doc: update doc for trojan

2025-02-23 01:15:41 +08:00 · 2020-04-12 17:24:34 +08:00 · 2020-04-12 17:24:34 +08:00 · 792a47f0c0
commit 792a47f0c0
parent bfcf9272dc
2 changed files with 249 additions and 26 deletions
--- a/README.md
+++ b/README.md
@ -15,38 +15,31 @@ we can set up local listeners as proxy servers, and forward requests to internet
 ```

 ## Features
- Proxy Server( -listen )
- Proxy Client( -forward )
- Http and socks5 on the same port
- Forwarder chain
- RR/HA/LHA/DH strategy for multiple forwarders
- Periodical proxy checking
- Rule proxy based on destinations: [Config Examples](config/examples)
- Send requests from specific ip/interface
+- Act as both proxy client and proxy server
+- Flexible proxy & protocol chains
+- Multiple forwarders support with the following scheduling algorithm:
+  - rr: round robin
+  - ha: high availability 
+  - lha: latency based high availability
+  - dh: destination hashing
+- Rule & priority based forwarder choosing: [Config Examples](config/examples)
 - DNS Forwarding Server:
-  - DNS Over Proxy
-  - Listen on UDP and forward dns requests to remote dns server in TCP via forwarders
-  - Specify different upstream dns server based on destinations(in rule file)
-  - Tunnel mode: forward to a fixed upstream dns server
-  - Add resolved IPs to proxy rules
-  - Add resolved IPs to ipset
-  - DNS cache
+  - Dns over proxy
+  - Force upstream querying by tcp
+  - Association rules between dns and forwarder choosing
+  - Association rules between dns and ipset
+  - DNS cache support
  - Custom dns record
 - IPSet Management (Linux kernel version >= 2.6.32):
  - Add ip/cidrs from rule files on startup
  - Add resolved ips for domains from rule files by dns forwarding server
+- Serve http and socks5 on the same port
+- Periodical availability checking for forwarders
+- Send requests from specific local ip/interface

-TODO:
-
- [ ] IPv6 support in ipset manager
- [ ] Transparent UDP proxy (iptables tproxy)
- [ ] Performance tuning
- [ ] TUN/TAP device support
- [ ] SSH tunnel support (maybe)
-
-### Protocols
+## Protocols
 Protocol | Listen/TCP |  Listen/UDP | Forward/TCP | Forward/UDP
-|-|-|-|-
+-| :-: | :-: | :-: | :-:
 Socks5 | √ | √ | √ | √
 Http | √ |  | √ | 
 SS | √ | √ | √ | √
@ -108,7 +101,234 @@ glider -config CONFIGPATH -listen :8080 -verbose
  - [transparent proxy with dnsmasq](config/examples/8.transparent_proxy_with_dnsmasq)
  - [transparent proxy without dnsmasq](config/examples/9.transparent_proxy_without_dnsmasq)

-## Proxy & Protocol Chain
+## Usage
+#### Command Line
+<details>
+<summary>Click to expand</summary>
+
+```bash
+glider 0.10.0 usage:
+  -checkinterval int
+    	proxy check interval(seconds) (default 30)
+  -checktimeout int
+    	proxy check timeout(seconds) (default 10)
+  -checkwebsite string
+    	proxy check HTTP(NOT HTTPS) website address, format: HOST[:PORT], default port: 80 (default "www.apple.com")
+  -config string
+    	config file path
+  -dns string
+    	local dns server listen address
+  -dnsalwaystcp
+    	always use tcp to query upstream dns servers no matter there is a forwarder or not
+  -dnsmaxttl int
+    	maximum TTL value for entries in the CACHE(seconds) (default 1800)
+  -dnsminttl int
+    	minimum TTL value for entries in the CACHE(seconds)
+  -dnsrecord value
+    	custom dns record, format: domain/ip
+  -dnsserver value
+    	remote dns server address
+  -dnstimeout int
+    	timeout value used in multiple dnsservers switch(seconds) (default 3)
+  -forward value
+    	forward url, format: SCHEME://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS[,SCHEME://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS]
+  -include value
+    	include file
+  -interface string
+    	source ip or source interface
+  -listen value
+    	listen url, format: SCHEME://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS
+  -maxfailures int
+    	max failures to change forwarder status to disabled (default 3)
+  -rulefile value
+    	rule file path
+  -rules-dir string
+    	rule file folder
+  -strategy string
+    	forward strategy, default: rr (default "rr")
+  -verbose
+    	verbose mode
+
+Available Schemes:
+  mixed: serve as a http/socks5 proxy on the same port. (default)
