The GoProxy is a high-performance http proxy, https proxy, socks5 proxy, ss proxy, websocket proxies, tcp proxies, udp proxies, game shield, game proxies. Support forward proxies, reverse proxy, transparent proxy, internet nat proxies, https proxy load balancing, http proxy load balancing , socks5 proxies load balancing, socket proxy load balancing, ss proxy load balancing, TCP / UDP port mapping, SSH transit, TLS encrypted transmission, protocol conversion, anti-pollution DNS proxy, API authentication, speed limit, limit connection. Reverse proxies to help you expose a local server behind a NAT or firewall to the internet so that you or your visitors can access it directly and easily.
The GoProxy is a high-performance http proxy, https proxy, socks5 proxy, ss proxy, websocket proxies, tcp proxies, udp proxies, game shield, game proxies. Support forward proxies, reverse proxy, transparent proxy, internet nat proxies, https proxy load balancing, http proxy load balancing , socks5 proxies load balancing, socket proxy load balancing, ss proxy load balancing, TCP / UDP port mapping, SSH transit, TLS encrypted transmission, protocol conversion, anti-pollution DNS proxy, API authentication, speed limit, limit connection. Reverse proxies to help you expose a local server behind a NAT or firewall to the internet so that you or your visitors can access it directly and easily.
@ -36,7 +43,7 @@ And ProxyAdmin is a powerful web console of snail007/goproxy .
- Communication encryption, if the program is not a level one proxies, and the upper level proxies is also the program, then the communication between the upper level proxies and the upper level proxies can be encrypted, and the underlying tls high-intensity encryption is used, and the security is featureless.
- Smart HTTP, SOCKS5 proxy, will automatically determine whether the visited website is blocked. If it is blocked, it will use the upstream proxies (provided that the upstream proxies is configured) to access the website; if the visited website is not blocked, in order to speed up the access, the proxies will Direct access to the website without using a upstream proxies.
- Domain name black and white list, more free to control the way the website is accessed.
- Cross-platform, whether you are widows, linux, mac, or even raspberry pie, you can run the proxy very well.
- Cross-platform, whether you are windows, linux, mac, or even raspberry pie, you can run the proxy very well.
- Multi-protocol support, support for HTTP(S), TCP, UDP, Websocket, SOCKS5 proxy.
- TCP/UDP port forwarding.
- Support intranet penetration, protocol supports TCP and UDP.
When the VPS is behind the nat device, the vps network card IP is the intranet IP. At this time, you can use the -g parameter to add the vps external network ip to prevent the infinite loop.
When the VPS is behind the nat device, the vps network interface IP is the intranet IP. At this time, you can use the -g parameter to add the vps external network ip to prevent the infinite loop.
Suppose your vps external network ip is 23.23.23.23. The following command sets 23.23.23.23 with the -g parameter.
@ -670,6 +714,27 @@ The `--bind-listen` parameter can be used to open the client connection with the
Although the above `--bind-listen` parameter can specify the outgoing IP, the `entry IP` and the `outgoing IP` cannot be referenced artificially. If you want the ingress IP and the egress IP to be different, you can use the `--bind-ip` parameter, format: `IP:port`, for example: `1.1.1.1:8080`, `[2000:0:0:0:0 :0:0:1]:8080`. For multiple binding requirements, the `--bind-ip` parameter can be repeated.
For example, this machine has IP `5.5.5.5`, `6.6.6.6`, and monitors two ports `8888` and `7777`, the command is as follows:
Then the client access port `7777`, the outgoing IP is `5.5.5.5`, access port `8888`, the outgoing IP is `6.6.6.6`, if both `--bind-ip` and `--bind- are set at the same time listen`,`--bind-ip` has higher priority.
s
In addition, the `IP` part of the `--bind-ip` parameter supports specifying the `network interface name`, `wildcards`, and more than one can be specified. The detailed description is as follows:
- Specify the network interface name, such as: `--bind-ip eth0:7777`, and then the client accesses the `7777` port, and the egress IP is the IP of the eth0 network interface.
- The network interface name supports wildcards, such as: `--bind-ip eth0.*:7777`, then the client accesses the port `7777`, and the egress IP is randomly selected from the IP of the network interface starting with `eth0.`.
- IP supports wildcards, such as: `--bind-ip 192.168.?.*:777`, then the client accesses the `7777` port, the outgoing IP is all the IPs of the machine, and matches the IP of `192.168.?.*` A randomly selected one.
- It can also be several combinations of network interface name and IP, and several selective divisions using half-width, such as: `-bind-ip pppoe??,192.168.?.*:7777`, and then the client accesses the `7777` port , The outgoing IP is the machine's network interface name matching `pppoe??`
It is randomly selected from the IP matching `192.168.?.*` in the machine IP.
- The wildcard character `*` represents 0 to any character, `? `Represents 1 character.
- If the IP of the network interface changes, it will take effect in real time.
- You can use the `--bind-refresh` parameter to specify the interval to refresh the local network interface information, the default is `5`, the unit is second.
### 1.17 Certificate parameters use base64 data
By default, the -C, -K parameter is the path to the crt certificate and the key file.
@ -678,7 +743,7 @@ If it is the beginning of base64://, then the latter data is considered to be ba
### 1.18 Intelligent mode
Intelligent mode setting, can be one of intelligent|direct|parent.
The default is: intelligent.
The default is: parent.
The meaning of each value is as follows:
`--intelligent=direct`, the targets in the blocked are not directly connected.
`--intelligent=parent`, the target that is not in the direct is going to the higher level.
@ -778,6 +843,28 @@ When the TCP proxy is a superior type (parameter: -T) is tcp, it supports the sp
Although the above `--bind-listen` parameter can specify the outgoing IP, the `entry IP` and the ` outgoing IP` cannot be referenced artificially. If you want the ingress IP to be different from the egress IP, you can use the `--bind-ip` parameter, format: `IP:port`, for example: `1.1.1.1:8080`
, `[2000:0:0:0:0:0:0:1]:8080`. For multiple binding requirements, you can repeat the `--bind-ip` parameter identification.
For example, this machine has IP `5.5.5.5`, `6.6.6.6`, and monitors two ports `8888` and `7777`, the command is as follows:
Then the client access port `7777`, the outgoing IP is `5.5.5.5`, access port `8888`, the outgoing IP is `6.6.6.6`, if both `--bind-ip` and `--bind- are set at the same time listen`,`--bind-ip` has higher priority.
In addition, the `IP` part of the `--bind-ip` parameter supports specifying the `network interface name`, `wildcards`, and more than one can be specified. The detailed description is as follows:
- Specify the network interface name, such as: `--bind-ip eth0:7777`, then the client accesses the `7777` port, and the egress IP is the IP of the eth0 network interface.
- The network interface name supports wildcards, for example: `--bind-ip eth0.*:7777`, then the client accesses the `7777` port, and the egress IP is a randomly selected one of the network interface IPs starting with `eth0.`.
- IP supports wildcards, such as: `--bind-ip 192.168.?.*:7777`, then the client accesses the `7777` port, and the exit IP is all the IPs of the machine, matching the IP of `192.168.?.*` A randomly selected one.
- It can also be multiple combinations of network interface name and IP, separated by half-width commas, such as: `--bind-ip pppoe??,192.168.?.*:7777`, then the client accesses the port `7777`, The outgoing IP is the machine's network interface name matching `pppoe??`
It is a randomly selected one among all IPs of the machine that matches `192.168.?.*`.
- The wildcard character `*` represents 0 to any number of characters, and `?` represents 1 character.
- If the IP of the network interface changes, it will take effect in real time.
- You can use the `--bind-refresh` parameter to specify the interval to refresh the local network interface information, the default is `5`, the unit is second.
### 2.8 Speed limit, connections limit
The parameter `--max-conns` can limit the maximum number of connections per port.
@ -1280,6 +1367,28 @@ The `--bind-listen` parameter can be used to open the client connection with the
Although the above `--bind-listen` parameter can specify the outgoing IP, the `entry IP` and ` outgoing IP` cannot be interfered by humans. If you want the ingress IP to be different from the egress IP, you can use the `--bind-ip` parameter, format: `IP:port`, for example: `1.1.1.1:8080`
, `[2000:0:0:0:0:0:0:1]:8080`. For multiple binding requirements, you can repeat the `--bind-ip` parameter.
