commit e1ab5f8d8c427667afec6872b2056ced02bccaf1 Author: Djeex Date: Wed Sep 24 11:48:44 2025 +0200 1st commit diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..f3a9144 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,11 @@ +# Ignore unnecessary files to reduce build context +.git +.gitignore +README.md +LICENSE +VERSION +*.log +*.tmp +.env +docker-compose.yaml +Dockerfile.minimal diff --git a/.env b/.env new file mode 100644 index 0000000..db124db --- /dev/null +++ b/.env @@ -0,0 +1,4 @@ +# Socat Proxy Configuration +TARGET_HOST= +TARGET_PORT= +SOCKET_PATH= \ No newline at end of file diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..e0683d3 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,12 @@ +FROM alpine:latest + +# Install socat and netcat in a single RUN command and clean up cache +RUN apk add --no-cache socat netcat-openbsd \ + && rm -rf /var/cache/apk/* /tmp/* + +# Create socket directory and copy/set permissions in single layers +COPY entrypoint.sh /entrypoint.sh +RUN mkdir -p /socket \ + && chmod +x /entrypoint.sh + +ENTRYPOINT ["/entrypoint.sh"] \ No newline at end of file diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..8a07638 --- /dev/null +++ b/LICENSE @@ -0,0 +1,20 @@ +MIT License +Copyright (c) 2025 > Djeex + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. \ No newline at end of file diff --git a/README.MD b/README.MD new file mode 100644 index 0000000..86a002a --- /dev/null +++ b/README.MD @@ -0,0 +1,71 @@ +# Socat Proxy + +A lightweight Docker container that creates a UNIX socket proxy to TCP connections using socat and Alpine Linux. + +## 🚀 Features + +- **Lightweight**: Based on Alpine Linux (~10-15MB image) +- **Configurable**: Environment variable driven configuration +- **Socket Management**: Automatic UNIX socket creation and cleanup +- **Production Ready**: Includes proper error handling and logging +- **Multi-variant**: Standard and minimal Docker images available + +## 📋 Use Cases example + +- Proxy Docker socket from a docker proxy to a container in host mode + +## 🛠️ Configuration + +### Environment Variables + +| Variable | Default | Description | Example | +|----------|---------|-------------|---------| +| `TARGET_HOST` | - | Target hostname/IP to proxy to | `socket-proxy-beszel` | +| `TARGET_PORT` | - | Target port to proxy to | `2375` | +| `UNIX_SOCKET_PATH` | - | Path to UNIX socket inside container | `/socket/docker.sock` | +| `SOCKET_PATH` | - | Host path for socket mounting | `/your/container/sock/` | + +## 🚢 Quick Start + +### Using Docker Compose (Recommended) + +1. Clone the repository: +```bash +git clone +cd socat-proxy +``` + +2. Configure environment variables in `.env` file: +```bash +TARGET_HOST= # Target hostname/IP to proxy to +TARGET_PORT= # Target port to proxy to +UNIX_SOCKET_PATH= # Path to UNIX socket inside container +HOST_SOCKET_PATH= # Host path for socket mounting +``` + +3. Start the service: +```bash +docker-compose up -d +``` + +### Using Docker Run + +```bash +docker build -t socat-proxy . + +docker run -d \ + --name socat-proxy \ + -e TARGET_HOST=your-target-host \ + -e TARGET_PORT=your-target-port \ + -e UNIX_SOCKET_PATH=your-unix-socket-path \ + -e HOST_SOCKET_PATH=your-socket-host-path \ + -v /your-origin-socket-path:/socket \ + socat-proxy +``` + +## 🔧 How It Works + +1. **Socket Check**: Verifies if UNIX socket exists at startup +2. **Cleanup**: Removes existing socket file/folder if present +3. **Socket Creation**: Creates new UNIX socket using `nc -lU` +4. **Proxy Start**: Starts socat to proxy UNIX socket to TCP endpoint diff --git a/VERSION b/VERSION new file mode 100644 index 0000000..ceab6e1 --- /dev/null +++ b/VERSION @@ -0,0 +1 @@ +0.1 \ No newline at end of file diff --git a/docker-compose.yaml b/docker-compose.yaml new file mode 100644 index 0000000..756d9d3 --- /dev/null +++ b/docker-compose.yaml @@ -0,0 +1,21 @@ +version: '3.8' + +services: + socat-proxy: + build: . + environment: + - TARGET_HOST=${TARGET_HOST:} + - TARGET_PORT=${TARGET_PORT:} + - UNIX_SOCKET_PATH=${UNIX_SOCKET_PATH} + volumes: + - ${HOST_SOCKET_PATH:-/tmp/docker-proxy}:/socket + networks: + - proxy-network + restart: unless-stopped + +volumes: + socket_volume: + +networks: + proxy-network: + external: false \ No newline at end of file diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 0000000..e9322cc --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,29 @@ +#!/bin/bash +set -e + +# Set default values if not provided +TARGET_HOST=${TARGET_HOST} +TARGET_PORT=${TARGET_PORT} +UNIX_SOCKET_PATH=${UNIX_SOCKET_PATH} + +echo "Starting socat proxy..." +echo "UNIX socket: $UNIX_SOCKET_PATH" +echo "TCP target: $TARGET_HOST:$TARGET_PORT" + +# Check if socket file/folder exists and handle it +if [ -e "$UNIX_SOCKET_PATH" ]; then + echo "Socket file/folder $UNIX_SOCKET_PATH exists, removing it..." + rm -rf "$UNIX_SOCKET_PATH" +fi + +echo "Creating socket directory structure..." +# Create directory if needed +mkdir -p "$(dirname "$UNIX_SOCKET_PATH")" + +echo "Creating socket with netcat..." +# Create socket with nc -lU in background and then kill it to create the socket file +timeout 1 nc -lU "$UNIX_SOCKET_PATH" || true + +# Execute socat to proxy UNIX socket to TCP +exec socat UNIX-LISTEN:$UNIX_SOCKET_PATH,fork,unlink-early TCP:$TARGET_HOST:$TARGET_PORT +