On host, create new FF profile for that purpose only. In its `about:config`, enable `network.proxy.allow_hijacking_localhost` (so that requests to localhost are proxied too).
##### With squid (HTTP/HTTPS only, ran as a service)
In container: `doas apk add squid`, and edit `/etc/squid/squid/conf` accordingly
In container: `doas apk add squid`, and edit `/etc/squid/squid/conf` accordingly
(most likely you'll only need to change local network definition to match the subnet shared between the host and the container).
(most likely you'll only need to change local network definition to match the subnet shared between the host and the container).
@ -710,7 +714,22 @@ doas rc-service squid start
(Note that squid requires devfs service to be running).
(Note that squid requires devfs service to be running).
In host, create new FF profile (`about:profiles`) for that purpose, and configure it to use squid proxy running inside of container.
Configure FF profile to use squid proxy running inside of container.
It is not clear how to get websockets working with squid, information on the web is very sparse.
##### With SSH tunnel (supports websockets)
Alternatively, without any need to squid:
* Configure container for tunnelling support (no idea why it is required for tunnelling to work: https://web.archive.org/web/20210125210954/https://blog.felixbrucker.com/2015/10/01/how-to-enable-tuntap-inside-lxc/):
* On LXC: add `lxc.cgroup.devices.allow = c 10:200 rwm` to your `~/.config/lxc/CONTAINERNAME.conf` file;
* On LXD: `doas lxc config set CONTAINERNAME raw.lxc="lxc.cgroup.devices.allow = c 10:200 rwm"`;
* (of course, restart the container after that);
* Enable `AllowTcpForwarding` and `PermitTunnel` in `/etc/ssh/sshd_config` (and of course restart `sshd`);
* On host, `ssh CONTAINER_IP -ND TUNNEL_PORT` (TUNNEL_PORT can be anything above 1024 to avoid requiring root privileges);
* On host, in target FF profile, configure proxy to use SOCKS v5 proxy on CONTAINER_IP:CONTAINER_PORT (leave HTTP / HTTPS proxy empty), and check "Proxy DNS when using Socks v5" checkbox.
* Note that it will only work as long as ssh tunnelling command on host is running. So you'll need to run it again after reboot etc. Or wrap it in a service for OpenRC.