docker-compose安装socks5

docker-compose.yml

version: '3.3'
services:
  socks5:
    image: registry.cn-hangzhou.aliyuncs.com/study-namespace/socks5 
    container_name: socks5
    restart: always
    ports:
      - 16688:1080 
    entrypoint: [ "bash", "-c", "/usr/sbin/ss5 && tail -100f /var/log/ss5/ss5.log"]
    volumes:
      - ./ss5.conf:/etc/opt/ss5/ss5.conf:ro
      - ./ss5.passwd:/etc/opt/ss5/ss5.passwd:ro

ss5.conf

当前配置是需要用户验证的, 如果不想要用户验证时,修改如下
auth 0.0.0.0/0 - -
permit - 0.0.0.0/0 - 0.0.0.0/0 - - - - -

#
#  TAG: external_auth_program
#
#       external_auth_program program name and path 
#
#       Some examples:
#
#       Use shell file to autheticate user via ldap query
#               external_auth_program /usr/local/bin/ldap.sh
#
#  TAG: RADIUS authentication could be used setting SS5_RADIUS_AUTH option and 
#       configuring the following attributes:
#
#       radius_ip               (radius address)
#       radius_bck_ip           (radius secondary address)
#       radius_auth_port        (radius authentication port, DFAULT = 1812)
#       radius_acct_port        (radius authorization  port, DFAULT = 1813)
#       radius_secret           (secret password betw
#
#
#
# ///////////////////////////////////////////////////////////////////////////////////
#       SHost           SPort           Authentication
#
#auth    0.0.0.0/0               -               -
 auth    0.0.0.0/0               -               u

#
# SECTION       <bandwidth>
# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
#
#  TAG: bandwidth
#
#       bandwidth group, max number of connections, bandwidth, session timeout 
#
#       Some examples:
#
#       Limit connections to 2 for group Admin
#               bandwidth Admin 2 - -
#
#       Limit bandwidth to 100k for group Users
#               bandwidth Users - 102400 -
#
#       note: if you enable bandwith profiling per user, SS5 use this value instead of
#             value specified into permit directive.
#
# ///////////////////////////////////////////////////////////////////////////////////
#                   Group          MaxCons     Bandwidth   Session timeout
#       bandwidth   grp1           5           -           -

#
# SECTION       <proxies>
# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
#
#  TAG: proxy/noproxy
#
#       proxy/noproxy dst host/network, dst port, socks proxy address, port address, ver
#
#       Some examples:
#
#       Proxy request for 172.0.0.0 network to socks server 10.253.9.240 on port 1081: 
#
#       if authentication is request, downstream socks server have to  check it; 
#       if resolution is request, downstream socks server does it before proxying 
#       the request toward the upstream socks server.
#               proxy 172.0.0.0/16 - 10.253.9.240 1081
#
#       SS5 makes direct connection to 10.253.0.0 network (in this case, port value is not 
#       verified) without using upstream proxy server
#               noproxy 0.0.0.0/0 - 10.253.0.0/16 1080 -
#
# ///////////////////////////////////////////////////////////////////////////////////
#               DHost/Net               DPort   DProxyip        DProxyPort SocksVer
#
#       proxy   0.0.0.0/0               -       1.1.1.1         -          -

#
# SECTION       <dump>
# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
#
#  TAG: dump
#
#       dump host/network, port, s/d (s=source d=destination), dump mode (r=rx, t=tx, b=rx+tx)
#
#       Some examples:
#
#       Dump traffic for 172.30.1.0 network on port 1521:
#
#       if authentication is request, downstream socks server have to  check it;
#       if resolution is request, downstream socks server does it before proxying
#       the request toward the upstream socks server.
#               dump 172.30.1.0/24 1521 d b
#
# ///////////////////////////////////////////////////////////////////////////////////
#              DHost/Net               DPort   Dir      Dump mode (r=rx,t=tx,b=rx+tx)
#
#       dump   0.0.0.0/0               -       d        t

#
# SECTION       <access control="">
# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
#
#  TAG: permit/deny
#       permit/deny src auth flag, host/network, src port, dst host/network, dst port, 
#       fixup, group, bandwidth (from 256 bytes per second to 2147483647), expdate
#
#       Some examples:
#
#       FTP Control + Passive Mode
#               permit - 0.0.0.0/0 - 172.0.0.0/8 21 - - - -
#
#       FTP DATA Active Mode
#               permit - 0.0.0.0/0      - 172.0.0.0/8   21      - - - -
#               permit - 172.0.0.0/8    - 0.0.0.0/0     -       - - - -
#
#       Query DNS
#               permit - 0.0.0.0/0 - 172.30.0.1/32 53 - - - -
#
#       Http + fixup
#               permit - 0.0.0.0/0 - www.example.com 80 http - - -
#
#       Http + fixup + profile + bandwidth (bytes x second)
#               permit - 0.0.0.0/0 - www.example.com 80 http admin 10240 -
#
#       Sftp + profile + bandwidth (bytes x second)
#               permit - 0.0.0.0/0 - sftp.example.com 22 - developer 102400 -
#
#       Http + fixup 
#               permit - 0.0.0.0/0 - web.example.com 80 - - - -
#
#       Http + fixup + user autentication required with expiration date to 31/12/2006
#               permit u 0.0.0.0/0 - web.example.com 80 - - - 31-12-2006
#
#       Deny all connection to web.example.com
#               deny - 0.0.0.0/0 - web.example.com - - - - -
#
#
# /////////////////////////////////////////////////////////////////////////////////////////////////
#      Auth     SHost           SPort   DHost           DPort   Fixup   Group   Band    ExpDate
#
#permit -       0.0.0.0/0       -       0.0.0.0/0       -       -       -       -       -       
 permit u       0.0.0.0/0       -       0.0.0.0/0       -       -       -       -       -


