Skip to content

Instantly share code, notes, and snippets.

@MarshalW

MarshalW/privoxy-whitelist-forward-socks5.md

Last active March 27, 2024 07:37
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save MarshalW/49c0a4e082e3163967748672d278385b to your computer and use it in GitHub Desktop.
Save MarshalW/49c0a4e082e3163967748672d278385b to your computer and use it in GitHub Desktop.
Download ZIP
privoxy设置转发socks5 proxy白名单
Raw
privoxy-whitelist-forward-socks5.md

privoxy设置转发socks5 proxy白名单

以下步骤可在ubuntu/raspbian下执行

安装配置socks5 proxy

需要有一个可ssh访问境外节点账号。

需要创建本地账号的密钥(如果没有~/.ssh/id_rsa):

ssh-keygen -t rsa -b 4096 -q -P ""

需要将该用户公钥设置到境外节点账号下:

ssh-copy-id ..

本地设置~/.ssh/config

Host ${foreign_node_name}
    HostName 12.123.12.1
    User ${foreign_node_user}
    IdentityFile ~/.ssh/id_rsa

测试配置是否成功(免密码登录):

ssh ${foreign_node_name}

本地服务器安装autossh:

sudo apt-get install autossh -y

创建proxy.service文件

sudo nano /etc/systemd/system/proxy.service

[Unit]
Description=Socks5 proxy service
After=network-online.target

[Service]
User=${local_user}
Group=adm
Environment="AUTOSSH_GATETIME=0"
ExecStart=/usr/bin/autossh -M 0 -o "ServerAliveInterval 10" -o "ServerAliveCountMax 3" -D 1337 -C -N ${foreign_node_name}
Restart=always
RestartSec=60

[Install]
WantedBy=multi-user.target
  • -D,动态转发本地端口到1337,ssh client端的端口是动态的
  • -C,压缩数据
  • -N,不能在服务器端执行命令,只使用转发的端口

proxy.service生效:

sudo systemctl enable proxy.service

启动proxy.service

sudo systemctl start proxy.service

查看proxy.service状态

systemctl status proxy.service

没有问题的话,查看1337端口是否已经打开

$ nc 127.0.0.1 1337 -vz
Connection to 127.0.0.1 1337 port [tcp/*] succeeded!

测试1337端口是否正常工作:

$ curl cip.cc -x socks5h://127.0.0.1:1337 -v
* Expire in 0 ms for 6 (transfer 0x1914880)
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x1914880)
* SOCKS5 communication to cip.cc:80
* SOCKS5 request granted.
* Connected to 127.0.0.1 (127.0.0.1) port 1337 (#0)
> GET / HTTP/1.1
> Host: cip.cc
> User-Agent: curl/7.64.0
> Accept: */*
>
< HTTP/1.1 200 OK
..

安装配置privoxy

为什么要使用 privoxy

  • 一些工具不支持 sock5 proxy,但都会支持http proxy
  • 直接使用socks5 proxy不灵活,大多数网站不需要使用proxy

安装provoxy

sudo apt-get install privoxy -y

在privoxy配置文件追加:

sudo nano /etc/privoxy/config

listen-address :8118
enable-edit-actions 1
actionsfile whitelist.action
  • 监听8118端口
  • 允许web界面访问编辑
  • 引用./whitelist.action文件的配置

sudo nano /etc/privoxy/whitelist.action

这个配置默认全部直接访问(不通过socks5代理),需要代理的列在{whitelist}下面:

{{alias}}
direct = +forward-override{forward .}
whitelist = +forward-override{forward-socks5 localhost:1337 .}

#default
{direct}
/

#whitelist
{whitelist}
.google.com
.cip.cc
.docker.com
.docker.io
.github.com

这种配置是默认都走socks5代理,{direct}下定义直接访问:

{{alias}}
proxy = +forward-override{forward-socks5 localhost:1337 .}
direct = +forward-override{forward .}

{proxy}
/

{direct}
.cn
.cip.cc

重启privoxy

sudo systemctl restart privoxy

查看privoxy的8118端口是否正常:

$ nc 127.0.0.1 8118 -vz
Connection to 127.0.0.1 8118 port [tcp/*] succeeded!

测试privoxy代理是否生效:

$ curl cip.cc -x http://127.0.0.1:8118 -v
* Expire in 0 ms for 6 (transfer 0x1629880)
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x1629880)
* Connected to 127.0.0.1 (127.0.0.1) port 8118 (#0)
> GET http://cip.cc/ HTTP/1.1
> Host: cip.cc
> User-Agent: curl/7.64.0
> Accept: */*
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 OK
..

可在其他macOS/Windows/Linux节点设置全局的proxy,并做如下测试:

  • 检查是否已经使用privoxy,可访问 http://p.p/ 设置privoxy
  • 访问 http://www.cip.cc/ 已经是境外节点的ip地址
  • 编辑whitelist.action, sudo nano /etc/privoxy/whitelist.action,注释.cip.cc行,不必重启privoxy会立即生效,再次访问http://www.cip.cc/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment