cy/goproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #62 from yincongcyincong/dev

Browse Source 
en doc
This commit is contained in:
snail007
2018-04-25 15:54:41 +08:00
committed by GitHub
parent 52a2771382 e24dfc856a
commit 7a1e5c5de7
1 changed files with 165 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

177
README.md
View File

@ -23,6 +23,8 @@ Proxy is a high performance HTTP, HTTPS, HTTPS, websocket, TCP, UDP, Socks5 prox
- Reverse proxy: goproxy supports directly parsing the domain to proxy monitor IP, and then proxy will help you to access the HTTP (S) site that you need to access.
- Transparent proxy: with the iptables, goproxy can directly forward the 80 and 443 port's traffic to proxy in the gateway, and can realize the unaware intelligent router proxy.
- Protocol conversion: The existing HTTP (S) or SOCKS5 proxy can be converted to a proxy which support both HTTP (S) and SOCKS5 by one port, but the converted SOCKS5 proxy does not support the UDP function.Also support powerful cascading authentication.  
- Custom underlying encrypted transmission, HTTP(s)\sps\socks proxy can encrypt TCP data through TLS standard encryption and KCP protocol encryption. In addition, it also supports custom encryption after TLS and KCP. That is to say, custom encryption and tls|kcp can be used together. The internal uses AES256 encryption, and it only needs to define one password by yourself when is used.
- Low level compression and efficient transmissionThe HTTP(s)\sps\socks proxy can encrypt TCP data through a custom encryption and TLS standard encryption and KCP protocol encryption, and can also compress the data after encryption. That is to say, the compression and custom encryption and tls|kcp can be used together.
### Why need these?
- Because for some reason, we cannot access our services elsewhere. We can build a secure tunnel to access our services through multiple connected proxy nodes.  
@ -34,7 +36,8 @@ Proxy is a high performance HTTP, HTTPS, HTTPS, websocket, TCP, UDP, Socks5 prox
- ...  
This page is the v4.6 manual, and the other version of the manual can be checked by the following link.
This page is the v4.7 manual, and the other version of the manual can be checked by the following link.
- [v4.6 manual](https://github.com/snail007/goproxy/tree/v4.6)
- [v4.5 manual](https://github.com/snail007/goproxy/tree/v4.5)
- [v4.4 manual](https://github.com/snail007/goproxy/tree/v4.4)
- [v4.3 manual](https://github.com/snail007/goproxy/tree/v4.3)
@ -85,7 +88,9 @@ This page is the v4.6 manual, and the other version of the manual can be checked
- [1.9 HTTP(S) reverse proxy](#19http-reverse-proxy)
- [1.10 HTTP(S) transparent proxy](#110http-transparent-proxy)
- [1.11 Custom DNS](#111custom-dns)
- [1.12 View help](#112view-help)
- [1.12 Custom encryption](#112-custom-encryption)
- [1.13 Compressed transmission](#113-compressed-transmission)
- [1.14 View help](#114view-help)
- [2.TCP proxy](#2tcp-proxy)
- [2.1 Common TCP first level proxy](#21common-tcp-first-level-proxy)
- [2.2 Common TCP second level proxy](#22common-tcp-second-level-proxy)
@ -121,7 +126,9 @@ This page is the v4.6 manual, and the other version of the manual can be checked
- [5.7 Authentication](#57authentication)
- [5.8 KCP protocol transmission](#58kcp-protocol-transmission)
- [5.9 Custom DNS](#59custom-dns)
- [5.10 View help](#510view-help)
- [5.10 Custom encryption](#510custom-encryption)
- [5.11 Compressed transmission](#511compressed-transmission)
- [5.12 View help](#512view-help)
- [6.Proxy protocol conversion](#6proxy-protocol-conversion)
- [6.1 Functional introduction](#61functional-introduction)
- [6.2 HTTP(S) to HTTP(S) + SOCKS5](#62http-to-http-socks5)
@ -129,7 +136,9 @@ This page is the v4.6 manual, and the other version of the manual can be checked
