Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
[Haproxy cfg checking Socks5] Haproxy cfg to check the Socks5 connection #tags: GFW, network, haproxy, config
# Example configuration for a possible web application. See the
# full configuration options online.
log local2
chroot /usr/share/haproxy
pidfile /run/
maxconn 2000
user haproxy
mode tcp
log global
option dontlognull
timeout check 30s
maxconn 2000
# This server group is used for final users.
# Each server should point at one foreign Internet address
# SOCKS5 is accepted
listen shadowsocks_turnup
mode tcp
option tcp-check
tcp-check connect
tcp-check send-binary 050100
tcp-check expect binary 0500 # means local client working okay
tcp-check send-binary 050100030a676f6f676c652e636f6d0050 # try to acess google
tcp-check expect binary 05000001000000000000
tcp-check send GET\ /generate_204\ HTTP/1.0\r\n
tcp-check send Host:\\r\n
tcp-check send User-Agent:\ curl/7.52.1\r\n
tcp-check send Accept:\ */*\r\n
tcp-check send \r\n
tcp-check expect rstring ^HTTP/1.0\ 204
balance leastconn
timeout server 600000
timeout client 600000
timeout connect 500
server vnet-xxxx check inter 15s downinter 1m fall 4 weight 10
listen monitor_mgmt
mode http
stats enable
stats admin if TRUE
stats uri /
Copy link

paigeadelethompson commented Mar 16, 2019

ah man you saved me so much work ty <3

I was wondering actually if you had given any thought as to HTTP CONNECT:

I can do at least that much the last step is that he server responds with an HTTP/1.x 200 and everything after that is supposed to be passed through, but I"m thinking its kinda rude to call out and hang up and it would certainly be nice if there's way to hand off the connection to an httpschk or something if it's possible and do the same generate 204 request you used for socks5. As it is at least it rules out servers that respond 4/5xx to CONNECT but it would be really cool if there was a way to upgrade / wrap the socket to TLS perhaps even validate the certificate / chain of trust because some of these proxies have teeth and mean to try to mitm my https sessions.

Copy link

paigeadelethompson commented Mar 16, 2019

but yeah now I can dump (a prechecked list of proxies) for socks and http and I'm able to watch youtube videos in 1080p almost completely uninterrupted, its getting there, I probably don't even need to be using server-template but it's kinda convenient:

grep -r "Kestrel" | sed 's/:Server: Kestrel//g' | shuf | tr ':' ' ' | cat -n | awk '{print "set server http_and_https_be/http-proxy-"$1 " addr "$2" port "$3}' | sudo nc -U /mnt/export/netcrave_docker/var/run/haproxy/haproxy_admin.sock

for ref the proxy list made with grep -r "Kestrel" | sed 's/:Server: Kestrel//g' | shuf | tr ':' ' ' | cat -n looks like this before awk:

  2974  x.x.x.x 38011
  2975  x.x.x.x 82
  2976  x.x.x.x 46172
  2977  x.x.x.x 58470
  2978  x.x.x.x 8118

it won't accept hostnames has to be ips, for that you can use getent ahostsv4

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment