-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path__setup_proxy.sh
More file actions
217 lines (202 loc) · 5.47 KB
/
Copy path__setup_proxy.sh
File metadata and controls
217 lines (202 loc) · 5.47 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
#!/bin/bash
set -e
SHOW_LOGS="$(echo "${SHOW_LOGS:-false}" | tr '[:upper:]' '[:lower:]')"
log() {
echo "[$(date '+%H:%M:%S')] $*"
}
func_net_admin() {
if ! iptables -L >/dev/null 2>&1; then
log "[ERROR] Cannot use iptables — missing required permissions."
log "[INFO] Fix: add --cap-add=NET_ADMIN --cap-add=NET_RAW --sysctl net.ipv4.ip_forward=1 to your docker run command"
exit 1
fi
}
func_start_tor() {
log "[INFO] Starting Tor in the background..."
pkill -f tor || true
{
echo "SocksPort 40000"
echo "DataDirectory /var/lib/tor"
} > /etc/tor/torrc
chown toruser:toruser /etc/tor/torrc
cat /etc/tor/torrc
if [ "$SHOW_LOGS" = "true" ]; then
gosu toruser tor -f /etc/tor/torrc &
else
gosu toruser tor -f /etc/tor/torrc >/dev/null 2>&1 &
fi
tor_pid=$!
}
func_check_tor() {
log "[INFO] Giving Tor 60 seconds to boot up..."
sleep 60
while true; do
sleep 10
checker=$(printf "%s\n" $CHECKERS | shuf -n1)
resp=$(curl -L --max-redirs 10 --socks5 localhost:40000 -s --max-time 30 "https://$checker" 2>/dev/null | tr -d '\n\r' || true)
if [ -n "$resp" ]; then
log "[OK] Tor proxy is working! Your IP: $resp (via $checker)"
return 0
else
log "[WAIT] Tor proxy not ready yet, checking again in 10 seconds..."
fi
done
}
setup_redsocks() {
cat > /etc/redsocks.conf <<EOF
base {
log_debug = off;
log_info = on;
log = "stderr";
daemon = off;
redirector = iptables;
}
redsocks {
local_ip = 127.0.0.1;
local_port = 50000;
ip = 127.0.0.1;
port = 40000;
type = socks5;
}
EOF
log "[OK] Redsocks configuration saved to /etc/redsocks.conf"
}
setup_iptables() {
iptables -t nat -F
iptables -t nat -A OUTPUT -m owner --uid-owner toruser -j RETURN
iptables -t nat -A OUTPUT -p tcp -d 127.0.0.1 -j RETURN
iptables -t nat -A OUTPUT -p tcp --dport 53 -j RETURN
iptables -t nat -A OUTPUT -p tcp --dport 50000 -j RETURN
iptables -t nat -A OUTPUT -p tcp --dport 40000 -j RETURN
iptables -t nat -A OUTPUT -p udp -d 127.0.0.1 -j RETURN
iptables -t nat -A OUTPUT -p udp --dport 53 -j RETURN
iptables -t nat -A OUTPUT -p udp --dport 50000 -j RETURN
iptables -t nat -A OUTPUT -p udp --dport 40000 -j RETURN
iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-ports 50000
log "[OK] iptables rules applied — all outbound traffic will go through Tor"
}
func_expose_tor() {
log "[EXPOSE] Opening Tor SOCKS5 on 0.0.0.0:40001 for external access..."
socat TCP-LISTEN:40001,fork,reuseaddr TCP:127.0.0.1:40000 &
log "[OK] Tor SOCKS5 now available at 0.0.0.0:40001"
}
func_set_proxy() {
log "[START] Setting up full proxy stack (Tor + Redsocks + iptables)..."
func_start_tor
func_check_tor
func_expose_tor
setup_redsocks
setup_iptables
if [ "$SHOW_LOGS" = "true" ]; then
redsocks -c /etc/redsocks.conf &
else
redsocks -c /etc/redsocks.conf >/dev/null 2>&1 &
fi
redsocks_pid=$!
sleep 5
checker=$(printf "%s\n" $CHECKERS | shuf -n1)
resp=$(curl -L --max-redirs 10 -s --max-time 30 "https://$checker" || true)
if [ -n "$resp" ]; then
log "[OK] Global proxy is working! Your IP: $resp (checked via $checker)"
touch /tmp/redsocks.ready
return 0
else
log "[FAIL] Global proxy test failed — no internet through the proxy"
return 1
fi
}
func_global_monitor() {
while true; do
log "[RESTART] Shutting down old Tor and Redsocks processes..."
pkill -f tor || true
pkill -f redsocks || true
pkill -f socat || true
rm -f /tmp/redsocks.ready || true
func_set_proxy || { sleep 60; continue; }
proxy_fail_count=0
while true; do
sleep 180
checker=$(printf "%s\n" $CHECKERS | shuf -n1)
resp=$(curl -L --max-redirs 10 -s --max-time 30 "https://$checker" 2>/dev/null | tr -d '\n\r' || true)
if [ -n "$resp" ]; then
log "[OK] Internet check passed — your IP: $resp (via $checker)"
proxy_fail_count=0
else
proxy_fail_count=$((proxy_fail_count+1))
log "[WARN] Internet check failed (${proxy_fail_count}/3 failures)"
fi
if [ $proxy_fail_count -ge 3 ]; then
log "[RESTART] 3 internet checks failed — restarting the whole proxy stack..."
break
fi
done
done
}
CHECKERS="4.ipwho.de/ip
4.myip.is
6.ident.me
6.myip.is
a.ident.me
api.getpublicip.com/ip
api.ipify.org
api.iplocation.net/?cmd=get-ip
api.seeip.org
api64.ipify.org
checkip.amazonaws.com
checkip.ca
checkip.synology.com
dafuqismyip.com
ds-whoami.kag2d.com
eth0.me
httpbin.org/ip
icanhazip.com
ident.me
ifconfig.icu/ip
ifconfig.info
ifconfig.io
ifconfig.me/ip
inet-ip.info
ip-addr.es
ip-echo.ripe.net
ip.csis.dk
ip.guide
ip.im
ip.liquidweb.com
ip.me
ip.tyk.nu
ip6.me/api
ipaddress.ai
ipapi.co/ip
ipconfig.io
ipecho.net/ip
iphorse.com/json
ipinfo.io/ip
ipleak.net
ipquail.com
ipunicorn.com
ipv4.getpublicip.com/ip
ipv6.icanhazip.com
ipv6.ip.sb
ipseeker.io
json.myip.wtf
jsonip.com
l2.io/ip
moanmyip.com/simple
my.ip.fi
myexternalip.com/raw
myip.dk
myip.dnsomatic.com
myip.wtf/text
pub-ip.com
simplesniff.com/ip
sshmyip.com
telnetmyip.com
v4.ident.me
v6.ident.me
wgetip.com
whatismyip.akamai.com
whatismyip.help
wtfismyip.com/text
yourip.app/raw"
func_net_admin
func_global_monitor