skip to Main Content

When I isolate my app from the internet, it fails to fetch google.com through tor proxy,
but when I add it to the internet network, it works and the request does go through the tor proxy. I’m really confused by this. What am I doing wrong?

docker-compose.yml

version: "3"

services:
  tor-proxy:
    image: dperson/torproxy
    restart: unless-stopped
    networks:
      - no-internet
      - internet
   
  app:
    depends_on: [tor-proxy]
    build: ./
    restart: unless-stopped
    networks:
      - no-internet
      - internet # if i comment this out, fetch() will result in ETIMEDOUT

networks:
  no-internet:
    driver: bridge
    internal: true

  internet:
    driver: bridge
    internal: false

Dockerfile

FROM node:16

WORKDIR /usr/src/app

COPY . .

CMD ["node", "index.js"]

index.js

import fetch from 'node-fetch';

import { SocksProxyAgent } from 'socks-proxy-agent';

(async () => {
    const agent = new SocksProxyAgent('socks5://tor-proxy:9050');

    const res = await fetch('https://google.com', { agent });
})();

2

Answers


  1. I have the same issue different situation. Only found partial shitty answers so here’s another but this one doesn’t require discombobulating your iptables or in my situation, my teams.

    ANSWER: use "driver: ipvlan" on the internal network and the containers name as hostname when making requests https://docs.docker.com/network

    EXAMPLE: curl -v –socks5-hostname tor-proxy:9050 google.com

    EXPLANATION: I don’t have one but warn external network access may still be possible by other means. i would also appreciate an explanation but we probably wont get one.

    Login or Signup to reply.
  2. The problem is the DNS lookup. If you switch from socks5 to socks5h you’ll skip the client side DNS lookup, which isn’t available in an isolated network:

        const agent = new SocksProxyAgent('socks5h://tor-proxy:9050');
    

    And from the comments, if you want curl to use an https proxy:

    export https_proxy=http://tor-proxy:8118/
    curl https://google.com
    

    or for curl to use the socks5 proxy without doing local DNS resolution:

    curl --socks5-hostname tor-proxy:9050 https://google.com
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search