[Haproxy cfg checking Socks5] Haproxy cfg to check the Socks5 connection #tags: GFW, network, haproxy, config
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#--------------------------------------------------------------------- | |
# Example configuration for a possible web application. See the | |
# full configuration options online. | |
# | |
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt | |
# | |
#--------------------------------------------------------------------- | |
global | |
log 127.0.0.1 local2 | |
chroot /usr/share/haproxy | |
pidfile /run/haproxy.pid | |
maxconn 2000 | |
user haproxy | |
daemon | |
defaults | |
mode tcp | |
log global | |
option dontlognull | |
timeout check 30s | |
maxconn 2000 | |
# This server group is used for final users. | |
# Each server should point at one foreign Internet address | |
# SOCKS5 is accepted | |
listen shadowsocks_turnup | |
bind 127.0.1.1:3000 | |
mode tcp | |
option tcp-check | |
tcp-check connect | |
tcp-check send-binary 050100 | |
tcp-check expect binary 0500 # means local client working okay | |
tcp-check send-binary 050100030a676f6f676c652e636f6d0050 # try to acess google | |
tcp-check expect binary 05000001000000000000 | |
tcp-check send GET\ /generate_204\ HTTP/1.0\r\n | |
tcp-check send Host:\ google.com\r\n | |
tcp-check send User-Agent:\ curl/7.52.1\r\n | |
tcp-check send Accept:\ */*\r\n | |
tcp-check send \r\n | |
tcp-check expect rstring ^HTTP/1.0\ 204 | |
balance leastconn | |
timeout server 600000 | |
timeout client 600000 | |
timeout connect 500 | |
server vnet-xxxx 127.0.1.1:4000 check inter 15s downinter 1m fall 4 weight 10 | |
listen monitor_mgmt | |
mode http | |
bind 127.0.1.1:3389 | |
stats enable | |
stats admin if TRUE | |
stats uri / | |
but yeah now I can dump (a prechecked list of proxies) for socks and http and I'm able to watch youtube videos in 1080p almost completely uninterrupted, its getting there, I probably don't even need to be using server-template but it's kinda convenient:
grep -r "Kestrel" | sed 's/:Server: Kestrel//g' | shuf | tr ':' ' ' | cat -n | awk '{print "set server http_and_https_be/http-proxy-"$1 " addr "$2" port "$3}' | sudo nc -U /mnt/export/netcrave_docker/var/run/haproxy/haproxy_admin.sock
for ref the proxy list made with grep -r "Kestrel" | sed 's/:Server: Kestrel//g' | shuf | tr ':' ' ' | cat -n
looks like this before awk:
2974 x.x.x.x 38011
2975 x.x.x.x 82
2976 x.x.x.x 46172
2977 x.x.x.x 58470
2978 x.x.x.x 8118
it won't accept hostnames has to be ips, for that you can use getent ahostsv4
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
ah man you saved me so much work ty <3
I was wondering actually if you had given any thought as to HTTP CONNECT:
https://github.com/paigeadelethompson/netcrave-docker/blob/master/etc/haproxy/haproxy.cfg#L87
I can do at least that much the last step is that he server responds with an HTTP/1.x 200 and everything after that is supposed to be passed through, but I"m thinking its kinda rude to call out and hang up and it would certainly be nice if there's way to hand off the connection to an httpschk or something if it's possible and do the same generate 204 request you used for socks5. As it is at least it rules out servers that respond 4/5xx to CONNECT but it would be really cool if there was a way to upgrade / wrap the socket to TLS perhaps even validate the certificate / chain of trust because some of these proxies have teeth and mean to try to mitm my https sessions.