Skip to content
/ iodine-shadowsocks Public

A stealthy DNS tunnel + Shadowsocks proxy stack in Docker. Expose encrypted SOCKS5 access through DNS-only networks using iodine and v2ray-plugin.

2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

oraclenik/iodine-shadowsocks

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

3 Commits
client
client
Β 
Β 
server
server
Β 
Β 
README.md
README.md
Β 
Β 

Repository files navigation

DNS-SOCKS: Stealth DNS Tunnel + Shadowsocks in Docker

A lightweight, Docker-based DNS tunnel and Shadowsocks stack using iodine and shadowsocks-libev with v2ray-plugin.
Built for use in restricted environments where only DNS is allowed, this setup exposes a local SOCKS5 proxy via an encrypted DNS tunnel.

✨ Features

  • πŸ” Encrypted SOCKS5 proxy tunneled entirely through DNS
  • 🧊 Alpine-based images for minimal footprint
  • 🐳 Docker Compose deployment
  • βš™οΈ Environment-configurable client and server setup
  • 🌐 Works behind restrictive firewalls (DNS-only egress)

πŸ“ Structure

.
β”œβ”€β”€ client/
β”‚   β”œβ”€β”€ .env                  # Client environment (tunnel + proxy settings)
β”‚   β”œβ”€β”€ docker-compose.yml    # Starts iodine + ss-local
β”‚   β”œβ”€β”€ Dockerfile.iodine     # Builds iodine tunnel client
β”‚   β”œβ”€β”€ start-iodine.sh       # Entrypoint for iodine client
β”‚   └── start-ss-client.sh    # Entrypoint for Shadowsocks + v2ray-plugin
β”‚
β”œβ”€β”€ server/
β”‚   β”œβ”€β”€ .env                  # Server configuration
β”‚   β”œβ”€β”€ docker-compose.yml    # Starts iodined + ss-server
β”‚   β”œβ”€β”€ Dockerfile            # Builds iodine server
β”‚   └── iodined.sh            # Entrypoint for DNS tunnel server
β”‚
└── README.md

πŸš€ Quick Start

πŸ–₯️ Server (run on DNS-accessible VPS)

cd server
cp .env.example .env   #  edit .env 
docker-compose up -d --build

Make sure to delegate a subdomain (e.g. t1.example.com) to the server IP via an NS record.

πŸ’» Client

cd client
cp .env.example .env   #  edit .env 
docker-compose up -d --build

This will:

  • Connect to the iodine tunnel
  • Start a SOCKS5 proxy at localhost:1080

Test:

curl --socks5-hostname 127.0.0.1:1080 https://ifconfig.me

πŸ”§ Environment Variables

Edit .env in both client/ and server/:

Shared

Variable Example Purpose
TUNNEL_DOMAIN t1.example.com Subdomain delegated to iodined
TUNNEL_GATEWAY 10.0.0.1 Tunnel IP of the server

Server-only

Variable Example
IODINED_PASS SuperSecret123

Client-only

Variable Example
SS_REMOTE_PORT 8388
SS_PASSWORD MyProxyPass
SS_METHOD chacha20-ietf-poly1305
SOCKS_PORT 1080

🧠 Notes

  • You'll need to forward an NS record for the tunnel domain to your server.
  • The TUN device must be available on the host (/dev/net/tun) and Docker must be run with --cap-add=NET_ADMIN.
  • Shadowsocks traffic is obfuscated with v2ray-plugin (can add TLS/websocket if needed).

πŸ“œ License

MIT β€” Free to use, fork, and extend.

πŸ™ Credits

Enjoy stealth networking πŸ•΅οΈβ€β™‚οΈ over DNS.

About

A stealthy DNS tunnel + Shadowsocks proxy stack in Docker. Expose encrypted SOCKS5 access through DNS-only networks using iodine and v2ray-plugin.

Resources

Readme
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages