It's theoretically possible to start apps with HTTP_PROXY outside of docker, but there's no guarantee they will use it, hence the project. The choice at the time was docker, since it's the only thing I knew (and still know). The project in its current state is able to curl eepsites (equivalent of a hidden onion service in TOR) aka successful containment. However, that's where it ends: only clients work and servers won't be accessible from within the container.
The solution isn't optimal because it depends on docker meaning 1 container for I2P, another one for the app. Furthermore all traffic has to go through the transparent proxy in the app container.
I have considered writing a TUN/TAP device and creating a cgroup that uses that virtual network device, but I know nothing about those 2 subjects besides their concepts. It's therefore difficult to evaluate feasibility.
Things to take into consideration:
- It should run on linux
- DNS requests will be made by the app and have to be handled (see docs[4] on a functioning yet unoptimised proposal)
- Non-overlay traffic shouldn't escape the container
- client/server applications should be able to work with other services in the overlay network (send/receive)
Any suggestions?
[1]: https://gitlab.com/NamingThingsIsHard/privacy/i2p-docker-proxy
[2]: https://geti2p.net/
[3]: https://torproject.org/
[4]: https://namingthingsishard.gitlab.io/privacy/i2p-docker-proxy/architecture.html