Please note the repository has been moved from mooleshacat/proton-privoxy to catspeed-cc/proton-privoxy.
You can update your local clone with git remote set-url origin https://github.com/catspeed-cc/proton-privoxy
Docker container for setting up a Privoxy proxy that pushes traffic over a ProtonVPN connection.
Build Docker image:
docker build -t moolehsacat/proton-privoxy .
Run Docker container:
docker run -d \
--network=host \
--device=/dev/net/tun --cap-add=NET_ADMIN \
-v /etc/localtime:/etc/localtime:ro \
-p 8888:8080 \
-e PVPN_USERNAME=my_protonvpn_openvpn_username \
-e PVPN_PASSWORD=my_protonvpn_openvpn_password \
--name proton-privoxy moolehsacat/proton-privoxy
Or with this docker-compose.yml:
---
version: "3"
services:
proton-privoxy:
image: moolehsacat/proton-privoxy
container_name: proton-privoxy
environment:
- PVPN_USERNAME=xxxxxxxxxxxxxxxxxxxxxxxx
- PVPN_PASSWORD=xxxxxxxxxxxxxxxxxxxxxxxx
volumes:
- /etc/localtime:/etc/localtime:ro
ports:
- 8888:8080
restart: unless-stopped
devices:
- /dev/net/tun
cap_add:
- NET_ADMINThis will start a Docker container that
- initializes a
protonvpnCLI configuration - refreshes ProtonVPN server data (connects to https://api.protonvpn.ch)
- sets up an OpenVPN connection to ProtonVPN with your ProtonVPN account details, and
- starts a Privoxy server, accessible at http://127.0.0.1:8888, that directs traffic over your VPN connection.
Test:
curl --proxy http://127.0.0.1:8888 https://ipinfo.io/ip
- Clone this repository somewhere in root account
cd /root
git clone https://github.com/mooleshacat/proton-privoxy.git
- Copy config.cfg.example to config.cfg
cp config.cfg.example config.cfg - Edit the config.cfg file to your liking (most defaults are fine, just put your login/pass)
nano config.cfg - Run scripts as root (the original code uses docker container which requires root on default installation)
Run this script ./proton-privoxy.sh to install or upgrade the proton-privoxy container.
A proxy will be opened on http://127.0.0.1:8888 accessible only from local machine
Run this script ./change-ip.sh to restart the docker container and change VPN server
# test current ip
curl https://ipinfo.io/ip
# test vpn ip
curl --proxy http://127.0.0.1:8888/ https://ipinfo.io/ip
crontab -e add an entry @monthly /root/proton-privoxy/proton-privoxy.sh to update monthly
The original code for walterl/proton-privoxy only includes a docker setup / installation. Docker by default on Debian and other linux distributions is set up under the root user and requires root user to issue docker commands.
Furthermore, if you were to install under a user account, in order for the scripts to work they would need sudo with nopasswd which would essentially poke a hole into your system that can be exploited by anyone with access to the user account to gain access to root. Thus it is in my opinion safer to just keep everything under the root user.
While not impossible, it is quite the networking feat to route traffic over specific VPN connections. With this Docker image you can run multiple containers, each setting up a different VPN connection which doesn't affect your host's networking. Routing traffic over a specific VPN connection is then as simple as configuring a target application's proxy server.
Run a container on one machine, and configure multiple devices on your network to connect to its proxy server. All connections that use that proxy server will be routed over the same VPN connection.
Free privacy filtering, courtesy of Privoxy
Why did I choose Privoxy? Mostly because it's the simplest HTTP proxy to configure, that I've used before.
UPDATE: This is no longer an issue, because Docker now allows
/etc/resolv.conf to be updated while a container is running. It's recreated
by Docker on container restart, but that doesn't matter, since ProtonVPN (and
DNS_SERVERS_OVERRIDE) will modify it during startup.
Docker prevents containers from changing the servers used for DNS lookups, after startup. This prevents ProtonVPN from using its own leak protecting DNS server. In fact, at the moment it causes a non-fatal error in protonvpn.
Ensure that you're using privacy respecting DNS servers on your Docker host, or manually specify secure servers for the container via --dns options.
You can set any of the following container environment variables with
docker run's -e options.
Required. This is your ProtonVPN OpenVPN username and password. It's the
username and password you would normally provide to protonvpn init.
If you're using Docker Secrets, you can use PVPN_USERNAME_FILE and
PVPN_PASSWORD_FILE instead.
Your ProtonVPN account tier, called "your ProtonVPN Plan" in protonvpn init.
The value must be the number corresponding to your tier from the following
list (from protonvpn init):
0) Free
1) Basic
2) Plus
3) Visionary
Default: 2
The protocol that the OpenVPN tunnel will use. Corresponds to the -p flag of
the protonvpn CLI tool, and the "default OpenVPN protocol" prompt in the
protonvpn init process.
Default: udp
Any arguments you want to pass to protonvpn. For example, if you want
protonvpn to connect to a random server, set this to "connect --random".
Remember the quotes.
See the protonvpn docs for supported commands and arguments.
Default: "connect --fastest" (Select the fastest ProtonVPN server.)
Set to 1 to log debugging details from protonvpn to the container's stdout.
Default: empty (debug logging disabled)
If you want to expose your proxy server to your local network, you need to
specify that network in HOST_NETWORK, so that it can be routed back through
your Docker network. E.g. if your LAN uses the 10.0.0.0/8 network, add
-e HOST_NETWORK=10.0.0.0/8 to your docker run command.
Default: empty (no network is routed)
Comma-separated list of DNS servers to use, overriding whatever was set by
ProtonVPN. For example, to use Quad9 DNS servers, set
DNS_SERVERS_OVERRIDE=9.9.9.9,149.112.112.112.
Default: empty (ProtonVPN's DNS server is used)