An nginx_http_proxy_module fork with SOCKS5 support
Switch branches/tags
Nothing to show
Clone or download
Latest commit 93dc582 Oct 17, 2016
Failed to load latest commit information.
src Introduce socks_set_host directive Oct 17, 2016 A typo fix Oct 17, 2016
config Initial commit Jan 26, 2016


An nginx_http_proxy_module fork with SOCKS5 support


nginx >= 1.9.1 is supported.

# apt-get install git build-essential zlib1g-dev libpcre3 libpcre3-dev unzip

$ git clone
$ wget

$ tar -xzvf nginx-1.9.15.tar.gz

$ cd nginx-1.9.15

# See for more configuration options
$ ./configure --add-module=../socks-nginx-module

$ make
# make install


Sample HTTP to SOCKS5 proxy configuration:

location / {
  socks_set_header Host $http_host;
  socks_set_header Proxy-Connection '';
  socks_pass_header Server;
  socks_redirect off;
  socks_http_version 1.1;
  socks_tunnel_header X-Connect;
  socks_buffers 16 16k; 
  socks_buffer_size 32k;
  socks_cache proxy;
  socks_cache_valid 30s;
  socks_cache_use_stale error timeout invalid_header updating
                        http_500 http_502 http_503 http_504;
  socks_pass socks5://;

All ngx_http_proxy_module directives are supported.


Context: http, server, location

As nginx HTTP parser doesn't support HTTP CONNECT method, a special header can be set to indicate tunnel connection.

This directive can be exploited with the following HAProxy configuration:

frontend local
  bind *:8080
  mode http
  http-request set-method GET if METH_CONNECT
  http-request set-uri https://%[req.hdr(Host)]/ if METH_CONNECT
  http-request add-header X-Connect true if METH_CONNECT
  default_backend nginx

backend nginx
  mode http
  server proxy maxconn 100000


Context: http, server, location

Default: socks_set_host $http_host;

Overrides the endpoint server.

This example will proxy requests to via local Tor daemon:

location /ip {
  socks_pass socks5://;
  socks_set_header Host; 
  socks_redirect off;
  socks_http_version 1.1;