#
# SECTION       <profiling>
# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
# 
#       1) File profiling:
#
#       ss5 look for a file name specified in permit line in the /etc/ss5 directory. 
#       This file must contain user members. File profiling is the default option.
#
#       2) Ldap profiling:
#
#       ldap_profile_ip         (directory internet address) 
#       ldap_profile_port       (directory port) 
#       ldap_profile_base       (ss5 replaces % with "group specified in permit line"
#                               if SS5LDAP_BASE if specified, otherwise if 
#                               SS5LDAP_FILTER is specified,  it uses base and search
#                               for group as attribute in user entry; see examples)
#       ldap_profile_filter     (ss5 uses filter for search operation)
#       ldap_profile_dn         (directory manager or another user authorized to 
#                               query the directory)
#       ldap_profile_pass       ("dn" password)
#       ldap_netbios_domain     (If SS5_NETBIOS_DOMAIN option is set, ss5 map netbios 
#                                domain user in authentication request with his configured 
#                                directory sever. Otherwise no match is done and 
#                                directory are contacted in order of configuration)
#
#       3) Mysql profiling:
#
#       mysql_profile_ip        (mysql server internet address) 
#       mysql_profile_db        (mysql db )
#       mysql_profile_user      (mysql username )
#       mysql_profile_pass      (mysql password )
#       mysql_profile_sqlstring (sql base string for query. DEFAULT 'SELECT uname FROM grp WHERE gname like' )
#
#       Some examples:
#
#       Directory configuration for ldap profiling with SS5_LDAP_BASE option:
#       in this case, ss5 look for attribute uid="username" with base ou="group",
#       dc=example,dc=com where group is specified in permit line as 
#       "permit - - - - - group - -
#
#       Note: in this case, attribute value is not userd
#
#               ldap_profile_ip        10.10.10.1
#               ldap_profile_port      389
#               ldap_profile_base      ou=%,dc=example,dc=com
#               ldap_profile_filter    uid
#               ldap_profile_attribute gid
#               ldap_profile_dn        cn=root,dc=example,dc=com
#               ldap_profile_pass      secret
#               ldap_netbios_domain    dir 
#
#       Directory configuration for ldap profiling with SS5_LDAP_FILTER option:
#       in this case, ss5 look for attributes uid="username" & "gid=group" with 
#       base dc=example,dc=com where group is specified in permit line as 
#       "permit - - - - - group - -
#
#       Note: you can also use a base like "ou=%,dc=example,dc=com", where % 
#       will be replace with "group".
#
#               ldap_profile_ip        10.10.10.1
#               ldap_profile_port      389
#               ldap_profile_base      ou=Users,dc=example,dc=com
#               ldap_profile_filter    uid
#               ldap_profile_attribute gecos
#               ldap_profile_dn        cn=root,dc=example,dc=com
#               ldap_profile_pass      secret
#               ldap_domain_domain     dir 
#
#       Sample OpenLdap log:
#       conn=304 op=0 BIND dn="cn=root,dc=example,dc=com" mech=simple ssf=0
#       conn=304 op=0 RESULT tag=97 err=0 text=
#       conn=304 op=1 SRCH base="ou=Users,dc=example,dc=com" scope=1 filter="(&(uid=usr1)(gecos=Users))"
#       conn=304 op=1 SRCH attr=gecos
#
#       where ldap entry is:
#       dn: uid=usr1,ou=Users,dc=example,dc=com
#       uid: usr1
#       cn: usr1
#       objectClass: account
#       objectClass: posixAccount
#       objectClass: top
#       userPassword:: dXNyMQ==
#       loginShell: /bin/bash
#       homeDirectory: /home/usr1
#       uidNumber: 1
#       gidNumber: 1
#       gecos: Users

#
# SECTION       <server balance="">
# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
# 
#  TAG: virtual
#
#       virtual virtual identification (vid), real ip server
#
#       Some examples:
#
#       Two vip balancing on three real server each one
#               virtual 1 172.30.1.1
#               virtual 1 172.30.1.2
#               virtual 1 172.30.1.3
#
#               virtual 2 172.30.1.6
#               virtual 2 172.30.1.7
#               virtual 2 172.30.1.8
#
#       Note: Server balancing only works with -t option, (threaded mode) and ONLY 
#       with "connect" operation.
#
# ///////////////////////////////////////////////////////////////////////////////////
#       Vid     Real ip
#
#vitual -       -

ss5.passwd

用户名和密码之间用空格隔开;多个账户时另起一行

zyy %UihU^32p%h8bfaioWR58CWBc
test sljdf232l3jlsdf0612uoilk

启动容器

docker-compose up -d
上一篇:OpenLDAP安装及可视化部署


下一篇:【译】Clickhouse与LDAP集成(二)