From fcc288eb234d8df14f244a25017d155b27ec086c Mon Sep 17 00:00:00 2001
From: oveits <oveits@users.noreply.github.com>
Date: Mon, 7 Dec 2015 16:44:56 +0100
Subject: [PATCH 01/10] Update README.md

Changed image name from just redsocks to munkyboy/redsocks, so it will be better found
---
 README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index d62605e..dddf0eb 100644
--- a/README.md
+++ b/README.md
@@ -8,8 +8,9 @@ After starting the container, you will then issue iptable commands to redirect
 specific ports to the redsocks daemon.
 
 to run:
+
 ```
-docker run --net=host -e http_proxy=http://1.2.3.4:3128 redsocks
+docker run --net=host -e http_proxy=http://yourproxy.company.com:8080 -e https_proxy=http://yourproxy.company.com:8080 munkyboy/redsocks
 ```
 
 The container currently interprets the environment variables `http_proxy` and

From 03c211b980b8fdb2819ad6d99f9926821748eda7 Mon Sep 17 00:00:00 2001
From: oveits <oveits@users.noreply.github.com>
Date: Mon, 7 Dec 2015 17:06:13 +0100
Subject: [PATCH 02/10] Update README.md

---
 README.md | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index dddf0eb..1d5ece0 100644
--- a/README.md
+++ b/README.md
@@ -5,14 +5,25 @@ https://github.com/wtsi-hgi/docker-proxify
 
 This container requires that you link the host network stack to the container.
 After starting the container, you will then issue iptable commands to redirect
-specific ports to the redsocks daemon.
+specific ports 80 and 443 to the redsocks daemon.
 
 to run:
 
 ```
-docker run --net=host -e http_proxy=http://yourproxy.company.com:8080 -e https_proxy=http://yourproxy.company.com:8080 munkyboy/redsocks
+docker run --net=host -e http_proxy=http://yourproxy_IP_address_or_name:8080 munkyboy/redsocks
 ```
+Change `http://yourproxy_IP_address_or_name:8080` by the IP address or name and TCP port that fits to your environment and add -e https_proxy, if needed.
 
-The container currently interprets the environment variables `http_proxy` and
-`https_proxy` to configure redsocks. Upon starting, the start script will echo
-sample `iptables` commands to issue on the host.
+Example with HTTP proxy and HTTPS Proxy:
+
+```
+export my_proxy=http://yourproxy_IP_address_or_name:8080
+docker run --net=host -e http_proxy=$my_proxy -e https_proxy=$my_proxy munkyboy/redsocks
+unset my_proxy
+```
+
+Upon starting, the start script will echo sample `iptables` commands that need to be issued on the Docker host, e.g. 
+```
+iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to 12345
+```
+As you see, the redosocks deamon is listening to port `12345`. 

From 61747be60d653ad98f09962f96b313d3e72f49db Mon Sep 17 00:00:00 2001
From: oveits <oveits@users.noreply.github.com>
Date: Mon, 7 Dec 2015 17:07:03 +0100
Subject: [PATCH 03/10] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 1d5ece0..9559b8b 100644
--- a/README.md
+++ b/README.md
@@ -14,7 +14,7 @@ docker run --net=host -e http_proxy=http://yourproxy_IP_address_or_name:8080 mun
 ```
 Change `http://yourproxy_IP_address_or_name:8080` by the IP address or name and TCP port that fits to your environment and add -e https_proxy, if needed.
 
-Example with HTTP proxy and HTTPS Proxy:
+Example with HTTP proxy and HTTPS Proxy pointing to the same proxy URL:
 
 ```
 export my_proxy=http://yourproxy_IP_address_or_name:8080

From 3dab373fe3bfaf3118a7d992112fbe1c7b37350b Mon Sep 17 00:00:00 2001
From: oveits <oveits@users.noreply.github.com>
Date: Mon, 7 Dec 2015 17:30:44 +0100
Subject: [PATCH 04/10] Update README.md

---
 README.md | 36 +++++++++++++++++++++++++++++-------
 1 file changed, 29 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index 9559b8b..dd62728 100644
--- a/README.md
+++ b/README.md
@@ -1,29 +1,51 @@
 A redsocks container primarily used to transparently utilize http(s) proxies.
 
