All apps · 0 apps
binhex-privoxyvpn
Docker app from Binhex's Repository
Overview
Readme
View on GitHubApplication
Description
Privoxy is a free non-caching web proxy with filtering capabilities for enhancing privacy, manipulating cookies and modifying web page data and HTTP headers before the page is rendered by the browser. Privoxy is a "privacy enhancing proxy", filtering web pages and removing advertisements. Privoxy can be customized by users, for both stand-alone systems and multi-user networks. Privoxy can be chained to other proxies and is frequently used in combination with Squid and can be used to bypass Internet censorship.
microsocks is a SOCKS5 service that you can run on your remote boxes to tunnel connections through them, if for some reason SSH doesn't cut it for you. It's very lightweight, and very light on resources too: for every client, a thread with a stack size of 8KB is spawned. the main process basically doesn't consume any resources at all. The only limits are the amount of file descriptors and the RAM.
This Docker includes OpenVPN and WireGuard to ensure a secure and private connection to the Internet, including use of iptables to prevent IP leakage when the tunnel is down.
Build notes
Latest stable Privoxy release from Arch Linux repo.
Latest stable microsocks release from GitHub.
Latest stable OpenVPN release from Arch Linux repo.
Latest stable WireGuard release from Arch Linux repo.
Usage
docker run -d \
--cap-add=NET_ADMIN \
-p 8118:8118 \
-p 9118:9118 \
-p 58946:58946 \
-p 58946:58946/udp \
--name=<container name> \
-v <path for config files>:/config \
-v /etc/localtime:/etc/localtime:ro \
-e VPN_ENABLED=<yes|no> \
-e VPN_USER=<vpn username> \
-e VPN_PASS=<vpn password> \
-e VPN_PROV=<pia|airvpn|protonvpn|custom> \
-e VPN_CLIENT=<openvpn|wireguard> \
-e VPN_OPTIONS=<additional openvpn cli options> \
-e LAN_NETWORK=<lan ipv4 network>/<cidr notation> \
-e NAME_SERVERS=<name server ip(s)> \
-e ENABLE_STARTUP_SCRIPTS=<yes|no> \
-e ENABLE_PRIVOXY=<yes|no> \
-e STRICT_PORT_FORWARD=<yes|no> \
-e USERSPACE_WIREGUARD=<yes|no> \
-e ENABLE_SOCKS=<yes|no> \
-e SOCKS_USER=<socks username> \
-e SOCKS_PASS=<socks password> \
-e VPN_INPUT_PORTS=<port number(s)> \
-e VPN_OUTPUT_PORTS=<port number(s)> \
-e DEBUG=<true|false> \
-e HEALTHCHECK_COMMAND=<command> \
-e HEALTHCHECK_ACTION=<action> \
-e HEALTHCHECK_HOSTNAME=<hostname> \
-e UMASK=<umask for created files> \
-e PUID=<uid for user> \
-e PGID=<gid for user> \
binhex/arch-privoxyvpn
Please replace all user variables in the above command defined by <> with the correct values.
Access Privoxy
http://<host ip>:8118
Access microsocks
<host ip>:9118
default credentials: admin/socks
PIA example
docker run -d \
--cap-add=NET_ADMIN \
-p 8118:8118 \
-p 9118:9118 \
-p 58946:58946 \
-p 58946:58946/udp \
--name=privoxyvpn \
-v /root/docker/config:/config \
-v /etc/localtime:/etc/localtime:ro \
-e VPN_ENABLED=yes \
-e VPN_USER=myusername \
-e VPN_PASS=mypassword \
-e VPN_PROV=pia \
-e VPN_CLIENT=openvpn \
-e LAN_NETWORK=192.168.1.0/24 \
-e NAME_SERVERS=1.1.1.1,1.0.0.1 \
-e ENABLE_STARTUP_SCRIPTS=no \
-e ENABLE_PRIVOXY=yes \
-e STRICT_PORT_FORWARD=no \
-e USERSPACE_WIREGUARD=no \
-e ENABLE_SOCKS=yes \
-e SOCKS_USER=admin \
-e SOCKS_PASS=socks \
-e VPN_INPUT_PORTS=1234 \
-e VPN_OUTPUT_PORTS=5678 \
-e DEBUG=false \
-e UMASK=000 \
-e PUID=0 \
-e PGID=0 \
binhex/arch-privoxyvpn
OpenVPN
Please note this Docker image does not include the required OpenVPN configuration file and certificates. These will typically be downloaded from your VPN providers website (look for OpenVPN configuration files), and generally are zipped.
PIA users - The URL to download the OpenVPN configuration files and certs is:-
Once you have downloaded the zip (normally a zip as they contain multiple ovpn files) then extract it to /config/openvpn/ folder (if that folder doesn't exist then start and stop the docker container to force the creation of the folder).
If there are multiple ovpn files then please delete the ones you don't want to use (normally filename follows location of the endpoint) leaving just a single ovpn file and the certificates referenced in the ovpn file (certificates will normally have a crt and/or pem extension).
