├── .gitignore
├── README.md
├── docker-compose.yml
├── entry.sh
└── sockd.conf


/.gitignore:
--------------------------------------------------------------------------------
1 | wgcf/
2 | dante/


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # wgcf-socks-docker
 2 | 
 3 | a docker compose file for wgcf-socks
 4 | 
 5 | ## Usage
 6 | 
 7 | ```bash
 8 | # use root
 9 | git clone https://github.com/lautumn1990/wgcf-socks-docker
10 | cd wgcf-socks-docker
11 | 
12 | # If you want to use Xray to replace Dante to expose the SOCKS5 port.
13 | # git checkout xray
14 | 
15 | docker-compose up -d
16 | 
17 | # check and test
18 | curl --proxy socks5h://127.0.0.1:1080 https://www.cloudflare.com/cdn-cgi/trace
19 | ```
20 | 
21 | custom license and endpoint
22 | 
23 | ```bash
24 | # if you have warp license key
25 | mkdir wgcf
26 | echo "your_key" > wgcf/custom-wgcf-license.conf
27 | 
28 | # like 
29 | # echo "3KOY1u56-pf2S09g7-xxxxxxx" > wgcf/custom-wgcf-license.conf
30 | 
31 | 
32 | # if you have a custom endpoint
33 | echo "your_endpoint" > wgcf/custom-wgcf-endpoint.conf
34 | 
35 | # like
36 | # echo "162.159.195.168:5279" > wgcf/custom-wgcf-endpoint.conf
37 | 
38 | ```
39 | 
40 | ## reference
41 | 
42 | - [Neilpang/wgcf-docker](https://github.com/Neilpang/wgcf-docker)
43 | - [Mon-ius/Docker-Warp-Socks](https://github.com/Mon-ius/Docker-Warp-Socks)
44 | - [vimagick/dante](https://hub.docker.com/r/vimagick/dante/)
45 | - [shturman/dante](https://hub.docker.com/r/shturman/dante)


--------------------------------------------------------------------------------
/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | version: "3"
 2 | services:
 3 |   wgcf:
 4 |     image: neilpang/wgcf-docker:latest
 5 |     volumes:
 6 |       - ./wgcf:/wgcf
 7 |       - /lib/modules:/lib/modules
 8 |       - ./entry.sh:/entry.sh
 9 |       - /etc/localtime:/etc/localtime:ro
10 |     privileged: true
11 |     sysctls:
12 |       net.ipv6.conf.all.disable_ipv6: 0
13 |     cap_add:
14 |       - NET_ADMIN
15 |     ports:
16 |       - "1080:1080"
17 |     restart: always
18 |     healthcheck:
19 |       test: curl -fs https://www.cloudflare.com/cdn-cgi/trace | grep -q -E 'warp=(on|plus)' && exit 0 || exit 1
20 |       interval: 5s
21 |       timeout: 2s
22 |       retries: 10
23 | 
24 |   dante:
25 |     image: shturman/dante:1.4.2
26 |     volumes:
27 |       - ./sockd.conf:/etc/sockd.conf
28 |       - /etc/localtime:/etc/localtime:ro
29 |     restart: always
30 |     environment:
31 |       - CFGFILE=/etc/sockd.conf
32 |     network_mode: "service:wgcf"
33 |     depends_on:
34 |       wgcf: 
35 |         condition: service_healthy
36 | 
37 |   test:
38 |     image: curlimages/curl
39 |     network_mode: "service:wgcf"
40 |     depends_on:
41 |       wgcf: 
42 |         condition: service_healthy
43 |     command: curl ipinfo.io
44 | 