-Inspired by https://github.com/jpetazzo/squid-in-a-can and
-https://github.com/wtsi-hgi/docker-proxify
+Fork of [munkyboy's docker-redsocks repository](https://github.com/munkyboy/docker-redsocks) in order to improve the documentation (at least, I will try).
+
+Inspired by [https://github.com/jpetazzo/squid-in-a-can](https://github.com/jpetazzo/squid-in-a-can) and
+[https://github.com/wtsi-hgi/docker-proxify](https://github.com/wtsi-hgi/docker-proxify).
 
 This container requires that you link the host network stack to the container.
 After starting the container, you will then issue iptable commands to redirect
-specific ports 80 and 443 to the redsocks daemon.
+specific ports 80 and 443 to the redsocks daemon (see below).
 
-to run:
+### Start Container
 
+#### Simple Example for HTTP Proxy only
+(Change `http://yourproxy_IP_address_or_name:8080` by the IP address or name and TCP port that fits to your environment and add -e https_proxy, if needed.)
 ```
 docker run --net=host -e http_proxy=http://yourproxy_IP_address_or_name:8080 munkyboy/redsocks
 ```
 Change `http://yourproxy_IP_address_or_name:8080` by the IP address or name and TCP port that fits to your environment and add -e https_proxy, if needed.
 
-Example with HTTP proxy and HTTPS Proxy pointing to the same proxy URL:
-
+#### Example with HTTP proxy and HTTPS Proxy pointing to the same proxy URL:
+(Change `http://yourproxy_IP_address_or_name:8080` by the IP address or name and TCP port that fits to your environment and add -e https_proxy, if needed.)
 ```
 export my_proxy=http://yourproxy_IP_address_or_name:8080
 docker run --net=host -e http_proxy=$my_proxy -e https_proxy=$my_proxy munkyboy/redsocks
 unset my_proxy
 ```
 
+#### Redirection on the Docker Host
 Upon starting, the start script will echo sample `iptables` commands that need to be issued on the Docker host, e.g. 
 ```
 iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to 12345
 ```
-As you see, the redosocks deamon is listening to port `12345`. 
+After you stop the container, you will need to cleanup the iptables rules:
+```
+iptables -t nat -D PREROUTING -p tcp --dport 80 -j REDIRECT --to 12345
+```
+
+#### Caveats
+The container is sharing the Docker host's network and is listening to port `12345`. If this port is already in use, you might need to start the docker container without `--net=host` switch, but with a port mapping instead, e.g.
+```
+docker run -p54321:12345 -e http_proxy=http://yourproxy_IP_address_or_name:8080 munkyboy/redsocks
+```
+In this case the you need to redirect your traffic to the mapped port (`54321` in this example), e.g. 
+```
+iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to 54321
+```
+The container cannot be not aware of this port mapping and therefore it will try confusing you with iptable examples with port `12345`.
+:blush:
+
+

From eb4c07030e0d62444d2e659cf8329cd214513fec Mon Sep 17 00:00:00 2001
From: oveits <oveits@users.noreply.github.com>
Date: Mon, 7 Dec 2015 17:57:19 +0100
Subject: [PATCH 05/10] README: Example running on a different port

---
 README.md | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index dd62728..f65106d 100644
--- a/README.md
+++ b/README.md
@@ -16,9 +16,8 @@ specific ports 80 and 443 to the redsocks daemon (see below).
 ```
 docker run --net=host -e http_proxy=http://yourproxy_IP_address_or_name:8080 munkyboy/redsocks
 ```
-Change `http://yourproxy_IP_address_or_name:8080` by the IP address or name and TCP port that fits to your environment and add -e https_proxy, if needed.
 
