@ -248,7 +248,7 @@ The format is: `-p 0.0.0.0:80,0.0.0.0:443,.0.0.0.0:8000-9000,:5000-6000`, more T
### 1.1. Ordinary level HTTP proxy
### 1.1. Ordinary level HTTP proxy
![1.1 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master https://raw.githubusercontent.com/snail007/goproxy/master /doc/images/http-1.png)
![1.1 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master /doc/images/http-1.png)
`proxy http -t tcp -p "0.0.0.0:38080"`
`proxy http -t tcp -p "0.0.0.0:38080"`
@ -262,7 +262,7 @@ Listen port argument `-p` can be:
### 1.2. Ordinary secondary HTTP proxy
### 1.2. Ordinary secondary HTTP proxy
![1.2 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master https://raw.githubusercontent.com/snail007/goproxy/master /doc/images/http-2.png)
![1.2 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master /doc/images/http-2.png)
Use local port 8090, assuming the upstream HTTP proxy is `22.22.22.22:8080`
Use local port 8090, assuming the upstream HTTP proxy is `22.22.22.22:8080`
@ -276,7 +276,7 @@ We can also specify the black and white list file of the website domain name, on
> Note: The `proxy.crt` and `proxy.key` used by the secondary proxy should be consistent with the primary proxy.
> Note: The `proxy.crt` and `proxy.key` used by the secondary proxy should be consistent with the primary proxy.
![1.3 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master https://raw.githubusercontent.com/snail007/goproxy/master /doc/images/http-tls-2.png)
![1.3 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master /doc/images/http-tls-2.png)
Level 1 HTTP proxy (VPS, IP: 22.22.22.22)
Level 1 HTTP proxy (VPS, IP: 22.22.22.22)
`proxy http -t tls -p ":38080" -C proxy.crt -K proxy.key`
`proxy http -t tls -p ":38080" -C proxy.crt -K proxy.key`
@ -289,7 +289,7 @@ Secondary HTTP proxy (local windows)
Then set your windos system, the proxy that needs to go through the proxy Internet program is http mode, the address is: 127.0.0.1, the port is: 8080, the program can access the Internet through vps through the encrypted channel.
Then set your windos system, the proxy that needs to go through the proxy Internet program is http mode, the address is: 127.0.0.1, the port is: 8080, the program can access the Internet through vps through the encrypted channel.
### 1.4.HTTP Level 3 Agent (Encryption)
### 1.4.HTTP Level 3 Agent (Encryption)
![1.3 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master https://raw.githubusercontent.com/snail007/goproxy/master /doc/images/http-tls-3.png)
![1.3 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master /doc/images/http-tls-3.png)
Level 1 HTTP proxy VPS_01, IP: 22.22.22.22
Level 1 HTTP proxy VPS_01, IP: 22.22.22.22
`proxy http -t tls -p ":38080" -C proxy.crt -K proxy.key`
`proxy http -t tls -p ":38080" -C proxy.crt -K proxy.key`
Secondary HTTP proxy VPS_02, IP: 33.33.33.33
Secondary HTTP proxy VPS_02, IP: 33.33.33.33
@ -326,7 +326,7 @@ By default, the proxy will intelligently determine whether a website domain name
`proxy http --always -t tls -p ":28080" -T tls -P "22.22.22.22:38080" -C proxy.crt -K proxy.key`
`proxy http --always -t tls -p ":28080" -T tls -P "22.22.22.22:38080" -C proxy.crt -K proxy.key`
### 1.7.HTTP(S) via SSH relay
### 1.7.HTTP(S) via SSH relay
![1.7 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master https://raw.githubusercontent.com/snail007/goproxy/master /doc/images/http-ssh-1.png)
![1.7 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master /doc/images/http-ssh-1.png)
Description: The principle of ssh transfer is to use the forwarding function of ssh, that is, after you connect to ssh, you can access the target address through ssh proxy.
Description: The principle of ssh transfer is to use the forwarding function of ssh, that is, after you connect to ssh, you can access the target address through ssh proxy.
Suppose there is: vps
Suppose there is: vps
- IP is 2.2.2.2, ssh port is 22, ssh username is: user, ssh user password is: demo
- IP is 2.2.2.2, ssh port is 22, ssh username is: user, ssh user password is: demo
@ -340,7 +340,7 @@ Local HTTP(S) proxy port 28080, executing:
`proxy http -T ssh -P "2.2.2.2:22" -u user -S user.key -t tcp -p ":28080"`
`proxy http -T ssh -P "2.2.2.2:22" -u user -S user.key -t tcp -p ":28080"`
### 1.8.KCP protocol transmission
### 1.8.KCP protocol transmission
![1.8 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master https://raw.githubusercontent.com/snail007/goproxy/master /doc/images/http-kcp.png)
![1.8 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master /doc/images/http-kcp.png)
The KCP protocol requires the --kcp-key parameter to set a password for encrypting and decrypting data.
The KCP protocol requires the --kcp-key parameter to set a password for encrypting and decrypting data.
Level 1 HTTP proxy (VPS, IP: 22.22.22.22)
Level 1 HTTP proxy (VPS, IP: 22.22.22.22)
@ -351,7 +351,7 @@ Secondary HTTP proxy (local Linux)
Then access the local port 8080 is to access the proxy port 38080 on the VPS, the data is transmitted through the kcp protocol, note that the kcp is the udp protocol, so the firewall needs to release the 380p udp protocol.
Then access the local port 8080 is to access the proxy port 38080 on the VPS, the data is transmitted through the kcp protocol, note that the kcp is the udp protocol, so the firewall needs to release the 380p udp protocol.
### 1.9 HTTP(S) Reverse Proxy
### 1.9 HTTP(S) Reverse Proxy
![1.9 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master https://raw.githubusercontent.com/snail007/goproxy/master /doc/images/fxdl.png)
![1.9 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master /doc/images/fxdl.png)
The proxy not only supports the proxy setting in other software, but also provides proxy services for other software. It also supports directly parsing the requested website domain name to the proxy listening ip, and then the proxy listens to the 80 and 443 ports, then the proxy will automatically You proxy access to the HTTP(S) website you need to access.
The proxy not only supports the proxy setting in other software, but also provides proxy services for other software. It also supports directly parsing the requested website domain name to the proxy listening ip, and then the proxy listens to the 80 and 443 ports, then the proxy will automatically You proxy access to the HTTP(S) website you need to access.
How to use:
How to use:
@ -517,7 +517,7 @@ The meaning of each value is as follows:
## 2.TCP Proxies
## 2.TCP Proxies
### 2.1. Ordinary level TCP proxy
### 2.1. Ordinary level TCP proxy
![2.1 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master https://raw.githubusercontent.com/snail007/goproxy/master /doc/images/tcp-1.png)
![2.1 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master /doc/images/tcp-1.png)
Local execution:
Local execution:
`proxy tcp -p ":33080" -T tcp -P "192.168.22.33:22"`
`proxy tcp -p ":33080" -T tcp -P "192.168.22.33:22"`
Then access the local port 33080 is to access port 22 of 192.168.22.33.
Then access the local port 33080 is to access port 22 of 192.168.22.33.
@ -545,7 +545,7 @@ If you want to connect the ports of `33080`, `33081`, etc. to the `22` port of 1
`proxy tcp -p ":33080-33085" -T tcp -P "192.168.22.33:22" --lock-port`
`proxy tcp -p ":33080-33085" -T tcp -P "192.168.22.33:22" --lock-port`
### 2.2. Ordinary secondary TCP proxy
### 2.2. Ordinary secondary TCP proxy
![2.2 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master https://raw.githubusercontent.com/snail007/goproxy/master /doc/images/tcp-2.png)
![2.2 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master /doc/images/tcp-2.png)
VPS (IP: 22.22.2.33) is executed:
VPS (IP: 22.22.2.33) is executed:
`proxy tcp -p ":33080" -T tcp -P "127.0.0.1:8080"`
`proxy tcp -p ":33080" -T tcp -P "127.0.0.1:8080"`
Local execution:
Local execution:
@ -553,7 +553,7 @@ Local execution:
Then access the local port 23080 is to access port 8020 of 22.22.22.33.
Then access the local port 23080 is to access port 8020 of 22.22.22.33.
### 2.3. Ordinary three-level TCP proxy
### 2.3. Ordinary three-level TCP proxy
![2.3 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master https://raw.githubusercontent.com/snail007/goproxy/master /doc/images/tcp-3.png)
![2.3 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master /doc/images/tcp-3.png)
Primary TCP proxy VPS_01, IP: 22.22.22.22
Primary TCP proxy VPS_01, IP: 22.22.22.22
`proxy tcp -p ":38080" -T tcp -P "66.66.66.66:8080"`
`proxy tcp -p ":38080" -T tcp -P "66.66.66.66:8080"`
Secondary TCP proxy VPS_02, IP: 33.33.33.33
Secondary TCP proxy VPS_02, IP: 33.33.33.33
@ -563,7 +563,7 @@ Level 3 TCP proxy (local)
Then access the local port 8080 is to access the port 8080 of 66.66.66.66 through the encrypted TCP tunnel.
