From 5f0a341d22f1905c50ea957606e6ff3e516018d5 Mon Sep 17 00:00:00 2001 From: "arraykeys@gmail.com" Date: Fri, 26 Jan 2018 11:03:34 +0800 Subject: [PATCH 01/36] Signed-off-by: arraykeys@gmail.com --- README.md | 69 +++++++++++++++++++++++++++++++++++++++++++++--- config.go | 2 +- install_auto.sh | 2 +- main.go | 2 +- release.sh | 2 +- services/http.go | 31 +++++++++++++--------- utils/structs.go | 22 ++++++++++----- 7 files changed, 104 insertions(+), 26 deletions(-) diff --git a/README.md b/README.md index 1b8662b..a5c3223 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,8 @@ Proxy是golang实现的高性能http,https,websocket,tcp,udp,socks5代理服务 - SSH中转,HTTP(S),SOCKS5代理支持SSH中转,上级Linux服务器不需要任何服务端,本地一个proxy即可开心上网. - [KCP](https://github.com/xtaci/kcp-go)协议支持,HTTP(S),SOCKS5代理支持KCP协议传输数据,降低延迟,提升浏览体验. - 集成外部API,HTTP(S),SOCKS5代理认证功能可以与外部HTTP API集成,可以方便的通过外部系统控制代理用户. - +- 透明HTTP(S)代理,支持直接把域名解析到proxy监听的ip,然后proxy就会帮你代理访问需要访问的HTTP(S)网站.如果配合iptables,在网关直接把出去的80,443方向的流量转发到proxy,就能实现无感知的智能路由器代理. + ### Why need these? - 当由于某某原因,我们不能访问我们在其它地方的服务,我们可以通过多个相连的proxy节点建立起一个安全的隧道访问我们的服务.   - 微信接口本地开发,方便调试. @@ -69,7 +70,9 @@ Proxy是golang实现的高性能http,https,websocket,tcp,udp,socks5代理服务 - [1.7.1 用户名和密码的方式](#171-ssh用户名和密码的方式) - [1.7.2 用户名和密钥的方式](#172-ssh用户名和密钥的方式) - [1.8 KCP协议传输](#18kcp协议传输) - - [1.9 查看帮助](#19查看帮助) + - [1.9 HTTP(S)透明代理(域名解析)](#19https透明代理域名解析) + - [1.10 HTTP(S)透明代理(iptables转发)](#110https透明代理iptables转发) + - [1.11 查看帮助](#111查看帮助) - [2. TCP代理](#2tcp代理) - [2.1 普通一级TCP代理](#21普通一级tcp代理) - [2.2 普通二级TCP代理](#22普通二级tcp代理) @@ -122,7 +125,7 @@ curl -L https://raw.githubusercontent.com/snail007/goproxy/master/install_auto.s 下载地址:https://github.com/snail007/goproxy/releases ```shell cd /root/proxy/ -wget https://github.com/snail007/goproxy/releases/download/v4.1/proxy-linux-amd64.tar.gz +wget https://github.com/snail007/goproxy/releases/download/v4.2/proxy-linux-amd64.tar.gz ``` #### **2.下载自动安装脚本** ```shell @@ -266,6 +269,66 @@ KCP协议需要-B参数设置一个密码用于加密解密数据 `./proxy http -t tcp -p ":8080" -T kcp -P "22.22.22.22:38080" -B mypassword` 那么访问本地的8080端口就是访问VPS上面的代理端口38080,数据通过kcp协议传输. +#### **1.9 HTTP(S)透明代理(域名解析)** +proxy不仅支持在其他软件里面通过设置代理的方式,为其他软件提供代理服务,而且支持直接把请求的网站域名解析到proxy监听的ip上,然后proxy监听80和443端口,那么proxy就会自动为你代理访问需要访问的HTTP(S)网站. + +使用方式: +在"最后一级proxy代理"的机器上,因为proxy要伪装成所有网站,网站默认的端口HTTP是80,HTTPS是443,让proxy监听80和443端口即可.参数-p多个地址用逗号分割. +`./proxy http -t tcp -p :80,:443` + +这个命令就在机器上启动了一个proxy代理,同时监听80和443端口,既可以当作普通的代理使用,也可以直接把需要代理的域名解析到这个机器的IP上. + +如果有上级代理那么参照上面教程设置上级即可,使用方式完全一样. +`./proxy http -t tcp -p :80,:443 -T tls -P "2.2.2.2:33080" -C proxy.crt -K proxy.key` + +注意: +proxy所在的服务器的DNS解析结果不能受到自定义的解析影响,不然就死循环了. + +#### **1.10 HTTP(S)透明代理(iptables转发)** +该模式需要具有一定的网络基础,相关概念不懂的请自行搜索解决. +假设proxy现在在路由器上运行,启动命令如下: +`./proxy http -t tcp -p :33080 -T tls -P "2.2.2.2:33090" -C proxy.crt -K proxy.key` + +然后添加iptables规则,下面是参考规则: +```shell +#上级proxy服务端服务器IP地址: +proxy_server_ip=2.2.2.2 + +#路由器运行proxy监听的端口: +proxy_local_port=33080 + +#下面的就不用修改了 +#create a new chain named PROXY +iptables -t nat -N PROXY + +# Ignore your PROXY server's addresses +# It's very IMPORTANT, just be careful. + +iptables -t nat -A PROXY -d $proxy_server_ip -j RETURN + +# Ignore LANs IP address +iptables -t nat -A PROXY -d 0.0.0.0/8 -j RETURN +iptables -t nat -A PROXY -d 10.0.0.0/8 -j RETURN +iptables -t nat -A PROXY -d 127.0.0.0/8 -j RETURN +iptables -t nat -A PROXY -d 169.254.0.0/16 -j RETURN +iptables -t nat -A PROXY -d 172.16.0.0/12 -j RETURN +iptables -t nat -A PROXY -d 192.168.0.0/16 -j RETURN +iptables -t nat -A PROXY -d 224.0.0.0/4 -j RETURN +iptables -t nat -A PROXY -d 240.0.0.0/4 -j RETURN + +# Anything to port 80 443 should be redirected to PROXY's local port +iptables -t nat -A PROXY -p tcp --dport 80 -j REDIRECT --to-ports $proxy_local_port +iptables -t nat -A PROXY -p tcp --dport 443 -j REDIRECT --to-ports $proxy_local_port + +# Apply the rules to nat client +iptables -t nat -A PREROUTING -p tcp -j PROXY +# Apply the rules to localhost +iptables -t nat -A OUTPUT -p tcp -j PROXY +``` +- 清空整个链 iptables -F 链名比如iptables -t nat -F SHADOWSOCKS +- 删除指定的用户自定义链 iptables -X 链名 比如 iptables -t nat -X SHADOWSOCKS +- 从所选链中删除规则 iptables -D 链名 规则详情 比如 iptables -t nat -D SHADOWSOCKS -d 223.223.192.0/255.255.240.0 -j RETURN + #### **1.9.查看帮助** `./proxy help http` diff --git a/config.go b/config.go index 7b1c246..d28b7eb 100755 --- a/config.go +++ b/config.go @@ -64,7 +64,7 @@ func initConfig() (err error) { httpArgs.Auth = http.Flag("auth", "http basic auth username and password, mutiple user repeat -a ,such as: -a user1:pass1 -a user2:pass2").Short('a').Strings() httpArgs.PoolSize = http.Flag("pool-size", "conn pool size , which connect to parent proxy, zero: means turn off pool").Short('L').Default("0").Int() httpArgs.CheckParentInterval = http.Flag("check-parent-interval", "check if proxy is okay every interval seconds,zero: means no check").Short('I').Default("3").Int() - httpArgs.Local = http.Flag("local", "local ip:port to listen").Short('p').Default(":33080").String() + httpArgs.Local = http.Flag("local", "local ip:port to listen,multiple address use comma split,such as: 0.0.0.0:80,0.0.0.0:443").Short('p').Default(":33080").String() httpArgs.SSHUser = http.Flag("ssh-user", "user for ssh").Short('u').Default("").String() httpArgs.SSHKeyFile = http.Flag("ssh-key", "private key file for ssh").Short('S').Default("").String() httpArgs.SSHKeyFileSalt = http.Flag("ssh-keysalt", "salt of ssh private key").Short('s').Default("").String() diff --git a/install_auto.sh b/install_auto.sh index 26790e7..fb1e1d8 100755 --- a/install_auto.sh +++ b/install_auto.sh @@ -5,7 +5,7 @@ if [ -e /tmp/proxy ]; then fi mkdir /tmp/proxy cd /tmp/proxy -wget https://github.com/snail007/goproxy/releases/download/v4.1/proxy-linux-amd64.tar.gz +wget https://github.com/snail007/goproxy/releases/download/v4.2/proxy-linux-amd64.tar.gz # #install proxy tar zxvf proxy-linux-amd64.tar.gz diff --git a/main.go b/main.go index 77a063a..f25de23 100644 --- a/main.go +++ b/main.go @@ -8,7 +8,7 @@ import ( "syscall" ) -const APP_VERSION = "4.1" +const APP_VERSION = "4.2" func main() { err := initConfig() diff --git a/release.sh b/release.sh index eaea9dd..1c1c3a0 100755 --- a/release.sh +++ b/release.sh @@ -1,5 +1,5 @@ #!/bin/bash -VER="4.1" +VER="4.2" RELEASE="release-${VER}" rm -rf .cert mkdir .cert diff --git a/services/http.go b/services/http.go index a9d1caa..91b971d 100644 --- a/services/http.go +++ b/services/http.go @@ -9,6 +9,7 @@ import ( "proxy/utils" "runtime/debug" "strconv" + "strings" "time" "golang.org/x/crypto/ssh" @@ -115,20 +116,24 @@ func (s *HTTP) Start(args interface{}) (err error) { s.InitOutConnPool() } s.InitService() - host, port, _ := net.SplitHostPort(*s.cfg.Local) - p, _ := strconv.Atoi(port) - sc := utils.NewServerChannel(host, p) - if *s.cfg.LocalType == TYPE_TCP { - err = sc.ListenTCP(s.callback) - } else if *s.cfg.LocalType == TYPE_TLS { - err = sc.ListenTls(s.cfg.CertBytes, s.cfg.KeyBytes, s.callback) - } else if *s.cfg.LocalType == TYPE_KCP { - err = sc.ListenKCP(*s.cfg.KCPMethod, *s.cfg.KCPKey, s.callback) + for _, addr := range strings.Split(*s.cfg.Local, ",") { + if addr != "" { + host, port, _ := net.SplitHostPort(addr) + p, _ := strconv.Atoi(port) + sc := utils.NewServerChannel(host, p) + if *s.cfg.LocalType == TYPE_TCP { + err = sc.ListenTCP(s.callback) + } else if *s.cfg.LocalType == TYPE_TLS { + err = sc.ListenTls(s.cfg.CertBytes, s.cfg.KeyBytes, s.callback) + } else if *s.cfg.LocalType == TYPE_KCP { + err = sc.ListenKCP(*s.cfg.KCPMethod, *s.cfg.KCPKey, s.callback) + } + if err != nil { + return + } + log.Printf("%s http(s) proxy on %s", *s.cfg.LocalType, (*sc.Listener).Addr()) + } } - if err != nil { - return - } - log.Printf("%s http(s) proxy on %s", *s.cfg.LocalType, (*sc.Listener).Addr()) return } diff --git a/utils/structs.go b/utils/structs.go index 4fefd76..907eba6 100644 --- a/utils/structs.go +++ b/utils/structs.go @@ -11,6 +11,7 @@ import ( "log" "net" "net/url" + "proxy/utils/sni" "strings" "sync" "time" @@ -306,13 +307,22 @@ func NewHTTPRequest(inConn *net.Conn, bufSize int, isBasicAuth bool, basicAuth * return } req.HeadBuf = buf[:len] - index := bytes.IndexByte(req.HeadBuf, '\n') - if index == -1 { - err = fmt.Errorf("http decoder data line err:%s", SubStr(string(req.HeadBuf), 0, 50)) - CloseConn(inConn) - return + //try sni + serverName, err0 := sni.ServerNameFromBytes(req.HeadBuf) + if err0 == nil { + //sni success + req.Method = "SNI" + req.hostOrURL = "https://" + serverName + ":443" + } else { + //sni fail , try http + index := bytes.IndexByte(req.HeadBuf, '\n') + if index == -1 { + err = fmt.Errorf("http decoder data line err:%s", SubStr(string(req.HeadBuf), 0, 50)) + CloseConn(inConn) + return + } + fmt.Sscanf(string(req.HeadBuf[:index]), "%s%s", &req.Method, &req.hostOrURL) } - fmt.Sscanf(string(req.HeadBuf[:index]), "%s%s", &req.Method, &req.hostOrURL) if req.Method == "" || req.hostOrURL == "" { err = fmt.Errorf("http decoder data err:%s", SubStr(string(req.HeadBuf), 0, 50)) CloseConn(inConn) From 7afd0c86cddf2180b91ce4532ec7f14a8468bbcf Mon Sep 17 00:00:00 2001 From: "arraykeys@gmail.com" Date: Fri, 26 Jan 2018 12:06:29 +0800 Subject: [PATCH 02/36] Signed-off-by: arraykeys@gmail.com --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index a5c3223..16a9184 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,8 @@ Proxy是golang实现的高性能http,https,websocket,tcp,udp,socks5代理服务 - ...   -本页是v4.0-v4.1手册,其他版本手册请点击下面链接查看. +本页是v4.2手册,其他版本手册请点击下面链接查看. +- [v4.0-v4.1手册](https://github.com/snail007/goproxy/tree/v4.1) - [v3.9手册](https://github.com/snail007/goproxy/tree/v3.9) - [v3.8手册](https://github.com/snail007/goproxy/tree/v3.8) - [v3.6-v3.7手册](https://github.com/snail007/goproxy/tree/v3.6) From 23b3ad63cf6f00ba367111e11c3890a5d7b6fe72 Mon Sep 17 00:00:00 2001 From: "arraykeys@gmail.com" Date: Fri, 26 Jan 2018 12:09:12 +0800 Subject: [PATCH 03/36] Signed-off-by: arraykeys@gmail.com --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 16a9184..0ec27b3 100644 --- a/README.md +++ b/README.md @@ -71,8 +71,8 @@ Proxy是golang实现的高性能http,https,websocket,tcp,udp,socks5代理服务 - [1.7.1 用户名和密码的方式](#171-ssh用户名和密码的方式) - [1.7.2 用户名和密钥的方式](#172-ssh用户名和密钥的方式) - [1.8 KCP协议传输](#18kcp协议传输) - - [1.9 HTTP(S)透明代理(域名解析)](#19https透明代理域名解析) - - [1.10 HTTP(S)透明代理(iptables转发)](#110https透明代理iptables转发) + - [1.9 HTTP(S)透明代理(域名解析)](#19-https透明代理域名解析) + - [1.10 HTTP(S)透明代理(iptables转发)](#110-https透明代理iptables转发) - [1.11 查看帮助](#111查看帮助) - [2. TCP代理](#2tcp代理) - [2.1 普通一级TCP代理](#21普通一级tcp代理) From 75032fdbb73cfbd0e7e61cfbd5ebf0b97ac9618e Mon Sep 17 00:00:00 2001 From: "arraykeys@gmail.com" Date: Sat, 27 Jan 2018 10:03:08 +0800 Subject: [PATCH 04/36] Signed-off-by: arraykeys@gmail.com --- utils/structs.go | 1 + 1 file changed, 1 insertion(+) diff --git a/utils/structs.go b/utils/structs.go index 907eba6..93c81db 100644 --- a/utils/structs.go +++ b/utils/structs.go @@ -307,6 +307,7 @@ func NewHTTPRequest(inConn *net.Conn, bufSize int, isBasicAuth bool, basicAuth * return } req.HeadBuf = buf[:len] + //fmt.Println(string(req.HeadBuf)) //try sni serverName, err0 := sni.ServerNameFromBytes(req.HeadBuf) if err0 == nil { From 7d3820175ff6d79cf94926573f4da34e65a82f1b Mon Sep 17 00:00:00 2001 From: snail007 Date: Mon, 29 Jan 2018 21:00:55 +0800 Subject: [PATCH 05/36] Update README.md --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 0ec27b3..aaf686b 100644 --- a/README.md +++ b/README.md @@ -326,9 +326,9 @@ iptables -t nat -A PREROUTING -p tcp -j PROXY # Apply the rules to localhost iptables -t nat -A OUTPUT -p tcp -j PROXY ``` -- 清空整个链 iptables -F 链名比如iptables -t nat -F SHADOWSOCKS -- 删除指定的用户自定义链 iptables -X 链名 比如 iptables -t nat -X SHADOWSOCKS -- 从所选链中删除规则 iptables -D 链名 规则详情 比如 iptables -t nat -D SHADOWSOCKS -d 223.223.192.0/255.255.240.0 -j RETURN +- 清空整个链 iptables -F 链名比如iptables -t nat -F PROXY +- 删除指定的用户自定义链 iptables -X 链名 比如 iptables -t nat -X PROXY +- 从所选链中删除规则 iptables -D 链名 规则详情 比如 iptables -t nat -D PROXY -d 223.223.192.0/255.255.240.0 -j RETURN #### **1.9.查看帮助** `./proxy help http` From f1dfe50d8b28c1106042e60271b808f63a2e819b Mon Sep 17 00:00:00 2001 From: snail007 Date: Mon, 29 Jan 2018 21:02:52 +0800 Subject: [PATCH 06/36] Update README.md --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index aaf686b..2376de6 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,8 @@ Proxy是golang实现的高性能http,https,websocket,tcp,udp,socks5代理服务 - SSH中转,HTTP(S),SOCKS5代理支持SSH中转,上级Linux服务器不需要任何服务端,本地一个proxy即可开心上网. - [KCP](https://github.com/xtaci/kcp-go)协议支持,HTTP(S),SOCKS5代理支持KCP协议传输数据,降低延迟,提升浏览体验. - 集成外部API,HTTP(S),SOCKS5代理认证功能可以与外部HTTP API集成,可以方便的通过外部系统控制代理用户. -- 透明HTTP(S)代理,支持直接把域名解析到proxy监听的ip,然后proxy就会帮你代理访问需要访问的HTTP(S)网站.如果配合iptables,在网关直接把出去的80,443方向的流量转发到proxy,就能实现无感知的智能路由器代理. +- 反向代理,支持直接把域名解析到proxy监听的ip,然后proxy就会帮你代理访问需要访问的HTTP(S)网站. +- 透明HTTP(S)代理,配合iptables,在网关直接把出去的80,443方向的流量转发到proxy,就能实现无感知的智能路由器代理. ### Why need these? - 当由于某某原因,我们不能访问我们在其它地方的服务,我们可以通过多个相连的proxy节点建立起一个安全的隧道访问我们的服务.   From c069b5cd972fd311f55f90cacd07eed64735ed3a Mon Sep 17 00:00:00 2001 From: snail007 Date: Mon, 29 Jan 2018 21:06:10 +0800 Subject: [PATCH 07/36] Update README.md --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 2376de6..10afdac 100644 --- a/README.md +++ b/README.md @@ -72,8 +72,8 @@ Proxy是golang实现的高性能http,https,websocket,tcp,udp,socks5代理服务 - [1.7.1 用户名和密码的方式](#171-ssh用户名和密码的方式) - [1.7.2 用户名和密钥的方式](#172-ssh用户名和密钥的方式) - [1.8 KCP协议传输](#18kcp协议传输) - - [1.9 HTTP(S)透明代理(域名解析)](#19-https透明代理域名解析) - - [1.10 HTTP(S)透明代理(iptables转发)](#110-https透明代理iptables转发) + - [1.9 HTTP(S)反向代理](#19-https反向代理) + - [1.10 HTTP(S)透明代理](#110-https透明代理) - [1.11 查看帮助](#111查看帮助) - [2. TCP代理](#2tcp代理) - [2.1 普通一级TCP代理](#21普通一级tcp代理) @@ -271,7 +271,7 @@ KCP协议需要-B参数设置一个密码用于加密解密数据 `./proxy http -t tcp -p ":8080" -T kcp -P "22.22.22.22:38080" -B mypassword` 那么访问本地的8080端口就是访问VPS上面的代理端口38080,数据通过kcp协议传输. -#### **1.9 HTTP(S)透明代理(域名解析)** +#### **1.9 HTTP(S)反向代理** proxy不仅支持在其他软件里面通过设置代理的方式,为其他软件提供代理服务,而且支持直接把请求的网站域名解析到proxy监听的ip上,然后proxy监听80和443端口,那么proxy就会自动为你代理访问需要访问的HTTP(S)网站. 使用方式: @@ -286,7 +286,7 @@ proxy不仅支持在其他软件里面通过设置代理的方式,为其他软 注意: proxy所在的服务器的DNS解析结果不能受到自定义的解析影响,不然就死循环了. -#### **1.10 HTTP(S)透明代理(iptables转发)** +#### **1.10 HTTP(S)透明代理** 该模式需要具有一定的网络基础,相关概念不懂的请自行搜索解决. 假设proxy现在在路由器上运行,启动命令如下: `./proxy http -t tcp -p :33080 -T tls -P "2.2.2.2:33090" -C proxy.crt -K proxy.key` From 23dbd0a92f5b52b1d5dfac3d1709254937f18941 Mon Sep 17 00:00:00 2001 From: snail007 Date: Mon, 29 Jan 2018 23:49:42 +0800 Subject: [PATCH 08/36] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 10afdac..9f46fa0 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ -Proxy是golang实现的高性能http,https,websocket,tcp,udp,socks5代理服务器,支持正向代理、内网穿透、TCP/UDP端口转发、SSH中转。下载地址:https://github.com/snail007/goproxy/releases 官方QQ交流群:189618940 +Proxy是golang实现的高性能http,https,websocket,tcp,udp,socks5代理服务器,支持正向代理、反向代理、透明代理、内网穿透、TCP/UDP端口映射、SSH中转,TLS加密传输。下载地址:https://github.com/snail007/goproxy/releases 官方QQ交流群:189618940   --- From acc895d2dfd0249f15cd38660ffadb35bef1ca96 Mon Sep 17 00:00:00 2001 From: snail007 Date: Mon, 29 Jan 2018 23:54:43 +0800 Subject: [PATCH 09/36] Update README.md --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 9f46fa0..a542a5e 100644 --- a/README.md +++ b/README.md @@ -432,10 +432,10 @@ VPS(IP:22.22.22.33)执行: 下面的教程以“多路复用版本”为例子,说明使用方法。 内网穿透由三部分组成:client端,server端,bridge端;client和server主动连接bridge端进行桥接. 当用户访问server端,流程是: -1. server主动和bridge端建立连接; -1. 然后bridge端通知client端连接bridge端,并连接内网目标端口; -1. 然后绑定client端到bridge端和client端到内网端口的连接; -1. 然后bridge端把client过来的连接与server端过来的连接绑定; +1. 首先server端主动和bridge端建立连接;   +1. 然后bridge端通知client端连接bridge端和目标端口;   +1. 然后client端绑定“client端到bridge端”和“client端到目标端口”的连接;   +1. 然后bridge端把“client过来的连接”与“server端过来的连接”绑定; 1. 整个通道建立完成; #### **4.2、TCP普通用法** From bc1ab84b757233e0258c9775b55dc5c7e2d6f51a Mon Sep 17 00:00:00 2001 From: "arraykeys@gmail.com" Date: Wed, 31 Jan 2018 10:39:06 +0800 Subject: [PATCH 10/36] Signed-off-by: arraykeys@gmail.com --- release.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/release.sh b/release.sh index 1c1c3a0..d0b4c2c 100755 --- a/release.sh +++ b/release.sh @@ -31,7 +31,7 @@ CGO_ENABLED=0 GOOS=android GOARCH=amd64 go build && tar zcfv "${RELEASE}/proxy-a CGO_ENABLED=0 GOOS=android GOARCH=arm go build && tar zcfv "${RELEASE}/proxy-android-arm.tar.gz" proxy direct blocked CGO_ENABLED=0 GOOS=android GOARCH=arm64 go build && tar zcfv "${RELEASE}/proxy-android-arm64.tar.gz" proxy direct blocked #darwin -CGO_ENABLED=0 GOOS=darwin GOARCH=386 go build go build && tar zcfv "${RELEASE}/proxy-darwin-386.tar.gz" proxy direct blocked +CGO_ENABLED=0 GOOS=darwin GOARCH=386 go build && tar zcfv "${RELEASE}/proxy-darwin-386.tar.gz" proxy direct blocked CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build && tar zcfv "${RELEASE}/proxy-darwin-amd64.tar.gz" proxy direct blocked CGO_ENABLED=0 GOOS=darwin GOARCH=arm go build && tar zcfv "${RELEASE}/proxy-darwin-arm.tar.gz" proxy direct blocked CGO_ENABLED=0 GOOS=darwin GOARCH=arm64 go build && tar zcfv "${RELEASE}/proxy-darwin-arm64.tar.gz" proxy direct blocked From a8b35ba971df82f4c280d7d4e71373b4458354e2 Mon Sep 17 00:00:00 2001 From: "arraykeys@gmail.com" Date: Wed, 31 Jan 2018 11:54:12 +0800 Subject: [PATCH 11/36] Signed-off-by: arraykeys@gmail.com --- CHANGELOG | 4 ++++ services/mux_bridge.go | 9 +++++++++ 2 files changed, 13 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index e1bd974..dfb8732 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,4 +1,8 @@ proxy更新日志 +v4.2 +1.优化了内网穿透,避免了client意外下线,导致链接信息残留的问题. +2.http代理增加了SNI支持,现在http(s)代理模式支持反向代理,支持http(s)透明代理. + v4.1 1.优化了http(s),socks5代理中的域名智能判断,如果是内网IP,直接走本地网络,提升浏览体验, 同时优化了检查机制,判断更快. diff --git a/services/mux_bridge.go b/services/mux_bridge.go index c7e551c..153a341 100644 --- a/services/mux_bridge.go +++ b/services/mux_bridge.go @@ -89,6 +89,15 @@ func (s *MuxBridge) Start(args interface{}) (err error) { return } s.clientControlConns.Set(key, session) + go func() { + for { + if session.IsClosed() { + s.clientControlConns.Remove(key) + break + } + time.Sleep(time.Second * 5) + } + }() //log.Printf("set client session,key: %s", key) } From abd0b63fe902c7fcec2ed2167baecdd9b51d1b0e Mon Sep 17 00:00:00 2001 From: "arraykeys@gmail.com" Date: Wed, 31 Jan 2018 12:15:27 +0800 Subject: [PATCH 12/36] Signed-off-by: arraykeys@gmail.com --- CHANGELOG | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG b/CHANGELOG index dfb8732..22da141 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -2,6 +2,7 @@ proxy更新日志 v4.2 1.优化了内网穿透,避免了client意外下线,导致链接信息残留的问题. 2.http代理增加了SNI支持,现在http(s)代理模式支持反向代理,支持http(s)透明代理. +3.增加了英文手册. v4.1 1.