docker-cfw-proxy

A Lightweight docker image for connecting to CloudFlare WARP trough Socks, HTTP and Shadowsocks proxy protocols

---

• Features
• Build locally
• Image
• Environment variables
• Ports
• Usage
  • Docker Compose
  • Command line
• WARP+ license
• Upgrade
• Contributing
• License

Features

• Support Socks5, HTTP and Shadowsocks proxy protocols
• Apply license key to use existing Warp+ subscription
• Multi-platform image

Build locally

git clone https://github.com/shahradelahi/docker-cfw-proxy
cd docker-cfw-proxy

# Build image and output to docker (default)
docker buildx bake

# Build multi-platform image
docker buildx bake image-all

Image

Registry	Image
Docker Hub	shahradel/cfw-proxy
GitHub Container Registry	ghcr.io/shahradelahi/cfw-proxy

Following platforms for this image are available:

$ docker run --rm mplatform/mquery shahradel/cfw-proxy:latest
Image: shahradel/cfw-proxy:latest
 * Manifest List: Yes (Image type: application/vnd.oci.image.index.v1+json)
 * Supported platforms:
   - linux/amd64
   - linux/arm/v6
   - linux/arm/v7
   - linux/arm64
   - linux/386
   - linux/s390x

Environment variables

• TZ: Timezone assigned to the container (default UTC)
• SOCKS5_PORT: The port of Socks5 proxy (default 1080)
• HTTP_PORT: The port of HTTP proxy (default 8080)
• WGCF_ENDPOINT: The endpoint of the WARP endpoint (default engage.cloudflareclient.com:2408)
• WGCF_ENDPOINT_CIDR: The cidr of the WARP endpoint (default 162.159.192.0/24)
• WGCF_ENDPOINT_PORT: WARP endpoint port (default 2408)
• FAST_ENDPOINT: Enables the feature for searching for endpoint with the lowest latency
• WGCF_LICENSE_KEY: The license key of CloudFlare WARP+
• DNS_PROFILE: Presets of CloudFlare DNS servers (default default)
• DNS: The dns of the WireGuard interface (default 1.1.1.1, 1.0.0.1, 2606:4700:4700::1111, 2606:4700:4700::1001)
• MTU: The mtu of the WireGuard interface (default 1280)
• KEEP_ALIVE: The keep-alive of the WireGuard interface (default 10)

💡 WGCF_LICENSE_KEY is optional and to obtain it follow guides in WARP+ license section.

Ports

• 1080: Socks5 proxy
• 8080: HTTP proxy

Usage

Docker Compose

Docker compose is the recommended way to run this image. You can use the following docker compose template, then run the container:

docker compose up -d
docker compose logs -f

Command line

You can also use the following minimal command:

$ docker run -d \
  --name warp \
  -p 1080:1080 -p 8080:8080 \
  -e "PROXY_USERNAME=awesome-username" \
  -e "PROXY_PASSWORD=super-secret-password" \
  --privileged \
  --cap-add NET_ADMIN \
  --cap-add SYS_MODULE \
  --sysctl net.ipv4.ip_forward=1 \
  --sysctl net.ipv4.conf.all.src_valid_mark=1 \
  --sysctl net.ipv6.conf.all.disable_ipv6=0 \
  shahradel/cfw-proxy

Advanced Usage

This project utilizes gost for creating proxies. You can find more information about gost here.

It is possible to modify the script of gost by mounting your own script at /etc/s6-overlay/s6-rc.d/svc-gost/run.

Here is a basic example for running socks5 and http proxy with authentication:

#!/usr/bin/with-contenv bash
# shellcheck shell=bash

USERNAME="awesome-username"
PASSWORD="super-secret-password"

gost \
  -L "socks5://${USERNAME}:${PASSWORD}@:1080" \
  -L "http://${USERNAME}:${PASSWORD}@:8080"

Upgrade

Recreate the container whenever I push an update:

docker compose pull
docker compose up -d

WARP+ license

If you have an existing Warp+ subscription, for example on your phone, you can bind the account generated by this tool to your phone's account, sharing its Warp+ status. Please note that there is a limit of 5 maximum devices linked at a time. You can remove linked devices from the 1.1.1.1 app on your phone.

Caution

Only subscriptions purchased directly from the official 1.1.1.1 app are supported. Keys obtained by any other means, including referrals, will not work and will not be supported.

First, get your Warp+ account license key. To view it on Android:

1. Open the 1.1.1.1 app
2. Click on the hamburger menu button in the top-right corner
3. Navigate to: Account > Key

Finally, copy and paste the license key into the WGCF_LICENSE_KEY environment variable and restart the container.

Contributing

Want to contribute? Awesome! To show your support is to star the project, or to raise issues on GitHub.

Thanks again for your support, it is much appreciated! 🙏

Credits

• WireGuard
• WGCF CLI for Cloudflare Warp (Unofficial)

License

GPL-3.0

Notice of Non-Affiliation and Disclaimer

We are not affiliated, associated, authorized, endorsed by, or officially connected in any way with Cloudflare or any of its subsidiaries or affiliates. The official Cloudflare website is https://www.cloudflare.com.

The names Cloudflare Warp and Cloudflare, as well as any related names, marks, emblems, and images, are registered trademarks of their respective owners.