Skywire SOCKS5 Proxy User Guide
$ skywire cli proxy list
03bfdf2535949f00eb1c16e1e01bc3b56210b6e88e3b60ae87acac22883da4c78f:3 | ID
03cadf11fe0494383ea314eb7967021f1c211eed2685b4984167d3e3a676a1f035:3 | ID
039c3c545a8d970c107c437d9f5a319cdf68c41c2c98abbf7eb10923721240622f:3 | ID
0232d57f349580fc5da27203a12648b76602f8b170421b594454145d027ad8881c:3 | PT
02b3dea3306d83276e6b147993726e37ebbb11db3d8d0dce93857c28b81cda7a6c:3 | ID
023045d6d1bccca34720742bc9934763c385840a6471921db87148d4d0337ffb2f:3 | CA
03ec202bf6567f3fe4fa4e1a26704e19dc0f44a15136aec74230b95228e52271f0:3 | ID
02470cfaef0611409a40fe00f6fb7d4e0b698c7847c05b07d762cc7eb851f4a60c:3 | ID
02cef9af8fc9b46f01e9978818c073d61ee4ed313fc0c42e070230c9170648f1dc:3 | ID
02ecf2f12cec90ac16ad7250765f28a617cebd5b983b899580a3c938530f49759a:3 | US
0303a9b53706aa731cd922f0120ba1b0cbd25ac92db4b20ae838bd4de702c99454:3 | CH
02836f9a39e38120f338dbc98c96ee2b1ffd73420259d1fb134a2d0a15c8b66ceb:3 | LU
03e9c5091902eb9043de445a202890b04d968677a5198f85f2d0cfcabc4fe3cccc:3 | LU
03b3f06a39f73e966a9796f2ef4c51b253f7f40bab62ca59cf80b3913aec07941a:3 | ID
02d82dfe9a0eefbdb928f10332dcd013b3d0f0046d7369c54f4545396f68e1ae33:3 | RU
...
The remote visor providing the given proxy server should have the /health endpoint of the logserver available over dmsghttp, which can be fetched with dmsgcurl
skywire dmsg curl dmsg://0303a9b53706aa731cd922f0120ba1b0cbd25ac92db4b20ae838bd4de702c99454:80/health -n -l fatal
{"build_info":{"version":"v1.3.13","commit":"ddf2d11","date":"2023-08-29T12:07:46Z"},"started_at":"2023-10-15T11:39:47.456460209Z"}
The survey index page of the reward system displays these metrics, updated hourly, for all visors. If a visor does not have a recently fetched health.json or if it's health.json cannot be fetched over dmsghttp, it's safe to assume that the visor is not connected to dmsg.
skywire cli visor tp add -t sudph 0303a9b53706aa731cd922f0120ba1b0cbd25ac92db4b20ae838bd4de702c99454
skywire cli proxy start 0303a9b53706aa731cd922f0120ba1b0cbd25ac92db4b20ae838bd4de702c99454
Starting...............................................
Running!
$ skywire cli proxy status
---- All Proxy List -----------------------------------------------------
Name: skysocks-client
Status: running
Server: 0250e4d1b39a0360fb5d888324b8062bf57198a6fa5d7dda943b682652870b0a43
Address:
AppPort: 13
AutoStart: false
-------------------------------------------------------------------------
As of skywire v1.3.14 it is now possible to start multiple proxy clients from a single visor.
To start another instance, provide a name for that instance and the address (port) to serve on:
skywire cli proxy start --pk 02bb45a0619f21fdee58a917032e36b6151e019388cbc4e5252f25bc2601f80994 --name us-proxy --addr :1081
$ skywire cli proxy status
---- All Proxy List -----------------------------------------------------
Name: skysocks-client
Status: running
Server: 0250e4d1b39a0360fb5d888324b8062bf57198a6fa5d7dda943b682652870b0a43
Address:
AppPort: 13
AutoStart: false
Name: us-proxy
Status: running
Server: 02bb45a0619f21fdee58a917032e36b6151e019388cbc4e5252f25bc2601f80994
Address: 127.0.0.1:1081
AppPort: 51
AutoStart: false
-------------------------------------------------------------------------
The socks5 proxy is typically configured per the application, instead of acting globally as the vpn does. This gives added flexibility and has some performance benefits over the vpn, and will fail with no connection or effective killswitch. The drawback is that not all applications can easily be configured to use a SOCKS5 proxy.
The ip address of the proxy connection can be determined by querying ip.skycoin.com through the proxy connection using any http client or utility which can be configured to use the proxy. Some examples with curl
Using curl -x socks5://... will perform the DNS query to resolve the ip address of the server outside of the proxy connection
curl -Lx socks5://127.0.0.1:1080 http://ip.skycoin.com/ | jq
Using curl -x socks5h://... will perform the DNS query via the proxy connection
curl -Lx socks5h://127.0.0.1:1080 http://ip.skycoin.com/ | jq
Before connecting to the TOR network, go to settings and scroll to the bottom
Go to the Advanced Settings or Connection Settings and fill in the following fields
the settings location in these browsers is in a similar place and is configured as follows:
Brave browser must be started from the command line to use a proxy
brave --proxy-server=socks5://127.0.0.1:1080
Here I ran a webserver with a test page on a machine with a visor running the proxy server
$ darkhttpd .
darkhttpd/1.14, copyright (c) 2003-2022 Emil Mikulic.
listening on: http://0.0.0.0:8080/
get the public key of that visor in another terminal
$ skywire cli visor pk
copy the public key output by the previous command to the following command in order to connect to the proxy server from another machine running a visor
$ skywire cli proxy start <visor-pk>
Starting........
Running!
Use curl to access that webserver running on the other machine through the proxy via localhost
$ curl -Lx socks5h://localhost:1080 http://127.0.0.1:8080/
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title>test</title>
</head>
<body>
<main>
<h1>Welcome to My Website</h1>
<p>test page</p>
</main>
</body>
</html>
A remote application can be reverse-proxied through the skywire socks5 proxy to a localhost port with ncat
$ ncat -l -p 8080 --sh-exec "ncat --proxy-type socks5 --proxy 127.0.0.1:1080 127.0.0.1 8080"
Now the web application can be accessed via http://127.0.0.1:8080 without the need for a proxy configuration of the web browser or http client.
Note: the above command is one-shot and will exit after the port has been accessed.
In order to make it run persistently, we can use the -k flag
$ ncat -k -l -p 8080 --sh-exec "ncat --proxy-type socks5 --proxy 127.0.0.1:1080 127.0.0.1 8080"
Further integration which will eliminate the need for ncat is forthcoming.
NOTE: the hypervisor UI does not work currently when reverse proxied as specified above.
Syncthing is a popular file synchronization program written in golang.
it's possible to configure the skywire proxy for syncthing as specified in the documentation
Syncthing reverse proxy documentation
Syncthing proxying documentation
skywire cli proxy stop --name skysocks-client
skywire cli proxy stop --all
all skysocks clients stopped