1
0
mirror of https://github.com/vimagick/dockerfiles.git synced 2025-01-02 03:37:40 +02:00
dockerfiles/obfsproxy
Pratik raj b113da5d19 chore: Use --no-cache-dir flag to pip in Dockerfiles, to save space
Using "--no-cache-dir" flag in pip install ,make sure dowloaded packages
by pip don't cached on system . This is a best practise which make sure
to fetch ftom repo instead of using local cached one . Further , in case
of Docker Containers , by restricing caching , we can reduce image size.
In term of stats , it depends upon the number of python packages
multiplied by their respective size . e.g for heavy packages with a lot
of dependencies it reduce a lot by don't caching pip packages.

Further , more detail information can be found at

https://medium.com/sciforce/strategies-of-docker-images-optimization-2ca9cc5719b6

Signed-off-by: Pratik Raj <rajpratik71@gmail.com>
2021-07-02 01:02:49 +05:30
..
arm chore: Use --no-cache-dir flag to pip in Dockerfiles, to save space 2021-07-02 01:02:49 +05:30
docker-compose.yml switch to new domain: easypi.info 2016-05-01 09:06:20 +08:00
Dockerfile chore: Use --no-cache-dir flag to pip in Dockerfiles, to save space 2021-07-02 01:02:49 +05:30
Dockerfile.debian chore: Use --no-cache-dir flag to pip in Dockerfiles, to save space 2021-07-02 01:02:49 +05:30
README.md switch to new domain: easypi.info 2016-05-01 09:06:20 +08:00

OpenVPN over Obfsproxy

Obfsproxy is a pluggable transport proxy written in python.
It provides several obfuscation method. I consider scramblesuit the best.
I will update this image if there's better one.

obfsproxy

scramblesuit can transport any application that supports SOCKS.
This includes Tor, VPN, SSH, and many other protocols.

We can transport OpenVPN over Obfsproxy, so that firewall cannot detect it.
In the following example, you should run vimagick/openvpn container first.
Don't forget to edit /etc/openvpn/openvpn.conf to use proto tcp.

docker-compose.yml

data:
  image: busybox
  volumes:
    - /etc/openvpn

server:
  image: vimagick/openvpn
  ports:
    - "1194:1194/tcp"
  volumes_from:
    - data
  cap_add:
    - NET_ADMIN
  restart: always

obfsproxy:
  image: vimagick/obfsproxy
  ports:
    - "4911:4911"
  links:
    - server:openvpn
  environment:
    - PASSWORD=J23TNHPJPAOQJLTCPLFD4CQYVFY6MEVP
    - DEST_ADDR=openvpn
    - DEST_PORT=1194
    - LISTEN_ADDR=0.0.0.0
    - LISTEN_PORT=4911
  restart: always

To link a existing openvpn container, please use external_links instead of links.

obfsproxy:
  image: vimagick/obfsproxy
  ports:
    - "4911:4911"
  external_links:
    - openvpn_server_1:openvpn
  environment:
    - PASSWORD=J23TNHPJPAOQJLTCPLFD4CQYVFY6MEVP
    - DEST_ADDR=openvpn
    - DEST_PORT=1194
    - LISTEN_ADDR=0.0.0.0
    - LISTEN_PORT=4911
  restart: always

The default run mode is server. You can also run container in client mode.
The following example shows us how to make a OpenVPN relay:

obfsproxy:
  image: vimagick/obfsproxy
  ports:
    - "1194:1194/tcp"
  environment:
    - PASSWORD=J23TNHPJPAOQJLTCPLFD4CQYVFY6MEVP
    - DEST_ADDR=vpn.easypi.info
    - DEST_PORT=4911
    - RUN_MODE=client
    - LISTEN_ADDR=0.0.0.0
    - LISTEN_PORT=1194
  restart: always

The password should be encoded by Base32 with fixed length.
You can generate one via this command:

python -c 'import base64, os; print base64.b32encode(os.urandom(20))'

Note: There's no ports exposed in Dockerfile. You need to expose port explicitly.