For example, the machine has IP `5.5.5.5`, `6.6.6.6`, and monitors two ports `8888` and `7777`, the command is as follows:
Then the client access port `7777`, the outgoing IP is `5.5.5.5`, access port `8888`, the outgoing IP is `6.6.6.6`, if both `--bind-ip` and `--bind- are set at the same time listen`,`--bind-ip` has higher priority.
In addition, the `IP` part of the `--bind-ip` parameter supports specifying the `network interface name`, `wildcards`, and more than one. The details are as follows:
- Specify the network interface name, such as: `--bind-ip eth0:7777`, then the client accesses the `7777` port, and the egress IP is the IP of the eth0 network interface.
- The network interface name supports wildcards, for example: `--bind-ip eth0.*:7777`, then the client accesses the `7777` port, and the egress IP is a randomly selected one of the network interface IPs starting with `eth0.`.
- IP supports wildcards, such as: `--bind-ip 192.168.?.*:7777`, then the client accesses the `7777` port, and the exit IP is all the IPs of the machine, matching the IP of `192.168.?.*` A randomly selected one.
- It can also be multiple combinations of network interface name and IP, separated by half-width commas, such as: `--bind-ip pppoe??,192.168.?.*:7777`, then the client accesses the port `7777`, The outgoing IP is the machine's network interface name matching `pppoe??`
It is a randomly selected one among all IPs of the machine that matches `192.168.?.*`.
- The wildcard character `*` represents 0 to any number of characters, and `?` represents 1 character.
- If the IP of the network interface changes, it will take effect in real time.
- You can use the `--bind-refresh` parameter to specify the interval to refresh the local network interface information, the default is `5`, the unit is second.
### 5.15 Cascade Certification
SOCKS5 supports cascading authentication, and -A can set upstream authentication information.
@ -1301,7 +1410,7 @@ If it is the beginning of base64://, then the latter data is considered to be ba
### 5.17 Intelligent mode
Intelligent mode setting, can be one of intelligent|direct|parent.
The default is: intelligent.
The default is: parent.
The meaning of each value is as follows:
`--intelligent=direct`, the targets in the blocked are not directly connected.
`--intelligent=parent`, the target that is not in the direct is going to the higher level.
@ -1543,6 +1652,28 @@ The `--bind-listen` parameter can be used to open the client connection with the
Although the above `--bind-listen` parameter can specify the outgoing IP, the `entry IP` and ` outgoing IP` cannot be interfered by humans. If you want the ingress IP to be different from the egress IP, you can use the `--bind-ip` parameter, format: `IP:port`, for example: `1.1.1.1:8080`
, `[2000:0:0:0:0:0:0:1]:8080`. For multiple binding requirements, you can repeat the `--bind-ip` parameter.
For example, the machine has IP `5.5.5.5`, `6.6.6.6`, and monitors two ports `8888` and `7777`, the command is as follows:
Then the client access port `7777`, the outgoing IP is `5.5.5.5`, access port `8888`, the outgoing IP is `6.6.6.6`, if both `--bind-ip` and `--bind- are set at the same time listen`,`--bind-ip` has higher priority.
In addition, the `IP` part of the `--bind-ip` parameter supports specifying the `network interface name`, `wildcards`, and more than one. The details are as follows:
- Specify the network interface name, such as: `--bind-ip eth0:7777`, then the client accesses the `7777` port, and the egress IP is the IP of the eth0 network interface.
- The network interface name supports wildcards, for example: `--bind-ip eth0.*:7777`, then the client accesses the `7777` port, and the egress IP is a randomly selected one of the network interface IPs starting with `eth0.`.
- IP supports wildcards, such as: `--bind-ip 192.168.?.*:7777`, then the client accesses the `7777` port, and the exit IP is all the IPs of the machine, matching the IP of `192.168.?.*` A randomly selected one.
- It can also be multiple combinations of network interface name and IP, separated by half-width commas, such as: `--bind-ip pppoe??,192.168.?.*:7777`, then the client accesses the port `7777`, The outgoing IP is the machine's network interface name matching `pppoe??`
It is a randomly selected one among all IPs of the machine that matches `192.168.?.*`.
- The wildcard character `*` represents 0 to any number of characters, and `?` represents 1 character.
- If the IP of the network interface changes, it will take effect in real time.
- You can use the `--bind-refresh` parameter to specify the interval to refresh the local network interface information, the default is `5`, the unit is second.