- [6.4 Chain style connection](#64chain-style-connection)
- [6.5 Listening on multiple ports](#65listening-on-multiple-ports)
- [6.6 Authentication](#66authentication)
- [6.7 View Help](#67view-help)
- [6.7 Custom encryption](#67-custom-encryption)
- [6.8 Compressed transmission](#68-compressed-transmission)
- [6.9 View Help](#69view-help)
- [7.KCP Configuration](#7kcp-configuration)
- [7.1 Configuration introduction](#71configuration-introduction)
- [7.2 Configuration details](#72configuration-details)
@ -151,7 +160,7 @@ If the installation fails or your VPS is not a linux64 system, please follow the
Download address: https://github.com/snail007/goproxy/releases
```shell
cd /root/proxy/
wget https://github.com/snail007/goproxy/releases/download/v4.6/proxy-linux-amd64.tar.gz
wget https://github.com/snail007/goproxy/releases/download/v4.7/proxy-linux-amd64.tar.gz
```
#### **2.Download the automatic installation script**
```shell
@ -210,10 +219,11 @@ Assuming that your VPS outer external network IP is 23.23.23.23, the following c
### **1.HTTP proxy**
#### **1.1.common HTTP proxy**
![1.1](/docs/images/1.1.jpg)
![1.1](/docs/images/http-1.png)
`./proxy http -t tcp -p "0.0.0.0:38080"`
#### **1.2.Common HTTP second level proxy**
![1.2](/docs/images/http-2.png)
Using local port 8090, assume the parent HTTP proxy is: `22.22.22.22:8080`
`./proxy http -t tcp -p "0.0.0.0:8090" -T tcp -P "22.22.22.22:8080" `
The connection pool is closed by default. If you want to speed up access speed, -L can open the connection pool, the 10 is the size of the connection pool, and the 0 is closed.
@ -223,6 +233,7 @@ We can also specify the black and white list files of the domain name, one line
`./proxy http -p "0.0.0.0:8090" -T tcp -P "22.22.22.22:8080" -b blocked.txt -d direct.txt`
#### **1.3.HTTP second level encrypted proxy**
![1.3](/docs/images/http-tls-2.png)
HTTP first level proxy(VPS,IP:22.22.22.22)
`./proxy http -t tls -p ":38080" -C proxy.crt -K proxy.key`
@ -235,6 +246,7 @@ HTTP second level proxy(local windows)
In your windos system, the mode of the program that needs to surf the Internet by proxy is setted up as HTTP mode, the address is 127.0.0.1, the port is: 8080, the program can go through the encrypted channel through VPS to surf on the internet.
#### **1.4.HTTP third level encrypted proxy**
![1.4](/docs/images/http-tls-3.png)
HTTP first level proxy VPS_01,IP:22.22.22.22
`./proxy http -t tls -p ":38080" -C proxy.crt -K proxy.key`
HTTP second level proxy VPS_02,IP:33.33.33.33
@ -271,6 +283,7 @@ Through --always, all HTTP proxy traffic can be coercion to the parent HTTP prox
`./proxy http --always -t tls -p ":28080" -T tls -P "22.22.22.22:38080" -C proxy.crt -K proxy.key`
#### **1.7.Transfer through SSH**
![1.7](/docs/images/http-ssh-1.png)
Explanation: the principle of SSH transfer is to take advantage of SSH's forwarding function, which is, after you connect to SSH, you can access to the target address through the SSH proxy.
Suppose there is a vps
- IP is 2.2.2.2, ssh port is 22, ssh username is user, ssh password is demo
@ -284,7 +297,8 @@ Local HTTP (S) proxy use 28080 port,excute:
`./proxy http -T ssh -P "2.2.2.2:22" -u user -S user.key -t tcp -p ":28080"`
#### **1.8.KCP protocol transmission**
The KCP protocol requires a --kcp-key parameter to set a password which can encrypt and decrypt data.
![1.8](/docs/images/http-kcp.png)
The KCP protocol requires a --kcp-key parameter to set a password which can encrypt and decrypt data.
Http first level proxy(VPS,IP:22.22.22.22)
`./proxy http -t kcp -p ":38080" --kcp-key mypassword`
@ -293,6 +307,7 @@ Http second level proxy(os is Linux)
`./proxy http -t tcp -p ":8080" -T kcp -P "22.22.22.22:38080" --kcp-key mypassword`
Then access to the local 8080 port is access to the proxy's port 38080 on the VPS, and the data is transmitted through the KCP protocol.
#### **1.9.HTTP reverse proxy**
![1.9](/docs/images/fxdl.png)
Proxy supports not only set up a proxy through in other software, to provide services for other software, but support the request directly to the website domain to proxy monitor IP when proxy monitors 80 and 443 ports, then proxy will automatically access to the HTTP proxy access website for you.  
How to use:  
@ -358,19 +373,61 @@ they also can specify dns result cache time (--dns-ttl) which unit is second. th
for example:
`./proxy http -p ":33080" --dns-address "8.8.8.8:53" --dns-ttl 300`
#### **1.12.view help**
#### **1.12 Custom encryption**
HTTP(s) proxy can encrypt TCP data by TLS standard encryption and KCP protocol encryption, in addition to supporting custom encryption after TLS and KCP, That is to say, custom encryption and tls|kcp can be combined to use. The internal AES256 encryption is used, and it only needs to define one password by yourself. Encryption is divided into two parts, the one is whether the local (-z) is encrypted and decrypted, the other is whether the parents (-Z) is encrypted and decrypted.
Custom encryption requires both ends are proxy. Next, we use two level example and three level example as examples:
**two level example**
First level VPS (ip:2.2.2.2) execution:
`proxy http -t tcp -z demo_password -p :7777`
Local second level execution:
`proxy http -T tcp -P 2.2.2.2:777 -Z demo_password -t tcp -p :8080`
through this way, When you visits the website by local proxy 8080, it visits the target website by encryption transmission with the parents proxy.
**three level example**
First level VPS (ip:2.2.2.2) execution:
`proxy http -t tcp -z demo_password -p :7777`
Second level VPS (ip:2.2.2.2) execution:
`proxy http -T tcp -P 2.2.2.2:7777 -Z demo_password -t tcp -z other_password -p :8888`
Local third level execution:
`proxy http -T tcp -P 3.3.3.3:8888 -Z other_password -t tcp -p :8080`
through this way, When you visits the website by local proxy 8080, it visits the target website by encryption transmission with the parents proxy.
#### **1.13 Compressed transmission**
HTTP(s) proxy can encrypt TCP data through TCP standard encryption and KCP protocol encryption, and can also compress data before custom encryption.
That is to say, compression and custom encryption and tls|kcp can be used together, compression is divided into two parts, the one is whether the local (-z) is compressed transmission, the other is whether the parents (-Z) is compressed transmission.
The compression requires both ends are proxy. Compression also protects the (encryption) data in certain extent. we use two level example and three level example as examples:
**two level example**
First level VPS (ip:2.2.2.2) execution:
`proxy http -t tcp -m -p :7777`
Local second level execution:
`proxy http -T tcp -P 2.2.2.2:777 -M -t tcp -p :8080`
through this way, When you visits the website by local proxy 8080, it visits the target website by compressed transmission with the parents proxy.  
**three level example**
First level VPS (ip:2.2.2.2) execution:
`proxy http -t tcp -m -p :7777`
Second level VPS (ip:3.3.3.3) execution:
`proxy http -T tcp -P 2.2.2.2:7777 -M -t tcp -m -p :8888`
Local third level execution:
`proxy http -T tcp -P 3.3.3.3:8888 -M -t tcp -p :8080`
through this way, When you visits the website by local proxy 8080, it visits the target website by compressed transmission with the parents proxy.
#### **1.14.view help**
`./proxy help http`
### **2.TCP proxy**
#### **2.1.Common TCP first level proxy**
![2.1](/docs/images/2.1.png)
![2.1](/docs/images/tcp-1.png)
Local execution:
`./proxy tcp -p ":33080" -T tcp -P "192.168.22.33:22" -L 0`
Then access to the local 33080 port is the 22 port of access to 192.168.22.33.
#### **2.2.Common TCP second level proxy**
![2.2](/docs/images/2.2.png)
![2.2](/docs/images/tcp-2.png)
VPS(IP:22.22.22.33) execute:  
`./proxy tcp -p ":33080" -T tcp -P "127.0.0.1:8080" -L 0`  
local execution:  
@ -378,6 +435,7 @@ local execution:  
Then access to the local 23080 port is the 8080 port of access to 22.22.22.33.