-#### Example with HTTP proxy and HTTPS Proxy pointing to the same proxy URL:
+#### Example with HTTP proxy and HTTPS Proxy pointing to the same proxy URL
 (Change `http://yourproxy_IP_address_or_name:8080` by the IP address or name and TCP port that fits to your environment and add -e https_proxy, if needed.)
 ```
 export my_proxy=http://yourproxy_IP_address_or_name:8080
@@ -30,22 +29,27 @@ unset my_proxy
 Upon starting, the start script will echo sample `iptables` commands that need to be issued on the Docker host, e.g. 
 ```
 iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to 12345
+iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to 12346
 ```
-After you stop the container, you will need to cleanup the iptables rules:
+After you stop the container, you will need to cleanup the iptables rules again:
 ```
 iptables -t nat -D PREROUTING -p tcp --dport 80 -j REDIRECT --to 12345
+iptables -t nat -D PREROUTING -p tcp --dport 443 -j REDIRECT --to 12346
 ```
 
 #### Caveats
-The container is sharing the Docker host's network and is listening to port `12345`. If this port is already in use, you might need to start the docker container without `--net=host` switch, but with a port mapping instead, e.g.
+The container is sharing the Docker host's network and is listening to port `12345` and `12346`. If this port is already in use, you might need to start the docker container without `--net=host` switch, but with a port mapping instead, e.g.
 ```
-docker run -p54321:12345 -e http_proxy=http://yourproxy_IP_address_or_name:8080 munkyboy/redsocks
+export my_proxy=http://yourproxy_IP_address_or_name:8080
+docker run -p 54321:12345 -p 64321:12346 -e http_proxy=$my_proxy -e https_proxy=$my_proxy munkyboy/redsocks
+unset my_proxy
 ```
 In this case the you need to redirect your traffic to the mapped port (`54321` in this example), e.g. 
 ```
 iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to 54321
+iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to 64321
 ```
-The container cannot be not aware of this port mapping and therefore it will try confusing you with iptable examples with port `12345`.
+The container cannot be not aware of this port mapping and therefore it will try confusing you with iptable examples with ports `12345` and `12346`.
 :blush:
 
 

From 9e0bb89eaa5628dee9f323c97662cf4731170204 Mon Sep 17 00:00:00 2001
From: oveits <oveits@users.noreply.github.com>
Date: Mon, 7 Dec 2015 18:00:11 +0100
Subject: [PATCH 06/10] README: changed --net

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index f65106d..04b34fa 100644
--- a/README.md
+++ b/README.md
@@ -12,13 +12,13 @@ specific ports 80 and 443 to the redsocks daemon (see below).
 ### Start Container
 
 #### Simple Example for HTTP Proxy only
-(Change `http://yourproxy_IP_address_or_name:8080` by the IP address or name and TCP port that fits to your environment and add -e https_proxy, if needed.)
+Change `http://yourproxy_IP_address_or_name:8080` by the IP address or name and TCP port that fits to your environment:
 ```
 docker run --net=host -e http_proxy=http://yourproxy_IP_address_or_name:8080 munkyboy/redsocks
 ```
 
 #### Example with HTTP proxy and HTTPS Proxy pointing to the same proxy URL
-(Change `http://yourproxy_IP_address_or_name:8080` by the IP address or name and TCP port that fits to your environment and add -e https_proxy, if needed.)
+Change `http://yourproxy_IP_address_or_name:8080` by the IP address or name and TCP port that fits to your environment:
 ```
 export my_proxy=http://yourproxy_IP_address_or_name:8080
 docker run --net=host -e http_proxy=$my_proxy -e https_proxy=$my_proxy munkyboy/redsocks

From 0d175dec11ba99369dc3fa4f8bb1b764078a611a Mon Sep 17 00:00:00 2001
From: oveits <oveits@users.noreply.github.com>
Date: Mon, 7 Dec 2015 18:06:14 +0100
Subject: [PATCH 07/10] README: bold port numbers

---
 README.md | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index 04b34fa..6741328 100644
--- a/README.md
+++ b/README.md
@@ -39,16 +39,16 @@ iptables -t nat -D PREROUTING -p tcp --dport 443 -j REDIRECT --to 12346
 
 #### Caveats
 The container is sharing the Docker host's network and is listening to port `12345` and `12346`. If this port is already in use, you might need to start the docker container without `--net=host` switch, but with a port mapping instead, e.g.
-```
+<pre>
 export my_proxy=http://yourproxy_IP_address_or_name:8080
-docker run -p 54321:12345 -p 64321:12346 -e http_proxy=$my_proxy -e https_proxy=$my_proxy munkyboy/redsocks
+docker run -p <b>54321</b>:12345 -p <b>64321</b>:12346 -e http_proxy=$my_proxy -e https_proxy=$my_proxy munkyboy/redsocks
 unset my_proxy
-```
+</pre>
 In this case the you need to redirect your traffic to the mapped port (`54321` in this example), e.g. 
-```
-iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to 54321
-iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to 64321
-```
+<pre>
+iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to <b>54321</b>
+iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to <b>64321</b>
+</pre>
 The container cannot be not aware of this port mapping and therefore it will try confusing you with iptable examples with ports `12345` and `12346`.
 :blush:
 

From 6f9c02e93c7baf7d2556808c87e94fd02499fa28 Mon Sep 17 00:00:00 2001
From: oveits <oveits@users.noreply.github.com>
Date: Mon, 7 Dec 2015 18:13:24 +0100
Subject: [PATCH 08/10] Update README.md

---
 README.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/README.md b/README.md
index 6741328..c2ce14f 100644
--- a/README.md
+++ b/README.md
@@ -16,6 +16,10 @@ Change `http://yourproxy_IP_address_or_name:8080` by the IP address or name and
 ```
 docker run --net=host -e http_proxy=http://yourproxy_IP_address_or_name:8080 munkyboy/redsocks
 ```
+or if want to restrict the container to have access to port **`12345`** only (i.e. the one that are used by redsocks for HTTP):
+<pre>
+docker run -p <b>12345</b>:12345 -e http_proxy=http://yourproxy_IP_address_or_name:8080 munkyboy/redsocks
+</pre>
 
 #### Example with HTTP proxy and HTTPS Proxy pointing to the same proxy URL
 Change `http://yourproxy_IP_address_or_name:8080` by the IP address or name and TCP port that fits to your environment:
@@ -24,6 +28,10 @@ export my_proxy=http://yourproxy_IP_address_or_name:8080
 docker run --net=host -e http_proxy=$my_proxy -e https_proxy=$my_proxy munkyboy/redsocks
 unset my_proxy
 ```
+or if want to restrict the container to have access to ports **`12345`** and **`12346`** only (i.e. the ones that are used by redsocks for HTTP and HTTPS) you need to replace the second command by:
+<pre>
+docker run -p <b>12345</b>:12345 -p <b>12346</b>:12346 e http_proxy=$my_proxy -e https_proxy=$my_proxy munkyboy/redsocks
+</pre>
 
 #### Redirection on the Docker Host
 Upon starting, the start script will echo sample `iptables` commands that need to be issued on the Docker host, e.g. 

From 860b08797c346feda51f04291b4c3fa48f1f0b4a Mon Sep 17 00:00:00 2001
From: oveits <oveits@users.noreply.github.com>
Date: Mon, 7 Dec 2015 18:43:29 +0100
Subject: [PATCH 09/10] README: SSL problem description of '-p' option

---
 README.md | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index c2ce14f..3171b22 100644
--- a/README.md
+++ b/README.md
@@ -20,7 +20,6 @@ or if want to restrict the container to have access to port **`12345`** only (i.
 <pre>
 docker run -p <b>12345</b>:12345 -e http_proxy=http://yourproxy_IP_address_or_name:8080 munkyboy/redsocks
 </pre>
-
 #### Example with HTTP proxy and HTTPS Proxy pointing to the same proxy URL
 Change `http://yourproxy_IP_address_or_name:8080` by the IP address or name and TCP port that fits to your environment:
 ```
@@ -28,10 +27,7 @@ export my_proxy=http://yourproxy_IP_address_or_name:8080
 docker run --net=host -e http_proxy=$my_proxy -e https_proxy=$my_proxy munkyboy/redsocks
 unset my_proxy
 ```
-or if want to restrict the container to have access to ports **`12345`** and **`12346`** only (i.e. the ones that are used by redsocks for HTTP and HTTPS) you need to replace the second command by:
-<pre>
-docker run -p <b>12345</b>:12345 -p <b>12346</b>:12346 e http_proxy=$my_proxy -e https_proxy=$my_proxy munkyboy/redsocks
-</pre>
+Here, the `-p` way of running the docker container is not possible (see Caveats section).
 
 #### Redirection on the Docker Host
 Upon starting, the start script will echo sample `iptables` commands that need to be issued on the Docker host, e.g. 
@@ -46,18 +42,18 @@ iptables -t nat -D PREROUTING -p tcp --dport 443 -j REDIRECT --to 12346
 ```
 
 #### Caveats
-The container is sharing the Docker host's network and is listening to port `12345` and `12346`. If this port is already in use, you might need to start the docker container without `--net=host` switch, but with a port mapping instead, e.g.
+The container is sharing the Docker host's network and is listening to port `12345` and `12346`. If port `12345`is already in use, you can start the docker container without `--net=host` switch, but with a port mapping instead, e.g.
 <pre>
 export my_proxy=http://yourproxy_IP_address_or_name:8080
-docker run -p <b>54321</b>:12345 -p <b>64321</b>:12346 -e http_proxy=$my_proxy -e https_proxy=$my_proxy munkyboy/redsocks
+docker run -p <b>54321</b>:12345 -e http_proxy=$my_proxy -e https_proxy=$my_proxy munkyboy/redsocks
 unset my_proxy
 </pre>
 In this case the you need to redirect your traffic to the mapped port (`54321` in this example), e.g. 
 <pre>
 iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to <b>54321</b>
-iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to <b>64321</b>
 </pre>
-The container cannot be not aware of this port mapping and therefore it will try confusing you with iptable examples with ports `12345` and `12346`.
+The container cannot be not aware of this port mapping and therefore it will try confusing you with iptable examples with ports `12345`.
 :blush:
+Note, that the `-p` way or running the container does not work with HTTPS: SSL does like if the redsocks internal view of the IP address differs from the external view, and we are forced to use the `--net=host` configuration.
 
 

From 32592d380d20dba802cacbce00a1ff8fffe498ba Mon Sep 17 00:00:00 2001
From: oveits <oveits@users.noreply.github.com>
Date: Mon, 7 Dec 2015 18:54:51 +0100
Subject: [PATCH 10/10] Update README.md

---
 README.md | 23 +++++------------------
 1 file changed, 5 insertions(+), 18 deletions(-)

diff --git a/README.md b/README.md
index 3171b22..274444e 100644
--- a/README.md
+++ b/README.md
@@ -16,10 +16,6 @@ Change `http://yourproxy_IP_address_or_name:8080` by the IP address or name and
 ```
 docker run --net=host -e http_proxy=http://yourproxy_IP_address_or_name:8080 munkyboy/redsocks
 ```
-or if want to restrict the container to have access to port **`12345`** only (i.e. the one that are used by redsocks for HTTP):
-<pre>
-docker run -p <b>12345</b>:12345 -e http_proxy=http://yourproxy_IP_address_or_name:8080 munkyboy/redsocks
-</pre>
 #### Example with HTTP proxy and HTTPS Proxy pointing to the same proxy URL
 Change `http://yourproxy_IP_address_or_name:8080` by the IP address or name and TCP port that fits to your environment:
 ```
@@ -27,7 +23,6 @@ export my_proxy=http://yourproxy_IP_address_or_name:8080
 docker run --net=host -e http_proxy=$my_proxy -e https_proxy=$my_proxy munkyboy/redsocks
 unset my_proxy
 ```
-Here, the `-p` way of running the docker container is not possible (see Caveats section).
 
 #### Redirection on the Docker Host
 Upon starting, the start script will echo sample `iptables` commands that need to be issued on the Docker host, e.g. 
@@ -42,18 +37,10 @@ iptables -t nat -D PREROUTING -p tcp --dport 443 -j REDIRECT --to 12346
 ```
 
 #### Caveats
-The container is sharing the Docker host's network and is listening to port `12345` and `12346`. If port `12345`is already in use, you can start the docker container without `--net=host` switch, but with a port mapping instead, e.g.
-<pre>
-export my_proxy=http://yourproxy_IP_address_or_name:8080
-docker run -p <b>54321</b>:12345 -e http_proxy=$my_proxy -e https_proxy=$my_proxy munkyboy/redsocks
-unset my_proxy
-</pre>
-In this case the you need to redirect your traffic to the mapped port (`54321` in this example), e.g. 
-<pre>
-iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to <b>54321</b>
-</pre>
-The container cannot be not aware of this port mapping and therefore it will try confusing you with iptable examples with ports `12345`.
-:blush:
-Note, that the `-p` way or running the container does not work with HTTPS: SSL does like if the redsocks internal view of the IP address differs from the external view, and we are forced to use the `--net=host` configuration.
+The container is sharing the Docker host's network and is listening to port `12345` and `12346`. If one of those ports is already in use, you will not be able to start the container. In a HTTP-only case, you may use a port mapping like
+```
+docker run -p 54321:12345 ...
+```
+instead of `docker run --net=host ...`. However, this is not possible in case of HTTPS, since the container needs to share the network IP address of the host, if you do not want to get an SSL error (`403 Forbidden`).