WireGuard
If you wish to use WireGuard (defined via 'VPN_CLIENT' env var value ) then due to the enhanced security and kernel integration WireGuard will require the container to be defined with privileged permissions and sysctl support, so please ensure you change the following docker options:-
from
--cap-add=NET_ADMIN \
to
--sysctl="net.ipv4.conf.all.src_valid_mark=1" \
--privileged=true \
PIA users - The WireGuard configuration file will be auto generated and will
be stored in /config/wireguard/wg0.conf AFTER the first run, if you wish
to change the endpoint you are connecting to then change the Endpoint line
in the config file (default is Netherlands).
Other users - Please download your WireGuard configuration file from your
VPN provider, start and stop the container to generate the folder
/config/wireguard/ and then place your WireGuard configuration file in
there.
Notes
Due to Google and OpenDNS supporting EDNS Client Subnet it is recommended NOT to use either of these NS providers. The list of default NS providers in the above example(s) is as follows:-
1.x.x.x = Cloudflare
IMPORTANT
Please note VPN_INPUT_PORTS is NOT to define the incoming port for the
VPN, this environment variable is used to define port(s) you want to allow in to
the VPN network when network binding multiple containers together, configuring
this incorrectly with the VPN provider assigned incoming port COULD result in IP
leakage, you have been warned!.
User ID (PUID) and Group ID (PGID) can be found by issuing the following command for the user you want to run the container as:-
id <username>
If you appreciate my work, then please consider buying me a beer :D
Install binhex-privoxyvpn on Unraid in a few clicks.
Find binhex-privoxyvpn in Community Apps on your Unraid server, review the template, and click Install. Unraid handles the Docker app or plugin setup from the published template.
Categories
Download Statistics
Total Downloads Over Time
Related apps
Explore more like this
Explore allDetails
ghcr.io/binhex/arch-privoxyvpnRuntime arguments
- Web UI
http://config.privoxy.org/- Network
bridge- Shell
bash- Privileged
- true
- Extra Params
--sysctl="net.ipv4.conf.all.src_valid_mark=1"
Template configuration
This is the port for Privoxy application - HTTPS proxy server.
- Target
- 8118
- Default
- 8118
This is the port for microsocks application - Socks5 proxy server.
- Target
- 9118
- Default
- 9118
This is the TCP incoming port when VPN_ENABLED is set to 'no'.
- Target
- 58946
- Default
- 58946
This is the UDP incoming port when VPN_ENABLED is set to 'no'.
- Target
- 58946
- Default
- 58946
This is the container path to your configuration files, e.g. databases, configuration files, logs etc.
- Target
- /config
- Default
- /mnt/user/appdata/privoxyvpn
Specify whether to enable the VPN.
- Target
- VPN_ENABLED
- Default
- yes|no
Specify your VPN providers username.
- Target
- VPN_USER
Specify your VPN providers password.
- Target
- VPN_PASS
Specify your VPN providers password.
- Target
- VPN_PROV
- Default
- pia|airvpn|protonvpn|custom
Specify either Wireguard or OpenVPN.
- Target
- VPN_CLIENT
- Default
- openvpn|wireguard
Advanced OpenVPN options, do not specify unless you know what you are doing.
- Target
- VPN_OPTIONS
Specify whether to only permit connection to port forward enable endpoints - only takes effect for VPN providers PIA and ProtonVPN.
- Target
- STRICT_PORT_FORWARD
- Default
- no|yes
Specify whether to run Privoxy - HTTPS proxy server.
- Target
- ENABLE_PRIVOXY
- Default
- yes|no
Advanced option, used to enable the running of an arbitary script before the VPN tunnel is established.
- Target
- ENABLE_STARTUP_SCRIPTS
- Default
- no|yes
Specify whether to use slower userspace Wireguard implementation.
- Target
- USERSPACE_WIREGUARD
- Default
- no|yes
Specify whether to run microsocks - Socks5 proxy server.
- Target
- ENABLE_SOCKS
- Default
- no|yes
Specify the socks (microsocks) username.
- Target
- SOCKS_USER
- Default
- admin
Specify the socks (microsocks) password.
- Target
- SOCKS_PASS
- Default
- socks
Specify your internal network in CIDR format.
- Target
- LAN_NETWORK
- Default
- 192.168.1.0/24
Specify the Name Servers used to perform lookups inside the container.
- Target
- NAME_SERVERS
- Default
- 1.1.1.1,1.0.0.1
Specify any inbound ports for the VPN network.
- Target
- VPN_INPUT_PORTS
SSpecify any outbound ports for the VPN network.
- Target
- VPN_OUTPUT_PORTS
Specify whether you want to enable debug logging, useful when diagnosing startup issues.
- Target
- DEBUG
- Default
- false|true
Enable or disable healthchecks.
- Target
- ENABLE_HEALTHCHECK
- Default
- yes|no
The command or script to execute, if not specified then the script healthcheck.sh will be used (process, dns and https checking).
- Target
- HEALTHCHECK_COMMAND
The action to execute if the healthcheck command returns a non zero exit code, if not specified the action will be 'exit 1', if you want the container to exit on failure then set the action to 'kill 1'.
- Target
- HEALTHCHECK_ACTION
The hostname used when performing HTTPS and DNS healthchecking.
- Target
- HEALTHCHECK_HOSTNAME
- Default
- google.com
User ID for the running container.
- Target
- PUID
- Default
- 99
Group ID for the running container.
- Target
- PGID
- Default
- 100
UMASK for the running container.
- Target
- UMASK
- Default
- 000