Then access the local port 8080 is to access the port 8080 of 66.66.66.66 through the encrypted TCP tunnel.
### 2.4. Encrypting secondary TCP proxy
### 2.4. Encrypting secondary TCP proxy
![2.4 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master https://raw.githubusercontent.com/snail007/goproxy/master /doc/images/tcp-tls-2.png)
![2.4 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master /doc/images/tcp-tls-2.png)
VPS (IP: 22.22.2.33) is executed:
VPS (IP: 22.22.2.33) is executed:
`proxy tcp -t tls -p ":33080" -T tcp -P "127.0.0.1:8080" -C proxy.crt -K proxy.key`
`proxy tcp -t tls -p ":33080" -T tcp -P "127.0.0.1:8080" -C proxy.crt -K proxy.key`
Local execution:
Local execution:
@ -571,7 +571,7 @@ Local execution:
Then access the local port 23080 is to access the port 8080 of 22.22.22.33 through the encrypted TCP tunnel.
Then access the local port 23080 is to access the port 8080 of 22.22.22.33 through the encrypted TCP tunnel.
### 2.5.Encrypting Level 3 TCP Agent
### 2.5.Encrypting Level 3 TCP Agent
![2.5 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master https://raw.githubusercontent.com/snail007/goproxy/master /doc/images/tcp-tls-3.png)
![2.5 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master /doc/images/tcp-tls-3.png)
Primary TCP proxy VPS_01, IP: 22.22.22.22
Primary TCP proxy VPS_01, IP: 22.22.22.22
`proxy tcp -t tls -p ":38080" -T tcp -P "66.66.66.66:8080" -C proxy.crt -K proxy.key`
`proxy tcp -t tls -p ":38080" -T tcp -P "66.66.66.66:8080" -C proxy.crt -K proxy.key`
Secondary TCP proxy VPS_02, IP: 33.33.33.33
Secondary TCP proxy VPS_02, IP: 33.33.33.33
@ -631,7 +631,7 @@ Local execution:
## 3.UDP Proxies
## 3.UDP Proxies
### 3.1. Ordinary UDP proxy
### 3.1. Ordinary UDP proxy
![3.1 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master https://raw.githubusercontent.com/snail007/goproxy/master /doc/images/udp-1.png)
![3.1 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master /doc/images/udp-1.png)
Local execution:
Local execution:
`proxy udp -p ":5353" -T udp -P "8.8.8.8:53"`
`proxy udp -p ":5353" -T udp -P "8.8.8.8:53"`
Then access the local UDP: 5353 port is to access 8.8.8.8 UDP: 53 port.
Then access the local UDP: 5353 port is to access 8.8.8.8 UDP: 53 port.
@ -659,7 +659,7 @@ If you want to connect the ports of `33080`, `33081`, etc. to the `2222` port of
`proxy udp -p ":33080-33085" -T udp -P "192.168.22.33:2222" --lock-port`
`proxy udp -p ":33080-33085" -T udp -P "192.168.22.33:2222" --lock-port`
### 3.2. Ordinary secondary UDP proxy
### 3.2. Ordinary secondary UDP proxy
![3.2 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master https://raw.githubusercontent.com/snail007/goproxy/master /doc/images/udp-2.png)
![3.2 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master /doc/images/udp-2.png)
VPS (IP: 22.22.2.33) is executed:
VPS (IP: 22.22.2.33) is executed:
`proxy tcp -p ":33080" -T udp -P "8.8.8.8:53"`
`proxy tcp -p ":33080" -T udp -P "8.8.8.8:53"`
Local execution:
Local execution:
@ -667,7 +667,7 @@ Local execution:
Then access the local UDP: 5353 port is through the TCP tunnel, through the VPS access 8.8.8.8 UDP: 53 port.
Then access the local UDP: 5353 port is through the TCP tunnel, through the VPS access 8.8.8.8 UDP: 53 port.