优化了http(s),socks5代理中的域名智能判断,如果是内网IP,直接走本地网络,提升浏览体验, From a9ce3cf7330a80d9eb002bd5fa565a17725a13ef Mon Sep 17 00:00:00 2001 From: "arraykeys@gmail.com" Date: Wed, 31 Jan 2018 12:32:10 +0800 Subject: [PATCH 13/36] Signed-off-by: arraykeys@gmail.com --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 72b2e1a..0d4df79 100644 --- a/README.md +++ b/README.md @@ -594,6 +594,7 @@ proxy QQ group:189618940 if proxy help you a lot,you can support us by: ### AliPay + ### Wechat Pay From 6574d5cd295f4ce4097247a8a08516df125b2578 Mon Sep 17 00:00:00 2001 From: yincongcyincong <648588267@qq.com> Date: Wed, 31 Jan 2018 12:41:52 +0800 Subject: [PATCH 14/36] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0d4df79..78a97e8 100644 --- a/README.md +++ b/README.md @@ -577,7 +577,7 @@ Then access to the local 8080 port is access to the proxy port 38080 on the VPS, `./proxy help socks` ### TODO -- Welcome adding group feedback... +- Welcome joining group feedback... ### How to use the source code? use command cd to enter your go SRC directory and then git clone https://github.com/snail007/goproxy.git and execute ./proxy. From 42ce2a435140ade46b9eb92cf1262ca53192bb4d Mon Sep 17 00:00:00 2001 From: yincongcyincong <648588267@qq.com> Date: Wed, 31 Jan 2018 12:57:11 +0800 Subject: [PATCH 15/36] Update README.md --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 78a97e8..f6149d2 100644 --- a/README.md +++ b/README.md @@ -49,7 +49,7 @@ This page is the v4.0-v4.1 manual, and the other version of the manual can be ch - [Quick installation](#quick-installation) - [Manual installation](#manual-installation) -### First use must be read +### First use must read - [Environmental Science](#environmental-science) - [Use configuration file](#use-configuration-file) - [Debug output](#debug-output) @@ -564,7 +564,7 @@ ip: user's IP, for example: 192.168.1.200 If there is no -a or -F or --auth-url parameters, it means to turn off the authentication. #### **5.8.KCP protocol transmission** -The KCP protocol requires a -B parameter to set a password to encrypt and decrypt data. +The KCP protocol requires a -B parameter which can set a password to encrypt and decrypt data.   HTTP first level proxy(VPS,IP:22.22.22.22) `./proxy socks -t kcp -p ":38080" -B mypassword` @@ -580,7 +580,7 @@ Then access to the local 8080 port is access to the proxy port 38080 on the VPS, - Welcome joining group feedback... ### How to use the source code? -use command cd to enter your go SRC directory and then git clone https://github.com/snail007/goproxy.git and execute ./proxy. +use command cd to enter your go SRC directory and then git clone https://github.com/snail007/goproxy.git and execute ./proxy Direct compilation: go build execution: go run *.go Utils is a toolkit, and service is a specific service class. From 7cfde70a9f018849527fff8761ab39c9fa13b310 Mon Sep 17 00:00:00 2001 From: yincongcyincong <648588267@qq.com> Date: Thu, 1 Feb 2018 17:59:21 +0800 Subject: [PATCH 16/36] Update README.md --- README.md | 67 +++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 65 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index f6149d2..5a1839f 100644 --- a/README.md +++ b/README.md @@ -71,7 +71,7 @@ This page is the v4.0-v4.1 manual, and the other version of the manual can be ch - [1.7.1 The way of username and password](#171the-way-of-username-and-password) - [1.7.2 The way of username and key](#172the-way-of-username-and-key) - [1.8 KCP protocol transmission](#18kcp-protocol-transmission) - - [1.9 View help](#19view-help) + - [1.11 View help](#111view-help) - [2.TCP proxy](#2tcp-proxy) - [2.1 Common TCP first level proxy](#21common-tcp-first-level-proxy) - [2.2 Common TCP second level proxy](#22common-tcp-second-level-proxy) @@ -183,6 +183,7 @@ Assuming that your VPS outer external network IP is 23.23.23.23, the following c ### **1.HTTP proxy** #### **1.1.common HTTP proxy** +![1.1](/docs/images/1.1.jpg) `./proxy http -t tcp -p "0.0.0.0:38080"` #### **1.2.Common HTTP second level proxy** @@ -264,18 +265,79 @@ Http first level proxy(VPS,IP:22.22.22.22) Http second level proxy(os is Linux) `./proxy http -t tcp -p ":8080" -T kcp -P "22.22.22.22:38080" -B mypassword` Then access to the local 8080 port is access to the proxy's port 38080 on the VPS, and the data is transmitted through the KCP protocol. +#### **1.9 HTTP(S)反向代理** +proxy不仅支持在其他软件里面通过设置代理的方式,为其他软件提供代理服务,而且支持直接把请求的网站域名解析到proxy监听的ip上,然后proxy监听80和443端口,那么proxy就会自动为你代理访问需要访问的HTTP(S)网站. -#### **1.9.view help** +使用方式: +在"最后一级proxy代理"的机器上,因为proxy要伪装成所有网站,网站默认的端口HTTP是80,HTTPS是443,让proxy监听80和443端口即可.参数-p多个地址用逗号分割. +`./proxy http -t tcp -p :80,:443` + +这个命令就在机器上启动了一个proxy代理,同时监听80和443端口,既可以当作普通的代理使用,也可以直接把需要代理的域名解析到这个机器的IP上. + +如果有上级代理那么参照上面教程设置上级即可,使用方式完全一样. +`./proxy http -t tcp -p :80,:443 -T tls -P "2.2.2.2:33080" -C proxy.crt -K proxy.key` + +注意: +proxy所在的服务器的DNS解析结果不能受到自定义的解析影响,不然就死循环了. + +#### **1.10 HTTP(S)透明代理** +该模式需要具有一定的网络基础,相关概念不懂的请自行搜索解决. +假设proxy现在在路由器上运行,启动命令如下: +`./proxy http -t tcp -p :33080 -T tls -P "2.2.2.2:33090" -C proxy.crt -K proxy.key` + +然后添加iptables规则,下面是参考规则: +```shell +#上级proxy服务端服务器IP地址: +proxy_server_ip=2.2.2.2 + +#路由器运行proxy监听的端口: +proxy_local_port=33080 + +#下面的就不用修改了 +#create a new chain named PROXY +iptables -t nat -N PROXY + +# Ignore your PROXY server's addresses +# It's very IMPORTANT, just be careful. + +iptables -t nat -A PROXY -d $proxy_server_ip -j RETURN + +# Ignore LANs IP address +iptables -t nat -A PROXY -d 0.0.0.0/8 -j RETURN +iptables -t nat -A PROXY -d 10.0.0.0/8 -j RETURN +iptables -t nat -A PROXY -d 127.0.0.0/8 -j RETURN +iptables -t nat -A PROXY -d 169.254.0.0/16 -j RETURN +iptables -t nat -A PROXY -d 172.16.0.0/12 -j RETURN +iptables -t nat -A PROXY -d 192.168.0.0/16 -j RETURN +iptables -t nat -A PROXY -d 224.0.0.0/4 -j RETURN +iptables -t nat -A PROXY -d 240.0.0.0/4 -j RETURN + +# Anything to port 80 443 should be redirected to PROXY's local port +iptables -t nat -A PROXY -p tcp --dport 80 -j REDIRECT --to-ports $proxy_local_port +iptables -t nat -A PROXY -p tcp --dport 443 -j REDIRECT --to-ports $proxy_local_port + +# Apply the rules to nat client +iptables -t nat -A PREROUTING -p tcp -j PROXY +# Apply the rules to localhost +iptables -t nat -A OUTPUT -p tcp -j PROXY +``` +- 清空整个链 iptables -F 链名比如iptables -t nat -F PROXY +- 删除指定的用户自定义链 iptables -X 链名 比如 iptables -t nat -X PROXY +- 从所选链中删除规则 iptables -D 链名 规则详情 比如 iptables -t nat -D PROXY -d 223.223.192.0/255.255.240.0 -j RETURN + +#### **1.11.view help** `./proxy help http` ### **2.TCP proxy** #### **2.1.Common TCP first level proxy** +![2.1](/docs/images/2.1.png) Local execution: `./proxy tcp -p ":33080" -T tcp -P "192.168.22.33:22" -L 0` Then access to the local 33080 port is the 22 port of access to 192.168.22.33. #### **2.2.Common TCP second level proxy** +![2.2](/docs/images/2.2.png) VPS(IP:22.22.22.33) execute:   `./proxy tcp -p ":33080" -T tcp -P "127.0.0.1:8080" -L 0`   local execution:   @@ -497,6 +559,7 @@ Tips: SOCKS5 proxy, support CONNECT, UDP protocol and don't support BIND and sup `./proxy socks -t tcp -p "0.0.0.0:38080"` #### **5.2.Common SOCKS5 second level proxy** +![5.2](/docs/images/5.2.png) Using local port 8090, assume that the parent SOCKS5 proxy is `22.22.22.22:8080` `./proxy socks -t tcp -p "0.0.0.0:8090" -T tcp -P "22.22.22.22:8080" ` We can also specify the black and white list files of the domain name, one line for one domain name. The matching rule is the most right-hand matching. For example, baidu.com is *.*.baidu.com, the domain name of the blacklist is directly accessed by the parent proxy, and the domain name of the white list does not access to the parent proxy. From dfc326b771b18b8d37e56cef9f63af16a2cbdd6f Mon Sep 17 00:00:00 2001 From: yincongcyincong <648588267@qq.com> Date: Thu, 1 Feb 2018 18:01:10 +0800 Subject: [PATCH 17/36] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5a1839f..8136c77 100644 --- a/README.md +++ b/README.md @@ -111,7 +111,7 @@ This page is the v4.0-v4.1 manual, and the other version of the manual can be ch ### Fast Start tips:all operations require root permissions. #### Quick installation -#### **0. If your VPS is a linux64 system, you can complete the automatic installation and configuration by the following sentence.** +#### **0. If your VPS is linux64, you can complete the automatic installation and configuration by the following sentence.** ```shell curl -L https://raw.githubusercontent.com/snail007/goproxy/master/install_auto.sh | bash ``` From 7272b592d5138c4f44a665b7c9d6fca48d3bff8b Mon Sep 17 00:00:00 2001 From: yincongcyincong <648588267@qq.com> Date: Mon, 5 Feb 2018 11:35:50 +0800 Subject: [PATCH 18/36] Update README.md --- README.md | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index 8136c77..2c62ea8 100644 --- a/README.md +++ b/README.md @@ -265,35 +265,35 @@ Http first level proxy(VPS,IP:22.22.22.22) Http second level proxy(os is Linux) `./proxy http -t tcp -p ":8080" -T kcp -P "22.22.22.22:38080" -B mypassword` Then access to the local 8080 port is access to the proxy's port 38080 on the VPS, and the data is transmitted through the KCP protocol. -#### **1.9 HTTP(S)反向代理** -proxy不仅支持在其他软件里面通过设置代理的方式,为其他软件提供代理服务,而且支持直接把请求的网站域名解析到proxy监听的ip上,然后proxy监听80和443端口,那么proxy就会自动为你代理访问需要访问的HTTP(S)网站. +#### **1.9 HTTP(S) Reverse proxy** +Proxy supports not only set up a proxy through in other software, to provide services for other software, but support the request directly to the website domain to proxy monitor IP when proxy monitors 80 and 443 ports, then proxy will automatically access to the HTTP proxy access website for you.   -使用方式: -在"最后一级proxy代理"的机器上,因为proxy要伪装成所有网站,网站默认的端口HTTP是80,HTTPS是443,让proxy监听80和443端口即可.参数-p多个地址用逗号分割. +How to use:   +On the last level proxy computer, because proxy is disguised as all websites and the default port of HTTP is 80, HTTPS is 443, the proxy listens to 80 and 443 port. Parameters -p multiple addresses are separated by commas. `./proxy http -t tcp -p :80,:443` -这个命令就在机器上启动了一个proxy代理,同时监听80和443端口,既可以当作普通的代理使用,也可以直接把需要代理的域名解析到这个机器的IP上. +This command starts a proxy on the computer, and listens to 80 and 443 ports. It can be used as a common proxy and it can directly resolve the domain that needs proxy to the IP of the computer. -如果有上级代理那么参照上面教程设置上级即可,使用方式完全一样. +If a parent proxy exist, you can refer to the above tutorial to set up a parent. The way of use is exactly the same. `./proxy http -t tcp -p :80,:443 -T tls -P "2.2.2.2:33080" -C proxy.crt -K proxy.key` -注意: -proxy所在的服务器的DNS解析结果不能受到自定义的解析影响,不然就死循环了. +Notice: +The result of the DNS parsing of the server in which proxy is located can not affected by a custom parsing, if not, it is dead cycle. -#### **1.10 HTTP(S)透明代理** -该模式需要具有一定的网络基础,相关概念不懂的请自行搜索解决. -假设proxy现在在路由器上运行,启动命令如下: +#### **1.10 HTTP(S) transparent proxy** +The mode needs a certain network base, if the related concepts don't understand, you must resolve it by yourself. +Assuming that proxy is now running on the router, the boot command is as follows: `./proxy http -t tcp -p :33080 -T tls -P "2.2.2.2:33090" -C proxy.crt -K proxy.key` -然后添加iptables规则,下面是参考规则: +Then the iptables rule is added, and the following rule is a reference rule: ```shell -#上级proxy服务端服务器IP地址: +#IP of parent proxy: proxy_server_ip=2.2.2.2 -#路由器运行proxy监听的端口: +#Proxy that the router runs monitor the port: proxy_local_port=33080 -#下面的就不用修改了 +#The following don't need to be modified #create a new chain named PROXY iptables -t nat -N PROXY @@ -321,9 +321,9 @@ iptables -t nat -A PREROUTING -p tcp -j PROXY # Apply the rules to localhost iptables -t nat -A OUTPUT -p tcp -j PROXY ``` -- 清空整个链 iptables -F 链名比如iptables -t nat -F PROXY -- 删除指定的用户自定义链 iptables -X 链名 比如 iptables -t nat -X PROXY -- 从所选链中删除规则 iptables -D 链名 规则详情 比如 iptables -t nat -D PROXY -d 223.223.192.0/255.255.240.0 -j RETURN +- Clearing the whole chain command is iptables -F chain name, such as iptables -t NAT -F PROXY +- Deleting the specified chain that user defined command is iptables -X chain name, such as iptables -t NAT -X PROXY +- Deleting the rules of the chain command is iptables -D chain name from the selected chain, such as iptables -t nat -D PROXY -d 223.223.192.0/255.255.240.0 -j RETURN #### **1.11.view help** `./proxy help http` From a49e0166d40977b32f7ce3c87f0e88a4e700e388 Mon Sep 17 00:00:00 2001 From: yincongcyincong <648588267@qq.com> Date: Mon, 5 Feb 2018 17:50:39 +0800 Subject: [PATCH 19/36] Update README.md --- README.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 2c62ea8..836a9ae 100644 --- a/README.md +++ b/README.md @@ -71,6 +71,8 @@ This page is the v4.0-v4.1 manual, and the other version of the manual can be ch - [1.7.1 The way of username and password](#171the-way-of-username-and-password) - [1.7.2 The way of username and key](#172the-way-of-username-and-key) - [1.8 KCP protocol transmission](#18kcp-protocol-transmission) + - [1.9 HTTP(S) reverse proxy](#19http(s)-reverse-proxy) + - [1.10 HTTP(S) transparent proxy](#110http(s)-transparent-proxy) - [1.11 View help](#111view-help) - [2.TCP proxy](#2tcp-proxy) - [2.1 Common TCP first level proxy](#21common-tcp-first-level-proxy) @@ -137,14 +139,14 @@ chmod +x install.sh ## **First use must be read**   ### **Environmental Science** -The following tutorial, the default system is Linux, the program is proxy; all operations require root permissions. +The following tutorial defaults system is Linux, the program is proxy and all operations require root permissions. If the system are windows, please use proxy.exe. ### **Use configuration file** -The following tutorial is to introduce the use method by the command line parameters, or by reading the configuration file to get the parameters. +The following tutorial is to introduce the useage by the command line parameters, or by reading the configuration file to get the parameters. The specific format is to specify a configuration file by the @ symbol, for example, ./proxy @configfile.txt. -configfile.txt's format: The first line is the subcommand name, and the second line begins one line: the long format of the parameter = the parameter value, there is no space and double quotes before and after. -The long format of the parameter's beginning is always --, the short format of the parameter's beginning is always -. If you don't know which short form parameter corresponds to the long format parameter, please look at the help command. +configfile.txt's format: The first line is the subcommand name, and the second line begins a new line: the long format of the parameter = the parameter value, there is no space and double quotes before and after. +The long format of the parameter's beginning is --, the short format of the parameter's beginning is -. If you don't know which short form corresponds to the long format, please look at the help command. For example, the contents of configfile.txt are as follows: ```shell http @@ -265,7 +267,7 @@ Http first level proxy(VPS,IP:22.22.22.22) Http second level proxy(os is Linux) `./proxy http -t tcp -p ":8080" -T kcp -P "22.22.22.22:38080" -B mypassword` Then access to the local 8080 port is access to the proxy's port 38080 on the VPS, and the data is transmitted through the KCP protocol. -#### **1.9 HTTP(S) Reverse proxy** +#### **1.9.HTTP(S) reverse proxy** Proxy supports not only set up a proxy through in other software, to provide services for other software, but support the request directly to the website domain to proxy monitor IP when proxy monitors 80 and 443 ports, then proxy will automatically access to the HTTP proxy access website for you.   How to use:   @@ -280,7 +282,7 @@ If a parent proxy exist, you can refer to the above tutorial to set up a parent. Notice: The result of the DNS parsing of the server in which proxy is located can not affected by a custom parsing, if not, it is dead cycle. -#### **1.10 HTTP(S) transparent proxy** +#### **1.10.HTTP(S) transparent proxy** The mode needs a certain network base, if the related concepts don't understand, you must resolve it by yourself. Assuming that proxy is now running on the router, the boot command is as follows: `./proxy http -t tcp -p :33080 -T tls -P "2.2.2.2:33090" -C proxy.crt -K proxy.key` From f947d35bc3ec8e4ab8c570feabf5f8ff822a207c Mon Sep 17 00:00:00 2001 From: yincongcyincong <648588267@qq.com> Date: Mon, 5 Feb 2018 18:00:50 +0800 Subject: [PATCH 20/36] Update README.md --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 836a9ae..1735526 100644 --- a/README.md +++ b/README.md @@ -71,8 +71,8 @@ This page is the v4.0-v4.1 manual, and the other version of the manual can be ch - [1.7.1 The way of username and password](#171the-way-of-username-and-password) - [1.7.2 The way of username and key](#172the-way-of-username-and-key) - [1.8 KCP protocol transmission](#18kcp-protocol-transmission) - - [1.9 HTTP(S) reverse proxy](#19http(s)-reverse-proxy) - - [1.10 HTTP(S) transparent proxy](#110http(s)-transparent-proxy) + - [1.9 HTTP(S) reverse proxy](#19http-reverse-proxy) + - [1.10 HTTP(S) transparent proxy](#110http-transparent-proxy) - [1.11 View help](#111view-help) - [2.TCP proxy](#2tcp-proxy) - [2.1 Common TCP first level proxy](#21common-tcp-first-level-proxy) @@ -267,7 +267,7 @@ Http first level proxy(VPS,IP:22.22.22.22) Http second level proxy(os is Linux) `./proxy http -t tcp -p ":8080" -T kcp -P "22.22.22.22:38080" -B mypassword` Then access to the local 8080 port is access to the proxy's port 38080 on the VPS, and the data is transmitted through the KCP protocol. -#### **1.9.HTTP(S) reverse proxy** +#### **1.9.HTTP reverse proxy** Proxy supports not only set up a proxy through in other software, to provide services for other software, but support the request directly to the website domain to proxy monitor IP when proxy monitors 80 and 443 ports, then proxy will automatically access to the HTTP proxy access website for you.   How to use:   @@ -282,7 +282,7 @@ If a parent proxy exist, you can refer to the above tutorial to set up a parent. Notice: The result of the DNS parsing of the server in which proxy is located can not affected by a custom parsing, if not, it is dead cycle. -#### **1.10.HTTP(S) transparent proxy** +#### **1.10.HTTP transparent proxy** The mode needs a certain network base, if the related concepts don't understand, you must resolve it by yourself. Assuming that proxy is now running on the router, the boot command is as follows: `./proxy http -t tcp -p :33080 -T tls -P "2.2.2.2:33090" -C proxy.crt -K proxy.key` @@ -418,7 +418,7 @@ Then access to the local UDP:5353 port is access to the UDP:53 port of the 8.8.8 ### **4.Nat forward** #### **4.1、Principle explanation** -Nat forward, divided into two versions, "multi-link version" and "multiplexed version", generally like web services Which is not a long time to connect the service recommended "multi-link version", if you want to keep long Time connection, "multiplexed version" is recommended. +Nat forward, is divided into two versions, "multi-link version" and "multiplexed version", generally like web services Which is not a long time to connect the service recommende "multi-link version", if you want to keep long Time connection, "multiplexed version" is recommended. 