Can't complete SOCKS5 connection
Lumysia opened this issue · 5 comments
Hi, I am reaching out to report an issue I encountered while running a Docker Compose file. Specifically, when I run the following Docker Compose configuration
version: "3.9"
services:
warp:
image: caomingjun/warp
container_name: warp
restart: always
ports:
- '1080:1080'
environment:
- WARP_SLEEP=2
- WARP_LICENSE_KEY=<OBSECURED>
cap_add:
- NET_ADMIN
sysctls:
- net.ipv6.conf.all.disable_ipv6=0
- net.ipv4.conf.all.src_valid_mark=1
volumes:
- ${DATA_PATH}/cloudflare-warp:/var/lib/cloudflare-warp
The container runs successfully and appears to be healthy. However, when I attempt to execute the command curl --socks5 127.0.0.1:1080 https://cloudflare.com/cdn-cgi/trace
within the warp container and the host, it returns the following error: curl: (97) Can't complete SOCKS5 connection to www.cloudflare.com. (4)
I have verified that the necessary environment variables. Could you please assist me in understanding why the SOCKS5 connection is not functioning as expected within the warp container? I have reviewed the documentation and searched for similar issues, but haven't found a solution yet.
Additionally, I would like to mention that my network connection is working properly, as I am able to access other websites and services without any issues.
Thank you for your attention to this matter.
Might be DNS pollution, try use curl --socks5-hostname 127.0.0.1:1080 https://cloudflare.com/cdn-cgi/trace
. By default, curl resolves domain names through the local DNS instead of the SOCKS5 proxy. If it still fails, you can add the '--verbose' option to display detailed error information and paste it here.
You're right! When I try the command curl --socks5-hostname 127.0.0.1:1080 https://cloudflare.com/cdn-cgi/trace
, I get this response:
root@HOST:~# curl --socks5-hostname 127.0.0.1:1080 https://cloudflare.com/cdn-cgi/trace
fl=22f469
h=cloudflare.com
ip=104.28.211.105
ts=1698542840.984
visit_scheme=https
uag=curl/7.81.0
colo=NRT
sliver=none
http=http/2
loc=JP
tls=TLSv1.3
sni=plaintext
warp=plus
gateway=off
rbi=off
kex=X25519
If I want to use the proxy in a container, should I configure the container somehow?
The above docker-compose configuration exposes port 1080 to the host. If you need to use this proxy in another container, you have two options:
- Set the
network_mode
of the container using the proxy tohost
to share the network with the host, so that you can access port 1080 of the host (not recommended). - The container using the proxy directly accesses the warp container. You can set the warp container to a static IP and change
127.0.0.1
to that IP address; or use the Docker's built-in DNS system, Docker will resolve thecontainer_name
to the IP of the container, so you can usewarp:1080
(recommended). This method requires both containers to be in the same Docker network.
As a example:
version: "3.9"
services:
warp:
image: caomingjun/warp
container_name: warp
restart: always
ports:
- '1080:1080'
environment:
- WARP_SLEEP=2
- WARP_LICENSE_KEY=<OBSECURED>
cap_add:
- NET_ADMIN
sysctls:
- net.ipv6.conf.all.disable_ipv6=0
- net.ipv4.conf.all.src_valid_mark=1
volumes:
- ${DATA_PATH}/cloudflare-warp:/var/lib/cloudflare-warp
proxyuser:
image: ubuntu
environment:
- "ALL_PROXY=socks5://warp:1080"
When no network configuration is specified, all containers in docker-compose will be placed in the same automatically created network. If you specify network settings, please refer to the documentation and adjust them yourself so that proxyuser can access warp.
Additionally, if you don't need to access the proxy from the host, you may want to disable port sharing from the warp container to the host to reduce the attack surface and prevent potential security issues.
Okay, I understand now. I really appreciate you taking the time to thoroughly explain this issue and provide helpful suggestions. Thank you!