Skip to content

techroy23/Docker-Lantern-Redsocks

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Docker-Lantern-Redsocks

A Docker base image that routes all outbound traffic through Lantern via a transparent proxy stack (Redsocks + iptables). Import it into your Dockerfile to run any application behind Lantern's censorship circumvention network.

Features

  • Ubuntu 24.04 variant (Dockerfile.ubuntu)
  • Multi-stage build — copies Lantern binary from getlantern/lantern-headless:latest
  • Redsocks for transparent TCP proxying
  • iptables rules redirect all outbound traffic through Lantern
  • Lantern SOCKS5 exposed on 0.0.0.0:40001 for external hosts
  • Automatic monitoring and restart on failure (3 consecutive failures)
  • Readiness indicator: /tmp/redsocks.ready

Files

File Description
__setup_proxy.sh Proxy setup and monitoring script (Lantern + Redsocks + iptables)
Dockerfile.ubuntu Ubuntu 24.04-based image

Usage

1. Import into your Dockerfile

FROM ghcr.io/techroy23/docker-lantern-redsocks:ubuntu

COPY . /app
RUN chmod +x /app/*.sh

ENTRYPOINT ["/app/your_program.sh"]

2. Run with required capabilities

docker run -it --rm \
  --sysctl net.ipv4.ip_forward=1 \
  --cap-add=NET_ADMIN --cap-add=NET_RAW \
  yourimage:latest

3. In your entrypoint script

#!/bin/bash
set -e

/app/__setup_proxy.sh &

while [ ! -f /tmp/redsocks.ready ]; do
    sleep 5
done

echo "Proxy ready!"
./your_program

Environment Variables

Variable Default Description
SHOW_LOGS false Show Lantern/Redsocks logs (true/false)

How it works

  1. Lantern starts and binds a SOCKS5 proxy to 127.0.0.1:40000 and HTTP proxy to 127.0.0.1:40002
  2. Socat opens 0.0.0.0:40001 so external hosts can also use Lantern as a SOCKS5 proxy
  3. Redsocks listens on 127.0.0.1:50000 and forwards all traffic to Lantern's SOCKS5
  4. iptables OUTPUT chain redirects all outbound TCP (except localhost, DNS, and proxy ports) to Redsocks
  5. A monitor loop checks connectivity every 3 minutes and restarts the stack after 3 consecutive failures
  6. /tmp/redsocks.ready is created once everything is verified working

Notes

  • Requires NET_ADMIN and NET_RAW capabilities
  • First run: Lantern registers and stores auth in the data path (/tmp/lantern)
  • Lantern PRO users: authenticate first via lantern-headless auth login --email <email>
  • Without PRO authentication, Lantern is limited to a certain amount of data transfer

References

About

This project provides a Docker base image that automatically sets up a transparent proxy stack using Lantern and Redsocks, with iptables redirection. It is designed to be imported into your own Dockerfile, so you can run your application behind a monitored global proxy.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages