refactor: hardcode ports, remove WARP_MODE, add socat expose, simplify logs

techroy23 · techroy23 · commit 6b8d8ae4acf8 · 2026-06-06T19:41:52.000+08:00
- Remove WARP_PORT/REDSOCKS_PORT env vars, hardcode 40000/50000
- Remove WARP_MODE env var, always use proxy mode
- Add func_expose_warp: socat binds 0.0.0.0:40001 -&gt; 127.0.0.1:40000
- Rephrase all log messages to be beginner-friendly
- Install socat in both Dockerfiles
- Normalize tabs to spaces
diff --git a/Dockerfile.alpine b/Dockerfile.alpine
@@ -1,20 +1,23 @@
 FROM alpine:latest
 
-ENV WARP_MODE=proxy
 
 RUN apk update && apk add --no-cache \
     curl \
-	gnupg \
-	lsb-release \
-	ca-certificates \
+    gnupg \
+    lsb-release \
+    ca-certificates \
     iproute2 \
-	dbus \
-	procps \
-	net-tools \
-	iptables \
+    dbus \
+    procps \
+    net-tools \
+    iptables \
     redsocks \
-	dos2unix \
-	binutils \
+    dos2unix \
+    coreutils \
+    socat \
+    && rm -rf /var/cache/apk/*
+
+RUN apk add --no-cache binutils \
     && WARP_DEB_URL=$( \
          curl -fsSL "https://pkg.cloudflareclient.com/dists/noble/main/binary-amd64/Packages.gz" \
          | gunzip | grep -m1 '^Filename: ' | awk '{print $2}' \
@@ -23,8 +26,7 @@ RUN apk update && apk add --no-cache \
     && mkdir -p /tmp/warp-extract && cd /tmp/warp-extract \
     && ar x /tmp/warp.deb && tar xf data.tar.* -C / \
     && rm -rf /tmp/warp* \
-    && apk del binutils \
-    && rm -rf /var/cache/apk/*
+    && apk del binutils
 
 WORKDIR /app
 COPY *.sh /app/
diff --git a/Dockerfile.ubuntu b/Dockerfile.ubuntu
@@ -1,6 +1,5 @@
 FROM ubuntu:24.04
 
-ENV WARP_MODE=proxy
 
 RUN apt-get update && apt-get install -y \
     curl \
@@ -14,6 +13,8 @@ RUN apt-get update && apt-get install -y \
     iptables \
     redsocks \
     dos2unix \
+    coreutils \
+    socat \
     && rm -rf /var/lib/apt/lists/*
 
 RUN curl -fsSL https://pkg.cloudflareclient.com/pubkey.gpg | gpg --yes --dearmor --output /usr/share/keyrings/cloudflare-warp-archive-keyring.gpg \
diff --git a/README.md b/README.md
@@ -1,30 +1,29 @@
 # Docker-Warp-Redsocks
 
-Docker base image that runs any application behind a transparent proxy stack — Cloudflare WARP + Redsocks + iptables.
+Docker base image that routes all outbound traffic through Cloudflare WARP via a transparent proxy stack.
 
 ## Variants
 
-| Image | Base | Size |
-|-------|------|------|
-| `ghcr.io/techroy23/docker-warp-redsocks:alpine` | Alpine Linux | Lightweight |
-| `ghcr.io/techroy23/docker-warp-redsocks:ubuntu` | Ubuntu 24.04 | Heavier, official WARP deb |
+| Image | Base |
+|-------|------|
+| `ghcr.io/techroy23/docker-warp-redsocks:alpine` | Alpine Linux |
+| `ghcr.io/techroy23/docker-warp-redsocks:ubuntu` | Ubuntu 24.04 |
 
 ## How it works
 
-1. WARP client starts, exposes a SOCKS5 proxy on port `40000`
-2. Redsocks listens on port `50000`, forwarding all TCP to WARP's SOCKS5
-3. iptables `OUTPUT` chain redirects all outbound TCP traffic (except localhost, DNS, proxy ports) to Redsocks
-4. A monitor loop checks connectivity every 3 minutes, restarts the stack on 3 consecutive failures
-5. Ready signal: `/tmp/redsocks.ready` is created once the proxy is verified working
+1. Cloudflare WARP starts and binds a SOCKS5 proxy to `127.0.0.1:40000`
+2. Socat opens `0.0.0.0:40001` so external hosts can also use WARP as a SOCKS5 proxy
+3. Redsocks listens on `127.0.0.1:50000` and forwards all traffic to WARP's SOCKS5
+4. iptables `OUTPUT` chain redirects all outbound TCP (except localhost, DNS, and proxy ports) to Redsocks
+5. A monitor loop checks connectivity every 3 minutes and restarts the stack after 3 consecutive failures
+6. Ready signal: `/tmp/redsocks.ready` is created once everything is verified working
 
 ## Usage
 
 ### 1. Import in your Dockerfile
 
 ```dockerfile
 FROM ghcr.io/techroy23/docker-warp-redsocks:alpine
-# or
-# FROM ghcr.io/techroy23/docker-warp-redsocks:ubuntu
 
 COPY . /app
 ```
@@ -58,20 +57,10 @@ exec ./your_program
 
 | Variable | Default | Description |
 |----------|---------|-------------|
-| `WARP_PORT` | `40000` | WARP SOCKS5 proxy port |
-| `REDSOCKS_PORT` | `50000` | Redsocks transparent proxy port |
-| `WARP_MODE` | `proxy` | WARP mode: `proxy`, `warp`, or `gateway` |
 | `SHOW_LOGS` | `false` | Show Redsocks logs on stderr |
 
 ```bash
-# Warp mode
-docker run -e WARP_MODE=warp yourimage
-
-# Show debug logs
 docker run -e SHOW_LOGS=true yourimage
-
-# Custom ports
-docker run -e WARP_PORT=40001 -e REDSOCKS_PORT=50001 yourimage
 ```
 
 ## Requirements
diff --git a/__setup_proxy.sh b/__setup_proxy.sh
@@ -1,9 +1,6 @@
 #!/bin/bash
 set -e
 
-WARP_PORT="${WARP_PORT:-40000}"
-REDSOCKS_PORT="${REDSOCKS_PORT:-50000}"
-WARP_MODE="${WARP_MODE:-proxy}"
 SHOW_LOGS="$(echo "${SHOW_LOGS:-false}" | tr '[:upper:]' '[:lower:]')"
 
 log() {
@@ -12,68 +9,67 @@ log() {
 
 func_net_admin() {
     if ! iptables -L >/dev/null 2>&1; then
-        log "[ERROR] iptables not usable. Missing NET_ADMIN/NET_RAW or root privileges."
-        log "[INFO] Run container with: --cap-add=NET_ADMIN --cap-add=NET_RAW --sysctl net.ipv4.ip_forward=1"
+        log "[ERROR] Cannot use iptables — missing required permissions."
+        log "[INFO] Fix: add --cap-add=NET_ADMIN --cap-add=NET_RAW --sysctl net.ipv4.ip_forward=1 to your docker run command"
         exit 1
     fi
 }
 
 func_start_warp() {
-    log "[INFO] Starting Cloudflare WARP in ${WARP_MODE} mode..."
+    log "[INFO] Starting Cloudflare WARP in proxy mode..."
 
-	log "[CMD] rm -rf /var/lib/cloudflare-warp/* 2>/dev/null || true"
+    log "[STOP] Clearing old WARP data..."
     rm -rf /var/lib/cloudflare-warp/* 2>/dev/null || true
     sleep 2
 
+    log "[START] Starting message bus (dbus)..."
     mkdir -p /run/dbus
-	log "[CMD] dbus-daemon --system --fork >/dev/null 2>&1 &"
     dbus-daemon --system --fork >/dev/null 2>&1 &
     sleep 2
 
-	log "[CMD] warp-svc >/dev/null 2>&1 &"
+    log "[START] Starting WARP service..."
     warp-svc >/dev/null 2>&1 &
     sleep 2
 
-	log "[CMD] warp-cli --accept-tos registration new"
-    warp-cli --accept-tos registration new
+    log "[WARP] Registering your device with Cloudflare..."
+    warp-cli --accept-tos registration new || true
     sleep 2
 
-	log "[CMD] echo y | warp-cli --accept-tos connect"
-	echo y | warp-cli --accept-tos connect
-	sleep 2
-	
-	log "[CMD] warp-cli --accept-tos connect"
-	warp-cli --accept-tos connect
-	sleep 2
-
-	log "[CMD] warp-cli --accept-tos mode ${WARP_MODE}"
-    warp-cli --accept-tos mode ${WARP_MODE}
-	sleep 2
-	
-	log "[CMD] warp-cli --accept-tos proxy port ${WARP_PORT}"
-    warp-cli --accept-tos proxy port "${WARP_PORT}"
+    log "[WARP] Connecting (first attempt)..."
+    echo y | warp-cli --accept-tos connect || true
     sleep 2
 
-	log "[CMD] warp-cli --accept-tos status"
-    warp-cli --accept-tos status
-	sleep 5
-	
-	log "[CMD] netstat -lntup | grep 40000"
-	netstat -lntup | grep 40000
-	log "[CMD] curl -s --socks5 127.0.0.1:40000 https://www.cloudflare.com/cdn-cgi/trace | grep warp"
-	curl -s --socks5 127.0.0.1:40000 https://www.cloudflare.com/cdn-cgi/trace | grep warp
+    log "[WARP] Connecting (second attempt)..."
+    warp-cli --accept-tos connect || true
+    sleep 2
+
+    log "[WARP] Setting mode to proxy..."
+    warp-cli --accept-tos mode proxy || true
+    sleep 2
+
+    log "[WARP] Setting proxy port to 40000..."
+    warp-cli --accept-tos proxy port "40000" || true
+    sleep 2
+
+    log "[WARP] Checking connection status..."
+    warp-cli --accept-tos status || true
+    sleep 5
+
+    log "[CHECK] Verifying WARP is listening on port 40000..."
+    netstat -lntup | grep 40000
+    log "[CHECK] Testing WARP proxy through Cloudflare..."
+    curl -s --socks5 127.0.0.1:40000 https://www.cloudflare.com/cdn-cgi/trace | grep warp
 }
 
 func_check_warp() {
     while true; do
         sleep 10
-        checker=$(printf "%s\n" $CHECKERS | shuf -n1)
-        resp=$(curl -L --max-redirs 10 --socks5 127.0.0.1:${WARP_PORT} -s --max-time 30 "https://www.cloudflare.com/cdn-cgi/trace" 2>/dev/null | tr -d '\n\r' || true)
+        resp=$(curl -L --max-redirs 10 --socks5 127.0.0.1:40000 -s --max-time 30 "https://www.cloudflare.com/cdn-cgi/trace" 2>/dev/null | tr -d '\n\r' || true)
         if echo "$resp" | grep -qi "warp=on"; then
-            log "[INFO] WARP proxy is working: $resp"
+            log "[OK] WARP proxy is working! Traffic is going through Cloudflare."
             return 0
         else
-            log "[WARN] WARP proxy not ready, retrying..."
+            log "[WAIT] WARP proxy not ready yet, checking again in 10 seconds..."
         fi
     done
 }
@@ -89,41 +85,48 @@ base {
 }
 redsocks {
     local_ip = 127.0.0.1;
-    local_port = ${REDSOCKS_PORT};
+    local_port = 50000;
     ip = 127.0.0.1;
-    port = ${WARP_PORT};
+    port = 40000;
     type = socks5;
 }
 EOF
     if [ "$SHOW_LOGS" = "true" ]; then
         cat /etc/redsocks.conf
     fi
-    log "[INFO] Redsocks config written"
+    log "[OK] Redsocks configuration saved to /etc/redsocks.conf"
 }
 
 setup_iptables() {
     iptables -t nat -F
     iptables -t nat -A OUTPUT -p tcp -d 127.0.0.1 -j RETURN
     iptables -t nat -A OUTPUT -p tcp --dport 53 -j RETURN
-    iptables -t nat -A OUTPUT -p tcp --dport ${REDSOCKS_PORT} -j RETURN
-    iptables -t nat -A OUTPUT -p tcp --dport ${WARP_PORT} -j RETURN
+    iptables -t nat -A OUTPUT -p tcp --dport 50000 -j RETURN
+    iptables -t nat -A OUTPUT -p tcp --dport 40000 -j RETURN
     iptables -t nat -A OUTPUT -p udp -d 127.0.0.1 -j RETURN
     iptables -t nat -A OUTPUT -p udp --dport 53 -j RETURN
-    iptables -t nat -A OUTPUT -p udp --dport ${REDSOCKS_PORT} -j RETURN
-    iptables -t nat -A OUTPUT -p udp --dport ${WARP_PORT} -j RETURN
-    iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-ports ${REDSOCKS_PORT}
-    log "[INFO] iptables rules applied"
+    iptables -t nat -A OUTPUT -p udp --dport 50000 -j RETURN
+    iptables -t nat -A OUTPUT -p udp --dport 40000 -j RETURN
+    iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-ports 50000
+    log "[OK] iptables rules applied — all outbound traffic will go through WARP"
+}
+
+func_expose_warp() {
+    log "[EXPOSE] Opening WARP SOCKS5 on 0.0.0.0:40001 for external access..."
+    socat TCP-LISTEN:40001,fork,reuseaddr TCP:127.0.0.1:40000 &
+    log "[OK] WARP SOCKS5 now available at 0.0.0.0:40001"
 }
 
 func_set_proxy() {
-    log "[INFO] Initializing WARP + Redsocks proxy stack..."
+    log "[START] Setting up full proxy stack (WARP + Redsocks + iptables)..."
 
     pkill -f warp-svc || true
     pkill -f warp-cli || true
     sleep 2
 
     func_start_warp
     func_check_warp
+    func_expose_warp
     setup_redsocks
     setup_iptables
 
@@ -138,21 +141,22 @@ func_set_proxy() {
     checker=$(printf "%s\n" $CHECKERS | shuf -n1)
     resp=$(curl -L --max-redirs 10 -s --max-time 30 "https://${checker}" || true)
     if [ -n "$resp" ]; then
-        log "[INFO] Global proxy via redsocks is working: $resp (via $checker)"
+        log "[OK] Global proxy is working! Your IP: $resp (checked via $checker)"
         touch /tmp/redsocks.ready
         return 0
     else
-        log "[ERROR] Global proxy test failed"
+        log "[FAIL] Global proxy test failed — no internet through the proxy"
         return 1
     fi
 }
 
 func_global_monitor() {
     while true; do
-        log "[INFO] Cleaning up WARP and Redsocks..."
+        log "[RESTART] Shutting down old WARP and Redsocks processes..."
         pkill -f warp-svc || true
         pkill -f warp-cli || true
         pkill -f redsocks || true
+        pkill -f socat || true
         rm -f /tmp/redsocks.ready || true
 
         func_set_proxy || { sleep 60; continue; }
@@ -163,14 +167,14 @@ func_global_monitor() {
             checker=$(printf "%s\n" $CHECKERS | shuf -n1)
             resp=$(curl -L --max-redirs 10 -s --max-time 30 "https://${checker}" 2>/dev/null | tr -d '\n\r' || true)
             if [ -n "$resp" ]; then
-                log "[GOOD] Global monitor check OK: $resp (via $checker)"
+                log "[OK] Internet check passed — your IP: $resp (via $checker)"
                 proxy_fail_count=0
             else
                 proxy_fail_count=$((proxy_fail_count+1))
-                log "[ERROR] Proxy failure detected (consecutive fails: ${proxy_fail_count})"
+                log "[WARN] Internet check failed (${proxy_fail_count}/3 failures)"
             fi
             if [ ${proxy_fail_count} -ge 3 ]; then
-                log "[CRITICAL] Proxy failed 3 times in a row, restarting full stack..."
+                log "[RESTART] 3 internet checks failed — restarting the whole proxy stack..."
                 break
             fi
         done
