5.1 Why Do We Need a "Localized" Proxy?
When scraping data, we often face a dilemma:
- No Proxy: Your IP gets banned, and the scraping fails.
- Global VPN: All host traffic (e.g., GitHub pushes, SSH logins, system updates) is forced through the VPN, which impacts speed and may violate corporate compliance policies.
The Solution: Localized SOCKS5 Proxy.
By configuring Cloudflare WARP as a SOCKS5 proxy, the WARP client only opens a specific port (e.g., localhost:40000) on your host machine. Only programs that explicitly send requests to this port (like our Docker containers) will have their traffic routed through WARP. The rest of the host's traffic remains completely unaffected.
5.2 WARP Configuration on macOS
Note: On macOS, you cannot simply install the command-line tool; you must install the Desktop GUI client.
Step 1: Install the Cloudflare WARP Client
Visit the Cloudflare WARP website (1.1.1.1) to download and install the macOS client. After installation, a gray cloud icon will appear in your system status bar. Do not click to connect yet.
Step 2: Switch to Proxy Mode Using the CLI
Open your terminal and use the built-in CLI tool warp-cli provided by Cloudflare:
# 1. Accept the terms of service
warp-cli registration new
# 2. Switch mode from the default 'warp' (global VPN) to 'proxy' (localized SOCKS5)
warp-cli mode proxy
# 3. Specify the local port for SOCKS5 (default is 40000, explicitly setting it is recommended)
warp-cli proxy port 40000
# 4. Enable the connection
warp-cli connect
# 5. Check the current connection status
warp-cli status
# Expected output: Status update: Connected
Step 3: Verify the Proxy
Now, a SOCKS5 proxy is running on your host, listening on 127.0.0.1:40000. Let's test it:
# Test 1: Direct access (displays your real ISP IP)
curl -s https://www.cloudflare.com/cdn-cgi/trace | grep "ip\|warp"
# Example output:
# ip=114.254.x.x
# warp=off
# Test 2: Access via proxy (should display a Cloudflare Edge IP)
curl -s -x socks5h://localhost:40000 https://www.cloudflare.com/cdn-cgi/trace | grep "ip\|warp"
# Example output:
# ip=104.28.208.x (Cloudflare IP)
# warp=on
Congratulations! If the outputs match the examples above, your localized proxy is successfully set up.
5.3 Configuration on Linux / Docker Host
If you are deploying on a Linux server like Ubuntu, the steps are more direct and do not require a GUI:
# 1. Add Cloudflare source and install
curl -fsSL https://pkg.cloudflareclient.com/pubkey.gpg | sudo gpg --yes --dearmor --output /usr/share/keyrings/cloudflare-warp-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/cloudflare-warp-archive-keyring.gpg] https://pkg.cloudflareclient.com/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/cloudflare-client.list
sudo apt-get update && sudo apt-get install cloudflare-warp
# 2. Register and configure proxy mode
warp-cli registration new
warp-cli mode proxy
warp-cli proxy port 40000
# 3. (Optional but Important) Modify listen address to allow Docker access
# By default, it only listens on 127.0.0.1, which Docker containers might not reach.
# You may need to listen on the Docker bridge address (e.g., 172.17.0.1).
# warp-cli add-custom-endpoint 172.17.0.1:40000
# 4. Connect
warp-cli connect
5.4 Troubleshooting
| Symptom | Possible Cause | Solution |
|---|---|---|
curl returns Connection refused |
WARP is not connected or port is not listening | Check warp-cli status, ensure it is connected |
warp-cli command not found |
Path not updated in shell | Restart terminal or use absolute path: /Applications/Cloudflare WARP.app/Contents/Resources/warp-cli |
Cannot access localhost:40000 from Docker |
localhost points inside the container, not the host |
Refer to the next lesson: Using host.docker.internal in Docker |
5.5 Chapter Review
- What is the main difference between installing
warp-clion macOS versus Linux? - In the
curlcommand-x socks5h://, what does thehstand for? Why usesocks5hinstead ofsocks5? - What happens if you accidentally use
warp-cli mode tunnel?