本文供高级玩家阅读,请先阅读 Vmess + TCP + TLS 方式的 HTTP 分流和网站伪装。 相比 TCP,Domain Socket 更为高效。 本文针对使用 Debian 10 的用户,其他系统请自行摸索。
-
首先按照先前的教程安装好 HaProxy 和 V2Ray。
-
修改以下文件,示例见下方
- /etc/haproxy/haproxy.cfg
phlinhng
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Licensed under WTFPL | |
| package main | |
| import ( | |
| "bytes" | |
| "crypto/rand" | |
| "crypto/rsa" | |
| "crypto/tls" | |
| "crypto/x509" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| scholar.example.com { | |
| timeouts 5m | |
| proxy / https://scholar.google.com.hk { | |
| except /robots.txt /usercontent | |
| header_upstream X-Real-IP {remote} | |
| header_upstream X-Forwarded-For {remote} | |
| header_upstream User-Agent {>User-Agent} | |
| # header_upstream X-Real-IP {>CF-Connecting-IP} | |
| # header_upstream X-Forwarded-For {>CF-Connecting-IP} | |
| header_upstream Accept-Language zh-HK |
wych42
/ clash.service
Last active
February 5, 2024 05:39
Clash as transparent proxy(not totally transparent) on gateway box
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Unit] | |
| Description=Clash service | |
| After=network.target | |
| [Service] | |
| [Service] | |
| Type=simple | |
| StandardError=journal | |
| User=clash |
liberal-boy
/ HaProxy 通过 Domain Socket 与 V2Ray 通讯.md
Last active
September 5, 2023 19:46
HaProxy 通过 Domain Socket 与 V2Ray 通讯
原帖来自于Vmess + TCP + TLS 方式的 HTTP 分流和网站伪装
这里只是塞了个trojan进去, 背景 请看原帖。
利用haproxy listen 443端口,同时处理web+trojan+v2ray流量。
流程图如下:( 不知道为啥gist不显示,typora里倒是显示正常 )
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "log": { | |
| "access": "", | |
| "error": "", | |
| "loglevel": "warning" | |
| }, | |
| "inbounds": [ | |
| { | |
| "port": 1080, | |
| "listen": "127.0.0.1", |
liberal-boy
/ Vmess + TCP + TLS 方式的 HTTP 分流和网站伪装.md
Last active
April 17, 2024 09:48
Vmess + TCP + TLS 方式的 HTTP 分流和网站伪装
-
目前 Vmess + WebSocket + TLS (以下简称 wss)方式,因其特征如同 HTTPS 流量,可以隐藏 V2Ray 路径,主动侦测会得到正常 HTTP 网站响应,具有良好的伪装能力,目前被广泛用于反审查。
-
但是如此强大的伪装能力,需要付出严重的性能代价:TLS 1.3 握手需要消耗 1-rtt,WS 握手也需要消耗 1-rtt,增大了握手延迟。V2Ray 增加了 mux 以减少握手的发生,然而实际使用中 mux 体验并不好,很多用户选择关闭。
-
最近兴起了一个新的反审查工具——Trojan,这个工具将一个类似 Socks 的协议直接通过 TLS 传输,并将认证失败的流量交由 Web 服务器处理。降低 WS 延迟的同时,提供与 wss 方式一样的伪装能力。但是该工具较为年轻,没有路由功能,各平台图形化客户端也不完善。
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ################### | |
| # # | |
| # SU.SG # | |
| # # | |
| ################### | |
| # https://mp.weixin.qq.com/s/H3OOqhFRr0YZGorIAlsCjA | |
| # todo | |
| # replace or remove content-security-policy header |
klzgrad
/ TLS指纹调查.md
Last active
April 5, 2024 03:14
调查目的:了解当前各基于TLS的协议方案中ClientHello的指纹独特性。理论背景见 https://arxiv.org/abs/1607.01639 。
指纹数据库:
(利益相关:我是这个的作者)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import subprocess | |
| import json | |
| import os | |
| from pathlib import Path | |
| import requests | |
| from requests.compat import urljoin |
NewerOlder