A Docker-based proxy service that routes traffic through Cloudflare WARP, providing network privacy and performance. Supports multiple proxy protocols including SOCKS4, SOCKS5, HTTP, and HTTP/2 with optional authentication and TLS encryption.
Important
- This project is not affiliated with Cloudflare. Cloudflare WARP and related trademarks are property of Cloudflare, Inc.
- Ensure compliance with Cloudflare's terms of service when using WARP.
- Multiple Proxy Protocols: SOCKS4, SOCKS5, HTTP, and HTTP/2
- Flexible Authentication: Optional username/password authentication for supported protocols
- TLS Encryption: Secure your proxy connections with TLS
- Cloudflare DNS: Built-in DNS over HTTPS, TLS, and UDP fallback
- Easy Deployment: Simple Docker and Docker Compose setup
- Automatic Updates: Pre-built images updated with latest WARP client versions
Run the container with a single SOCKS5 proxy on port 1180:
docker run -d \
--name cloudflare-warp-proxy \
-e SOCKS5_PORTS=1 \
-p 1180:1180 \
ghcr.io/adasThePrime/cloudflare-warp-proxy:latestTest the proxy:
curl -x socks5://localhost:1180 https://reqtrace.qzz.io- Clone the repository:
git clone https://github.com/adasThePrime/cloudflare-warp-proxy.git
cd cloudflare-warp-proxy- Start the service:
docker-compose up -d- Check the logs:
docker-compose logs -flatest: Most recent build with the newest WARP client version<warp_version>: Specific WARP client version (e.g.,2025.8.779.0)build-<hash>: Specific build identified by commit hash
Images are automatically built and published when new WARP client versions are released.
Enable proxy types by setting the number of ports for each. Set to 0 or omit to disable a proxy type.
| Environment Variable | Description | Default Base Port |
|---|---|---|
SOCKS4_PORTS |
Number of SOCKS4 proxy ports | 1080 |
SOCKS5_PORTS |
Number of SOCKS5 proxy ports | 1180 |
HTTP_PORTS |
Number of HTTP proxy ports | 1280 |
SOCKS4_TLS_PORTS |
Number of TLS-enabled SOCKS4 ports | 1380 |
SOCKS5_TLS_PORTS |
Number of TLS-enabled SOCKS5 ports | 1480 |
HTTP_TLS_PORTS |
Number of TLS-enabled HTTP ports | 1580 |
HTTP2_TLS_PORTS |
Number of TLS-enabled HTTP/2 ports | 1680 |
Important Notes:
- At least one proxy type must be enabled
- HTTP/2 requires TLS to be enabled
- SOCKS4 does not support authentication
Port Allocation Example:
If you set SOCKS5_PORTS=5 with SOCKS5_BASE_PORT=1180, the proxy will listen on ports 1180, 1181, 1182, 1183, and 1184.
Override the default starting port for each proxy type:
| Environment Variable | Default |
|---|---|
SOCKS4_BASE_PORT |
1080 |
SOCKS5_BASE_PORT |
1180 |
HTTP_BASE_PORT |
1280 |
SOCKS4_TLS_BASE_PORT |
1380 |
SOCKS5_TLS_BASE_PORT |
1480 |
HTTP_TLS_BASE_PORT |
1580 |
HTTP2_TLS_BASE_PORT |
1680 |
Add password protection to your proxies by setting both username and password environment variables. Authentication is supported for all proxy types except SOCKS4.
| Proxy Type | Username Variable | Password Variable |
|---|---|---|
| SOCKS5 | SOCKS5_USER |
SOCKS5_PASS |
| HTTP | HTTP_USER |
HTTP_PASS |
| SOCKS5 TLS | SOCKS5_TLS_USER |
SOCKS5_TLS_PASS |
| HTTP TLS | HTTP_TLS_USER |
HTTP_TLS_PASS |
| HTTP/2 TLS | HTTP2_TLS_USER |
HTTP2_TLS_PASS |
Example with Authentication:
docker run -d \
--name cloudflare-warp-proxy \
-e SOCKS5_PORTS=1 \
-e SOCKS5_USER=myuser \
-e SOCKS5_PASS=mypassword \
-p 1180:1180 \
ghcr.io/adasThePrime/cloudflare-warp-proxy:latestTest with authentication:
curl -x socks5://myuser:mypassword@localhost:1180 https://reqtrace.qzz.ioTLS-enabled proxy types require a certificate and private key. You can obtain a free TLS certificate from here or use your own existing certificate.
There are two methods to provide these files:
- Create a
certsdirectory in the project root - Add your certificate files:
server.crt- TLS certificateserver.key- TLS private key (optionally encrypted)
- Build the Docker image
Mount your certificate directory when running the container:
docker run -d \
--name cloudflare-warp-proxy \
-e SOCKS5_TLS_PORTS=1 \
-e TLS_KEY_PASS=your_key_password \
-v /path/to/your/certs:/user-certs:ro \
-p 1480:1480 \
ghcr.io/adasThePrime/cloudflare-warp-proxy:latestThe mounted directory must contain:
server.crt- TLS certificateserver.key- TLS private key (optionally encrypted)
TLS Environment Variables:
TLS_KEY_PASS: Password for encrypted private key (optional)FORCE_CERT_REPLACE: Set totrueto force certificate replacement on startup (default:false)
Control the verbosity of proxy server logs:
-e GOST_LOGGER_LEVEL=debugAvailable Log Levels:
trace- Most verbose, includes all debug informationdebug- Detailed debugging informationinfo- General informational messages (default)warn- Warning messages onlyerror- Error messages onlyfatal- Critical errors only
The proxy includes Cloudflare DNS with automatic fallback:
- DNS over HTTPS (primary)
- DNS over TLS (fallback)
- Standard UDP DNS (final fallback)
This ensures reliable DNS resolution even if one method fails.
The container uses Docker volumes for persistent storage:
warp-data: Stores WARP client registration and configurationcerts: Stores TLS certificate files
Run multiple proxy types simultaneously:
docker run -d \
--name cloudflare-warp-proxy \
-e SOCKS5_PORTS=3 \
-e HTTP_PORTS=2 \
-e SOCKS5_USER=user1 \
-e SOCKS5_PASS=pass1 \
-e HTTP_USER=user2 \
-e HTTP_PASS=pass2 \
-p 1180-1182:1180-1182 \
-p 1280-1281:1280-1281 \
ghcr.io/adasThePrime/cloudflare-warp-proxy:latestThis creates:
- 3 SOCKS5 proxies on ports 1180-1182 (with authentication)
- 2 HTTP proxies on ports 1280-1281 (with authentication)
Clone and build the image locally:
git clone https://github.com/adasThePrime/cloudflare-warp-proxy.git
cd cloudflare-warp-proxy
docker build -t cloudflare-warp-proxy:custom .Run your custom build:
docker run -d \
--name cloudflare-warp-proxy \
-e SOCKS5_PORTS=1 \
-p 1180:1180 \
cloudflare-warp-proxy:customThis project is licensed under the MIT License. See the LICENSE file for details.