A Docker-based proxy service that routes traffic through Cloudflare WARP, providing multiple proxy protocols including SOCKS4, SOCKS5, HTTP, and HTTP/2 with optional authentication and TLS encryption.
- Mask real IP with Cloudflare IP
- Multiple proxy protocols
- Authentication support
- Cloudflare DNS over HTTPS, TLS, and UDP
- TLS encryption
Build and run the container:
docker run -d \
--name cloudflare-warp-proxy \
-e SOCKS5_PORTS=1 \
-p 1180:1180 \
ghcr.io/adasThePro/cloudflare-warp-proxy:latestImage Tags:
latest: Latest build with newest WARP client version<warp_version>: Specific WARP client version (e.g.,2025.8.779.0)build-<hash>: Specific build identified by hash
Images are built automatically when new WARP client versions are released.
git clone https://github.com/adasThePro/cloudflare-warp-proxy.git
cd cloudflare-warp-proxy
docker-compose up -dgit clone https://github.com/adasThePro/cloudflare-warp-proxy.git
cd cloudflare-warp-proxy
docker build -t cloudflare-warp-proxy .Configure the number of ports for each proxy type using these environment variables. Set to 0 to disable a proxy type.
SOCKS4_PORTS: Number of SOCKS4 portsSOCKS5_PORTS: Number of SOCKS5 portsHTTP_PORTS: Number of HTTP portsSOCKS4_TLS_PORTS: Number of TLS-enabled SOCKS4 portsSOCKS5_TLS_PORTS: Number of TLS-enabled SOCKS5 portsHTTP_TLS_PORTS: Number of TLS-enabled HTTP portsHTTP2_TLS_PORTS: Number of TLS-enabled HTTP/2 ports
Note
- At least one proxy type must be enabled.
- HTTP/2 proxy requires TLS to be enabled.
Configure the starting port for each proxy type:
SOCKS4_BASE_PORT: Base port for SOCKS4 (default:1080)SOCKS5_BASE_PORT: Base port for SOCKS5 (default:1180)HTTP_BASE_PORT: Base port for HTTP (default:1280)SOCKS4_TLS_BASE_PORT: Base port for TLS-enabled SOCKS4 (default:1380)SOCKS5_TLS_BASE_PORT: Base port for TLS-enabled SOCKS5 (default:1480)HTTP_TLS_BASE_PORT: Base port for TLS-enabled HTTP (default:1580)HTTP2_TLS_BASE_PORT: Base port for TLS-enabled HTTP/2 (default:1680)
Example: If SOCKS5_PORTS=5 and SOCKS5_BASE_PORT=1180, the proxy will listen on ports 1180 to 1184.
Configure authentication for supported proxy types. Both username and password must be set to enable authentication.
Note: SOCKS4 does not support authentication.
Socks4 does not support authentication.
SOCKS5_USER: Username for SOCKS5 proxiesSOCKS5_PASS: Password for SOCKS5 proxies
HTTP_USER: Username for HTTP proxiesHTTP_PASS: Password for HTTP proxies
SOCKS5_TLS_USER: Username for TLS-enabled SOCKS5 proxiesSOCKS5_TLS_PASS: Password for TLS-enabled SOCKS5 proxies
HTTP_TLS_USER: Username for TLS-enabled HTTP proxiesHTTP_TLS_PASS: Password for TLS-enabled HTTP proxies
HTTP2_TLS_USER: Username for TLS-enabled HTTP/2 proxiesHTTP2_TLS_PASS: Password for TLS-enabled HTTP/2 proxies
TLS certificate files are required when using TLS-enabled proxy types. Two methods are available to provide the certificate files:
- Create a
certsdirectory in the project root - Place your certificate files:
server.crt: TLS certificate fileserver.key: TLS private key file
- Build the Docker image
Mount a directory containing the certificate files to /user-certs when running the container:
docker run -d \
-v /path/to/your/certs:/user-certs:ro \
-e TLS_KEY_PASS=your_password \
cloudflare-warp-proxyThe mounted directory must contain:
server.crt- TLS certificateserver.key- Private key
TLS_KEY_PASS: Password for the TLS private key (if encrypted)FORCE_CERT_REPLACE: Set totrueto force replacement of existing certificate files on startup
GOST_LOGGER_LEVEL: Set the logging level for GOST (default:info).- Options:
trace,debug,info,warn,error,fatal
- Options:
The proxy uses Cloudflare DNS with multiple fallback options:
- DNS over HTTPS
- DNS over TLS
- Standard UDP DNS
The following volumes are used:
warp-data: Stores WARP client registration data and configurationcerts: Stores TLS certificate files
This project is licensed under the MIT License. See the LICENSE file for details.