### 6.13 Certificate parameters use base64 data
By default, the -C, -K parameter is the path to the crt certificate and the key file.
@ -1760,7 +1891,6 @@ Local execution:
Then the local UDP port 53 provides a secure anti-pollution DNS resolution function.
Userconns: The maximum number of connections for the user, not limited to 0 or not set this header.
Ipcons: The maximum number of connections for the user IP, not limited to 0 or not set this header.
Userrate: User's single TCP connection rate limit, in bytes/second, is not limited to 0 or does not set this header.
Iprate: The single TCP connection rate limit of the user IP, in bytes/second, not limited to 0 or not set this header.
Upstream: The upstream used, not empty, or not set this header.
userconns: The maximum number of connections for the user, not limited to 0 or not set this header.
ipcons: The maximum number of connections for the user IP, not limited to 0 or not set this header.
userrate: User's single TCP connection rate limit, in bytes/second, is not limited to 0 or does not set this header.
iprate: The single TCP connection rate limit of the user IP, in bytes/second, not limited to 0 or not set this header.
upstream: The upstream used, not empty, or not set this header.
outgoing: The outgoing ip,this option only working which upstream is empty. And the IP must belong to the machine running proxy。
#### Tips
1. By default, `--auth-url` is required to provide the user name and password. If you do not need the client to provide the username and password, and authenticate, you can add `--auth-nouser`. The visit will still access the authentication address `--auth-url` for authentication. Only the $user authentication username and the $pass authentication password received in the php interface are empty when client didn't send username and password.
@ -1864,15 +1996,17 @@ Explanation: `http://`,`socks5://` is fixed, `127.0.0.1:3100` is the address of
2. When `sps` is 1.
Upstream supports socks5, http(s) proxy, support authentication, format: `protocol://a:b@2.2.2.2:33080?argk=argv`, please refer to SPS chapter for details, **multiple upstreams** , the description of the `-P` parameter.
3. Parameters, `?` followed by `argk=argv` are parameters: parameter name = parameter value, multiple parameters are connected with `&`.
All the supported parameters are as follows, and the meaning of the command line with the same name is the same.
1. parent-type : upper-level transport type, support tcp, tls, ws, wss
2. parent-ws-method: The encryption method of the upper-level ws transmission type, the supported value is the same as the value range supported by the command line.
3. parent-ws-password: The upper-level ws transmission type encryption password, the alphanumeric password
4. parent-tls-single : Whether the upper-level tls transport type is a one-way tls, which can be: true | false
5. timeout : timeout for establishing tcp connection, number, in milliseconds
6. ca : The base64-encoded string of the upper-level tls transport type ca certificate file.
7. cert : The base64 encoded string of the higher level tls transport type certificate file.
8. key : The base64 encoded string of the higher-level tls transport type certificate key file.
All the supported parameters are as follows, and the meaning of the command line with the same name is the same.
1. parent-type : upper-level transport type, support tcp, tls, ws, wss
2. parent-ws-method: The encryption method of the upper-level ws transmission type, the supported value is the same as the value range supported by the command line.
3. parent-ws-password: The upper-level ws transmission type encryption password, the alphanumeric password
4. parent-tls-single : Whether the upper-level tls transport type is a one-way tls, which can be: true | false
5. timeout : timeout for establishing tcp connection, number, in milliseconds
6. ca : The base64-encoded string of the upper-level tls transport type ca certificate file.
7. cert : The base64 encoded string of the higher level tls transport type certificate file.
8. key : The base64 encoded string of the higher-level tls transport type certificate key file.
9. luminati:if upstram is luminati proxies,value can be: true or false。
upstream: upstream used by outgoing tcp connection, if none upstream be used, it's empty.
#### Tips
@ -2034,4 +2171,25 @@ Client service parameters can use placeholders: `{AGENT_ID}` to refer to the age
For example, client service parameters:
`client -T tcp -P 1.1.1.1:30000 --k {AGENT_ID}`
`client -T tcp -P 1.1.1.1:30000 --k {AGENT_ID}`
## 12. http, https website reverse proxy
The proxy can reverse proxy http and https websites.
The supported features are as follows:
- http and https are converted to each other.
- multiple upstream.
- upstream load balance.
- upstream high available.
- path mapping.
- path protection.
- alias names of bindings.
Example, configure file:`rhttp.toml`。
```shell
proxy rhttp -c rhttp.toml
```
For detail usage, please refer to the configuration file [rhttp.toml](https://github.com/snail007/goproxy/blob/master/rhttp.toml), which has a complete configuration description.
When the VPS is behind the nat device, the vps network card IP is the intranet IP. At this time, you can use the -g parameter to add the vps external network ip to prevent the infinite loop.
When the VPS is behind the nat device, the vps network interface IP is the intranet IP. At this time, you can use the -g parameter to add the vps external network ip to prevent the infinite loop.
Suppose your vps external network ip is 23.23.23.23. The following command sets 23.23.23.23 with the -g parameter.
@ -497,6 +502,27 @@ The `--bind-listen` parameter can be used to open the client connection with the
Although the above `--bind-listen` parameter can specify the outgoing IP, the `entry IP` and the `outgoing IP` cannot be referenced artificially. If you want the ingress IP and the egress IP to be different, you can use the `--bind-ip` parameter, format: `IP:port`, for example: `1.1.1.1:8080`, `[2000:0:0:0:0 :0:0:1]:8080`. For multiple binding requirements, the `--bind-ip` parameter can be repeated.
For example, this machine has IP `5.5.5.5`, `6.6.6.6`, and monitors two ports `8888` and `7777`, the command is as follows:
Then the client access port `7777`, the outgoing IP is `5.5.5.5`, access port `8888`, the outgoing IP is `6.6.6.6`, if both `--bind-ip` and `--bind- are set at the same time listen`,`--bind-ip` has higher priority.
s
In addition, the `IP` part of the `--bind-ip` parameter supports specifying the `network interface name`, `wildcards`, and more than one can be specified. The detailed description is as follows:
- Specify the network interface name, such as: `--bind-ip eth0:7777`, and then the client accesses the `7777` port, and the egress IP is the IP of the eth0 network interface.
- The network interface name supports wildcards, such as: `--bind-ip eth0.*:7777`, then the client accesses the port `7777`, and the egress IP is randomly selected from the IP of the network interface starting with `eth0.`.
- IP supports wildcards, such as: `--bind-ip 192.168.?.*:777`, then the client accesses the `7777` port, the outgoing IP is all the IPs of the machine, and matches the IP of `192.168.?.*` A randomly selected one.
- It can also be several combinations of network interface name and IP, and several selective divisions using half-width, such as: `-bind-ip pppoe??,192.168.?.*:7777`, and then the client accesses the `7777` port , The outgoing IP is the machine's network interface name matching `pppoe??`
It is randomly selected from the IP matching `192.168.?.*` in the machine IP.
- The wildcard character `*` represents 0 to any character, `? `Represents 1 character.
- If the IP of the network interface changes, it will take effect in real time.
- You can use the `--bind-refresh` parameter to specify the interval to refresh the local network interface information, the default is `5`, the unit is second.
### 1.17 Certificate parameters use base64 data
By default, the -C, -K parameter is the path to the crt certificate and the key file.
@ -505,7 +531,7 @@ If it is the beginning of base64://, then the latter data is considered to be ba
### 1.18 Intelligent mode
Intelligent mode setting, can be one of intelligent|direct|parent.
The default is: intelligent.
The default is: parent.
The meaning of each value is as follows:
`--intelligent=direct`, the targets in the blocked are not directly connected.
`--intelligent=parent`, the target that is not in the direct is going to the higher level.
@ -605,6 +631,28 @@ When the TCP proxy is a superior type (parameter: -T) is tcp, it supports the sp
Although the above `--bind-listen` parameter can specify the outgoing IP, the `entry IP` and the ` outgoing IP` cannot be referenced artificially. If you want the ingress IP to be different from the egress IP, you can use the `--bind-ip` parameter, format: `IP:port`, for example: `1.1.1.1:8080`
, `[2000:0:0:0:0:0:0:1]:8080`. For multiple binding requirements, you can repeat the `--bind-ip` parameter identification.
For example, this machine has IP `5.5.5.5`, `6.6.6.6`, and monitors two ports `8888` and `7777`, the command is as follows:
Then the client access port `7777`, the outgoing IP is `5.5.5.5`, access port `8888`, the outgoing IP is `6.6.6.6`, if both `--bind-ip` and `--bind- are set at the same time listen`,`--bind-ip` has higher priority.
In addition, the `IP` part of the `--bind-ip` parameter supports specifying the `network interface name`, `wildcards`, and more than one can be specified. The detailed description is as follows:
- Specify the network interface name, such as: `--bind-ip eth0:7777`, then the client accesses the `7777` port, and the egress IP is the IP of the eth0 network interface.
- The network interface name supports wildcards, for example: `--bind-ip eth0.*:7777`, then the client accesses the `7777` port, and the egress IP is a randomly selected one of the network interface IPs starting with `eth0.`.
- IP supports wildcards, such as: `--bind-ip 192.168.?.*:7777`, then the client accesses the `7777` port, and the exit IP is all the IPs of the machine, matching the IP of `192.168.?.*` A randomly selected one.
- It can also be multiple combinations of network interface name and IP, separated by half-width commas, such as: `--bind-ip pppoe??,192.168.?.*:7777`, then the client accesses the port `7777`, The outgoing IP is the machine's network interface name matching `pppoe??`
It is a randomly selected one among all IPs of the machine that matches `192.168.?.*`.
- The wildcard character `*` represents 0 to any number of characters, and `?` represents 1 character.
- If the IP of the network interface changes, it will take effect in real time.
- You can use the `--bind-refresh` parameter to specify the interval to refresh the local network interface information, the default is `5`, the unit is second.
### 2.8 Speed limit, connections limit
The parameter `--max-conns` can limit the maximum number of connections per port.
@ -1107,6 +1155,28 @@ The `--bind-listen` parameter can be used to open the client connection with the
Although the above `--bind-listen` parameter can specify the outgoing IP, the `entry IP` and ` outgoing IP` cannot be interfered by humans. If you want the ingress IP to be different from the egress IP, you can use the `--bind-ip` parameter, format: `IP:port`, for example: `1.1.1.1:8080`
, `[2000:0:0:0:0:0:0:1]:8080`. For multiple binding requirements, you can repeat the `--bind-ip` parameter.
For example, the machine has IP `5.5.5.5`, `6.6.6.6`, and monitors two ports `8888` and `7777`, the command is as follows:
Then the client access port `7777`, the outgoing IP is `5.5.5.5`, access port `8888`, the outgoing IP is `6.6.6.6`, if both `--bind-ip` and `--bind- are set at the same time listen`,`--bind-ip` has higher priority.
In addition, the `IP` part of the `--bind-ip` parameter supports specifying the `network interface name`, `wildcards`, and more than one. The details are as follows:
- Specify the network interface name, such as: `--bind-ip eth0:7777`, then the client accesses the `7777` port, and the egress IP is the IP of the eth0 network interface.
- The network interface name supports wildcards, for example: `--bind-ip eth0.*:7777`, then the client accesses the `7777` port, and the egress IP is a randomly selected one of the network interface IPs starting with `eth0.`.
- IP supports wildcards, such as: `--bind-ip 192.168.?.*:7777`, then the client accesses the `7777` port, and the exit IP is all the IPs of the machine, matching the IP of `192.168.?.*` A randomly selected one.
- It can also be multiple combinations of network interface name and IP, separated by half-width commas, such as: `--bind-ip pppoe??,192.168.?.*:7777`, then the client accesses the port `7777`, The outgoing IP is the machine's network interface name matching `pppoe??`
It is a randomly selected one among all IPs of the machine that matches `192.168.?.*`.
- The wildcard character `*` represents 0 to any number of characters, and `?` represents 1 character.
- If the IP of the network interface changes, it will take effect in real time.
- You can use the `--bind-refresh` parameter to specify the interval to refresh the local network interface information, the default is `5`, the unit is second.
### 5.15 Cascade Certification
SOCKS5 supports cascading authentication, and -A can set upstream authentication information.
@ -1128,7 +1198,7 @@ If it is the beginning of base64://, then the latter data is considered to be ba
### 5.17 Intelligent mode
Intelligent mode setting, can be one of intelligent|direct|parent.
The default is: intelligent.
The default is: parent.
The meaning of each value is as follows:
`--intelligent=direct`, the targets in the blocked are not directly connected.
`--intelligent=parent`, the target that is not in the direct is going to the higher level.
@ -1370,6 +1440,28 @@ The `--bind-listen` parameter can be used to open the client connection with the
Although the above `--bind-listen` parameter can specify the outgoing IP, the `entry IP` and ` outgoing IP` cannot be interfered by humans. If you want the ingress IP to be different from the egress IP, you can use the `--bind-ip` parameter, format: `IP:port`, for example: `1.1.1.1:8080`
, `[2000:0:0:0:0:0:0:1]:8080`. For multiple binding requirements, you can repeat the `--bind-ip` parameter.
For example, the machine has IP `5.5.5.5`, `6.6.6.6`, and monitors two ports `8888` and `7777`, the command is as follows:
Then the client access port `7777`, the outgoing IP is `5.5.5.5`, access port `8888`, the outgoing IP is `6.6.6.6`, if both `--bind-ip` and `--bind- are set at the same time listen`,`--bind-ip` has higher priority.
In addition, the `IP` part of the `--bind-ip` parameter supports specifying the `network interface name`, `wildcards`, and more than one. The details are as follows:
- Specify the network interface name, such as: `--bind-ip eth0:7777`, then the client accesses the `7777` port, and the egress IP is the IP of the eth0 network interface.
- The network interface name supports wildcards, for example: `--bind-ip eth0.*:7777`, then the client accesses the `7777` port, and the egress IP is a randomly selected one of the network interface IPs starting with `eth0.`.
- IP supports wildcards, such as: `--bind-ip 192.168.?.*:7777`, then the client accesses the `7777` port, and the exit IP is all the IPs of the machine, matching the IP of `192.168.?.*` A randomly selected one.
- It can also be multiple combinations of network interface name and IP, separated by half-width commas, such as: `--bind-ip pppoe??,192.168.?.*:7777`, then the client accesses the port `7777`, The outgoing IP is the machine's network interface name matching `pppoe??`
It is a randomly selected one among all IPs of the machine that matches `192.168.?.*`.
- The wildcard character `*` represents 0 to any number of characters, and `?` represents 1 character.
- If the IP of the network interface changes, it will take effect in real time.
- You can use the `--bind-refresh` parameter to specify the interval to refresh the local network interface information, the default is `5`, the unit is second.
### 6.13 Certificate parameters use base64 data
By default, the -C, -K parameter is the path to the crt certificate and the key file.
@ -1587,7 +1679,6 @@ Local execution:
Then the local UDP port 53 provides a secure anti-pollution DNS resolution function.
Userconns: The maximum number of connections for the user, not limited to 0 or not set this header.
Ipcons: The maximum number of connections for the user IP, not limited to 0 or not set this header.
Userrate: User's single TCP connection rate limit, in bytes/second, is not limited to 0 or does not set this header.
Iprate: The single TCP connection rate limit of the user IP, in bytes/second, not limited to 0 or not set this header.
Upstream: The upstream used, not empty, or not set this header.
userconns: The maximum number of connections for the user, not limited to 0 or not set this header.
ipcons: The maximum number of connections for the user IP, not limited to 0 or not set this header.
userrate: User's single TCP connection rate limit, in bytes/second, is not limited to 0 or does not set this header.
iprate: The single TCP connection rate limit of the user IP, in bytes/second, not limited to 0 or not set this header.
upstream: The upstream used, not empty, or not set this header.
outgoing: The outgoing ip,this option only working which upstream is empty. And the IP must belong to the machine running proxy。
#### Tips
1. By default, `--auth-url` is required to provide the user name and password. If you do not need the client to provide the username and password, and authenticate, you can add `--auth-nouser`. The visit will still access the authentication address `--auth-url` for authentication. Only the $user authentication username and the $pass authentication password received in the php interface are empty when client didn't send username and password.
@ -1691,15 +1784,17 @@ Explanation: `http://`,`socks5://` is fixed, `127.0.0.1:3100` is the address of
2. When `sps` is 1.
Upstream supports socks5, http(s) proxy, support authentication, format: `protocol://a:b@2.2.2.2:33080?argk=argv`, please refer to SPS chapter for details, **multiple upstreams** , the description of the `-P` parameter.
3. Parameters, `?` followed by `argk=argv` are parameters: parameter name = parameter value, multiple parameters are connected with `&`.
All the supported parameters are as follows, and the meaning of the command line with the same name is the same.
1. parent-type : upper-level transport type, support tcp, tls, ws, wss
2. parent-ws-method: The encryption method of the upper-level ws transmission type, the supported value is the same as the value range supported by the command line.
