irLinja/haproxy healthcheck socks5

## haproxy healthcheck socks5
#!/bin/bash
/usr/bin/curl -sSf --socks5-hostname $(echo ${3}):$(echo ${4}) www.google.com >/dev/null

## haproxy.cfg
global
	log /dev/log	local0
	log /dev/log	local1 notice
	#chroot /var/lib/haproxy
	stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
	stats timeout 30s
	user haproxy
	group haproxy
	daemon
    external-check

	# Default SSL material locations
	ca-base /etc/ssl/certs
	crt-base /etc/ssl/private

	# Default ciphers to use on SSL-enabled listening sockets.
	# For more information, see ciphers(1SSL). This list is from:
	#  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
	# An alternative list with additional directives can be obtained from
	#  https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
	ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
	ssl-default-bind-options no-sslv3

defaults
	log	global
	mode	tcp
	option	tcplog
	option	dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
	errorfile 400 /etc/haproxy/errors/400.http
	errorfile 403 /etc/haproxy/errors/403.http
	errorfile 408 /etc/haproxy/errors/408.http
	errorfile 500 /etc/haproxy/errors/500.http
	errorfile 502 /etc/haproxy/errors/502.http
	errorfile 503 /etc/haproxy/errors/503.http
	errorfile 504 /etc/haproxy/errors/504.http

#---------------------------------------------------------------------
# STATS frontend
#---------------------------------------------------------------------
frontend  stats
    bind *:8080
    option httplog
    mode http
    stats enable
    stats hide-version
    stats realm Haproxy\ Statistics
    stats uri /
    stats auth admin:admin

#---------------------------------------------------------------------
# TCP frontend
#---------------------------------------------------------------------
frontend  proxy
    bind *:8000
    use_backend proxy
    default_backend proxy

backend proxy
    option external-check
    external-check path "/bin:/var/lib/haproxy"
    external-check command /var/lib/haproxy/check.sh
    balance leastconn
    server  s1-obfs     127.0.0.1:1081 check
    server  s1-direct   127.0.0.1:1080 check backup

## kcp-server.service
[Unit]
Description=kcptun Server
After=network.target

[Service]
ExecStart=/usr/sbin/kcptun-server -l 0.0.0.0:53 -t 127.0.0.1:8388 --key *d8JQw9n --crypt cast5 --mode fast3 --log /var/log/kcptun-server.log
ExecStop=/bin/kill $MAINPID
Restart=always

[Install]
WantedBy=multi-user.target

## obfs-server.service
[Unit]
Description=Simple obfs server
After=network.target

[Service]
ExecStart=/usr/local/bin/obfs-server -p 443 --obfs http -r 127.0.0.1:8388>> /var/log/obfs-server.log
ExecStop=/bin/kill $MAINPID
Restart=always

[Install]
WantedBy=multi-user.target

## privoxy config
hostname proxy.privoxy
listen-address  0.0.0.0:8118
listen-address  [::1]:8118
toggle  1
enable-remote-toggle  1
enable-remote-http-toggle  0
enable-edit-actions 1
enforce-blocks 0
buffer-limit 4096
enable-proxy-authentication-forwarding 0
forward-socks5      /       127.0.0.1:8000 .
forward             localhost/     .
forward             172.17.64.0/22    .
forwarded-connect-retries  1
accept-intercepted-requests 0
allow-cgi-request-crunching 0
split-large-forms 0
keep-alive-timeout 150
tolerate-pipelining 1
socket-timeout 300
max-client-connections 400

## shadow.conf
{
    "server_port":8388,
    "password":"Fo0B@r",
    "method": "chacha20-ietf",
    "timeout":600
}

## shadowsocks-server.service
[Unit]
Description=Shadowsocks Server
After=network.target

[Service]
ExecStart=/usr/sbin/shadowsocks-server -c /etc/shadowsocks/shadow.conf >> /var/log/shadowsocks-server.log
ExecStop=/bin/kill $MAINPID
Restart=always