#### **2.3.Common TCP third level proxy**
![2.3](/docs/images/tcp-3.png)
TCP first level proxy VPS_01,IP:22.22.22.22
`./proxy tcp -p ":38080" -T tcp -P "66.66.66.66:8080" -L 0`
TCP second level proxy VPS_02,IP:33.33.33.33
@ -387,6 +445,7 @@ TCP third level proxy (local)
Then access to the local 8080 port is to access the 8080 port of the 66.66.66.66 by encrypting the TCP tunnel.
#### **2.4.TCP second level encrypted proxy**
![2.4](/docs/images/tcp-tls-2.png)
VPS(IP:22.22.22.33) execute:
`./proxy tcp --tls -p ":33080" -T tcp -P "127.0.0.1:8080" -L 0 -C proxy.crt -K proxy.key`
local execution:
@ -394,6 +453,7 @@ local execution:
Then access to the local 23080 port is to access the 8080 port of the 22.22.22.33 by encrypting the TCP tunnel.
#### **2.5.TCP third level encrypted proxy**
![2.5](/docs/images/tcp-tls-3.png)
TCP first level proxy VPS_01,IP:22.22.22.22
`./proxy tcp --tls -p ":38080" -T tcp -P "66.66.66.66:8080" -C proxy.crt -K proxy.key`
TCP second level proxy VPS_02,IP:33.33.33.33
@ -408,11 +468,13 @@ Then access to the local 8080 port is to access the 8080 port of the 66.66.66.66
### **3.UDP proxy**
#### **3.1.Common UDP first level proxy**
![3.1](/docs/images/udp-1.png)
local execution:
`./proxy udp -p ":5353" -T udp -P "8.8.8.8:53"`
Then access to the local UDP:5353 port is access to the UDP:53 port of the 8.8.8.8.
#### **3.2.Common UDP second level proxy**
![3.2](/docs/images/udp-2.png)
VPS(IP:22.22.22.33) execute:
`./proxy tcp -p ":33080" -T udp -P "8.8.8.8:53"`
local execution:
@ -420,6 +482,7 @@ local execution:
Then access to the local UDP:5353 port is access to the UDP:53 port of the 8.8.8.8 through the TCP tunnel.
#### **3.3.Common UDP third level proxy**
![3.3](/docs/images/udp-3.png)
TCP first level proxy VPS_01,IP:22.22.22.22
`./proxy tcp -p ":38080" -T udp -P "8.8.8.8:53"`
TCP second level proxy VPS_02,IP:33.33.33.33
@ -429,6 +492,7 @@ TCP third level proxy (local)
Then access to the local 5353 port is access to the 53 port of the 8.8.8.8 through the TCP tunnel.
#### **3.4.UDP second level encrypted proxy**
![3.4](/docs/images/udp-tls-2.png)
VPS(IP:22.22.22.33) execute:
`./proxy tcp --tls -p ":33080" -T udp -P "8.8.8.8:53" -C proxy.crt -K proxy.key`
local execution:
@ -436,6 +500,7 @@ local execution:
Then access to the local UDP:5353 port is access to the UDP:53 port of the 8.8.8.8 by the encrypting TCP tunnel.
#### **3.5.UDP third level encrypted proxy**
![3.5](/docs/images/udp-tls-3.png)
TCP first level proxy VPS_01,IP:22.22.22.22
`./proxy tcp --tls -p ":38080" -T udp -P "8.8.8.8:53" -C proxy.crt -K proxy.key`
TCP second level proxy VPS_02,IP:33.33.33.33
@ -592,6 +657,7 @@ Tips: SOCKS5 proxy, support CONNECT, UDP protocol and don't support BIND and sup
`./proxy socks -t tcp -p "0.0.0.0:38080"`
#### **5.2.Common SOCKS5 second level proxy**
![5.2](/docs/images/socks-2.png)
![5.2](/docs/images/5.2.png)
Using local port 8090, assume that the parent SOCKS5 proxy is `22.22.22.22:8080`
`./proxy socks -t tcp -p "0.0.0.0:8090" -T tcp -P "22.22.22.22:8080" `
@ -599,6 +665,7 @@ We can also specify the black and white list files of the domain name, one line
`./proxy socks -p "0.0.0.0:8090" -T tcp -P "22.22.22.22:8080" -b blocked.txt -d direct.txt`
#### **5.3.SOCKS second level encrypted proxy**
![5.3](/docs/images/socks-tls-2.png)
SOCKS5 first level proxy(VPS,IP:22.22.22.22)
`./proxy socks -t tls -p ":38080" -C proxy.crt -K proxy.key`
@ -611,6 +678,7 @@ SOCKS5 second level proxy(local windows)
Then set up your windows system, the proxy that needs to surf the Internet by proxy is Socks5 mode, the address is: 127.0.0.1, the port is: 8080. the program can surf the Internet through the encrypted channel which is running on VPS.  
