bughz/glider
1
0
Fork 0
mirror of https://github.com/nadoo/glider.git synced 2025-02-23 17:35:40 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

doc: update description for tls

Browse Source
This commit is contained in:
nadoo 2018-11-28 23:28:32 +08:00
parent 5a43cf873e
commit 44c30df001
7 changed files with 76 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
README.md
View File

@ -121,7 +121,7 @@ glider v0.6.9 usage:
-config string -config string
config file path config file path
-dns string -dns string
dns forwarder server listen address local dns server listen address
-dnsalwaystcp -dnsalwaystcp
always use tcp to query upstream dns servers no matter there is a forwarder or not always use tcp to query upstream dns servers no matter there is a forwarder or not
-dnsmaxttl int -dnsmaxttl int
@ -131,7 +131,7 @@ glider v0.6.9 usage:
-dnsrecord value -dnsrecord value
custom dns record, format: domain/ip custom dns record, format: domain/ip
-dnsserver value -dnsserver value
remote dns server remote dns server address
-dnstimeout int -dnstimeout int
timeout value used in multiple dnsservers switch(seconds) (default 3) timeout value used in multiple dnsservers switch(seconds) (default 3)
-forward value -forward value
@ -191,15 +191,24 @@ VMess scheme:
Available securities for vmess: Available securities for vmess:
none, aes-128-gcm, chacha20-poly1305 none, aes-128-gcm, chacha20-poly1305
TLS scheme: TLS client scheme:
tls://host:port[?skipVerify=true] tls://host:port[?skipVerify=true]
TLS with a specified proxy protocol: Proxy over tls client:
tls://host:port[?skipVerify=true],scheme:// tls://host:port[?skipVerify=true],scheme://
tls://host:port[?skipVerify=true],http://[user:pass@] tls://host:port[?skipVerify=true],http://[user:pass@]
tls://host:port[?skipVerify=true],socks5://[user:pass@] tls://host:port[?skipVerify=true],socks5://[user:pass@]
tls://host:port[?skipVerify=true],vmess://[security:]uuid@?alterID=num tls://host:port[?skipVerify=true],vmess://[security:]uuid@?alterID=num
TLS server scheme:
tls://host:port?cert=PATH&key=PATH
Proxy over tls server:
tls://host:port?cert=PATH&key=PATH,scheme://
tls://host:port?cert=PATH&key=PATH,http://
tls://host:port?cert=PATH&key=PATH,socks5://
tls://host:port?cert=PATH&key=PATH,ss://method:pass@
Websocket scheme: Websocket scheme:
ws://host:port[/path] ws://host:port[/path]

19
conf.go
View File

@ -47,8 +47,8 @@ func confInit() {
flag.StringSliceUniqVar(&conf.RuleFile, "rulefile", nil, "rule file path") flag.StringSliceUniqVar(&conf.RuleFile, "rulefile", nil, "rule file path")
flag.StringVar(&conf.RulesDir, "rules-dir", "", "rule file folder") flag.StringVar(&conf.RulesDir, "rules-dir", "", "rule file folder")
flag.StringVar(&conf.DNS, "dns", "", "dns forwarder server listen address") flag.StringVar(&conf.DNS, "dns", "", "local dns server listen address")
flag.StringSliceUniqVar(&conf.DNSConfig.Servers, "dnsserver", []string{"8.8.8.8:53"}, "remote dns server") flag.StringSliceUniqVar(&conf.DNSConfig.Servers, "dnsserver", []string{"8.8.8.8:53"}, "remote dns server address")
flag.BoolVar(&conf.DNSConfig.AlwaysTCP, "dnsalwaystcp", false, "always use tcp to query upstream dns servers no matter there is a forwarder or not") flag.BoolVar(&conf.DNSConfig.AlwaysTCP, "dnsalwaystcp", false, "always use tcp to query upstream dns servers no matter there is a forwarder or not")
flag.IntVar(&conf.DNSConfig.Timeout, "dnstimeout", 3, "timeout value used in multiple dnsservers switch(seconds)") flag.IntVar(&conf.DNSConfig.Timeout, "dnstimeout", 3, "timeout value used in multiple dnsservers switch(seconds)")
flag.IntVar(&conf.DNSConfig.MaxTTL, "dnsmaxttl", 1800, "maximum TTL value for entries in the CACHE(seconds)") flag.IntVar(&conf.DNSConfig.MaxTTL, "dnsmaxttl", 1800, "maximum TTL value for entries in the CACHE(seconds)")
@ -154,17 +154,28 @@ func usage() {
fmt.Fprintf(os.Stderr, " none, aes-128-gcm, chacha20-poly1305\n") fmt.Fprintf(os.Stderr, " none, aes-128-gcm, chacha20-poly1305\n")
fmt.Fprintf(os.Stderr, "\n") fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, "TLS scheme:\n") fmt.Fprintf(os.Stderr, "TLS client scheme:\n")
fmt.Fprintf(os.Stderr, " tls://host:port[?skipVerify=true]\n") fmt.Fprintf(os.Stderr, " tls://host:port[?skipVerify=true]\n")
fmt.Fprintf(os.Stderr, "\n") fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, "TLS with a specified proxy protocol:\n") fmt.Fprintf(os.Stderr, "Proxy over tls client:\n")
fmt.Fprintf(os.Stderr, " tls://host:port[?skipVerify=true],scheme://\n") fmt.Fprintf(os.Stderr, " tls://host:port[?skipVerify=true],scheme://\n")
fmt.Fprintf(os.Stderr, " tls://host:port[?skipVerify=true],http://[user:pass@]\n") fmt.Fprintf(os.Stderr, " tls://host:port[?skipVerify=true],http://[user:pass@]\n")
fmt.Fprintf(os.Stderr, " tls://host:port[?skipVerify=true],socks5://[user:pass@]\n") fmt.Fprintf(os.Stderr, " tls://host:port[?skipVerify=true],socks5://[user:pass@]\n")
fmt.Fprintf(os.Stderr, " tls://host:port[?skipVerify=true],vmess://[security:]uuid@?alterID=num\n") fmt.Fprintf(os.Stderr, " tls://host:port[?skipVerify=true],vmess://[security:]uuid@?alterID=num\n")
fmt.Fprintf(os.Stderr, "\n") fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, "TLS server scheme:\n")
fmt.Fprintf(os.Stderr, " tls://host:port?cert=PATH&key=PATH\n")
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, "Proxy over tls server:\n")
fmt.Fprintf(os.Stderr, " tls://host:port?cert=PATH&key=PATH,scheme://\n")
fmt.Fprintf(os.Stderr, " tls://host:port?cert=PATH&key=PATH,http://\n")
fmt.Fprintf(os.Stderr, " tls://host:port?cert=PATH&key=PATH,socks5://\n")
fmt.Fprintf(os.Stderr, " tls://host:port?cert=PATH&key=PATH,ss://method:pass@\n")
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, "Websocket scheme:\n") fmt.Fprintf(os.Stderr, "Websocket scheme:\n")
fmt.Fprintf(os.Stderr, " ws://host:port[/path]\n") fmt.Fprintf(os.Stderr, " ws://host:port[/path]\n")
fmt.Fprintf(os.Stderr, "\n") fmt.Fprintf(os.Stderr, "\n")

14
config/README.md
View File

@ -40,12 +40,6 @@ dns=:53
# global remote dns server (you can specify different dns server in rule file) # global remote dns server (you can specify different dns server in rule file)
dnsserver=8.8.8.8:53 dnsserver=8.8.8.8:53
# Create and manage ipset on linux based on destinations in rule files
# - add ip/cidrs in rule files on startup
# - add resolved ips for domains in rule files by dns forwarder server
# Usually used in transparent proxy mode on linux
ipset=glider
# RULE FILES # RULE FILES
rules-dir=rules.d rules-dir=rules.d
#rulefile=office.rule #rulefile=office.rule
@ -69,6 +63,14 @@ checkduration=30
# DNS SERVER for domains in this rule file # DNS SERVER for domains in this rule file
dnsserver=208.67.222.222:53 dnsserver=208.67.222.222:53
# IPSET MANAGEMENT
# ----------------
# Create and mange ipset on linux based on destinations in rule files
# - add ip/cidrs in rule files on startup
# - add resolved ips for domains in rule files by dns forwarding server
# Usually used in transparent proxy mode on linux
ipset=glider
# YOU CAN SPECIFY DESTINATIONS TO USE THE ABOVE FORWARDERS # YOU CAN SPECIFY DESTINATIONS TO USE THE ABOVE FORWARDERS
# matches abc.com and *.abc.com # matches abc.com and *.abc.com
domain=abc.com domain=abc.com

6
config/examples/9.transparent_proxy_without_dnsmasq/README.md
View File

@ -27,9 +27,6 @@ listen=redir://:1081
dns=:53 dns=:53
dnsserver=8.8.8.8:53 dnsserver=8.8.8.8:53
# as a ipset manager
ipset=glider
# specify rule files # specify rule files
rules-dir=rules.d rules-dir=rules.d
``` ```
@ -46,6 +43,9 @@ checkduration=30
# specify a different dns server(if need) # specify a different dns server(if need)
dnsserver=208.67.222.222:53 dnsserver=208.67.222.222:53
# as a ipset manager
ipset=glider
# specify destinations # specify destinations
include=office.list include=office.list

10
config/glider.conf.example
View File

@ -55,10 +55,13 @@ listen=socks5://:1080
# listen on 1084 as a udp over tcp tunnel, all requests to :1084 will be forward to 1.1.1.1:53 # listen on 1084 as a udp over tcp tunnel, all requests to :1084 will be forward to 1.1.1.1:53
# listen=uottun://:1084=1.1.1.1:53 # listen=uottun://:1084=1.1.1.1:53
# listen on 443 with tls security layer and serve as http proxy server (HTTPS proxy) # http over tls (HTTPS proxy)
# listen=tls://:443?cert=crtFilePath&key=keyFilePath,http:// # listen=tls://:443?cert=crtFilePath&key=keyFilePath,http://
# listen on unix domain socket and serve as socks5 server # ss over tls
# listen=tls://:443?cert=crtFilePath&key=keyFilePath,ss://AEAD_CHACHA20_POLY1305:pass@
# socks5 over unix domain socket
# listen=unix:///tmp/glider.socket,socks5:// # listen=unix:///tmp/glider.socket,socks5://
# FORWARDERS # FORWARDERS
@ -107,6 +110,9 @@ listen=socks5://:1080
# forward=tls://1.1.1.1:443,ws://,vmess://5a146038-0b56-4e95-b1dc-5c6f5a32cd98@?alterID=2 # forward=tls://1.1.1.1:443,ws://,vmess://5a146038-0b56-4e95-b1dc-5c6f5a32cd98@?alterID=2
# forward=tls://1.1.1.1:443,ws://@/path,vmess://5a146038-0b56-4e95-b1dc-5c6f5a32cd98@?alterID=2 # forward=tls://1.1.1.1:443,ws://@/path,vmess://5a146038-0b56-4e95-b1dc-5c6f5a32cd98@?alterID=2
# ss over tls
# forward=tls://1.1.1.1:443,ss://AEAD_CHACHA20_POLY1305:pass@
# socks5 over unix domain socket # socks5 over unix domain socket
# forward=unix:///tmp/glider.socket,socks5:// # forward=unix:///tmp/glider.socket,socks5://

61
proxy/redir/redir_linux.go
View File

@ -80,43 +80,40 @@ func (s *RedirProxy) ListenAndServe() {
continue continue
} }
go func() { go s.Serve(c)
defer c.Close()
if c, ok := c.(*net.TCPConn); ok {
c.SetKeepAlive(true)
}
tgt, err := getOrigDst(c, s.ipv6)
if err != nil {
log.F("[redir] failed to get target address: %v", err)
return
}
rc, err := s.dialer.Dial("tcp", tgt.String())
if err != nil {
log.F("[redir] failed to connect to target: %v", err)
return
}
defer rc.Close()
log.F("[redir] %s <-> %s", c.RemoteAddr(), tgt)
_, _, err = conn.Relay(c, rc)
if err != nil {
if err, ok := err.(net.Error); ok && err.Timeout() {
return // ignore i/o timeout
}
log.F("[redir] relay error: %v", err)
}
}()
} }
} }
// Serve . // Serve .
func (s *RedirProxy) Serve(c net.Conn) { func (s *RedirProxy) Serve(c net.Conn) {
log.F("[redir] func Serve: can not be called directly") defer c.Close()
if c, ok := c.(*net.TCPConn); ok {
c.SetKeepAlive(true)
}
tgt, err := getOrigDst(c, s.ipv6)
if err != nil {
log.F("[redir] failed to get target address: %v", err)
return
}
rc, err := s.dialer.Dial("tcp", tgt.String())
if err != nil {
log.F("[redir] failed to connect to target: %v", err)
return
}
defer rc.Close()
log.F("[redir] %s <-> %s", c.RemoteAddr(), tgt)
_, _, err = conn.Relay(c, rc)
if err != nil {
if err, ok := err.(net.Error); ok && err.Timeout() {
return // ignore i/o timeout
}
log.F("[redir] relay error: %v", err)
}
} }
// Get the original destination of a TCP connection. // Get the original destination of a TCP connection.

1
rule/rule.go
View File

@ -121,7 +121,6 @@ func (rd *Dialer) AddDomainIP(domain, ip string) error {
log.F("[rule] add ip=%s, based on rule: domain=%s & domain/ip: %s/%s\n", ip, pDomain, domain, ip) log.F("[rule] add ip=%s, based on rule: domain=%s & domain/ip: %s/%s\n", ip, pDomain, domain, ip)
} }
} }
} }
return nil return nil
} }