1. Multilink version, the corresponding subcommand is tserver,tclient,tbridge。 1. Multiplexed version, the corresponding subcommand is server,client,bridge。 1. the parameters and use of Multilink version and multiplexed is exactly the same.   @@ -615,7 +615,7 @@ You can also be placed in a file, which is a line, a ‘username: password’, a `./proxy socks -t tcp -p ":33080" -F auth-file.txt` In addition, socks5 proxy also integrates external HTTP API authentication, we can specify a http url interface address through the --auth-url parameter, -Then when the user is connected, the proxy GET request this url, with the following four parameters, if the return HTTP status code 204, on behalf of the authentication is successful. +Then when the user is connected, the proxy request this url by get way, with the following four parameters, if the return HTTP status code 204, on behalf of the authentication is successful. In other cases, the authentication fails. for example: `./proxy socks -t tcp -p ":33080" --auth-url "http://test.com/auth.php"` From a7c46f55824586dfbcd11be7ecc14b14a2b585d3 Mon Sep 17 00:00:00 2001 From: yincongcyincong <648588267@qq.com> Date: Tue, 6 Feb 2018 08:09:16 +0800 Subject: [PATCH 21/36] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1735526..d5df20c 100644 --- a/README.md +++ b/README.md @@ -283,7 +283,7 @@ Notice: The result of the DNS parsing of the server in which proxy is located can not affected by a custom parsing, if not, it is dead cycle. #### **1.10.HTTP transparent proxy** -The mode needs a certain network base, if the related concepts don't understand, you must resolve it by yourself. +The mode needs a certain network knowledge, if the related concepts don't understand, you must search it by yourself.   Assuming that proxy is now running on the router, the boot command is as follows: `./proxy http -t tcp -p :33080 -T tls -P "2.2.2.2:33090" -C proxy.crt -K proxy.key` From 4b1651bb3eb9b18cc09ac20bdfad1ed21b05d153 Mon Sep 17 00:00:00 2001 From: yincongcyincong <648588267@qq.com> Date: Tue, 6 Feb 2018 11:33:06 +0800 Subject: [PATCH 22/36] Update README.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index d5df20c..49c7c60 100644 --- a/README.md +++ b/README.md @@ -19,6 +19,8 @@ Proxy is a high performance HTTP, HTTPS, HTTPS, websocket, TCP, UDP, Socks5 prox - SSH forwarding: HTTP (S), SOCKS5 proxy support SSH transfer, parent Linux server does not need any server, a local proxy can be happy to access the Internet. - [KCP](https://github.com/xtaci/kcp-go) protocol is supported: HTTP (S), SOCKS5 proxy supports the KCP protocol which can transmit data, reduce latency, and improve the browsing experience.   - The integrated external API, HTTP (S): SOCKS5 proxy authentication can be integrated with the external HTTP API, which can easily control the user's access through the external system. +- Reverse proxy: goproxy supports directly parsing the domain to proxy monitor IP, and then proxy will help you to access the HTTP (S) site that you need to access. +- Transparent proxy: with the iptables, goproxy can directly forward the 80 and 443 port's traffic to proxy in the gateway, and can realize the unaware intelligent router proxy. ### Why need these? - Because for some reason, we cannot access our services elsewhere. We can build a secure tunnel to access our services through multiple connected proxy nodes.   From 55cac537b19743806cce23b0492c5853a9d66512 Mon Sep 17 00:00:00 2001 From: yincongcyincong <648588267@qq.com> Date: Tue, 6 Feb 2018 14:50:31 +0800 Subject: [PATCH 23/36] Update README.md --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 49c7c60..caca516 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,8 @@ Proxy is a high performance HTTP, HTTPS, HTTPS, websocket, TCP, UDP, Socks5 prox - ...   -This page is the v4.0-v4.1 manual, and the other version of the manual can be checked by the following link. +This page is the v4.2 manual, and the other version of the manual can be checked by the following link. +- [v4.0-4.1 manual](https://github.com/snail007/goproxy/tree/v4.1) - [v3.9 manual](https://github.com/snail007/goproxy/tree/v3.9) - [v3.8 manual](https://github.com/snail007/goproxy/tree/v3.8) - [v3.6-v3.7 manual](https://github.com/snail007/goproxy/tree/v3.6) From 2669aac7c9325c8a4704ca1ebd13e68dbb0d3703 Mon Sep 17 00:00:00 2001 From: yincongcyincong <648588267@qq.com> Date: Wed, 7 Feb 2018 16:09:25 +0800 Subject: [PATCH 24/36] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index caca516..5f797fd 100644 --- a/README.md +++ b/README.md @@ -648,7 +648,7 @@ Then access to the local 8080 port is access to the proxy port 38080 on the VPS, - Welcome joining group feedback... ### How to use the source code? -use command cd to enter your go SRC directory and then git clone https://github.com/snail007/goproxy.git and execute ./proxy +use command cd to enter your go SRC directory and then execute git clone https://github.com/snail007/goproxy.git ./proxy Direct compilation: go build execution: go run *.go Utils is a toolkit, and service is a specific service class. From 28947a0352ba6190716fc28052a334f3bf155b68 Mon Sep 17 00:00:00 2001 From: yincongcyincong <648588267@qq.com> Date: Tue, 13 Feb 2018 08:20:18 +0800 Subject: [PATCH 25/36] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 5f797fd..9ed4873 100644 --- a/README.md +++ b/README.md @@ -543,8 +543,8 @@ Procedure: 4.7.1.PROTOCOL is tcp or udp. for example: `-r "udp://:10053@:53" -r "tcp://:10800@:1080" -r ":8080@:80"` - If the --udp parameter is specified, PROTOCOL is UDP by default, then `-r ": 8080@: 80"` is UDP. - If the --udp parameter is not specified, PROTOCOL is TCP by default, then `-r ": 8080@: 80"` is TCP. + If the --udp parameter is specified, PROTOCOL is UDP by default, then `-r ":8080@:80"` is UDP. + If the --udp parameter is not specified, PROTOCOL is TCP by default, then `-r ":8080@:80"` is TCP. 4.7.2.CLIENT_KEY by default is 'default'. for example: -r "udp://:10053@[test1]:53" -r "tcp://:10800@[test2]:1080" -r ":8080@:80" From 32661552ff133fab2bc67b57864ebe8e569e8b41 Mon Sep 17 00:00:00 2001 From: yincongcyincong <648588267@qq.com> Date: Wed, 28 Feb 2018 14:09:23 +0800 Subject: [PATCH 26/36] Update README.md --- README.md | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 9ed4873..bdd165e 100644 --- a/README.md +++ b/README.md @@ -76,7 +76,8 @@ This page is the v4.2 manual, and the other version of the manual can be checked - [1.8 KCP protocol transmission](#18kcp-protocol-transmission) - [1.9 HTTP(S) reverse proxy](#19http-reverse-proxy) - [1.10 HTTP(S) transparent proxy](#110http-transparent-proxy) - - [1.11 View help](#111view-help) + - [1.11 Custom DNS](#111custom-dns) + - [1.12 View help](#112view-help) - [2.TCP proxy](#2tcp-proxy) - [2.1 Common TCP first level proxy](#21common-tcp-first-level-proxy) - [2.2 Common TCP second level proxy](#22common-tcp-second-level-proxy) @@ -111,7 +112,8 @@ This page is the v4.2 manual, and the other version of the manual can be checked - [5.6.2 The way of username and key](#562the-way-of-username-and-key) - [5.7 Authentication](#57authentication) - [5.8 KCP protocol transmission](#58kcp-protocol-transmission) - - [5.9 View help](#59view-help) + - [5.9 Custom DNS](#59custom-dns) + - [5.10 View help](#510view-help) ### Fast Start tips:all operations require root permissions. @@ -330,7 +332,13 @@ iptables -t nat -A OUTPUT -p tcp -j PROXY - Deleting the specified chain that user defined command is iptables -X chain name, such as iptables -t NAT -X PROXY - Deleting the rules of the chain command is iptables -D chain name from the selected chain, such as iptables -t nat -D PROXY -d 223.223.192.0/255.255.240.0 -j RETURN -#### **1.11.view help** +#### **1.11.Custom DNS** +--dns-address and --dns-ttl parameters can be used to specify DNS when you use proxy to access to the domain name(--dns-address) +and analytical result cache time (--dns-ttl) which unit is seconds, which can avoid the interference of system DNS to proxy. cache can reduce DNS resolution time and increase access speed. +for example: +`./proxy http -p ":33080" --dns-address "8.8.8.8:53" --dns-ttl 300` + +#### **1.12.view help** `./proxy help http` ### **2.TCP proxy** @@ -639,9 +647,16 @@ HTTP first level proxy(VPS,IP:22.22.22.22) HTTP two level proxy(local os is Linux) `./proxy socks -t tcp -p ":8080" -T kcp -P "22.22.22.22:38080" -B mypassword` -Then access to the local 8080 port is access to the proxy port 38080 on the VPS, and the data is transmitted through the KCP protocol. +Then access to the local 8080 port is access to the proxy port 38080 on the VPS, and the data is transmitted through the KCP protocol. -#### **5.9.view help** +#### **5.9.Custom DNS** +--dns-address and --dns-ttl parameters can be used to specify DNS when you use proxy to access to the domain name(--dns-address) +and analytical result cache time (--dns-ttl) which unit is seconds, which can avoid the interference of system DNS to proxy. cache can reduce DNS resolution time and increase access speed. +for example: +`./proxy http -p ":33080" --dns-address "8.8.8.8:53" --dns-ttl 300` + + +#### **5.10.view help** `./proxy help socks` ### TODO From 8d2e2105224ac33b87be7b75f2e7d9cfcc0c7cc8 Mon Sep 17 00:00:00 2001 From: yincongcyincong <648588267@qq.com> Date: Wed, 28 Feb 2018 16:05:47 +0800 Subject: [PATCH 27/36] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index bdd165e..af4213d 100644 --- a/README.md +++ b/README.md @@ -333,7 +333,7 @@ iptables -t nat -A OUTPUT -p tcp -j PROXY - Deleting the rules of the chain command is iptables -D chain name from the selected chain, such as iptables -t nat -D PROXY -d 223.223.192.0/255.255.240.0 -j RETURN #### **1.11.Custom DNS** ---dns-address and --dns-ttl parameters can be used to specify DNS when you use proxy to access to the domain name(--dns-address) +--dns-address and --dns-ttl parameters can be used to specify DNS when you use proxy to access to a domain name(--dns-address) and analytical result cache time (--dns-ttl) which unit is seconds, which can avoid the interference of system DNS to proxy. cache can reduce DNS resolution time and increase access speed. for example: `./proxy http -p ":33080" --dns-address "8.8.8.8:53" --dns-ttl 300` From 9301c9b49b63bcca3da6b0358c2a0e9c81da30cb Mon Sep 17 00:00:00 2001 From: yincongcyincong <648588267@qq.com> Date: Wed, 28 Feb 2018 16:07:40 +0800 Subject: [PATCH 28/36] Update README.md --- README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index af4213d..a8ed2a5 100644 --- a/README.md +++ b/README.md @@ -333,8 +333,8 @@ iptables -t nat -A OUTPUT -p tcp -j PROXY - Deleting the rules of the chain command is iptables -D chain name from the selected chain, such as iptables -t nat -D PROXY -d 223.223.192.0/255.255.240.0 -j RETURN #### **1.11.Custom DNS** ---dns-address and --dns-ttl parameters can be used to specify DNS when you use proxy to access to a domain name(--dns-address) -and analytical result cache time (--dns-ttl) which unit is seconds, which can avoid the interference of system DNS to proxy. cache can reduce DNS resolution time and increase access speed. +--dns-address and --dns-ttl parameters can be used to specify DNS when you use proxy to access to a domain name(--dns-address). +they also can specify analytical result cache time (--dns-ttl) which unit is seconds, which can avoid the interference of system DNS to proxy. cache can reduce DNS resolution time and increase access speed. for example: `./proxy http -p ":33080" --dns-address "8.8.8.8:53" --dns-ttl 300` @@ -650,9 +650,9 @@ HTTP two level proxy(local os is Linux) Then access to the local 8080 port is access to the proxy port 38080 on the VPS, and the data is transmitted through the KCP protocol. #### **5.9.Custom DNS** ---dns-address and --dns-ttl parameters can be used to specify DNS when you use proxy to access to the domain name(--dns-address) -and analytical result cache time (--dns-ttl) which unit is seconds, which can avoid the interference of system DNS to proxy. cache can reduce DNS resolution time and increase access speed. -for example: +--dns-address and --dns-ttl parameters can be used to specify DNS when you use proxy to access to a domain name(--dns-address). +they also can specify analytical result cache time (--dns-ttl) which unit is seconds, which can avoid the interference of system DNS to proxy. cache can reduce DNS resolution time and increase access speed. +for example: `./proxy http -p ":33080" --dns-address "8.8.8.8:53" --dns-ttl 300` From 5583b303be777a5d975263e25b739a6aa4548d8f Mon Sep 17 00:00:00 2001 From: yincongcyincong <648588267@qq.com> Date: Wed, 28 Feb 2018 16:11:43 +0800 Subject: [PATCH 29/36] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index a8ed2a5..490c643 100644 --- a/README.md +++ b/README.md @@ -334,7 +334,7 @@ iptables -t nat -A OUTPUT -p tcp -j PROXY #### **1.11.Custom DNS** --dns-address and --dns-ttl parameters can be used to specify DNS when you use proxy to access to a domain name(--dns-address). -they also can specify analytical result cache time (--dns-ttl) which unit is seconds, which can avoid the interference of system DNS to proxy. cache can reduce DNS resolution time and increase access speed. +they also can specify analytical result cache time (--dns-ttl) which unit is seconds. they can avoid the interference of system DNS to proxy. cache can reduce DNS resolution time and increase access speed. for example: `./proxy http -p ":33080" --dns-address "8.8.8.8:53" --dns-ttl 300` @@ -651,7 +651,7 @@ Then access to the local 8080 port is access to the proxy port 38080 on the VPS, #### **5.9.Custom DNS** --dns-address and --dns-ttl parameters can be used to specify DNS when you use proxy to access to a domain name(--dns-address). -they also can specify analytical result cache time (--dns-ttl) which unit is seconds, which can avoid the interference of system DNS to proxy. cache can reduce DNS resolution time and increase access speed. +they also can specify analytical result cache time (--dns-ttl) which unit is seconds. they can avoid the interference of system DNS to proxy. cache can reduce DNS resolution time and increase access speed. for example: `./proxy http -p ":33080" --dns-address "8.8.8.8:53" --dns-ttl 300` From 68080539f7a58ff8e23facbc6a3f067fb25a944d Mon Sep 17 00:00:00 2001 From: yincongcyincong <648588267@qq.com> Date: Wed, 28 Feb 2018 16:14:16 +0800 Subject: [PATCH 30/36] Update README.md --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 490c643..3f6211b 100644 --- a/README.md +++ b/README.md @@ -333,7 +333,7 @@ iptables -t nat -A OUTPUT -p tcp -j PROXY - Deleting the rules of the chain command is iptables -D chain name from the selected chain, such as iptables -t nat -D PROXY -d 223.223.192.0/255.255.240.0 -j RETURN #### **1.11.Custom DNS** ---dns-address and --dns-ttl parameters can be used to specify DNS when you use proxy to access to a domain name(--dns-address). +--dns-address and --dns-ttl parameters can be used to specify DNS(--dns-address) when you use proxy to access to a domain name. they also can specify analytical result cache time (--dns-ttl) which unit is seconds. they can avoid the interference of system DNS to proxy. cache can reduce DNS resolution time and increase access speed. for example: `./proxy http -p ":33080" --dns-address "8.8.8.8:53" --dns-ttl 300` @@ -650,10 +650,10 @@ HTTP two level proxy(local os is Linux) Then access to the local 8080 port is access to the proxy port 38080 on the VPS, and the data is transmitted through the KCP protocol. #### **5.9.Custom DNS** ---dns-address and --dns-ttl parameters can be used to specify DNS when you use proxy to access to a domain name(--dns-address). +--dns-address and --dns-ttl parameters can be used to specify DNS(--dns-address) when you use proxy to access to a domain name. they also can specify analytical result cache time (--dns-ttl) which unit is seconds. they can avoid the interference of system DNS to proxy. cache can reduce DNS resolution time and increase access speed. for example: -`./proxy http -p ":33080" --dns-address "8.8.8.8:53" --dns-ttl 300` +`./proxy socks -p ":33080" --dns-address "8.8.8.8:53" --dns-ttl 300` #### **5.10.view help** From 938ddd11411c9767392b7f0b149e937c71bf27a7 Mon Sep 17 00:00:00 2001 From: yincongcyincong <648588267@qq.com> Date: Wed, 28 Feb 2018 16:15:29 +0800 Subject: [PATCH 31/36] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 3f6211b..24613cc 100644 --- a/README.md +++ b/README.md @@ -334,7 +334,7 @@ iptables -t nat -A OUTPUT -p tcp -j PROXY #### **1.11.Custom DNS** --dns-address and --dns-ttl parameters can be used to specify DNS(--dns-address) when you use proxy to access to a domain name. -they also can specify analytical result cache time (--dns-ttl) which unit is seconds. they can avoid the interference of system DNS to proxy. cache can reduce DNS resolution time and increase access speed. +they also can specify analytical result cache time (--dns-ttl) which unit is second. they can avoid the interference of system DNS to proxy. cache can reduce DNS resolution time and increase access speed. for example: `./proxy http -p ":33080" --dns-address "8.8.8.8:53" --dns-ttl 300` @@ -651,7 +651,7 @@ Then access to the local 8080 port is access to the proxy port 38080 on the VPS, #### **5.9.Custom DNS** --dns-address and --dns-ttl parameters can be used to specify DNS(--dns-address) when you use proxy to access to a domain name. -they also can specify analytical result cache time (--dns-ttl) which unit is seconds. they can avoid the interference of system DNS to proxy. cache can reduce DNS resolution time and increase access speed. +they also can specify analytical result cache time (--dns-ttl) which unit is second. they can avoid the interference of system DNS to proxy. cache can reduce DNS resolution time and increase access speed. for example: `./proxy socks -p ":33080" --dns-address "8.8.8.8:53" --dns-ttl 300` From 26e9231e488a2580849dc4b31c440fd4f10c137f Mon Sep 17 00:00:00 2001 From: yincongcyincong <648588267@qq.com> Date: Wed, 28 Feb 2018 16:23:30 +0800 Subject: [PATCH 32/36] Update README.md --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 24613cc..f22f040 100644 --- a/README.md +++ b/README.md @@ -333,8 +333,8 @@ iptables -t nat -A OUTPUT -p tcp -j PROXY - Deleting the rules of the chain command is iptables -D chain name from the selected chain, such as iptables -t nat -D PROXY -d 223.223.192.0/255.255.240.0 -j RETURN #### **1.11.Custom DNS** ---dns-address and --dns-ttl parameters can be used to specify DNS(--dns-address) when you use proxy to access to a domain name. -they also can specify analytical result cache time (--dns-ttl) which unit is second. they can avoid the interference of system DNS to proxy. cache can reduce DNS resolution time and increase access speed. +--dns-address and --dns-ttl parameters can be used to specify DNS(--dns-address) when you use proxy to access to a domain. +they also can specify dns result cache time (--dns-ttl) which unit is second. they can avoid the interference of system DNS to proxy. cache can reduce DNS resolution time and increase access speed. for example: `./proxy http -p ":33080" --dns-address "8.8.8.8:53" --dns-ttl 300` @@ -650,8 +650,8 @@ HTTP two level proxy(local os is Linux) Then access to the local 8080 port is access to the proxy port 38080 on the VPS, and the data is transmitted through the KCP protocol. #### **5.9.Custom DNS** ---dns-address and --dns-ttl parameters can be used to specify DNS(--dns-address) when you use proxy to access to a domain name. -they also can specify analytical result cache time (--dns-ttl) which unit is second. they can avoid the interference of system DNS to proxy. cache can reduce DNS resolution time and increase access speed. +--dns-address and --dns-ttl parameters can be used to specify DNS(--dns-address) when you use proxy to access to a domain. +they also can specify dns result cache time (--dns-ttl) which unit is second. they can avoid the interference of system DNS to proxy. cache can reduce DNS resolution time and increase access speed. for example: `./proxy socks -p ":33080" --dns-address "8.8.8.8:53" --dns-ttl 300` From ab0205587a1182545172911c9efdfc7b1b2d4d24 Mon Sep 17 00:00:00 2001 From: yincongcyincong <648588267@qq.com> Date: Tue, 6 Mar 2018 18:28:54 +0800 Subject: [PATCH 33/36] Update README.md --- README.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index f22f040..dbec438 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ -Proxy is a high performance HTTP, HTTPS, HTTPS, websocket, TCP, UDP, Socks5 proxy server implemented by golang. It supports parent proxy,nat forward,TCP/UDP port forwarding, SSH transfer. you can expose a local server behind a NAT or firewall to the internet.   +Proxy is a high performance HTTP, HTTPS, HTTPS, websocket, TCP, UDP, Socks5 proxy server implemented by golang. It supports parent proxy,nat forward,TCP/UDP port forwarding, SSH transfer, TLS encrypted transmission, protocol conversion. you can expose a local server behind a NAT or firewall to the internet.   --- @@ -114,6 +114,13 @@ This page is the v4.2 manual, and the other version of the manual can be checked - [5.8 KCP protocol transmission](#58kcp-protocol-transmission) - [5.9 Custom DNS](#59custom-dns) - [5.10 View help](#510view-help) +- [6.Proxy protocol conversion](#6proxy-protocol-conversion) + - [6.1 Functional introduction](#61functional-introduction) + - [6.2 HTTP(S) to HTTP(S) + SOCKS5](#62http-to-http-socks5) + - [6.3 SOCKS5 to HTTP(S) + SOCKS5](#63socks5-to-http-socks5) + - [6.4 Chain style connection](#64chain-style-connection) + - [6.5 Monitor multiple ports](#65monitor-multiple-ports) + - [6.6 View Help](#56transfer-through-ssh) ### Fast Start tips:all operations require root permissions. From 3dd013c13c554b7b65e68ab4a9e995d8120bf02e Mon Sep 17 00:00:00 2001 From: yincongcyincong <648588267@qq.com> Date: Wed, 7 Mar 2018 08:01:32 +0800 Subject: [PATCH 34/36] Update README.md --- README.md | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 60 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index dbec438..937c86f 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,9 @@ Proxy is a high performance HTTP, HTTPS, HTTPS, websocket, TCP, UDP, Socks5 prox - ...   -This page is the v4.2 manual, and the other version of the manual can be checked by the following link. +This page is the v4.4 manual, and the other version of the manual can be checked by the following link. +- [v4.3 manual](https://github.com/snail007/goproxy/tree/v4.3) +- [v4.2 manual](https://github.com/snail007/goproxy/tree/v4.2) - [v4.0-4.1 manual](https://github.com/snail007/goproxy/tree/v4.1) - [v3.9 manual](https://github.com/snail007/goproxy/tree/v3.9) - [v3.8 manual](https://github.com/snail007/goproxy/tree/v3.8) @@ -666,6 +668,63 @@ for example: #### **5.10.view help** `./proxy help socks` +### **6.Proxy protocol conversion** + +#### **6.1 Functional introduction** +The proxy protocol conversion use the SPS subcommand (abbreviation of socks+https), SPS itself does not provide the proxy function, just accept the proxy request and then converse protocol and forwarded to the existing HTTP (s) or Socks5 proxy. SPS can use existing HTTP (s) or Socks5 proxy converse to support HTTP (s) and Socks5 HTTP (s) proxy at the same time by one port, and proxy supports forward and reverse proxy (SNI), SOCKS5 proxy which is conversed does not support UDP. in addition to the existing HTTP or Socks5 proxy, which supports TLS, TCP, KCP three modes and chain-style connection. That is more than one SPS node connection can build encryption channel. + +#### **6.2 HTTP(S) to HTTP(S) + SOCKS5** +假设已经存在一个普通的http(s)代理:127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5的普通代理,转换后的本地端口为18080。 +命令如下: +`./proxy sps -S http -T tcp -P 127.0.0.1:8080 -t tcp -p :18080` + +假设已经存在一个tls的http(s)代理:127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5的普通代理,转换后的本地端口为18080,tls需要证书文件。 +命令如下: +`./proxy sps -S http -T tls -P 127.0.0.1:8080 -t tcp -p :18080 -C proxy.crt -K proxy.key` + +假设已经存在一个kcp的http(s)代理(密码是:demo123):127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5的普通代理,转换后的本地端口为18080。 +命令如下: +`./proxy sps -S http -T kcp -P 127.0.0.1:8080 -t tcp -p :18080 -B demo123` + +#### **6.3 SOCKS5 to HTTP(S) + SOCKS5** +假设已经存在一个普通的socks5代理:127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5的普通代理,转换后的本地端口为18080。 +命令如下: +`./proxy sps -S socks -T tcp -P 127.0.0.1:8080 -t tcp -p :18080` + +假设已经存在一个tls的socks5代理:127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5的普通代理,转换后的本地端口为18080,tls需要证书文件。 +命令如下: +`./proxy sps -S socks -T tls -P 127.0.0.1:8080 -t tcp -p :18080 -C proxy.crt -K proxy.key` + +假设已经存在一个kcp的socks5代理(密码是:demo123):127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5的普通代理,转换后的本地端口为18080。 +命令如下: +`./proxy sps -S socks -T kcp -P 127.0.0.1:8080 -t tcp -p :18080 -B demo123` + +#### **6.4 Chain style connection** +上面提过多个sps结点可以层级连接构建加密通道,假设有如下vps和家里的pc电脑。 +vps01:2.2.2.2 +vps02:3.3.3.3 +现在我们想利用pc和vps01和vps02构建一个加密通道,本例子用tls加密也可以用kcp,在pc上访问本地18080端口就是访问vps01的本地8080端口。 +首先在vps01(2.2.2.2)上我们运行一个只有本地可以访问的http(s)代理,执行: +`./proxy -t tcp -p 127.0.0.1:8080` + +然后在vps01(2.2.2.2)上运行一个sps结点,执行: +`./proxy -S http -T tcp -P 127.0.0.1:8080 -t tls -p :8081 -C proxy.crt -K proxy.key` + +然后在vps02(3.3.3.3)上运行一个sps结点,执行: +`./proxy -S http -T tls -P 2.2.2.2:8081 -t tls -p :8082 -C proxy.crt -K proxy.key` + +然后在pc上运行一个sps结点,执行: +`./proxy -S http -T tls -P 3.3.3.3:8082 -t tcp -p :18080 -C proxy.crt -K proxy.key` + +完成。 + +#### **6.5 Monitor multiple ports** +一般情况下监听一个端口就可以,不过如果作为反向代理需要同时监听80和443两个端口,那么-p参数是支持的, +格式是:`-p 0.0.0.0:80,0.0.0.0:443`,多个绑定用逗号分隔即可。 + +#### **6.6 view help** +`./proxy help sps` + ### TODO - Welcome joining group feedback... From ac9eb64501e96ae1044d7f6b22b02886c31051f1 Mon Sep 17 00:00:00 2001 From: yincongcyincong <648588267@qq.com> Date: Wed, 7 Mar 2018 13:34:16 +0800 Subject: [PATCH 35/36] Update README.md --- README.md | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 937c86f..2ee1bbe 100644 --- a/README.md +++ b/README.md @@ -21,6 +21,7 @@ Proxy is a high performance HTTP, HTTPS, HTTPS, websocket, TCP, UDP, Socks5 prox - The integrated external API, HTTP (S): SOCKS5 proxy authentication can be integrated with the external HTTP API, which can easily control the user's access through the external system. - Reverse proxy: goproxy supports directly parsing the domain to proxy monitor IP, and then proxy will help you to access the HTTP (S) site that you need to access. - Transparent proxy: with the iptables, goproxy can directly forward the 80 and 443 port's traffic to proxy in the gateway, and can realize the unaware intelligent router proxy. +- Protocol conversion: The existing HTTP (S) or SOCKS5 proxy can be converted to a proxy which support both HTTP (S) and SOCKS5 by one port, but the converted SOCKS5 proxy does not support the UDP function.   ### Why need these? - Because for some reason, we cannot access our services elsewhere. We can build a secure tunnel to access our services through multiple connected proxy nodes.   @@ -121,7 +122,7 @@ This page is the v4.4 manual, and the other version of the manual can be checked - [6.2 HTTP(S) to HTTP(S) + SOCKS5](#62http-to-http-socks5) - [6.3 SOCKS5 to HTTP(S) + SOCKS5](#63socks5-to-http-socks5) - [6.4 Chain style connection](#64chain-style-connection) - - [6.5 Monitor multiple ports](#65monitor-multiple-ports) + - [6.5 Listening on multiple ports](#65listening-on-multiple-ports) - [6.6 View Help](#56transfer-through-ssh) ### Fast Start @@ -674,29 +675,29 @@ for example: The proxy protocol conversion use the SPS subcommand (abbreviation of socks+https), SPS itself does not provide the proxy function, just accept the proxy request and then converse protocol and forwarded to the existing HTTP (s) or Socks5 proxy. SPS can use existing HTTP (s) or Socks5 proxy converse to support HTTP (s) and Socks5 HTTP (s) proxy at the same time by one port, and proxy supports forward and reverse proxy (SNI), SOCKS5 proxy which is conversed does not support UDP. in addition to the existing HTTP or Socks5 proxy, which supports TLS, TCP, KCP three modes and chain-style connection. That is more than one SPS node connection can build encryption channel. #### **6.2 HTTP(S) to HTTP(S) + SOCKS5** -假设已经存在一个普通的http(s)代理:127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5的普通代理,转换后的本地端口为18080。 -命令如下: +Suppose there is a common HTTP (s) proxy: 127.0.0.1:8080. Now we turn it into a common proxy that supports HTTP (s) and Socks5 at the same time. The local port after transformation is 18080. +command: `./proxy sps -S http -T tcp -P 127.0.0.1:8080 -t tcp -p :18080` -假设已经存在一个tls的http(s)代理:127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5的普通代理,转换后的本地端口为18080,tls需要证书文件。 -命令如下: +Suppose that there is a TLS HTTP (s) proxy: 127.0.0.1:8080. Now we turn it into a common porxy that supports HTTP (s) and Socks5 at the same time. The local port after transformation is 18080, TLS needs certificate file. +command: `./proxy sps -S http -T tls -P 127.0.0.1:8080 -t tcp -p :18080 -C proxy.crt -K proxy.key` -假设已经存在一个kcp的http(s)代理(密码是:demo123):127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5的普通代理,转换后的本地端口为18080。 -命令如下: +Suppose there is a KCP HTTP (s) proxy (password: demo123): 127.0.0.1:8080. Now we turn it into a common proxy that supports HTTP (s) and Socks5 at the same time. The local port after transformation is 18080. +command: `./proxy sps -S http -T kcp -P 127.0.0.1:8080 -t tcp -p :18080 -B demo123` #### **6.3 SOCKS5 to HTTP(S) + SOCKS5** -假设已经存在一个普通的socks5代理:127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5的普通代理,转换后的本地端口为18080。 -命令如下: +Suppose there is a common Socks5 proxy: 127.0.0.1:8080, now we turn it into a common proxy that supports HTTP (s) and Socks5 at the same time, and the local port after transformation is 18080. +command: `./proxy sps -S socks -T tcp -P 127.0.0.1:8080 -t tcp -p :18080` 假设已经存在一个tls的socks5代理:127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5的普通代理,转换后的本地端口为18080,tls需要证书文件。 -命令如下: +command: `./proxy sps -S socks -T tls -P 127.0.0.1:8080 -t tcp -p :18080 -C proxy.crt -K proxy.key` 假设已经存在一个kcp的socks5代理(密码是:demo123):127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5的普通代理,转换后的本地端口为18080。 -命令如下: +command: `./proxy sps -S socks -T kcp -P 127.0.0.1:8080 -t tcp -p :18080 -B demo123` #### **6.4 Chain style connection** @@ -716,11 +717,11 @@ vps02:3.3.3.3 然后在pc上运行一个sps结点,执行: `./proxy -S http -T tls -P 3.3.3.3:8082 -t tcp -p :18080 -C proxy.crt -K proxy.key` -完成。 +finish。 -#### **6.5 Monitor multiple ports** +#### **6.5 Listening on multiple ports** 一般情况下监听一个端口就可以,不过如果作为反向代理需要同时监听80和443两个端口,那么-p参数是支持的, -格式是:`-p 0.0.0.0:80,0.0.0.0:443`,多个绑定用逗号分隔即可。 +The format is:`-p 0.0.0.0:80,0.0.0.0:443`, Multiple bindings are separated by a comma. #### **6.6 view help** `./proxy help sps` From 5f38162fbb394d364b8b9b4e68d26059bf63e919 Mon Sep 17 00:00:00 2001 From: yincongcyincong <648588267@qq.com> Date: Wed, 7 Mar 2018 23:30:05 +0800 Subject: [PATCH 36/36] Update README.md --- README.md | 37 +++++++++++++++++++------------------ 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index 2ee1bbe..3efb05e 100644 --- a/README.md +++ b/README.md @@ -49,7 +49,8 @@ This page is the v4.4 manual, and the other version of the manual can be checked - [v2.x manual](https://github.com/snail007/goproxy/tree/v2.2) ### How to find the organization? -[Click to join the communication organization](https://gitter.im/go-proxy/Lobby?utm_source=share-link&utm_medium=link&utm_campaign=share-link) +[Click to join the communication organization gitter](https://gitter.im/go-proxy/Lobby?utm_source=share-link&utm_medium=link&utm_campaign=share-link) +[Click to join the communication organization TG](https://t.me/joinchat/GYHXghCDSBmkKZrvu4wIdQ)   ### Installation - [Quick installation](#quick-installation) @@ -671,15 +672,15 @@ for example: ### **6.Proxy protocol conversion** -#### **6.1 Functional introduction** +#### **6.1.Functional introduction** The proxy protocol conversion use the SPS subcommand (abbreviation of socks+https), SPS itself does not provide the proxy function, just accept the proxy request and then converse protocol and forwarded to the existing HTTP (s) or Socks5 proxy. SPS can use existing HTTP (s) or Socks5 proxy converse to support HTTP (s) and Socks5 HTTP (s) proxy at the same time by one port, and proxy supports forward and reverse proxy (SNI), SOCKS5 proxy which is conversed does not support UDP. in addition to the existing HTTP or Socks5 proxy, which supports TLS, TCP, KCP three modes and chain-style connection. That is more than one SPS node connection can build encryption channel. -#### **6.2 HTTP(S) to HTTP(S) + SOCKS5** +#### **6.2.HTTP(S) to HTTP(S) + SOCKS5** Suppose there is a common HTTP (s) proxy: 127.0.0.1:8080. Now we turn it into a common proxy that supports HTTP (s) and Socks5 at the same time. The local port after transformation is 18080. command: `./proxy sps -S http -T tcp -P 127.0.0.1:8080 -t tcp -p :18080` -Suppose that there is a TLS HTTP (s) proxy: 127.0.0.1:8080. Now we turn it into a common porxy that supports HTTP (s) and Socks5 at the same time. The local port after transformation is 18080, TLS needs certificate file. +Suppose that there is a TLS HTTP (s) proxy: 127.0.0.1:8080. Now we turn it into a common proxy that supports HTTP (s) and Socks5 at the same time. The local port after transformation is 18080, TLS needs certificate file. command: `./proxy sps -S http -T tls -P 127.0.0.1:8080 -t tcp -p :18080 -C proxy.crt -K proxy.key` @@ -687,43 +688,43 @@ Suppose there is a KCP HTTP (s) proxy (password: demo123): 127.0.0.1:8080. Now w command: `./proxy sps -S http -T kcp -P 127.0.0.1:8080 -t tcp -p :18080 -B demo123` -#### **6.3 SOCKS5 to HTTP(S) + SOCKS5** +#### **6.3.SOCKS5 to HTTP(S) + SOCKS5** Suppose there is a common Socks5 proxy: 127.0.0.1:8080, now we turn it into a common proxy that supports HTTP (s) and Socks5 at the same time, and the local port after transformation is 18080. command: `./proxy sps -S socks -T tcp -P 127.0.0.1:8080 -t tcp -p :18080` -假设已经存在一个tls的socks5代理:127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5的普通代理,转换后的本地端口为18080,tls需要证书文件。 +Suppose there is a TLS Socks5 proxy: 127.0.0.1:8080. Now we turn it into a common proxy that support HTTP (s) and Socks5 at the same time. The local port after transformation is 18080, TLS needs certificate file. command: `./proxy sps -S socks -T tls -P 127.0.0.1:8080 -t tcp -p :18080 -C proxy.crt -K proxy.key` -假设已经存在一个kcp的socks5代理(密码是:demo123):127.0.0.1:8080,现在我们把它转为同时支持http(s)和socks5的普通代理,转换后的本地端口为18080。 +Suppose there is a KCP Socks5 proxy (password: demo123): 127.0.0.1:8080, now we turn it into a common proxy that support HTTP (s) and Socks5 at the same time, and the local port after transformation is 18080. command: -`./proxy sps -S socks -T kcp -P 127.0.0.1:8080 -t tcp -p :18080 -B demo123` +`./proxy sps -S socks -T kcp -P 127.0.0.1:8080 -t tcp -p :18080 -B demo123`   -#### **6.4 Chain style connection** -上面提过多个sps结点可以层级连接构建加密通道,假设有如下vps和家里的pc电脑。 +#### **6.4.Chain style connection** +It is mentioned above that multiple SPS nodes can be connected to build encrypted channels, assuming you have the following VPS and a PC. vps01:2.2.2.2 vps02:3.3.3.3 -现在我们想利用pc和vps01和vps02构建一个加密通道,本例子用tls加密也可以用kcp,在pc上访问本地18080端口就是访问vps01的本地8080端口。 -首先在vps01(2.2.2.2)上我们运行一个只有本地可以访问的http(s)代理,执行: +Now we want to use PC and vps01 and vps02 to build an encrypted channel. In this example, TLS is used. KCP also supports encryption in addition to TLS. and accessing to local 18080 port on PC is accessing to the local 8080 ports of vps01. +First, on vps01 (2.2.2.2), we run a HTTP (s) proxy that only can be accessed locally,excute: `./proxy -t tcp -p 127.0.0.1:8080` -然后在vps01(2.2.2.2)上运行一个sps结点,执行: +Then run a SPS node on vps01 (2.2.2.2),excute: `./proxy -S http -T tcp -P 127.0.0.1:8080 -t tls -p :8081 -C proxy.crt -K proxy.key` -然后在vps02(3.3.3.3)上运行一个sps结点,执行: +Then run a SPS node on vps02 (3.3.3.3),excute: `./proxy -S http -T tls -P 2.2.2.2:8081 -t tls -p :8082 -C proxy.crt -K proxy.key` -然后在pc上运行一个sps结点,执行: +Then run a SPS node on the PC,excute: `./proxy -S http -T tls -P 3.3.3.3:8082 -t tcp -p :18080 -C proxy.crt -K proxy.key` finish。 -#### **6.5 Listening on multiple ports** -一般情况下监听一个端口就可以,不过如果作为反向代理需要同时监听80和443两个端口,那么-p参数是支持的, +#### **6.5.Listening on multiple ports** +In general, listening one port is enough, but if you need to monitor 80 and 443 ports at the same time as a reverse proxy, the -p parameter can support it. The format is:`-p 0.0.0.0:80,0.0.0.0:443`, Multiple bindings are separated by a comma. -#### **6.6 view help** +#### **6.6.view help** `./proxy help sps` ### TODO