You know the drill: you’re scrolling through Reddit or digging through old forum threads, you click an image, and instead of the content, you get hit with this raw JSON response:
{
"data": {
"error": "Imgur is temporarily over capacity. Please try again later."
},
"success": false,
"status": 403
}
If you see this, don’t believe it. It is usually not a real capacity issue. It’s a blanket “forbidden” response because your IP or ISP is blocked. It turns out my ISP, Iliad (Italy), has its ASN banned by Imgur.
I stumbled upon this excellent post by Tymscar who solved a similar issue in the UK using Traefik. However, my stack is different: I run AdGuard Home for DNS and Caddy as my reverse proxy.
Since Caddy already occupies port 443 on my server, I couldn’t just spin up another proxy on the host. Here is how I solved it using a Docker Macvlan network and Cloudflare WARP.
The Architecture#
- AdGuard Home rewrites
*.imgur.comandimgur.comto a specific, static IP on my LAN that tunnels the HTTPS traffic. - A Docker Container listens on that specific IP (bypassing the host’s port conflicts given that it behaves as another device).
- Gluetun tunnels the traffic through Cloudflare WARP to exit the Iliad network.
- Nginx inspects the SNI and forwards the traffic to the real Imgur servers.
Step 1: Get Cloudflare WARP Keys#
I needed WireGuard credentials for the free Cloudflare WARP tier. You can use wgcf to generate a profile. Run this snippet to generate the wgcf-profile.conf file containing your keys:
curl -Lo wgcf https://github.com/ViRb3/wgcf/releases/download/v2.2.23/wgcf_2.2.23_linux_amd64
chmod +x wgcf
./wgcf register --accept-tos
./wgcf generate
# Open 'wgcf-profile.conf' to extract Private/Public keys and Endpoint IP
rm wgcf # Clean up, we don't need the binary anymore
Step 2: The Nginx Config (nginx.conf)#
This uses dynamic SNI to handle i.imgur.com, imgur.com, and any other subdomain automatically without SSL termination.
user nginx;
worker_processes auto;
events { worker_connections 1024; }
stream {
resolver 1.1.1.1 valid=30s;
server {
listen 443;
ssl_preread on;
# Dynamic forwarding based on what the browser asked for
proxy_pass $ssl_preread_server_name:443;
proxy_connect_timeout 10s;
proxy_timeout 60s;
}
}
Step 3: Docker Compose#
The magic here is the macvlan network. It gives the container its own physical presence on the network, completely separate from my main server IP.
Note: I’ve picked a PROXY_STATIC_IP that is valid for my subnet and I’ve statically assigned it to the mac_address specified in the docker-compose.yaml below. If you do not specify a mac_address, it will be always random, defeating the purpose of having a statically assigned IP.
services:
gluetun:
image: qmcgaw/gluetun:latest
container_name: imgur-warp
cap_add: [ "NET_ADMIN" ]
devices: [ "/dev/net/tun:/dev/net/tun" ]
environment:
- VPN_SERVICE_PROVIDER=custom
- VPN_TYPE=wireguard
# Cloudflare WARP Keys (From Step 1)
- WIREGUARD_PRIVATE_KEY=YOUR_PRIVATE_KEY
- WIREGUARD_PUBLIC_KEY=YOUR_PUBLIC_KEY
- WIREGUARD_ADDRESSES=172.16.0.2/32
# Hardcoded WARP Endpoint
- VPN_ENDPOINT_IP=162.159.192.1
- VPN_ENDPOINT_PORT=2408
# Allow local access
- FIREWALL_OUTBOUND_SUBNETS=YOUR_LOCAL_SUBNET_CIDR # e.g. 192.168.1.0/24
networks:
vpc_net:
ipv4_address: PROXY_STATIC_IP # e.g. 192.168.1.253
mac_address: 02:42:C0:A8:01:FD # Static MAC for DHCP reservation
restart: unless-stopped
imgur-proxy:
image: nginx:alpine
container_name: imgur-proxy
depends_on:
gluetun: { condition: service_healthy }
network_mode: "service:gluetun"
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro
restart: unless-stopped
networks:
vpc_net:
driver: macvlan
driver_opts:
parent: YOUR_INTERFACE_NAME # e.g. enp2s0, eth0
ipam:
config:
- subnet: YOUR_LOCAL_SUBNET_CIDR
gateway: YOUR_GATEWAY_IP
Step 4: AdGuard Rewrite#
Finally, I added two DNS rewrites in AdGuard Home to redirect traffic to the container.
- Domain:
*.imgur.com→ Answer:PROXY_STATIC_IP - Domain:
imgur.com→ Answer:PROXY_STATIC_IP
Now, every device on my network loads Imgur content instantly, completely transparently, while bypassing the ISP block.