TL;DR: Help the Iranian population bypass censorship by running a lightweight, low-maintenance proxy. It requires no public IP, acts only as a bridge (not an exit node), and can be deployed via Kubernetes or Docker in seconds.
Access to information is a human right. Due to severe internet censorship in Iran, many citizens are cut off from the rest of the world.
This repository provides deployment manifests for Conduit, a censorship circumvention tool developed by Psiphon. By running a Conduit proxy, you act as a "pass-through" node, helping users in censored regions connect to the Psiphon network.
The software used here is a Linux fork of the official Conduit software (which typically runs on Windows/Android).
Your contribution, no matter how small, makes a tangible difference in people's lives.
Before deploying, here is what you need to know about how this affects your infrastructure. It is safe for most corporate and home labs because:
-
You are NOT an Exit Node:
-
Your server simply shuffles encrypted packets from the user to the Psiphon entry point.
-
Your IP address is NOT the origin of the traffic seen by the final destination website. You are merely the bridge.
-
-
No Public IP/Ingress Required:
- The proxy connects out via STUN/TURN. You do not need to open ports, configure Ingress, or expose a Service with a LoadBalancer.
-
Auditable Code:
- The container uses an open-source fork. You are encouraged to vet the code in the linked repository.
Ideal for existing clusters. Requires a PVC for minor state storage (keys/identity).
statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: conduit-proxy
namespace: conduit
spec:
selector:
matchLabels:
app: conduit-proxy
serviceName: conduit-proxy
replicas: 1
template:
metadata:
labels:
app: conduit-proxy
spec:
securityContext:
fsGroup: 10001
fsGroupChangePolicy: OnRootMismatch
containers:
- name: conduit-proxy
securityContext:
runAsUser: 10001
runAsGroup: 10001
allowPrivilegeEscalation: false
privileged: false
capabilities:
drop:
- ALL
image: ghcr.io/ssmirr/conduit/conduit:2fd31d4
args:
- "start"
- --data-dir
- "/data"
- "--max-clients"
- "200"
- "--bandwidth"
- "5"
resources:
limits:
memory: "256Mi"
cpu: "500m"
requests:
memory: 128Mi
cpu: 100m
volumeMounts:
- mountPath: /data
name: conduit-data
volumeClaimTemplates:
- metadata:
name: conduit-data
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 100Mi
For those running on a VPS or a home lab without K8s.
docker-compose.yml
services:
conduit-proxy:
image: ghcr.io/ssmirr/conduit/conduit:2fd31d4
restart: unless-stopped
command:
- start
- --data-dir
- /home/conduit/data
- --max-clients
- "200"
- --bandwidth
- "5"
volumes:
- conduit-data:/home/conduit/data
volumes:
conduit-data:
If you want to understand the technical and geopolitical context deeper:
-
GitHub Issue (Technical discussion): net4people/bbs#561
-
Cloudflare Blog (Context on shutdowns): Iran protests & Internet Shutdowns
-
Source Code (Linux Fork): ssmirr/conduit
By running this container, you are actively helping to keep the internet open and accessible for everyone.