doc: update description for tls

2025-02-23 09:25:41 +08:00 · 2018-11-28 23:28:32 +08:00 · 2018-11-28 23:28:32 +08:00 · 44c30df001
commit 44c30df001
parent 5a43cf873e
7 changed files with 76 additions and 52 deletions
--- a/README.md
+++ b/README.md
@ -121,7 +121,7 @@ glider v0.6.9 usage:
  -config string
        config file path
  -dns string
-        dns forwarder server listen address
+        local dns server listen address
  -dnsalwaystcp
        always use tcp to query upstream dns servers no matter there is a forwarder or not
  -dnsmaxttl int
@ -131,7 +131,7 @@ glider v0.6.9 usage:
  -dnsrecord value
        custom dns record, format: domain/ip
  -dnsserver value
-        remote dns server
+        remote dns server address
  -dnstimeout int
        timeout value used in multiple dnsservers switch(seconds) (default 3)
  -forward value
@ -191,15 +191,24 @@ VMess scheme:
 Available securities for vmess:
  none, aes-128-gcm, chacha20-poly1305

-TLS scheme:
+TLS client scheme:
  tls://host:port[?skipVerify=true]

-TLS with a specified proxy protocol:
+Proxy over tls client:
  tls://host:port[?skipVerify=true],scheme://
  tls://host:port[?skipVerify=true],http://[user:pass@]
  tls://host:port[?skipVerify=true],socks5://[user:pass@]
  tls://host:port[?skipVerify=true],vmess://[security:]uuid@?alterID=num

+TLS server scheme:
+  tls://host:port?cert=PATH&key=PATH
+
+Proxy over tls server:
+  tls://host:port?cert=PATH&key=PATH,scheme://
+  tls://host:port?cert=PATH&key=PATH,http://
+  tls://host:port?cert=PATH&key=PATH,socks5://
+  tls://host:port?cert=PATH&key=PATH,ss://method:pass@
+
 Websocket scheme:
  ws://host:port[/path]

--- a/conf.go
+++ b/conf.go
@ -47,8 +47,8 @@ func confInit() {
 	flag.StringSliceUniqVar(&conf.RuleFile, "rulefile", nil, "rule file path")
 	flag.StringVar(&conf.RulesDir, "rules-dir", "", "rule file folder")

-	flag.StringVar(&conf.DNS, "dns", "", "dns forwarder server listen address")
-	flag.StringSliceUniqVar(&conf.DNSConfig.Servers, "dnsserver", []string{"8.8.8.8:53"}, "remote dns server")
+	flag.StringVar(&conf.DNS, "dns", "", "local dns server listen address")
+	flag.StringSliceUniqVar(&conf.DNSConfig.Servers, "dnsserver", []string{"8.8.8.8:53"}, "remote dns server address")
 	flag.BoolVar(&conf.DNSConfig.AlwaysTCP, "dnsalwaystcp", false, "always use tcp to query upstream dns servers no matter there is a forwarder or not")
 	flag.IntVar(&conf.DNSConfig.Timeout, "dnstimeout", 3, "timeout value used in multiple dnsservers switch(seconds)")
 	flag.IntVar(&conf.DNSConfig.MaxTTL, "dnsmaxttl", 1800, "maximum TTL value for entries in the CACHE(seconds)")
@ -154,17 +154,28 @@ func usage() {
 	fmt.Fprintf(os.Stderr, "  none, aes-128-gcm, chacha20-poly1305\n")
 	fmt.Fprintf(os.Stderr, "\n")

-	fmt.Fprintf(os.Stderr, "TLS scheme:\n")
+	fmt.Fprintf(os.Stderr, "TLS client scheme:\n")
 	fmt.Fprintf(os.Stderr, "  tls://host:port[?skipVerify=true]\n")
 	fmt.Fprintf(os.Stderr, "\n")

-	fmt.Fprintf(os.Stderr, "TLS with a specified proxy protocol:\n")
+	fmt.Fprintf(os.Stderr, "Proxy over tls client:\n")
 	fmt.Fprintf(os.Stderr, "  tls://host:port[?skipVerify=true],scheme://\n")
 	fmt.Fprintf(os.Stderr, "  tls://host:port[?skipVerify=true],http://[user:pass@]\n")
 	fmt.Fprintf(os.Stderr, "  tls://host:port[?skipVerify=true],socks5://[user:pass@]\n")
 	fmt.Fprintf(os.Stderr, "  tls://host:port[?skipVerify=true],vmess://[security:]uuid@?alterID=num\n")
 	fmt.Fprintf(os.Stderr, "\n")

+	fmt.Fprintf(os.Stderr, "TLS server scheme:\n")
+	fmt.Fprintf(os.Stderr, "  tls://host:port?cert=PATH&key=PATH\n")
+	fmt.Fprintf(os.Stderr, "\n")
+
+	fmt.Fprintf(os.Stderr, "Proxy over tls server:\n")
+	fmt.Fprintf(os.Stderr, "  tls://host:port?cert=PATH&key=PATH,scheme://\n")
+	fmt.Fprintf(os.Stderr, "  tls://host:port?cert=PATH&key=PATH,http://\n")
+	fmt.Fprintf(os.Stderr, "  tls://host:port?cert=PATH&key=PATH,socks5://\n")
+	fmt.Fprintf(os.Stderr, "  tls://host:port?cert=PATH&key=PATH,ss://method:pass@\n")
+	fmt.Fprintf(os.Stderr, "\n")
+
 	fmt.Fprintf(os.Stderr, "Websocket scheme:\n")
 	fmt.Fprintf(os.Stderr, "  ws://host:port[/path]\n")
 	fmt.Fprintf(os.Stderr, "\n")
--- a/config/README.md
+++ b/config/README.md
@ -40,12 +40,6 @@ dns=:53
 # global remote dns server (you can specify different dns server in rule file)
 dnsserver=8.8.8.8:53

-# Create and manage ipset on linux based on destinations in rule files
-#   - add ip/cidrs in rule files on startup
-#   - add resolved ips for domains in rule files by dns forwarder server 
-# Usually used in transparent proxy mode on linux
-ipset=glider
-
 # RULE FILES
 rules-dir=rules.d
 #rulefile=office.rule
@ -69,6 +63,14 @@ checkduration=30
 # DNS SERVER for domains in this rule file
 dnsserver=208.67.222.222:53

+# IPSET MANAGEMENT
+# ----------------
+# Create and mange ipset on linux based on destinations in rule files
+#   - add ip/cidrs in rule files on startup
+#   - add resolved ips for domains in rule files by dns forwarding server 
+# Usually used in transparent proxy mode on linux
+ipset=glider
+
 # YOU CAN SPECIFY DESTINATIONS TO USE THE ABOVE FORWARDERS
 # matches abc.com and *.abc.com
 domain=abc.com
--- a/config/examples/9.transparent_proxy_without_dnsmasq/README.md
+++ b/config/examples/9.transparent_proxy_without_dnsmasq/README.md
@ -27,9 +27,6 @@ listen=redir://:1081
 dns=:53
 dnsserver=8.8.8.8:53

-# as a ipset manager
-ipset=glider
-
 # specify rule files
 rules-dir=rules.d
 ```
@ -46,6 +43,9 @@ checkduration=30
 # specify a different dns server(if need)
 dnsserver=208.67.222.222:53

+# as a ipset manager
+ipset=glider
+
 # specify destinations
 include=office.list

--- a/config/glider.conf.example
+++ b/config/glider.conf.example
@ -55,10 +55,13 @@ listen=socks5://:1080
 # listen on 1084 as a udp over tcp tunnel, all requests to :1084 will be forward to 1.1.1.1:53
 # listen=uottun://:1084=1.1.1.1:53

-# listen on 443 with tls security layer and serve as http proxy server (HTTPS proxy)
+# http over tls (HTTPS proxy)
 # listen=tls://:443?cert=crtFilePath&key=keyFilePath,http://

-# listen on unix domain socket and serve as socks5 server
+# ss over tls
+# listen=tls://:443?cert=crtFilePath&key=keyFilePath,ss://AEAD_CHACHA20_POLY1305:pass@
+
+# socks5 over unix domain socket
 # listen=unix:///tmp/glider.socket,socks5://

 # FORWARDERS
@ -107,6 +110,9 @@ listen=socks5://:1080
 # forward=tls://1.1.1.1:443,ws://,vmess://5a146038-0b56-4e95-b1dc-5c6f5a32cd98@?alterID=2
 # forward=tls://1.1.1.1:443,ws://@/path,vmess://5a146038-0b56-4e95-b1dc-5c6f5a32cd98@?alterID=2

+# ss over tls
+# forward=tls://1.1.1.1:443,ss://AEAD_CHACHA20_POLY1305:pass@
+
 # socks5 over unix domain socket
 # forward=unix:///tmp/glider.socket,socks5://

--- a/proxy/redir/redir_linux.go
+++ b/proxy/redir/redir_linux.go
@ -80,7 +80,12 @@ func (s *RedirProxy) ListenAndServe() {
 			continue
 		}

-		go func() {
+		go s.Serve(c)
+	}
+}
+
+// Serve .
+func (s *RedirProxy) Serve(c net.Conn) {
 	defer c.Close()

 	if c, ok := c.(*net.TCPConn); ok {
@ -109,14 +114,6 @@ func (s *RedirProxy) ListenAndServe() {
 		}
 		log.F("[redir] relay error: %v", err)
 	}
-
-		}()
-	}
-}
-
-// Serve .
-func (s *RedirProxy) Serve(c net.Conn) {
-	log.F("[redir] func Serve: can not be called directly")
 }

 // Get the original destination of a TCP connection.
--- a/rule/rule.go
+++ b/rule/rule.go
@ -121,7 +121,6 @@ func (rd *Dialer) AddDomainIP(domain, ip string) error {
 				log.F("[rule] add ip=%s, based on rule: domain=%s & domain/ip: %s/%s\n", ip, pDomain, domain, ip)
 			}
 		}
-
 	}
 	return nil
 }