--------------------------------------------------------------------------------
/entry.sh:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env bash
  2 | 
  3 | set -e
  4 | 
  5 | 
  6 | _downwgcf() {
  7 |   echo
  8 |   echo "clean up"
  9 |   if ! wg-quick down wgcf; then
 10 |     echo "error down"
 11 |   fi
 12 |   echo "clean up done"
 13 |   exit 0
 14 | }
 15 | 
 16 | 
 17 | 
 18 | #-4|-6
 19 | runwgcf() {
 20 |   trap '_downwgcf' ERR TERM INT
 21 | 
 22 |   _enableV4="1"
 23 |   if [ "$1" = "-6" ]; then
 24 |     _enableV4=""
 25 |   fi
 26 | 
 27 | 
 28 |   if [ ! -e "wgcf-account.toml" ]; then
 29 |     wgcf register --accept-tos
 30 |   fi
 31 | 
 32 |   if [ -e "custom-wgcf-license.conf" ]; then
 33 |     _license_key=`cat custom-wgcf-license.conf`
 34 |     _old_license_key=`awk -F "['']" '/license_key/{print $2}' wgcf-account.toml`
 35 |     if [ "$_license_key" != "$_old_license_key" ]; then
 36 |       echo 'updating license key'
 37 |       sed -i "s/license_key.*$/license_key = '${_license_key}'/" wgcf-account.toml
 38 |       wgcf update
 39 |     fi
 40 |   fi
 41 | 
 42 |   if [ ! -e "wgcf-profile.conf" ]; then
 43 |     wgcf generate
 44 |   else
 45 |     _account_file_private_key=`awk -F "['']" '/private_key/{print $2}' wgcf-account.toml`
 46 |     _profile_file_private_key=`awk -F " = " '/PrivateKey/{print $2}' wgcf-profile.conf`
 47 |     if [ "$_account_file_private_key" != "$_profile_file_private_key" ]; then
 48 |       echo 're generate profile'
 49 |       wgcf generate
 50 |     fi
 51 |   fi
 52 | 
 53 |   if [ -e "custom-wgcf-endpoint.conf" ]; then
 54 |     _endpoint=`cat custom-wgcf-endpoint.conf`
 55 |     sed -i "s/Endpoint.*$/Endpoint = ${_endpoint}/" wgcf-profile.conf
 56 |   fi
 57 |   
 58 |   cp wgcf-profile.conf /etc/wireguard/wgcf.conf
 59 | 
 60 |   DEFAULT_GATEWAY_NETWORK_CARD_NAME=`route  | grep default  | awk '{print $8}' | head -1`
 61 |   DEFAULT_ROUTE_IP=`ifconfig $DEFAULT_GATEWAY_NETWORK_CARD_NAME | grep "inet " | awk '{print $2}' | sed "s/addr://"`
 62 |   
 63 |   echo ${DEFAULT_GATEWAY_NETWORK_CARD_NAME}
 64 |   echo ${DEFAULT_ROUTE_IP}
 65 |   
 66 |   sed -i "/\[Interface\]/a PostDown = ip rule delete from $DEFAULT_ROUTE_IP  lookup main" /etc/wireguard/wgcf.conf
 67 |   sed -i "/\[Interface\]/a PostUp = ip rule add from $DEFAULT_ROUTE_IP lookup main" /etc/wireguard/wgcf.conf
 68 | 
 69 |   if [ "$1" = "-6" ]; then
 70 |     sed -i 's/AllowedIPs = 0.0.0.0/#AllowedIPs = 0.0.0.0/' /etc/wireguard/wgcf.conf
 71 |   elif [ "$1" = "-4" ]; then
 72 |     sed -i 's/AllowedIPs = ::/#AllowedIPs = ::/' /etc/wireguard/wgcf.conf
 73 |   fi
 74 | 
 75 | 
 76 |   modprobe ip6table_raw
 77 |   
 78 |   wg-quick up wgcf
 79 |   
 80 |   if [ "$_enableV4" ]; then
 81 |     _checkV4
 82 |   else
 83 |     _checkV6
 84 |   fi
 85 | 
 86 |   echo 
 87 |   echo 
 88 |   echo "wgcf status"
 89 |   wgcf status
 90 | 
 91 |   echo 
 92 |   echo "OK, wgcf is up."
 93 |   
 94 | 
 95 |   sleep infinity & wait
 96 |   
 97 |   
 98 | }
 99 | 
100 | _checkV4() {
101 |   echo "Checking network status, please wait...."
102 |   while ! curl --max-time 2  ipinfo.io; do
103 |     wg-quick down wgcf
104 |     echo "Sleep 2 and retry again."
105 |     sleep 2
106 |     wg-quick up wgcf
107 |   done
108 | 
109 | 
110 | }
111 | 
112 | _checkV6() {
113 |   echo "Checking network status, please wait...."
114 |   while ! curl --max-time 2 -6 ipv6.google.com; do
115 |     wg-quick down wgcf
116 |     echo "Sleep 2 and retry again."
117 |     sleep 2
118 |     wg-quick up wgcf
119 |   done
120 | 
121 | 
122 | }
123 | 
124 | 
125 | 
126 | if [ -z "$@" ] || [[ "$1" = -* ]]; then
127 |   runwgcf "$@"
128 | else
129 |   exec "$@"
130 | fi
131 | 
132 | 
133 | 


--------------------------------------------------------------------------------
/sockd.conf:
--------------------------------------------------------------------------------
 1 | debug: 0
 2 | logoutput: stderr
 3 | internal: 0.0.0.0 port = 1080
 4 | external: wgcf
 5 | socksmethod: username none
 6 | clientmethod: none
 7 | user.privileged: root
 8 | user.unprivileged: nobody
 9 | 
10 | client pass {
11 |     from: 0.0.0.0/0 port 1-65535 to: 0.0.0.0/0
12 |     log: error
13 | }
14 | 
15 | socks pass {
16 |     from: 0.0.0.0/0 to: 0.0.0.0/0
17 |     #socksmethod: username
18 |     log: error
19 | }


--------------------------------------------------------------------------------