3. parent-ws-password: The upper-level ws transmission type encryption password, the alphanumeric password
4. parent-tls-single : Whether the upper-level tls transport type is a one-way tls, which can be: true | false
5. timeout : timeout for establishing tcp connection, number, in milliseconds
6. ca : The base64-encoded string of the upper-level tls transport type ca certificate file.
7. cert : The base64 encoded string of the higher level tls transport type certificate file.
8. key : The base64 encoded string of the higher-level tls transport type certificate key file.
All the supported parameters are as follows, and the meaning of the command line with the same name is the same.
1. parent-type : upper-level transport type, support tcp, tls, ws, wss
2. parent-ws-method: The encryption method of the upper-level ws transmission type, the supported value is the same as the value range supported by the command line.
3. parent-ws-password: The upper-level ws transmission type encryption password, the alphanumeric password
4. parent-tls-single : Whether the upper-level tls transport type is a one-way tls, which can be: true | false
5. timeout : timeout for establishing tcp connection, number, in milliseconds
6. ca : The base64-encoded string of the upper-level tls transport type ca certificate file.
7. cert : The base64 encoded string of the higher level tls transport type certificate file.
8. key : The base64 encoded string of the higher-level tls transport type certificate key file.
9. luminati:if upstram is luminati proxies,value can be: true or false。
upstream: upstream used by outgoing tcp connection, if none upstream be used, it's empty.
#### Tips
@ -1861,4 +1959,25 @@ Client service parameters can use placeholders: `{AGENT_ID}` to refer to the age
For example, client service parameters:
`client -T tcp -P 1.1.1.1:30000 --k {AGENT_ID}`
`client -T tcp -P 1.1.1.1:30000 --k {AGENT_ID}`
## 12. http, https website reverse proxy
The proxy can reverse proxy http and https websites.
The supported features are as follows:
- http and https are converted to each other.
- multiple upstream.
- upstream load balance.
- upstream high available.
- path mapping.
- path protection.
- alias names of bindings.
Example, configure file:`rhttp.toml`。
```shell
proxy rhttp -c rhttp.toml
```
For detail usage, please refer to the configuration file [rhttp.toml](https://github.com/snail007/goproxy/blob/master/rhttp.toml), which has a complete configuration description.
@ -387,19 +375,18 @@ If the system finds that the user maliciously propagates its own ‘authoriz
<li><p>Trial steps: Log in to <ahref="https://gpm.host900.com/?lang=en-US">Authorization Platform</a> -> My Machine Code -> Buy Online -> Click “Start Trial”.</p></li>
</ol>
<h4id="commercial-edition-user-additional-benefits">Commercial Edition User Additional Benefits</h4>
<p>1.the official free of charge provides simple technical guidance.</p>
<p>2.the commercial version of the user can put forward some commercial functional opinions, the official will evaluate the reasonableness of the opinions, etc. If the opinions are adopted, they will be added in the new version in the future.</p>
<p>3.the commercial version of the user can be updated to commercial version of the new version for free.</p>
<p>Software list<br/>
1.<code>proxyadmin commercial</code> edition, price: 240CNY/machine/year, web console and full functions as same as goproxy commercial.<br/>
2.<code>proxyadmin vip</code> edition, price: 120CNY/machine/year, web console and full functions as same as goproxy free edition.<br/>
3.<code>gorproxy commercial</code> edition, price: 120CNY/machine/year, command line console and full functions of goproxy.<br/>
4.<code>proxyadmin cluster</code> edition, price: 360CNY/machine/year, web console to manage many proxies on huge machines that run gorproxy commercial edition.</p>
<p>4.Commercial version download, open the download address below, the file name suffix in the download file list is: _commercial.tar.gz for the commercial version. Please download according to your own system.
New Manual:<ahref="https://snail007.github.io/goproxy/categories/goproxy%E6%89%8B%E5%86%8C/">https://snail007.github.io/goproxy/categories/goproxy%E6%89%8B%E5%86%8C/</a></p>
<p>All features of vip edition as same as free edition, but vip edition service count unlimited.<br/>
Of all products have no additional usage support, yiu have to read the manual patiently.</p>
<h4id="can-t-access-the-authorized-solution">Can’t access the authorized solution</h4>