ZProxy is a SOCKS5 proxy designed to help you access internal services deployed by Zeabur Dedicated Server.
Note
This project is primarily completed by AI. I am only responsible for code review and detail modifications. The code quality of this project does not represent my personal code quality.
docker pull ghcr.io/imsingee/zproxy:latestapiVersion: apps/v1
kind: Deployment
metadata:
name: zproxy
labels:
app: zproxy
spec:
replicas: 1
selector:
matchLabels:
app: zproxy
template:
metadata:
labels:
app: zproxy
spec:
containers:
- name: zproxy
image: ghcr.io/imsingee/zproxy:latest
ports:
- containerPort: 1080
env:
- name: CLUSTER_DOMAIN
value: "cluster.local"
- name: AUTH_USERNAME
valueFrom:
secretKeyRef:
name: zproxy-auth
key: username
- name: AUTH_PASSWORD
valueFrom:
secretKeyRef:
name: zproxy-auth
key: password
# Zeabur DNS mapping configuration (optional)
- name: ZEABUR_API_KEY
valueFrom:
secretKeyRef:
name: zeabur-credentials
key: api-key
- name: ZEABUR_SERVER_ID
value: "server-xxxxxx"
- name: ZEABUR_UPDATE_INTERVAL
value: "5m"
---
apiVersion: v1
kind: Service
metadata:
name: zproxy
spec:
selector:
app: zproxy
ports:
- port: 1080
targetPort: 1080
type: ClusterIP./zproxy [flags]| Flag | Short | Environment Variable | Description | Default |
|---|---|---|---|---|
--listen |
-l |
PORT (port only) |
Proxy listening address | :1080 |
--in-domain-suffix |
-s |
IN_DOMAIN_SUFFIX |
Domain suffix to replace | cluster.local |
--cluster-domain |
-c |
CLUSTER_DOMAIN |
Cluster domain to use as replacement | cluster.local |
--username |
-u |
AUTH_USERNAME |
Authentication username | |
--password |
-p |
AUTH_PASSWORD |
Authentication password | |
--zeabur-api-key |
ZEABUR_API_KEY |
Zeabur API key | ||
--zeabur-server-id |
ZEABUR_SERVER_ID |
Zeabur server ID | ||
--zeabur-update-interval |
ZEABUR_UPDATE_INTERVAL |
Interval for updating Zeabur DNS map | 5m |
Additionally, you can also use PORT environment variable to configure listening port.
ZProxy modifies domain names according to the following rules:
- The proxy only accepts domain names (IP addresses are rejected)
- The domain must end with the specified domain suffix (e.g.,
cluster.local, configured with--in-domain-suffix) - The domain suffix is replaced with the specified cluster domain
For example, with default settings:
service.namespace.svc.cluster.local→service.namespace.svc.cluster.local(no change if suffixes are the same)
And if you set a custom suffix (e.g. custom.suffix)
service.namespace.svc.custom.suffix→service.namespace.svc.cluster.local
ZProxy now supports special handling for Zeabur services. When the Zeabur API key and server ID are provided, ZProxy will:
- Fetch service mappings from the Zeabur API
- Allow access to Zeabur services using a special domain format
- Periodically update the service mappings based on the configured interval
For domains with the format {service-name}.{project-name}.zeabur.{domain-suffix}, ZProxy will:
- Look up the service name in the Zeabur DNS store
- Map it to the corresponding Kubernetes service address
For example:
my-service.my-prject.zeabur.cluster.local→ themy-serviceservice inmy-projectproject
To enable this feature, you need to provide:
ZEABUR_API_KEY: Your Zeabur API keyZEABUR_SERVER_ID: Your Zeabur server IDZEABUR_UPDATE_INTERVAL(optional): How often to update the DNS mappings (default: 5m)