From bd594684cebd3849c3ced1f7160a1faa61510b98 Mon Sep 17 00:00:00 2001 From: yincongcyincong <648588267@qq.com> Date: Tue, 13 Feb 2018 08:18:40 +0800 Subject: [PATCH 1/5] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 0d4df79..d611bd7 100644 --- a/README.md +++ b/README.md @@ -476,8 +476,8 @@ Procedure: 4.7.1.PROTOCOL is tcp or udp. for example: `-r "udp://:10053@:53" -r "tcp://:10800@:1080" -r ":8080@:80"` - If the --udp parameter is specified, PROTOCOL is UDP by default, then `-r ": 8080@: 80"` is UDP. - If the --udp parameter is not specified, PROTOCOL is TCP by default, then `-r ": 8080@: 80"` is TCP. + If the --udp parameter is specified, PROTOCOL is UDP by default, then `-r ":8080@:80"` is UDP. + If the --udp parameter is not specified, PROTOCOL is TCP by default, then `-r ":8080@:80"` is TCP. 4.7.2.CLIENT_KEY by default is 'default'. for example: -r "udp://:10053@[test1]:53" -r "tcp://:10800@[test2]:1080" -r ":8080@:80" From ab0205587a1182545172911c9efdfc7b1b2d4d24 Mon Sep 17 00:00:00 2001 From: yincongcyincong <648588267@qq.com> Date: Tue, 6 Mar 2018 18:28:54 +0800 Subject: [PATCH 2/5] Update README.md --- README.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index f22f040..dbec438 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ -Proxy is a high performance HTTP, HTTPS, HTTPS, websocket, TCP, UDP, Socks5 proxy server implemented by golang. It supports parent proxy,nat forward,TCP/UDP port forwarding, SSH transfer. you can expose a local server behind a NAT or firewall to the internet.   +Proxy is a high performance HTTP, HTTPS, HTTPS, websocket, TCP, UDP, Socks5 proxy server implemented by golang. It supports parent proxy,nat forward,TCP/UDP port forwarding, SSH transfer, TLS encrypted transmission, protocol conversion. you can expose a local server behind a NAT or firewall to the internet.   --- @@ -114,6 +114,13 @@ This page is the v4.2 manual, and the other version of the manual can be checked - [5.8 KCP protocol transmission](#58kcp-protocol-transmission) - [5.9 Custom DNS](#59custom-dns) - [5.10 View help](#510view-help) +- [6.Proxy protocol conversion](#6proxy-protocol-conversion) + - [6.1 Functional introduction](#61functional-introduction) + - [6.2 HTTP(S) to HTTP(S) + SOCKS5](#62http-to-http-socks5) + - [6.3 SOCKS5 to HTTP(S) + SOCKS5](#63socks5-to-http-socks5) + - [6.4 Chain style connection](#64chain-style-connection) + - [6.5 Monitor multiple ports](#65monitor-multiple-ports) + - [6.6 View Help](#56transfer-through-ssh) ### Fast Start tips:all operations require root permissions. From 3dd013c13c554b7b65e68ab4a9e995d8120bf02e Mon Sep 17 00:00:00 2001 From: yincongcyincong <648588267@qq.com> Date: Wed, 7 Mar 2018 08:01:32 +0800 Subject: [PATCH 3/5] Update README.md --- README.md | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 60 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index dbec438..937c86f 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,9 @@ Proxy is a high performance HTTP, HTTPS, HTTPS, websocket, TCP, UDP, Socks5 prox - ...   -This page is the v4.2 manual, and the other version of the manual can be checked by the following link. +This page is the v4.4 manual, and the other version of the manual can be checked by the following link. +- [v4.3 manual](https://github.com/snail007/goproxy/tree/v4.3) +- [v4.2 manual](https://github.com/snail007/goproxy/tree/v4.2) - [v4.0-4.1 manual](https://github.com/snail007/goproxy/tree/v4.1) - [v3.9 manual](https://github.com/snail007/goproxy/tree/v3.9) - [v3.8 manual](https://github.com/snail007/goproxy/tree/v3.8) @@ -666,6 +668,63 @@ for example: #### **5.10.view help** `./proxy help socks` +### **6.Proxy protocol conversion** + +#### **6.1 Functional introduction** +The proxy protocol conversion use the SPS subcommand (abbreviation of socks+https), SPS itself does not provide the proxy function, just accept the proxy request and then converse protocol and forwarded to the existing HTTP (s) or Socks5 proxy. SPS can use existing HTTP (s) or Socks5 proxy converse to support HTTP (s) and Socks5 HTTP (s) proxy at the same time by one port, and proxy supports forward and reverse proxy (SNI), SOCKS5 proxy which is conversed does not support UDP. in addition to the existing HTTP or Socks5 proxy, which supports TLS, TCP, KCP three modes and chain-style connection. That is more than one SPS node connection can build encryption channel. + +#### **6.2 HTTP(S) to HTTP(S) + SOCKS5** +假设已经存在一个普通的http(s)代理:127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5的普通代理,转换后的本地端口为18080。 +命令如下: +`./proxy sps -S http -T tcp -P 127.0.0.1:8080 -t tcp -p :18080` + +假设已经存在一个tls的http(s)代理:127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5的普通代理,转换后的本地端口为18080,tls需要证书文件。 +命令如下: +`./proxy sps -S http -T tls -P 127.0.0.1:8080 -t tcp -p :18080 -C proxy.crt -K proxy.key` + +假设已经存在一个kcp的http(s)代理(密码是:demo123):127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5的普通代理,转换后的本地端口为18080。 +命令如下: +`./proxy sps -S http -T kcp -P 127.0.0.1:8080 -t tcp -p :18080 -B demo123` + +#### **6.3 SOCKS5 to HTTP(S) + SOCKS5** +假设已经存在一个普通的socks5代理:127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5的普通代理,转换后的本地端口为18080。 +命令如下: +`./proxy sps -S socks -T tcp -P 127.0.0.1:8080 -t tcp -p :18080` + +假设已经存在一个tls的socks5代理:127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5的普通代理,转换后的本地端口为18080,tls需要证书文件。 +命令如下: +`./proxy sps -S socks -T tls -P 127.0.0.1:8080 -t tcp -p :18080 -C proxy.crt -K proxy.key` + +假设已经存在一个kcp的socks5代理(密码是:demo123):127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5的普通代理,转换后的本地端口为18080。 +命令如下: +`./proxy sps -S socks -T kcp -P 127.0.0.1:8080 -t tcp -p :18080 -B demo123` + +#### **6.4 Chain style connection** +上面提过多个sps结点可以层级连接构建加密通道,假设有如下vps和家里的pc电脑。 +vps01:2.2.2.2 +vps02:3.3.3.3 +现在我们想利用pc和vps01和vps02构建一个加密通道,本例子用tls加密也可以用kcp,在pc上访问本地18080端口就是访问vps01的本地8080端口。 +首先在vps01(2.2.2.2)上我们运行一个只有本地可以访问的http(s)代理,执行: +`./proxy -t tcp -p 127.0.0.1:8080` + +然后在vps01(2.2.2.2)上运行一个sps结点,执行: +`./proxy -S http -T tcp -P 127.0.0.1:8080 -t tls -p :8081 -C proxy.crt -K proxy.key` + +然后在vps02(3.3.3.3)上运行一个sps结点,执行: +`./proxy -S http -T tls -P 2.2.2.2:8081 -t tls -p :8082 -C proxy.crt -K proxy.key` + +然后在pc上运行一个sps结点,执行: +`./proxy -S http -T tls -P 3.3.3.3:8082 -t tcp -p :18080 -C proxy.crt -K proxy.key` + +完成。 + +#### **6.5 Monitor multiple ports** +一般情况下监听一个端口就可以,不过如果作为反向代理需要同时监听80和443两个端口,那么-p参数是支持的, +格式是:`-p 0.0.0.0:80,0.0.0.0:443`,多个绑定用逗号分隔即可。 + +#### **6.6 view help** +`./proxy help sps` + ### TODO - Welcome joining group feedback... From ac9eb64501e96ae1044d7f6b22b02886c31051f1 Mon Sep 17 00:00:00 2001 From: yincongcyincong <648588267@qq.com> Date: Wed, 7 Mar 2018 13:34:16 +0800 Subject: [PATCH 4/5] Update README.md --- README.md | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 937c86f..2ee1bbe 100644 --- a/README.md +++ b/README.md @@ -21,6 +21,7 @@ Proxy is a high performance HTTP, HTTPS, HTTPS, websocket, TCP, UDP, Socks5 prox - The integrated external API, HTTP (S): SOCKS5 proxy authentication can be