+  ss: ss proxy
+  socks5: socks5 proxy
+  http: http proxy
+  ssr: ssr proxy
+  vmess: vmess proxy
+  tls: tls transport
+  ws: websocket transport
+  redir: redirect proxy. (used on linux as a transparent proxy with iptables redirect rules)
+  redir6: redirect proxy(ipv6)
+  tcptun: tcp tunnel
+  udptun: udp tunnel
+  uottun: udp over tcp tunnel
+  unix: unix domain socket
+  kcp: kcp protocol
+  simple-obfs: simple-obfs protocol
+  reject: a virtual proxy which just reject connections
+
+Available schemes for different modes:
+  listen: mixed ss socks5 http redir redir6 tcptun udptun uottun tls unix kcp
+  forward: reject ss socks5 http ssr vmess tls ws unix kcp simple-obfs
+
+SS scheme:
+  ss://method:pass@host:port
+
+Available methods for ss:
+  AEAD Ciphers:
+    AEAD_AES_128_GCM AEAD_AES_192_GCM AEAD_AES_256_GCM AEAD_CHACHA20_POLY1305 AEAD_XCHACHA20_POLY1305
+  Stream Ciphers:
+    AES-128-CFB AES-128-CTR AES-192-CFB AES-192-CTR AES-256-CFB AES-256-CTR CHACHA20-IETF XCHACHA20 CHACHA20 RC4-MD5
+  Alias:
+    chacha20-ietf-poly1305 = AEAD_CHACHA20_POLY1305, xchacha20-ietf-poly1305 = AEAD_XCHACHA20_POLY1305
+  Plain: DUMMY
+
+SSR scheme:
+  ssr://method:pass@host:port?protocol=xxx&protocol_param=yyy&obfs=zzz&obfs_param=xyz
+
+VMess scheme:
+  vmess://[security:]uuid@host:port?alterID=num
+
+Trojan scheme:
+  trojan://pass@host:port[?skipVerify=true]
+
+Available securities for vmess:
+  none, aes-128-gcm, chacha20-poly1305
+
+TLS client scheme:
+  tls://host:port[?skipVerify=true]
+
+Proxy over tls client:
+  tls://host:port[?skipVerify=true],scheme://
+  tls://host:port[?skipVerify=true],http://[user:pass@]
+  tls://host:port[?skipVerify=true],socks5://[user:pass@]
+  tls://host:port[?skipVerify=true],vmess://[security:]uuid@?alterID=num
+
+TLS server scheme:
+  tls://host:port?cert=PATH&key=PATH
+
+Proxy over tls server:
+  tls://host:port?cert=PATH&key=PATH,scheme://
+  tls://host:port?cert=PATH&key=PATH,http://
+  tls://host:port?cert=PATH&key=PATH,socks5://
+  tls://host:port?cert=PATH&key=PATH,ss://method:pass@
+
+Websocket scheme:
+  ws://host:port[/path][?host=HOST]
+
+Websocket with a specified proxy protocol:
+  ws://host:port[/path][?host=HOST],scheme://
+  ws://host:port[/path][?host=HOST],http://[user:pass@]
+  ws://host:port[/path][?host=HOST],socks5://[user:pass@]
+  ws://host:port[/path][?host=HOST],vmess://[security:]uuid@?alterID=num
+
+TLS and Websocket with a specified proxy protocol:
+  tls://host:port[?skipVerify=true],ws://[@/path[?host=HOST]],scheme://
+  tls://host:port[?skipVerify=true],ws://[@/path[?host=HOST]],http://[user:pass@]
+  tls://host:port[?skipVerify=true],ws://[@/path[?host=HOST]],socks5://[user:pass@]
+  tls://host:port[?skipVerify=true],ws://[@/path[?host=HOST]],vmess://[security:]uuid@?alterID=num
+
+Unix domain socket scheme:
+  unix://path
+
+KCP scheme:
+  kcp://CRYPT:KEY@host:port[?dataShards=NUM&parityShards=NUM]
+
+Available crypt types for KCP:
+  none, sm4, tea, xor, aes, aes-128, aes-192, blowfish, twofish, cast5, 3des, xtea, salsa20
+
+Simple-Obfs scheme:
+  simple-obfs://host:port[?type=TYPE&host=HOST&uri=URI&ua=UA]
+
+Available types for simple-obfs:
+  http, tls
+
+DNS forwarding server:
+  dns=:53
+  dnsserver=8.8.8.8:53
+  dnsserver=1.1.1.1:53
+  dnsrecord=www.example.com/1.2.3.4
+  dnsrecord=www.example.com/2606:2800:220:1:248:1893:25c8:1946
+
+Available forward strategies:
+  rr: Round Robin mode
+  ha: High Availability mode
+  lha: Latency based High Availability mode
+  dh: Destination Hashing mode
+
+Forwarder option scheme: FORWARD_URL#OPTIONS
+  priority: set the priority of that forwarder, default:0
+  interface: set local interface or ip address used to connect remote server
+  -
+  Examples:
+    socks5://1.1.1.1:1080#priority=100
+    vmess://[security:]uuid@host:port?alterID=num#priority=200
+    vmess://[security:]uuid@host:port?alterID=num#priority=200&interface=192.168.1.99
+    vmess://[security:]uuid@host:port?alterID=num#priority=200&interface=eth0
+
+Config file format(see `glider.conf.example` as an example):
+  # COMMENT LINE
+  KEY=VALUE
+  KEY=VALUE
+  # KEY equals to command line flag name: listen forward strategy...
