ulfrasark/naiveproxy

By ulfrasark

Updated 11 days ago

NaiveProxy server (Caddy + forwardproxy) for MikroTik RouterOS x86_64 containers.

Image
Networking
Security
0

635

ulfrasark/naiveproxy repository overview

ulfrasark/naiveproxy

NaiveProxy server (Caddy + forwardproxy) for MikroTik RouterOS containers.

Based on Alpine Linux. Auto TLS via Let's Encrypt.


Image size

LayerSize
Compressed (Docker Hub)~28 MB
Unpacked (on device)~59 MB

Built with multi-stage build — only the Caddy binary + Alpine + libgcc in final image. No Go toolchain, no build artifacts.


MikroTik settings

/interface/veth add address=192.168.254.10/24 gateway=192.168.254.1 name=veth-naive
/interface/bridge/port add bridge=Bridge-Docker interface=veth-naive


Environment variables

/container/envs/add name=naive-env key=NAIVE_DOMAIN value=your-domain.chickenkiller.com
/container/envs/add name=naive-env key=NAIVE_EMAIL value=[email protected]
/container/envs/add name=naive-env key=NAIVE_USER value=youruser
/container/envs/add name=naive-env key=NAIVE_PASS value=yourpassword
/container/envs/add name=naive-env key=NAIVE_MASK_SITE value=demo.cloudreve.org


Mount for TLS certificates persistence

/container/mounts/add name=caddy-data src=/usb1/caddy-data dst=/data/caddy

Without this mount — certificate will be re-issued on every container restart.


Install container

/container/add
image=ulfrasark/naiveproxy:latest
interface=veth-naive
envlist=naive-env
mounts=caddy-data
root-dir=/usb1/naiveproxy
dns=1.1.1.1
start-on-boot=yes
logging=yes


Start

/container/start [find name~"naive"]


Check logs

/log print where topics~"container"

Connection string will be printed in logs on startup:
naive+https://youruser:[email protected]:443


Port forwarding

PortProtocolRequired
80TCPFirst run only (Let's Encrypt HTTP challenge)
443TCP+UDPAlways (proxy + TLS-ALPN renewal)

After the first certificate is issued — port 80 can be closed. Renewal uses TLS-ALPN-01 on port 443 only.


Domain recommendations

⚠️ Do NOT use DuckDNS — their NS servers are unstable and Let's Encrypt often fails to validate.

Use FreeDNS (freedns.afraid.org) — free subdomains on thousands of domains (e.g. yourname.chickenkiller.com, yourname.mooo.com etc.)


Performance tips

  • Use multiple parallel connections in your client (NekoBox: increase concurrency)
  • Enable HTTP/3 (QUIC) if your client supports it
  • UDP-over-TCP mode helps on lossy or high-latency links
  • Change proxy URI scheme to quic:// instead of https:// to test HTTP/3

Client config example (NekoBox / Hiddify)

naive+https://youruser:[email protected]:443

Or JSON:

{
  "listen": "socks://127.0.0.1:1080",
  "proxy": "https://youruser:[email protected]"
}

GitHub

Source and Dockerfile: coming soon

Tag summary

Content type

Image

Digest

sha256:832c9a7d8

Size

23.4 MB

Last updated

11 days ago

docker pull ulfrasark/naiveproxy:v6