#### **5.4.SOCKS third level encrypted proxy**
![5.4](/docs/images/socks-tls-3.png)
SOCKS5 first level proxy VPS_01,IP:22.22.22.22
`./proxy socks -t tls -p ":38080" -C proxy.crt -K proxy.key`
SOCKS5 second level proxy VPS_02,IP:33.33.33.33
@ -624,6 +692,7 @@ By default, proxy will intelligently judge whether a domain name can be accessed
`./proxy socks --always -t tls -p ":28080" -T tls -P "22.22.22.22:38080" -C proxy.crt -K proxy.key`
#### **5.6.Transfer through SSH**
![5.6](/docs/images/socks-ssh.png)
Explanation: the principle of SSH transfer is to take advantage of SSH's forwarding function, which is, after you connect to SSH, you can access the target address by the SSH.  
Suppose there is a vps
- IP is 2.2.2.2, SSH port is 22, SSH username is user, SSH password is Demo
@ -675,8 +744,49 @@ they also can specify dns result cache time (--dns-ttl) which unit is second. th
for example:
`./proxy socks -p ":33080" --dns-address "8.8.8.8:53" --dns-ttl 300`
#### **5.10.Custom encryption**
HTTP(s) proxy can encrypt TCP data by TLS standard encryption and KCP protocol encryption, in addition to supporting custom encryption after TLS and KCP, That is to say, custom encryption and tls|kcp can be combined to use. The internal AES256 encryption is used, and it only needs to define one password by yourself. Encryption is divided into two parts, the one is whether the local (-z) is encrypted and decrypted, the other is whether the parents (-Z) is encrypted and decrypted.
Custom encryption requires both ends are proxy. Next, we use two level example and three level example as examples:
#### **5.10.view help**
**two level example**
First level VPS (ip:2.2.2.2) execution:
`proxy socks -t tcp -z demo_password -p :7777`
Local second level execution:
`proxy socks -T tcp -P 2.2.2.2:777 -Z demo_password -t tcp -p :8080`
through this way, When you visits the website by local proxy 8080, it visits the target website by encryption transmission with the parents proxy.
**three level example**
First level VPS (ip:2.2.2.2) execution:
`proxy socks -t tcp -z demo_password -p :7777`
Second level VPS (ip:2.2.2.2) execution:
`proxy socks -T tcp -P 2.2.2.2:7777 -Z demo_password -t tcp -z other_password -p :8888`
Local third level execution:
`proxy socks -T tcp -P 3.3.3.3:8888 -Z other_password -t tcp -p :8080`
through this way, When you visits the website by local proxy 8080, it visits the target website by encryption transmission with the parents proxy.
#### **5.11.Compressed transmission**
HTTP(s) proxy can encrypt TCP data through TCP standard encryption and KCP protocol encryption, and can also compress data before custom encryption.
That is to say, compression and custom encryption and tls|kcp can be used together, compression is divided into two parts, the one is whether the local (-z) is compressed transmission, the other is whether the parents (-Z) is compressed transmission.
The compression requires both ends are proxy. Compression also protects the (encryption) data in certain extent. we use two level example and three level example as examples:
**two level example**
First level VPS (ip:2.2.2.2) execution:
`proxy socks -t tcp -m -p :7777`
Local second level execution:
`proxy socks -T tcp -P 2.2.2.2:777 -M -t tcp -p :8080`
through this way, When you visits the website by local proxy 8080, it visits the target website by compressed transmission with the parents proxy.
**three level example**
First level VPS (ip:2.2.2.2) execution:
`proxy socks -t tcp -m -p :7777`
Second level VPS (ip:3.3.3.3) execution:
`proxy socks -T tcp -P 2.2.2.2:7777 -M -t tcp -m -p :8888`
Local third level execution:
`proxy socks -T tcp -P 3.3.3.3:8888 -M -t tcp -p :8080`
through this way, When you visits the website by local proxy 8080, it visits the target website by compressed transmission with the parents proxy.
#### **5.12.view help**
`./proxy help socks`
### **6.Proxy protocol conversion**
@ -711,6 +821,7 @@ command
`./proxy sps -S socks -T kcp -P 127.0.0.1:8080 -t tcp -p :18080 --kcp-key demo123`  
#### **6.4.Chain style connection**
![6.4](/docs/images/sps-tls.png)
It is mentioned above that multiple SPS nodes can be connected to build encrypted channels, assuming you have the following VPS and a PC.
vps012.2.2.2
vps023.3.3.3
@ -775,7 +886,49 @@ target: if the client is the HTTP (s) proxy request, this represents the complet
If there is no -a or -F or --auth-url parameters, local authentication is closed.
If there is no -A parameter, the connection to the father proxy does not use authentication.
#### **6.7.view help**
#### **6.7 Custom encryption**
HTTP(s) proxy can encrypt TCP data by TLS standard encryption and KCP protocol encryption, in addition to supporting custom encryption after TLS and KCP, That is to say, custom encryption and tls|kcp can be combined to use. The internal AES256 encryption is used, and it only needs to define one password by yourself. Encryption is divided into two parts, the one is whether the local (-z) is encrypted and decrypted, the other is whether the parents (-Z) is encrypted and decrypted.
Custom encryption requires both ends are proxy. Next, we use two level example and three level example as examples:
Suppose there is already a HTTP (s) proxy:`6.6.6.6:6666`
**two level example**
First level VPS (ip:2.2.2.2) execution:
`proxy sps -S http -T tcp -P 6.6.6.6:6666 -t tcp -z demo_password -p :7777`
Local second level execution:
`proxy sps -T tcp -P 2.2.2.2:777 -Z demo_password -t tcp -p :8080`
through this way, When you visits the website by local proxy 8080, it visits the target website by encryption transmission with the parents proxy.
**three level example**
First level VPS (ip:2.2.2.2) execution:
`proxy sps -S http -T tcp -P 6.6.6.6:6666 -t tcp -z demo_password -p :7777`
Second level VPS (ip:2.2.2.2) execution:
`proxy sps -T tcp -P 2.2.2.2:7777 -Z demo_password -t tcp -z other_password -p :8888`
Local third level execution:
`proxy sps -T tcp -P 3.3.3.3:8888 -Z other_password -t tcp -p :8080`
through this way, When you visits the website by local proxy 8080, it visits the target website by encryption transmission with the parents proxy.
#### **6.8 Compressed transmission**
HTTP(s) proxy can encrypt TCP data through TCP standard encryption and KCP protocol encryption, and can also compress data before custom encryption.
That is to say, compression and custom encryption and tls|kcp can be used together, compression is divided into two parts, the one is whether the local (-z) is compressed transmission, the other is whether the parents (-Z) is compressed transmission.
The compression requires both ends are proxy. Compression also protects the (encryption) data in certain extent. we use two level example and three level example as examples:
**two level example**
First level VPS (ip:2.2.2.2) execution:
`proxy sps -t tcp -m -p :7777`
Local second level execution:
`proxy sps -T tcp -P 2.2.2.2:777 -M -t tcp -p :8080`
through this way, When you visits the website by local proxy 8080, it visits the target website by compressed transmission with the parents proxy.
**three level example**
First level VPS (ip:2.2.2.2) execution:
`proxy sps -t tcp -m -p :7777`
Second level VPS (ip:3.3.3.3) execution::
`proxy sps -T tcp -P 2.2.2.2:7777 -M -t tcp -m -p :8888`
Local third level execution:
`proxy sps -T tcp -P 3.3.3.3:8888 -M -t tcp -p :8080`
through this way, When you visits the website by local proxy 8080, it visits the target website by compressed transmission with the parents proxy.
#### **6.9.view help**
`./proxy help sps`
### **7.KCP Configuration**