+
+Examples:
+  glider -config glider.conf
+    -run glider with specified config file.
+
+  glider -listen :8443 -verbose
+    -listen on :8443, serve as http/socks5 proxy on the same port, in verbose mode.
+
+  glider -listen ss://AEAD_CHACHA20_POLY1305:pass@:8443 -verbose
+    -listen on 0.0.0.0:8443 as a ss server.
+
+  glider -listen socks5://user1:pass1@:1080 -verbose
+    -listen on :1080 as a socks5 proxy server, enable authentication.
+
+  glider -listen tls://:443?cert=crtFilePath&key=keyFilePath,http:// -verbose
+    -listen on :443 as a https(http over tls) proxy server.
+
+  glider -listen http://:8080 -forward socks5://127.0.0.1:1080
+    -listen on :8080 as a http proxy server, forward all requests via socks5 server.
+
+  glider -listen redir://:1081 -forward ss://method:pass@1.1.1.1:8443
+    -listen on :1081 as a transparent redirect server, forward all requests via remote ss server.
+
+  glider -listen redir://:1081 -forward "ssr://method:pass@1.1.1.1:8444?protocol=a&protocol_param=b&obfs=c&obfs_param=d"
+    -listen on :1081 as a transparent redirect server, forward all requests via remote ssr server.
+
+  glider -listen redir://:1081 -forward "tls://1.1.1.1:443,vmess://security:uuid@?alterID=10"
+    -listen on :1081 as a transparent redirect server, forward all requests via remote tls+vmess server.
+
+  glider -listen redir://:1081 -forward "ws://1.1.1.1:80,vmess://security:uuid@?alterID=10"
+    -listen on :1081 as a transparent redirect server, forward all requests via remote ws+vmess server.
+
+  glider -listen tcptun://:80=2.2.2.2:80 -forward ss://method:pass@1.1.1.1:8443
+    -listen on :80 and forward all requests to 2.2.2.2:80 via remote ss server.
+
+  glider -listen udptun://:53=8.8.8.8:53 -forward ss://method:pass@1.1.1.1:8443
+    -listen on :53 and forward all udp requests to 8.8.8.8:53 via remote ss server.
+
+  glider -listen uottun://:53=8.8.8.8:53 -forward ss://method:pass@1.1.1.1:8443
+    -listen on :53 and forward all udp requests via udp over tcp tunnel.
+
+  glider -listen socks5://:1080 -listen http://:8080 -forward ss://method:pass@1.1.1.1:8443
+    -listen on :1080 as socks5 server, :8080 as http proxy server, forward all requests via remote ss server.
+
+  glider -listen redir://:1081 -dns=:53 -dnsserver=8.8.8.8:53 -forward ss://method:pass@server1:port1,ss://method:pass@server2:port2
+    -listen on :1081 as transparent redirect server, :53 as dns server, use forward chain: server1 -> server2.
+
+  glider -listen socks5://:1080 -forward ss://method:pass@server1:port1 -forward ss://method:pass@server2:port2 -strategy rr
+    -listen on :1080 as socks5 server, forward requests via server1 and server2 in round robin mode.
+
+  glider -verbose -dns=:53 -dnsserver=8.8.8.8:53 -dnsrecord=www.example.com/1.2.3.4
+    -listen on :53 as dns server, forward dns requests to 8.8.8.8:53, return 1.2.3.4 when resolving www.example.com.
+```
+
+</details>
+
+## Proxy & Protocol Chains
 In glider, you can easily chain several proxy servers or protocols together, e.g:

 - Chain proxy servers:
--- a/config/glider.conf.example
+++ b/config/glider.conf.example
@ -97,6 +97,9 @@ listen=socks5://:1080
 # http proxy as forwarder
 # forward=http://1.1.1.1:8080

+# trojan as forwarder
+# forward=trojan://PASSWORD@1.1.1.1:8080[?skipVerify=true]
+
 # vmess with none security
 # forward=vmess://5a146038-0b56-4e95-b1dc-5c6f5a32cd98@1.1.1.1:443?alterID=2