diff --git a/.env.example b/.env.example
index 6cd6196..def092b 100644
--- a/.env.example
+++ b/.env.example
@@ -401,15 +401,20 @@ CLOUDFLARE_TUNNEL_TOKEN=
 # ============================================
 # Gost Proxy Configuration (Optional)
 # ============================================
-# Internal HTTP proxy for AI services outbound traffic
+# Routes AI service traffic through an external proxy for geo-bypass.
+# Use this to access OpenAI/Anthropic/Google APIs from restricted regions.
 
 # Credentials (auto-generated)
 GOST_USERNAME=
 GOST_PASSWORD=
 
-# Proxy URL (auto-generated: http://user:pass@gost:8080)
+# Proxy URL for AI services (auto-generated: http://user:pass@gost:8080)
 GOST_PROXY_URL=
 
+# External upstream proxy (REQUIRED - asked during wizard if gost is selected)
+# Examples: socks5://user:pass@proxy.com:1080, http://user:pass@proxy.com:8080
+GOST_UPSTREAM_PROXY=
+
 # Internal services bypass list (prevents internal Docker traffic from going through proxy)
 GOST_NO_PROXY=localhost,127.0.0.1,postgres,redis,caddy,ollama,neo4j,qdrant,weaviate,clickhouse,minio,searxng,crawl4ai,gotenberg,langfuse-web,langfuse-worker,flowise,n8n,n8n-import,n8n-worker-1,n8n-worker-2,n8n-worker-3,n8n-worker-4,n8n-runner-1,n8n-runner-2,n8n-runner-3,n8n-runner-4,letta,lightrag,docling,postiz,ragflow,ragflow-mysql,ragflow-minio,ragflow-redis,ragflow-elasticsearch,ragapp,open-webui,comfyui,waha,libretranslate,paddleocr,gost
 
diff --git a/docker-compose.yml b/docker-compose.yml
index e301ad3..858e53d 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -356,6 +356,8 @@ services:
     command:
       - "-L"
       - "http://${GOST_USERNAME}:${GOST_PASSWORD}@:8080"
+      - "-F"
+      - "${GOST_UPSTREAM_PROXY}"
     healthcheck:
       test: ["CMD-SHELL", "wget -q --spider http://localhost:8080 || exit 1"]
       interval: 30s
diff --git a/scripts/04_wizard.sh b/scripts/04_wizard.sh
index 8a116f5..fd8a40b 100755
--- a/scripts/04_wizard.sh
+++ b/scripts/04_wizard.sh
@@ -203,6 +203,35 @@ if [ $ollama_selected -eq 1 ]; then
     fi
 fi
 
+# If Gost was selected, prompt for upstream proxy URL
+gost_selected=0
+for p in "${selected_profiles[@]}"; do
+    [ "$p" = "gost" ] && gost_selected=1 && break
+done
+
+if [ $gost_selected -eq 1 ]; then
+    # Get existing value from .env if available
+    EXISTING_UPSTREAM=$(read_env_var "GOST_UPSTREAM_PROXY")
+
+    GOST_UPSTREAM_INPUT=$(wt_input "Gost Upstream Proxy" \
+        "Enter your external proxy URL for geo-bypass.\n\nExamples:\n  socks5://user:pass@proxy.com:1080\n  http://user:pass@proxy.com:8080\n\nThis proxy should be located outside restricted regions." \
+        "$EXISTING_UPSTREAM") || true
+
+    if [ -n "$GOST_UPSTREAM_INPUT" ]; then
+        # Save to .env file
+        write_env_var "GOST_UPSTREAM_PROXY" "$GOST_UPSTREAM_INPUT"
+        log_info "Gost upstream proxy configured: $GOST_UPSTREAM_INPUT"
+    else
+        # Remove gost from selected profiles if no upstream provided
+        tmp=()
+        for p in "${selected_profiles[@]}"; do
+            [ "$p" != "gost" ] && tmp+=("$p")
+        done
+        selected_profiles=("${tmp[@]}")
+        log_warning "Gost requires an upstream proxy. Gost has been removed from selection."
+    fi
+fi
+
 if [ ${#selected_profiles[@]} -eq 0 ]; then
     log_info "No optional services selected."
     COMPOSE_PROFILES_VALUE=""
diff --git a/scripts/07_final_report.sh b/scripts/07_final_report.sh
index c527042..4b75819 100755
--- a/scripts/07_final_report.sh
+++ b/scripts/07_final_report.sh
@@ -92,7 +92,7 @@ if is_profile_active "open-webui"; then
     echo -e "     ${GREEN}*${NC} ${WHITE}Open WebUI${NC}: Register your account"
 fi
 if is_profile_active "gost"; then
-    echo -e "     ${GREEN}*${NC} ${WHITE}Gost Proxy${NC}: Active - AI services route outbound traffic through proxy"
+    echo -e "     ${GREEN}*${NC} ${WHITE}Gost Proxy${NC}: Routing AI traffic through external proxy"
 fi
 echo ""
 echo -e "  ${WHITE}4.${NC} Run ${CYAN}make doctor${NC} if you experience any issues"
diff --git a/scripts/generate_welcome_page.sh b/scripts/generate_welcome_page.sh
index b117a87..2c5e31c 100755
--- a/scripts/generate_welcome_page.sh
+++ b/scripts/generate_welcome_page.sh
@@ -431,8 +431,9 @@ if is_profile_active "gost"; then
         \"password\": \"$(json_escape "$GOST_PASSWORD")\"
       },
       \"extra\": {
-        \"note\": \"Internal HTTP proxy for AI services\",
+        \"note\": \"Routes AI traffic through external proxy for geo-bypass\",
         \"proxy_url\": \"$(json_escape "$GOST_PROXY_URL")\",
+        \"upstream_proxy\": \"$(json_escape "$GOST_UPSTREAM_PROXY")\",
         \"internal_api\": \"http://gost:8080\"
       }
     }")
diff --git a/welcome/app.js b/welcome/app.js
index a96b5bd..107eaa4 100644
--- a/welcome/app.js
+++ b/welcome/app.js
@@ -597,7 +597,9 @@
         swagger_pass: { label: 'Swagger Pass', isSecret: true },
         internal_host: { label: 'Internal Host', isSecret: false },
         internal_port: { label: 'Internal Port', isSecret: false },
-        database: { label: 'Database', isSecret: false }
+        database: { label: 'Database', isSecret: false },
+        proxy_url: { label: 'Proxy URL', isSecret: true },
+        upstream_proxy: { label: 'Upstream', isSecret: true }
     };
 
     /**