-
Notifications
You must be signed in to change notification settings - Fork 45
Skywire SOCKS5 Proxy User Guide
$ skywire-cli proxy list
03bfdf2535949f00eb1c16e1e01bc3b56210b6e88e3b60ae87acac22883da4c78f:3 | ID
03cadf11fe0494383ea314eb7967021f1c211eed2685b4984167d3e3a676a1f035:3 | ID
039c3c545a8d970c107c437d9f5a319cdf68c41c2c98abbf7eb10923721240622f:3 | ID
0232d57f349580fc5da27203a12648b76602f8b170421b594454145d027ad8881c:3 | PT
02b3dea3306d83276e6b147993726e37ebbb11db3d8d0dce93857c28b81cda7a6c:3 | ID
023045d6d1bccca34720742bc9934763c385840a6471921db87148d4d0337ffb2f:3 | CA
03ec202bf6567f3fe4fa4e1a26704e19dc0f44a15136aec74230b95228e52271f0:3 | ID
02470cfaef0611409a40fe00f6fb7d4e0b698c7847c05b07d762cc7eb851f4a60c:3 | ID
02cef9af8fc9b46f01e9978818c073d61ee4ed313fc0c42e070230c9170648f1dc:3 | ID
02ecf2f12cec90ac16ad7250765f28a617cebd5b983b899580a3c938530f49759a:3 | US
0303a9b53706aa731cd922f0120ba1b0cbd25ac92db4b20ae838bd4de702c99454:3 | CH
02836f9a39e38120f338dbc98c96ee2b1ffd73420259d1fb134a2d0a15c8b66ceb:3 | LU
03e9c5091902eb9043de445a202890b04d968677a5198f85f2d0cfcabc4fe3cccc:3 | LU
03b3f06a39f73e966a9796f2ef4c51b253f7f40bab62ca59cf80b3913aec07941a:3 | ID
02d82dfe9a0eefbdb928f10332dcd013b3d0f0046d7369c54f4545396f68e1ae33:3 | RU
...
The remote visor providing the given proxy server should have the /health
endpoint of the logserver available over dmsghttp, which can be fetched with dmsgcurl
from https://github.com/skycoin/dmsg
dmsgcurl dmsg://0303a9b53706aa731cd922f0120ba1b0cbd25ac92db4b20ae838bd4de702c99454:80/health -n -l fatal
{"build_info":{"version":"v1.3.13","commit":"ddf2d11","date":"2023-08-29T12:07:46Z"},"started_at":"2023-10-15T11:39:47.456460209Z"}
The survey index page of the reward system displays these metrics, updated hourly, for all visors. If a visor does not have a recently fetched health.json or if it's health.json cannot be fetched over dmsghttp, it's safe to assume that the visor is not connected to dmsg.
skywire-cli visor tp add -t sudph 0303a9b53706aa731cd922f0120ba1b0cbd25ac92db4b20ae838bd4de702c99454
skywire-cli proxy start 0303a9b53706aa731cd922f0120ba1b0cbd25ac92db4b20ae838bd4de702c99454
The socks5 proxy is typically configured per the application, instead of acting globally as the vpn does. This gives added flexibility and has some performance benefits over the vpn, and will fail with no connection or effective killswitch. The drawback is that not all applications can easily be configured to use a SOCKS5 proxy.
curl -Lx socks5://127.0.0.1:1080 http://ip.skycoin.com/ | jq
Before connecting to the TOR network, go to settings and scroll to the bottom
Go to the Advanced Settings or Connection Settings and fill in the following fields
the settings location in these browsers is in a similar place and is configured as follows:
Brave browser must be started from the command line to use a proxy
brave --proxy-server=socks5://127.0.0.1:1080
Here I ran a webserver with a test page on a machine with a visor running the proxy server
$ darkhttpd .
darkhttpd/1.14, copyright (c) 2003-2022 Emil Mikulic.
listening on: http://0.0.0.0:8080/
get the public key of that visor in another terminal
$ skywire-cli visor pk
copy the public key output by the previous command to the following command in order to connect to the proxy server from another machine running a visor
$ skywire-cli proxy start <visor-pk>
Starting........
Running!
Use curl to access that webserver running on the other machine through the proxy via localhost
$ curl -Lx socks5h://localhost:1080 http://127.0.0.1:8080/
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title>test</title>
</head>
<body>
<main>
<h1>Welcome to My Website</h1>
<p>test page</p>
</main>
</body>
</html>
A remote application can be reverse-proxied through the skywire socks5 proxy to a localhost port with ncat
$ ncat -l -p 8080 --sh-exec "ncat --proxy-type socks5 --proxy 127.0.0.1:1080 127.0.0.1 8080"
Now the web application can be accessed via http://127.0.0.1:8080 without the need for a proxy configuration of the web browser or http client.
Note: the above command is one-shot and will exit after the port has been accessed.
In order to make it run persistently, we can use the -k
flag
$ ncat -k -l -p 8080 --sh-exec "ncat --proxy-type socks5 --proxy 127.0.0.1:1080 127.0.0.1 8080"
Further integration which will eliminate the need for ncat
is forthcoming.
NOTE: the hypervisor UI does not work currently when reverse proxied as specified above.
Syncthing is a popular file synchronization program written in golang.
it's possible to configure the skywire proxy for syncthing as specified in the documentation
Syncthing reverse proxy documentation
Syncthing proxying documentation
skywire-cli proxy stop
please contact support via telegram @skywire
for rewards and technical support