psocks

Experimental async SOCKS5 (TCP/UDP) proxy server based on fast-socks5, featuring allowlist access control (drop everything but allowed by user) with JSON/API based on Rocket framework.

Roadmap

• Web JSON/API
  • Block stats
  • In-memory list update (without server restart)
    • Persist changes option (see -c, --cache)
• Web UI
• Performance optimization

Usage

RUST_LOG=psocks=trace cargo run -- -a=http://localhost/allow.txt \
                                   -a=/path/to/allow.txt \
                                   -c=/path/to/cache.txt \
                                   no-auth

• set socks5://127.0.0.1:1080 proxy in your application
• open http://127.0.0.1:8010 in browser for global stats:
  • /allow/domain.com - add rule to the current session
  • /block/domain.com - delete rule from the current session

Allow list example

# /path/to/allow.txt

// exact match
duckduckgo.com

// google.com with subdomains
.google.com

// IP resolved
1.2.3.4

• see also: my personal asset

systemd

git clone https://codeberg.org/postscriptum/psocks.git
cd psocks
cargo build --release --locked
sudo install target/release/psocks /usr/local/bin
sudo useradd -s /usr/sbin/nologin -Mr psocks
sudo mkdir /var/lib/psocks && sudo chown psocks:psocks /var/lib/psocks
sudo mkdir /var/log/psocks && sudo chown psocks:psocks /var/log/psocks

#/etc/systemd/system/psocks.service

[Unit]
After=network-online.target
Wants=network-online.target

[Service]
User=psocks
Group=psocks

WorkingDirectory=/var/lib/psocks
ExecStart=/usr/local/bin/psocks \
              -a=https://codeberg.org/postscriptum/psocks-list/raw/branch/main/allow/internet.txt \
              -c=/var/lib/psocks/cache.txt \
              no-auth

Restart=always

Environment="RUST_LOG=warn"
Environment="NO_COLOR=1"

StandardOutput=file:///var/log/psocks/debug.log
StandardError=file:///var/log/psocks/error.log

[Install]
WantedBy=multi-user.target

• sudo systemctl restart psocks
• sudo systemctl enable psocks
• sudo systemctl status psocks