### 3.3. Ordinary three-level UDP proxy
### 3.3. Ordinary three-level UDP proxy
![3.3 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master https://raw.githubusercontent.com/snail007/goproxy/master /doc/images/udp-3.png)
![3.3 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master /doc/images/udp-3.png)
Primary TCP proxy VPS_01, IP: 22.22.22.22
Primary TCP proxy VPS_01, IP: 22.22.22.22
`proxy tcp -p ":38080" -T udp -P "8.8.8.8:53"`
`proxy tcp -p ":38080" -T udp -P "8.8.8.8:53"`
Secondary TCP proxy VPS_02, IP: 33.33.33.33
Secondary TCP proxy VPS_02, IP: 33.33.33.33
@ -677,7 +677,7 @@ Level 3 TCP proxy (local)
Then access to the local 5353 port is through the TCP tunnel, through the VPS to access port 8.8.8.8.
Then access to the local 5353 port is through the TCP tunnel, through the VPS to access port 8.8.8.8.
### 3.4. Encrypting secondary UDP proxy
### 3.4. Encrypting secondary UDP proxy
![3.4 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master https://raw.githubusercontent.com/snail007/goproxy/master /doc/images/udp-tls-2.png)
![3.4 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master /doc/images/udp-tls-2.png)
VPS (IP: 22.22.2.33) is executed:
VPS (IP: 22.22.2.33) is executed:
`proxy tcp -t tls -p ":33080" -T udp -P "8.8.8.8:53" -C proxy.crt -K proxy.key`
`proxy tcp -t tls -p ":33080" -T udp -P "8.8.8.8:53" -C proxy.crt -K proxy.key`
Local execution:
Local execution:
@ -685,7 +685,7 @@ Local execution:
Then access the local UDP: 5353 port is through the encrypted TCP tunnel, through the VPS access 8.8.8.8 UDP: 53 port.
Then access the local UDP: 5353 port is through the encrypted TCP tunnel, through the VPS access 8.8.8.8 UDP: 53 port.
### 3.5. Encryption Level 3 UDP Agent
### 3.5. Encryption Level 3 UDP Agent
![3.5 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master https://raw.githubusercontent.com/snail007/goproxy/master /doc/images/udp-tls-3.png)
![3.5 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master /doc/images/udp-tls-3.png)
Primary TCP proxy VPS_01, IP: 22.22.22.22
Primary TCP proxy VPS_01, IP: 22.22.22.22
`proxy tcp -t tls -p ":38080" -T udp -P "8.8.8.8:53" -C proxy.crt -K proxy.key`
`proxy tcp -t tls -p ":38080" -T udp -P "8.8.8.8:53" -C proxy.crt -K proxy.key`
Secondary TCP proxy VPS_02, IP: 33.33.33.33
Secondary TCP proxy VPS_02, IP: 33.33.33.33
@ -932,14 +932,14 @@ Listen port argument `-p` can be:
```
```
### 5.2. Ordinary secondary SOCKS5 agent
### 5.2. Ordinary secondary SOCKS5 agent
![5.2 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master https://raw.githubusercontent.com/snail007/goproxy/master /doc/images/socks-2.png)
![5.2 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master /doc/images/socks-2.png)
Use local port 8090, assuming the upstream SOCKS5 proxy is `22.22.22.22:8080`
Use local port 8090, assuming the upstream SOCKS5 proxy is `22.22.22.22:8080`
`proxy socks -t tcp -p "0.0.0.0:8090" -T tcp -P "22.22.22.22:8080" `
`proxy socks -t tcp -p "0.0.0.0:8090" -T tcp -P "22.22.22.22:8080" `
We can also specify the black and white list file of the website domain name, one domain name and one domain name, the matching rule is the rightmost match, for example: baidu.com, the match is *.* .baidu.com, the blacklist domain name domain name goes directly to the upstream agent, white The domain name of the list does not go to the upstream agent; if the domain name is in the blacklist and in the whitelist, the blacklist works.
We can also specify the black and white list file of the website domain name, one domain name and one domain name, the matching rule is the rightmost match, for example: baidu.com, the match is *.* .baidu.com, the blacklist domain name domain name goes directly to the upstream agent, white The domain name of the list does not go to the upstream agent; if the domain name is in the blacklist and in the whitelist, the blacklist works.
`proxy socks -p "0.0.0.0:8090" -T tcp -P "22.22.22.22:8080" -b blocked.txt -d direct.txt`
`proxy socks -p "0.0.0.0:8090" -T tcp -P "22.22.22.22:8080" -b blocked.txt -d direct.txt`
### 5.3. SOCKS Level 2 Agent (Encryption)
### 5.3. SOCKS Level 2 Agent (Encryption)
![5.3 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master https://raw.githubusercontent.com/snail007/goproxy/master /doc/images/socks-tls-2.png)
![5.3 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master /doc/images/socks-tls-2.png)
Level 1 SOCKS proxy (VPS, IP: 22.22.22.22)
Level 1 SOCKS proxy (VPS, IP: 22.22.22.22)
`proxy socks -t tls -p ":38080" -C proxy.crt -K proxy.key`
`proxy socks -t tls -p ":38080" -C proxy.crt -K proxy.key`
@ -952,7 +952,7 @@ Secondary SOCKS proxy (local windows)
Then set your windos system, the proxy that needs to go through the proxy Internet program is the socks5 mode, the address is: 127.0.0.1, the port is: 8080, the program can access the Internet through vps through the encrypted channel.
Then set your windos system, the proxy that needs to go through the proxy Internet program is the socks5 mode, the address is: 127.0.0.1, the port is: 8080, the program can access the Internet through vps through the encrypted channel.
### 5.4. SOCKS Level 3 Agent (Encryption)
### 5.4. SOCKS Level 3 Agent (Encryption)
![5.4 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master https://raw.githubusercontent.com/snail007/goproxy/master /doc/images/socks-tls-3.png)
![5.4 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master /doc/images/socks-tls-3.png)
Level 1 SOCKS proxy VPS_01, IP: 22.22.22.22
Level 1 SOCKS proxy VPS_01, IP: 22.22.22.22
`proxy socks -t tls -p ":38080" -C proxy.crt -K proxy.key`
`proxy socks -t tls -p ":38080" -C proxy.crt -K proxy.key`
Secondary SOCKS proxy VPS_02, IP: 33.33.33.33
Secondary SOCKS proxy VPS_02, IP: 33.33.33.33
@ -966,7 +966,7 @@ By default, the proxy will intelligently determine whether a website domain name
`proxy socks --always -t tls -p ":28080" -T tls -P "22.22.22.22:38080" -C proxy.crt -K proxy.key`
`proxy socks --always -t tls -p ":28080" -T tls -P "22.22.22.22:38080" -C proxy.crt -K proxy.key`
### 5.6. SOCKS via SSH relay
### 5.6. SOCKS via SSH relay
![5.6 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master https://raw.githubusercontent.com/snail007/goproxy/master /doc/images/socks-ssh.png)
![5.6 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master /doc/images/socks-ssh.png)
Description: The principle of ssh transfer is to use the forwarding function of ssh, that is, after you connect to ssh, you can access the target address through ssh proxy.
Description: The principle of ssh transfer is to use the forwarding function of ssh, that is, after you connect to ssh, you can access the target address through ssh proxy.
Suppose there is: vps
Suppose there is: vps
- IP is 2.2.2.2, ssh port is 22, ssh username is: user, ssh user password is: demo
- IP is 2.2.2.2, ssh port is 22, ssh username is: user, ssh user password is: demo
@ -1201,7 +1201,7 @@ The command is as follows:
`proxy sps -S ss -H aes-256-cfb -J pass -T tcp -P 127.0.0.1:8080 -t tcp -p :18080 -h aes-192-cfb -j pass` .
`proxy sps -S ss -H aes-256-cfb -J pass -T tcp -P 127.0.0.1:8080 -t tcp -p :18080 -h aes-192-cfb -j pass` .
### 6.5 Chained connection
### 6.5 Chained connection
![6.4 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master https://raw.githubusercontent.com/snail007/goproxy/master /doc/images/sps-tls.png)
![6.4 ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master /doc/images/sps-tls.png)
The above mentioned multiple sps nodes can be connected to build encrypted channels in a hierarchical connection, assuming the following vps and the home PC.
The above mentioned multiple sps nodes can be connected to build encrypted channels in a hierarchical connection, assuming the following vps and the home PC.
Vps01:2.2.2.2
Vps01:2.2.2.2
Vps02:3.3.3.3
Vps02:3.3.3.3
@ -1734,7 +1734,7 @@ The `--traffic-url` URL must response the HTTP status code` 204`. Only when the
#### traffic flow
#### traffic flow
![traffic ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master https://raw.githubusercontent.com/snail007/goproxy/master /doc/images/traffic.png)
![traffic ](https://cdn.jsdelivr.net/gh/snail007/goproxy@master /doc/images/traffic.png)
### Disconnect the user's connection
### Disconnect the user's connection