Migrated SOCKS server to Dante

Signed-off-by: Concision <contact@concision.me>

Author: Concision

.dockerignore

@@ -0,0 +1,7 @@
+### Dockerignore whitelist
+# Ignore everything
+*
+# Whitelist
+!config
+!docker-entrypoint.sh
+!docker-healthcheck.sh

Dockerfile

@@ -1,14 +1,31 @@
+### Sanitize Windows \r\n formatting for Unix scripts
+FROM alpine as sanitized
+
+## Dependencies
+RUN apk --no-cache add dos2unix
+
+## Scripts
+COPY docker-entrypoint.sh docker-healthcheck.sh /scripts/
+# sanitize scripts
+RUN dos2unix /scripts/*.sh && \
+    chmod +x /scripts/*.sh
+
+## Danted Configuration
+COPY config/danted.conf /etc/danted.conf
+# sanitize configuration
+RUN dos2unix /etc/danted.conf
+
+
 ### Image Configuration
-FROM ubuntu:latest
+FROM ubuntu
 
 # expose SOCKS server port
 EXPOSE 1080/tcp
 
-
-### Linux Dependencies
-# install Windscribe and OpenSSH server
+## Linux Dependencies
+# install Windscribe and Dante server
 RUN \
-    # obtain caches
+    # update package listings
     apt-get update && \
     # install dependencies
     apt-get install -y \
@@ -20,40 +37,38 @@ RUN \
         apt-utils debconf-utils dialog \
         # required for Windscribe
         iptables \
-        # sanitize Windows \r\n formatting
-        dos2unix \
-        # openssh to create a SOCKS server
-        openssh-server \
         # IP healthcheck
         curl \
-        && \
+        # danted proxy server
+        dante-server && \
     # fix resolveconf dependency configuration (as per https://stackoverflow.com/a/51507868)
     echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections && \
     echo "resolvconf resolvconf/linkify-resolvconf boolean false" | debconf-set-selections && \
     # add Windscribe signing key
     apt-key adv --keyserver keyserver.ubuntu.com --recv-key FDC247B7 && \
     # add Windscribe repository
     echo 'deb https://repo.windscribe.com/ubuntu zesty main' | tee /etc/apt/sources.list.d/windscribe-repo.list && \
-    # install Windscribe
+    # update repository
     apt-get update && \
+    # install Windscribe
     apt-get install -y windscribe-cli && \
-    # clean cache
+    # remove Windscribe repository key
+    apt-key del FDC247B7 && \
+    # cleanup apt-get lists
     apt-get clean && \
-    rm -rf /var/lib/apt/lists/*
-
-# disable SSH shell
-RUN chsh --shell /bin/false
-
-
-### Add Docker scripts
-# add entrypoint
-COPY docker-entrypoint.sh docker-healthcheck.sh /
-
-# mark as executable
-RUN dos2unix /docker-*.sh && \
-    chmod +x /docker-*.sh
+    rm -rf /var/lib/apt/lists/* && \
+    # clear logs
+    rm -rf /var/logs/*
 
-ENTRYPOINT ["/docker-entrypoint.sh"]
+## Add Docker scripts and configuration
+# add scripts
+COPY --from=sanitized /scripts /
+# add dante server configuration
+COPY --from=sanitized /etc/danted.conf /etc/danted.conf
 
+## Configure Image
+# default command
+CMD ["/docker-entrypoint.sh"]
+# healthcheck
 HEALTHCHECK --interval=120s --timeout=30s --start-period=15s --retries=3 \
             CMD "/docker-healthcheck.sh"

README.md

@@ -70,4 +70,4 @@ To deploy it, the following command can be executed:
 ```bash
 ./deploy-container.sh
 ```
-> Note: Running the container interactively may break Windscribe authentication
+> Note: Running the container interactively may break Windscribe authentication

config/danted.conf

@@ -0,0 +1,27 @@
+# logging
+debug: 0
+logoutput: stderr
+
+# networking interfaces
+internal: 0.0.0.0 port = 1080
+external: tun0
+
+# users
+user.privileged: root
+user.unprivileged: nobody
+
+socksmethod: username none
+clientmethod: none
+
+
+# routing
+
+client pass {
+    from: 0.0.0.0/0 to: 0.0.0.0/0
+    log: connect disconnect error
+}
+
+socks pass {
+    from: 0.0.0.0/0 to: 0.0.0.0/0
+    log: connect disconnect error
+}

docker-entrypoint.sh

@@ -40,25 +40,14 @@ prefixWith() {
 	  *"${NL}"*) prefixWith "[WINDSCRIBE]" echo "Windscribe location cannot contain new lines; ensure that the environment variable \$WINDSCRIBE_LOCATION is set properly"
 				 exit 1;;
 	esac
+
 	# iptable support checks
 	iptables -vnL > /dev/null 2>&1 || {
 		prefixWith "[IPTABLES]" echo "Ensure cap_add is set to NET_ADMIN"
 		  exit 1
 	}
 
 
-	### Create SSH identity and start OpenSSH server
-	# manage SSH identity
-	prefixWith "[SSH]" echo "Creating SSH key"
-	# generate SSH key
-	prefixWith "[SSH]" ssh-keygen -N "" -f "/root/.ssh/id_rsa" <<< y
-	# allow self-connecting with SSH
-	prefixWith "[SSH]" cp /root/.ssh/id_rsa.pub /root/.ssh/authorized_keys
-	# start SSH server
-	prefixWith "[SSH]" echo "Starting OpenSSH server"
-	prefixWith "[SSH]" service ssh start
-
-
 	### Create TUN device for Windscribe
 	# create TUN device
 	prefixWith "[OPENVPN]" echo "Creating OpenVPN TUN device"
@@ -96,12 +85,7 @@ prefixWith() {
 	prefixWith "[WINDSCRIBE]" windscribe firewall on
 
 
-	### Binds SOCKS server using OpenSSH
-	while true; do
-		prefixWith "[SSH]" echo "Creating OpenSSH SOCKS server"
-		prefixWith "[SSH]" ssh -4 -oStrictHostKeyChecking=accept-new -D 0.0.0.0:1080 -N root@127.0.0.1
-		prefixWith "[SSH]" echo "SOCKS server died, restarting"
-		sleep 1
-	done
+	### Binds SOCKS server using Dante
+	prefixWith "[DANTE]" danted
 
 } 2>&1 1>&3 3>&- | { while read -r line; do echo "$(date '+%Y-%m-%d %H:%M:%S') ERR $line"; done } } 3>&1 1>&2 | { while read -r line; do echo "$(date '+%Y-%m-%d %H:%M:%S') OUT $line"; done }