When I isolate my app from the internet, it fails to fetch google.com through tor proxy,
but when I add it to the internet network, it works and the request does go through the tor proxy. I’m really confused by this. What am I doing wrong?
docker-compose.yml
version: "3"
services:
tor-proxy:
image: dperson/torproxy
restart: unless-stopped
networks:
- no-internet
- internet
app:
depends_on: [tor-proxy]
build: ./
restart: unless-stopped
networks:
- no-internet
- internet # if i comment this out, fetch() will result in ETIMEDOUT
networks:
no-internet:
driver: bridge
internal: true
internet:
driver: bridge
internal: false
Dockerfile
FROM node:16
WORKDIR /usr/src/app
COPY . .
CMD ["node", "index.js"]
index.js
import fetch from 'node-fetch';
import { SocksProxyAgent } from 'socks-proxy-agent';
(async () => {
const agent = new SocksProxyAgent('socks5://tor-proxy:9050');
const res = await fetch('https://google.com', { agent });
})();
2
Answers
I have the same issue different situation. Only found partial shitty answers so here’s another but this one doesn’t require discombobulating your iptables or in my situation, my teams.
ANSWER: use "driver: ipvlan" on the internal network and the containers name as hostname when making requests https://docs.docker.com/network
EXAMPLE: curl -v –socks5-hostname tor-proxy:9050 google.com
EXPLANATION: I don’t have one but warn external network access may still be possible by other means. i would also appreciate an explanation but we probably wont get one.
The problem is the DNS lookup. If you switch from socks5 to socks5h you’ll skip the client side DNS lookup, which isn’t available in an isolated network:
And from the comments, if you want curl to use an https proxy:
or for curl to use the socks5 proxy without doing local DNS resolution: