Corresponding Archivebox issue ArchiveBox/ArchiveBox#249
I cannot use Wireguard because I cannot setup it on my VPS. i decided to use https://hub.docker.com/r/ncarlier/redsocks/ However, by default it generates redsocks config with unauthenticated http\https proxy, for SOCKS5 it must be modified.
docker network create --opt com.docker.network.bridge.name=archivebox -d bridge archivebox
- Update attached redsocks.tmpl file with proxy information. It's a slightly modified version from https://hub.docker.com/r/ncarlier/redsocks/
- Host and port will be ignored - I hardcoded them in my config, but ${proxy_ip} and ${proxy_port} can be used instead.
- Command below must use full path for redsocks.tmpl file - binging like -v ./redsocks.tmpl:... don't work on Docker 19.03.
- Redsocks also ignore traffic for private networks (see https://github.com/ncarlier/dockerfiles/blob/master/redsocks/whitelist.txt) It's possible to run archivebox web, which will fetch pages through proxy but access it from local network without proxy. AFAIK this won't work with wireguard solution.
docker run -e "DOCKER_NET=archivebox" --name=archivebox_redsocks \
-v <full path>/redsocks.tmpl:/etc/redsocks.tmpl \
--privileged=true --net=host -d ncarlier/redsocks 1.1.1.1 9000
Both commands must return IP address of SOCKS5 proxy, not IP of the server
docker run -it --network=archivebox curlimages/curl:latest curl https://ifcfg.co
docker run -it --network=archivebox curlimages/curl:latest curl http://ifcfg.co
// init data folder
docker run -it -v <full_path>/data:/data nikisweeting/archivebox init
// creating superuser
docker run -it -v <full_path>/data:/data nikisweeting/archivebox manage createsuperuser
// import url
ONLY_NEW=False USE_COLOR=True SHOW_PROGRESS=False docker run -it \
--network=archivebox -v <full_path>/data:/data nikisweeting/archivebox add <url>
// serve web to local IPs, import urls added via UI with proxy
docker run -d -p 9001:9001 --network=archivebox --name=archivebox_web \
-v <full_path>/data:/data nikisweeting/archivebox server 0.0.0.0:9001
- Redsocks container adds new chain REDSOCKS to iptables. Without fixing it's name, it's not possible to run multiple networking containers.
- Better solution will be to build new redsocks container and pass socks5, host, port, user and password as arguments instead of host\port.
- disclose_src in redsocks config don't work, redsocks from container don't start.
- Redsocks logs Most of the problems I had with this setup was caused by broken redsocks config or it's not working. Command below must show "main.c:152 main(...) redsocks started" or nothing will work.
docker logs archivebox_redsocks
- Iptables rules
sudo iptables-save | grep REDSOCKS
- Cleanup iptables rules Either stop docker container (will remove extra rules on shutdown) or run
iptables-save | grep -v REDSOCKS | iptables-restore