EN RU
Get Started
Home Pricing Web App Setup Guides Is the proxy not working? FAQ Blog Contact Partners

Setup Proxies on Linux

The ultimate guide to configuring SOCKS5 proxies with authentication across your entire Linux environment—from system settings to terminal, development, and containerization.

System Settings Limitations

GNOME & KDE Plasma

In Linux desktops (GNOME, KDE Plasma), global Network Proxy settings (found under SettingsNetwork) act differently than on other OSs. While you can input a SOCKS IP and Port, there are no fields for a username and password.

Because of this, system GUI proxy settings function only as a "recommendation" for apps. They will not automatically authenticate apps. Most networking tools will simply reject the connection without the credentials.

Key Takeaway: To use an authenticated SOCKS5 proxy, you must configure applications individually, use terminal variables, or use tools like `proxychains-ng`.

Web Browsers

1. Firefox (Best Choice)

Firefox remains the most reliable option on Linux as it features full native support for SOCKS5 with authentication.

  • Step 1: Go to SettingsGeneral → scroll to Network Settings and click Settings...
  • Step 2: Select Manual proxy configuration.
  • Step 3: Enter your SOCKS Host and Port, and check SOCKS v5.
  • Step 4: Click OK. When you visit your first website, a prompt will appear asking for your proxy login and password. Check "Remember password".
Prevent DNS Leaks: Type about:config in the URL bar, search for network.proxy.socks_remote_dns, and switch it to true.

2. Chrome / Chromium / Edge / Brave

These browsers rely on the inadequate Linux system network stack. To circumvent this, you must use a dedicated proxy extension.

  • Step 1: Install the Proxy SwitchyOmega from the extensions web store.
  • Step 2: Open the extension options, create a new profile indicating SOCKS5, and input your server details.
  • Step 3: Click the lock icon on the right side to enter your proxy authentication limits (Username and Password).
  • Step 4: Apply changes and activate the profile via the extension toolbar icon.

Terminal Utilities & Environment Variables

Direct Commands: cURL, wget, git

cURL: Always use the --socks5-hostname flag so that DNS queries are securely resolved remotely over the proxy.

curl --socks5-hostname login:pass@ip:1080 https://api.ipify.org

Wget: Pass the proxy arguments explicitly.

wget --proxy=on --socks5-hostname=ip:1080 --proxy-user=login --proxy-password=pass https://example.com/file.zip

Git: You can apply the proxy configuration globally for all clones and pulls.

git config --global http.proxy "socks5://login:pass@ip:1080"
git config --global https.proxy "socks5://login:pass@ip:1080"

Environment Configuraion (The Universal approach)

The easiest way to make most console apps use a proxy is by setting standard networking Variables. You can set them for a specific session, or append them to your ~/.bashrc or ~/.zshrc file for persistence.

export ALL_PROXY="socks5://login:pass@ip:1080"
export HTTP_PROXY="socks5://login:pass@ip:1080"
export HTTPS_PROXY="socks5://login:pass@ip:1080"

# Important: Exclude local network routes
export NO_PROXY="localhost,127.0.0.1,.local,192.168.0.0/16"

Note on Security: Storing passwords within a plain text .bashrc file can be a vulnerability. In production environments, rely on encrypted variables or credential managers like pass.

Proxyfying Specific Applications (proxychains-ng)

For applications without native proxy configuration options (like Spotify, Discord, or Steam), the most reliable console tool on Linux is proxychains-ng. It acts as a wrapper, forcing the software's network traffic entirely through your custom proxy.

Installation and Usage

  • Step 1: Get the package
# Ubuntu/Debian:
sudo apt install proxychains-ng

# Arch Linux:
sudo pacman -S proxychains-ng
  • Step 2: Configure the server
    Edit the configuration file (/etc/proxychains.conf or ~/.proxychains/proxychains.conf). At the end of the file under the [ProxyList] section, input your credentials:
socks5 1.2.3.4 1080 login pass

(Tip: Enable quiet_mode at the top of the file to stop proxychains from printing verbose logs on every connection).

  • Step 3: Run your apps
    Simply prepend the proxychains command to the application's executable:
proxychains curl https://api.ipify.org
proxychains spotify

Apps with Native SOCKS5 Support

Telegram Desktop

  • Open Telegram SettingsAdvancedConnection type.
  • Select Use custom proxy. Choose the SOCKS5 configuration type.
  • Enter your host, port, login, and password, then save.

qBittorrent

  • Open the OptionsConnection tab.
  • Select SOCKS5 in the Proxy Server section and apply auth details.
  • Critical: Ensure "Use proxy for peer connections" and "Use proxy for hostname lookups" are both checked.

Languages and Docker

1. Python

You need to install the SOCKS dependency before sending requests:

pip install requests[socks] 
import requests
proxies = { "http": "socks5://user:[email protected]:1080", "https": "socks5://user:[email protected]:1080" }
response = requests.get("https://api.ipify.org", proxies=proxies, timeout=10)
print(response.text)

2. Node.js

Using the socks-proxy-agent package:

const axios = require('axios');
const { SocksProxyAgent } = require('socks-proxy-agent');
const agent = new SocksProxyAgent('socks5://user:[email protected]:1080');

axios.get('https://api.ipify.org', { httpsAgent: agent, httpAgent: agent })
  .then(res => console.log(res.data));

3. Docker Setup

To pass proxy execution locally through a docker container, inject ENVs at runtime.

docker run --env HTTPS_PROXY="socks5://login:[email protected]:1080" my-image

To enforce the proxy on the Docker networking daemon scale, modify ~/.docker/daemon.json:

{
  "proxies": {
    "default": {
      "httpsProxy": "socks5://login:[email protected]:1080"
    }
  }
}

Security Checklist & Alternative Tools

Redsocks (Transparent Traffic Routing)

If you want absolute, transparent, OS-wide traffic proxying without configuring exceptions per-app, administrators utilize redsocks alongside an iptables firewall.

RedSocks acts as an invisible system daemon. It translates generic TCP connections generated by the machine and feeds them directly into your authorized SOCKS5 endpoint.

Note: This process is complex, requires strict iptables rule chains to avoid network loopbacks, and warrants extensive testing within a Virtual Machine beforehand.

Local SSH Tunnels

If you control a remote server directly via SSH, you can instantiate a localized passwordless SOCKS5 tunnel dynamically using the SSH client, circumventing explicit configuration passwords inside application settings.

ssh -D 1080 -N -C [email protected]

After running this, an unauthenticated local tunnel is opened at 127.0.0.1:1080. You can point proxychains or your terminal utilities to that local host and bypass standard password exposure.

Critical Security Reminders

  • Always specify NO_PROXY for Localhost: export NO_PROXY="localhost,127.0.0.1,.local". Never route local docker containers or router-gateway IP requests to an external proxy server.
  • Secure Configurations: .env parameter structures shouldn't be publicly uploaded on Git repositories. Provide a file permissions hierarchy constraint: chmod 600 ~/.bashrc
  • DNS Verification: Utilize dnsleaktest.com natively from your browser. SOCKS5 connections must also tunnel your IP lookups via socks_remote_dns=true to avoid leaking website visits to your ISP securely.

⚠️
Found an error or the method isn't working?

Technology is constantly evolving. If the guide is outdated, you encounter an issue, or something isn't working — let us know! We will quickly verify the information and help you get set up.

Contact Support

🤖
Need personalized help?

Leverage the power of AI. We've prepared a specific prompt for ChatGPT that will analyze your situation and provide a step-by-step connection guide for your device.

Ask ChatGPT