integrated with the external HTTP API, which can easily control the user's access through the external system. - Reverse proxy: goproxy supports directly parsing the domain to proxy monitor IP, and then proxy will help you to access the HTTP (S) site that you need to access. - Transparent proxy: with the iptables, goproxy can directly forward the 80 and 443 port's traffic to proxy in the gateway, and can realize the unaware intelligent router proxy. +- Protocol conversion: The existing HTTP (S) or SOCKS5 proxy can be converted to a proxy which support both HTTP (S) and SOCKS5 by one port, but the converted SOCKS5 proxy does not support the UDP function.   ### Why need these? - Because for some reason, we cannot access our services elsewhere. We can build a secure tunnel to access our services through multiple connected proxy nodes.   @@ -121,7 +122,7 @@ This page is the v4.4 manual, and the other version of the manual can be checked - [6.2 HTTP(S) to HTTP(S) + SOCKS5](#62http-to-http-socks5) - [6.3 SOCKS5 to HTTP(S) + SOCKS5](#63socks5-to-http-socks5) - [6.4 Chain style connection](#64chain-style-connection) - - [6.5 Monitor multiple ports](#65monitor-multiple-ports) + - [6.5 Listening on multiple ports](#65listening-on-multiple-ports) - [6.6 View Help](#56transfer-through-ssh) ### Fast Start @@ -674,29 +675,29 @@ for example: The proxy protocol conversion use the SPS subcommand (abbreviation of socks+https), SPS itself does not provide the proxy function, just accept the proxy request and then converse protocol and forwarded to the existing HTTP (s) or Socks5 proxy. SPS can use existing HTTP (s) or Socks5 proxy converse to support HTTP (s) and Socks5 HTTP (s) proxy at the same time by one port, and proxy supports forward and reverse proxy (SNI), SOCKS5 proxy which is conversed does not support UDP. in addition to the existing HTTP or Socks5 proxy, which supports TLS, TCP, KCP three modes and chain-style connection. That is more than one SPS node connection can build encryption channel. #### **6.2 HTTP(S) to HTTP(S) + SOCKS5** -假设已经存在一个普通的http(s)代理:127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5的普通代理,转换后的本地端口为18080。 -命令如下: +Suppose there is a common HTTP (s) proxy: 127.0.0.1:8080. Now we turn it into a common proxy that supports HTTP (s) and Socks5 at the same time. The local port after transformation is 18080. +command: `./proxy sps -S http -T tcp -P 127.0.0.1:8080 -t tcp -p :18080` -假设已经存在一个tls的http(s)代理:127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5的普通代理,转换后的本地端口为18080,tls需要证书文件。 -命令如下: +Suppose that there is a TLS HTTP (s) proxy: 127.0.0.1:8080. Now we turn it into a common porxy that supports HTTP (s) and Socks5 at the same time. The local port after transformation is 18080, TLS needs certificate file. +command: `./proxy sps -S http -T tls -P 127.0.0.1:8080 -t tcp -p :18080 -C proxy.crt -K proxy.key` -假设已经存在一个kcp的http(s)代理(密码是:demo123):127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5的普通代理,转换后的本地端口为18080。 -命令如下: +Suppose there is a KCP HTTP (s) proxy (password: demo123): 127.0.0.1:8080. Now we turn it into a common proxy that supports HTTP (s) and Socks5 at the same time. The local port after transformation is 18080. +command: `./proxy sps -S http -T kcp -P 127.0.0.1:8080 -t tcp -p :18080 -B demo123` #### **6.3 SOCKS5 to HTTP(S) + SOCKS5** -假设已经存在一个普通的socks5代理:127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5的普通代理,转换后的本地端口为18080。 -命令如下: +Suppose there is a common Socks5 proxy: 127.0.0.1:8080, now we turn it into a common proxy that supports HTTP (s) and Socks5 at the same time, and the local port after transformation is 18080. +command: `./proxy sps -S socks -T tcp -P 127.0.0.1:8080 -t tcp -p :18080` 假设已经存在一个tls的socks5代理:127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5的普通代理,转换后的本地端口为18080,tls需要证书文件。 -命令如下: +command: `./proxy sps -S socks -T tls -P 127.0.0.1:8080 -t tcp -p :18080 -C proxy.crt -K proxy.key` 假设已经存在一个kcp的socks5代理(密码是:demo123):127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5的普通代理,转换后的本地端口为18080。 -命令如下: +command: `./proxy sps -S socks -T kcp -P 127.0.0.1:8080 -t tcp -p :18080 -B demo123` #### **6.4 Chain style connection** @@ -716,11 +717,11 @@ vps02:3.3.3.3 然后在pc上运行一个sps结点,执行: `./proxy -S http -T tls -P 3.3.3.3:8082 -t tcp -p :18080 -C proxy.crt -K proxy.key` -完成。 +finish。 -#### **6.5 Monitor multiple ports** +#### **6.5 Listening on multiple ports** 一般情况下监听一个端口就可以,不过如果作为反向代理需要同时监听80和443两个端口,那么-p参数是支持的, -格式是:`-p 0.0.0.0:80,0.0.0.0:443`,多个绑定用逗号分隔即可。 +The format is:`-p 0.0.0.0:80,0.0.0.0:443`, Multiple bindings are separated by a comma. #### **6.6 view help** `./proxy help sps` From 5f38162fbb394d364b8b9b4e68d26059bf63e919 Mon Sep 17 00:00:00 2001 From: yincongcyincong <648588267@qq.com> Date: Wed, 7 Mar 2018 23:30:05 +0800 Subject: [PATCH 5/5] Update README.md --- README.md | 37 +++++++++++++++++++------------------ 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index 2ee1bbe..3efb05e 100644 --- a/README.md +++ b/README.md @@ -49,7 +49,8 @@ This page is the v4.4 manual, and the other version of the manual can be checked - [v2.x manual](https://github.com/snail007/goproxy/tree/v2.2) ### How to find the organization? -[Click to join the communication organization](https://gitter.im/go-proxy/Lobby?utm_source=share-link&utm_medium=link&utm_campaign=share-link) +[Click to join the communication organization gitter](https://gitter.im/go-proxy/Lobby?utm_source=share-link&utm_medium=link&utm_campaign=share-link) +[Click to join the communication organization TG](https://t.me/joinchat/GYHXghCDSBmkKZrvu4wIdQ)   ### Installation - [Quick installation](#quick-installation) @@ -671,15 +672,15 @@ for example: ### **6.Proxy protocol conversion** -#### **6.1 Functional introduction** +#### **6.1.Functional introduction** The proxy protocol conversion use the SPS subcommand (abbreviation of socks+https), SPS itself does not provide the proxy function, just accept the proxy request and then converse protocol and forwarded to the existing HTTP (s) or Socks5 proxy. SPS can use existing HTTP (s) or Socks5 proxy converse to support HTTP (s) and Socks5 HTTP (s) proxy at the same time by one port, and proxy supports forward and reverse proxy (SNI), SOCKS5 proxy which is conversed does not support UDP. in addition to the existing HTTP or Socks5 proxy, which supports TLS, TCP, KCP three modes and chain-style connection. That is more than one SPS node connection can build encryption channel. -#### **6.2 HTTP(S) to HTTP(S) + SOCKS5** +#### **6.2.HTTP(S) to HTTP(S) + SOCKS5** Suppose there is a common HTTP (s) proxy: 127.0.0.1:8080. Now we turn it into a common proxy that supports HTTP (s) and Socks5 at the same time. The local port after transformation is 18080. command: `./proxy sps -S http -T tcp -P 127.0.0.1:8080 -t tcp -p :18080` -Suppose that there is a TLS HTTP (s) proxy: 127.0.0.1:8080. Now we turn it into a common porxy that supports HTTP (s) and Socks5 at the same time. The local port after transformation is 18080, TLS needs certificate file. +Suppose that there is a TLS HTTP (s) proxy: 127.0.0.1:8080. Now we turn it into a common proxy that supports HTTP (s) and Socks5 at the same time. The local port after transformation is 18080, TLS needs certificate file. command: `./proxy sps -S http -T tls -P 127.0.0.1:8080 -t tcp -p :18080 -C proxy.crt -K proxy.key` @@ -687,43 +688,43 @@ Suppose there is a KCP HTTP (s) proxy (password: demo123): 127.0.0.1:8080. Now w command: `./proxy sps -S http -T kcp -P 127.0.0.1:8080 -t tcp -p :18080 -B demo123` -#### **6.3 SOCKS5 to HTTP(S) + SOCKS5** +#### **6.3.SOCKS5 to HTTP(S) + SOCKS5** Suppose there is a common Socks5 proxy: 127.0.0.1:8080, now we turn it into a common proxy that supports HTTP (s) and Socks5 at the same time, and the local port after transformation is 18080. command: `./proxy sps -S socks -T tcp -P 127.0.0.1:8080 -t tcp -p :18080` -假设已经存在一个tls的socks5代理:127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5的普通代理,转换后的本地端口为18080,tls需要证书文件。 +Suppose there is a TLS Socks5 proxy: 127.0.0.1:8080. Now we turn it into a common proxy that support HTTP (s) and Socks5 at the same time. The local port after transformation is 18080, TLS needs certificate file. command: `./proxy sps -S socks -T tls -P 127.0.0.1:8080 -t tcp -p :18080 -C proxy.crt -K proxy.key` -假设已经存在一个kcp的socks5代理(密码是:demo123):127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5的普通代理,转换后的本地端口为18080。 +Suppose there is a KCP Socks5 proxy (password: demo123): 127.0.0.1:8080, now we turn it into a common proxy that support HTTP (s) and Socks5 at the same time, and the local port after transformation is 18080. command: -`./proxy sps -S socks -T kcp -P 127.0.0.1:8080 -t tcp -p :18080 -B demo123` +`./proxy sps -S socks -T kcp -P 127.0.0.1:8080 -t tcp -p :18080 -B demo123`   -#### **6.4 Chain style connection** -上面提过多个sps结点可以层级连接构建加密通道,假设有如下vps和家里的pc电脑。 +#### **6.4.Chain style connection** +It is mentioned above that multiple SPS nodes can be connected to build encrypted channels, assuming you have the following VPS and a PC. vps01:2.2.2.2 vps02:3.3.3.3 -现在我们想利用pc和vps01和vps02构建一个加密通道,本例子用tls加密也可以用kcp,在pc上访问本地18080端口就是访问vps01的本地8080端口。 -首先在vps01(2.2.2.2)上我们运行一个只有本地可以访问的http(s)代理,执行: +Now we want to use PC and vps01 and vps02 to build an encrypted channel. In this example, TLS is used. KCP also supports encryption in addition to TLS. and accessing to local 18080 port on PC is accessing to the local 8080 ports of vps01. +First, on vps01 (2.2.2.2), we run a HTTP (s) proxy that only can be accessed locally,excute: `./proxy -t tcp -p 127.0.0.1:8080` -然后在vps01(2.2.2.2)上运行一个sps结点,执行: +Then run a SPS node on vps01 (2.2.2.2),excute: `./proxy -S http -T tcp -P 127.0.0.1:8080 -t tls -p :8081 -C proxy.crt -K proxy.key` -然后在vps02(3.3.3.3)上运行一个sps结点,执行: +Then run a SPS node on vps02 (3.3.3.3),excute: `./proxy -S http -T tls -P 2.2.2.2:8081 -t tls -p :8082 -C proxy.crt -K proxy.key` -然后在pc上运行一个sps结点,执行: +Then run a SPS node on the PC,excute: `./proxy -S http -T tls -P 3.3.3.3:8082 -t tcp -p :18080 -C proxy.crt -K proxy.key` finish。 -#### **6.5 Listening on multiple ports** -一般情况下监听一个端口就可以,不过如果作为反向代理需要同时监听80和443两个端口,那么-p参数是支持的, +#### **6.5.Listening on multiple ports** +In general, listening one port is enough, but if you need to monitor 80 and 443 ports at the same time as a reverse proxy, the -p parameter can support it. The format is:`-p 0.0.0.0:80,0.0.0.0:443`, Multiple bindings are separated by a comma. -#### **6.6 view help** +#### **6.6.view help** `./proxy help sps` ### TODO