex=X25519

If I want to use the proxy in a container, should I configure the container somehow?

The above docker-compose configuration exposes port 1080 to the host. If you need to use this proxy in another container, you have two options:

  • Set the network_mode of the container using the proxy to host to share the network with the host, so that you can access port 1080 of the host (not recommended).
  • The container using the proxy directly accesses the warp container. You can set the warp container to a static IP and change 127.0.0.1 to that IP address; or use the Docker's built-in DNS system, Docker will resolve the container_name to the IP of the container, so you can use warp:1080 (recommended). This method requires both containers to be in the same Docker network.

As a example:

version: "3.9"

services:
  warp:
    image: caomingjun/warp
    container_name: warp
    restart: always
    ports:
      - '1080:1080'
    environment:
      - WARP_SLEEP=2
      - WARP_LICENSE_KEY=<OBSECURED>
    cap_add:
      - NET_ADMIN
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=0
      - net.ipv4.conf.all.src_valid_mark=1
    volumes:
      - ${DATA_PATH}/cloudflare-warp:/var/lib/cloudflare-warp
  proxyuser:
    image: ubuntu
    environment:
      - "ALL_PROXY=socks5://warp:1080"

When no network configuration is specified, all containers in docker-compose will be placed in the same automatically created network. If you specify network settings, please refer to the documentation and adjust them yourself so that proxyuser can access warp.

Additionally, if you don't need to access the proxy from the host, you may want to disable port sharing from the warp container to the host to reduce the attack surface and prevent potential security issues.

Okay, I understand now. I really appreciate you taking the time to thoroughly explain this issue and provide helpful suggestions. Thank you!