[Install]
WantedBy=multi-user.target
	#!/bin/bash
	/usr/bin/curl -sSf --socks5-hostname $(echo ${3}):$(echo ${4}) www.google.com >/dev/null
	global
	log /dev/log local0
	log /dev/log local1 notice
	#chroot /var/lib/haproxy
	stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
	stats timeout 30s
	user haproxy
	group haproxy
	daemon
	external-check

	# Default SSL material locations
	ca-base /etc/ssl/certs
	crt-base /etc/ssl/private

	# Default ciphers to use on SSL-enabled listening sockets.
	# For more information, see ciphers(1SSL). This list is from:
	# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
	# An alternative list with additional directives can be obtained from
	# https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
	ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
	ssl-default-bind-options no-sslv3

	defaults
	log global
	mode tcp
	option tcplog
	option dontlognull
	timeout connect 5000
	timeout client 50000
	timeout server 50000
	errorfile 400 /etc/haproxy/errors/400.http
	errorfile 403 /etc/haproxy/errors/403.http
	errorfile 408 /etc/haproxy/errors/408.http
	errorfile 500 /etc/haproxy/errors/500.http
	errorfile 502 /etc/haproxy/errors/502.http
	errorfile 503 /etc/haproxy/errors/503.http
	errorfile 504 /etc/haproxy/errors/504.http

	#---------------------------------------------------------------------
	# STATS frontend
	#---------------------------------------------------------------------
	frontend stats
	bind *:8080
	option httplog
	mode http
	stats enable
	stats hide-version
	stats realm Haproxy\ Statistics
	stats uri /
	stats auth admin:admin

	#---------------------------------------------------------------------
	# TCP frontend
	#---------------------------------------------------------------------
	frontend proxy
	bind *:8000
	use_backend proxy
	default_backend proxy

	backend proxy
	option external-check
	external-check path "/bin:/var/lib/haproxy"
	external-check command /var/lib/haproxy/check.sh
	balance leastconn
	server s1-obfs 127.0.0.1:1081 check
	server s1-direct 127.0.0.1:1080 check backup
	[Unit]
	Description=kcptun Server
	After=network.target

	[Service]
	ExecStart=/usr/sbin/kcptun-server -l 0.0.0.0:53 -t 127.0.0.1:8388 --key *d8JQw9n --crypt cast5 --mode fast3 --log /var/log/kcptun-server.log
	ExecStop=/bin/kill $MAINPID
	Restart=always

	[Install]
	WantedBy=multi-user.target
	[Unit]
	Description=Simple obfs server
	After=network.target

	[Service]
	ExecStart=/usr/local/bin/obfs-server -p 443 --obfs http -r 127.0.0.1:8388>> /var/log/obfs-server.log
	ExecStop=/bin/kill $MAINPID
	Restart=always

	[Install]
	WantedBy=multi-user.target
	hostname proxy.privoxy
	listen-address 0.0.0.0:8118
	listen-address [::1]:8118
	toggle 1
	enable-remote-toggle 1
	enable-remote-http-toggle 0
	enable-edit-actions 1
	enforce-blocks 0
	buffer-limit 4096
	enable-proxy-authentication-forwarding 0
	forward-socks5 / 127.0.0.1:8000 .
	forward localhost/ .
	forward 172.17.64.0/22 .
	forwarded-connect-retries 1
	accept-intercepted-requests 0
	allow-cgi-request-crunching 0
	split-large-forms 0
	keep-alive-timeout 150
	tolerate-pipelining 1
	socket-timeout 300
	max-client-connections 400
	{
	"server_port":8388,
	"password":"Fo0B@r",
	"method": "chacha20-ietf",
	"timeout":600
	}
	[Unit]
	Description=Shadowsocks Server
	After=network.target

	[Service]
	ExecStart=/usr/sbin/shadowsocks-server -c /etc/shadowsocks/shadow.conf >> /var/log/shadowsocks-server.log
	ExecStop=/bin/kill $MAINPID
	Restart=always

	[Install]
	WantedBy=multi-user.target