diff --git a/README.md b/README.md index 331b612..7fe6f9b 100644 --- a/README.md +++ b/README.md @@ -158,96 +158,14 @@ Examples: -listen on :1080 as socks5 server, forward requests via server1 and server2 in roundrbin mode. ``` -## Config File -Command: -```bash -glider -config glider.conf -``` -Config file, **just use the command line flag name as the key name**: -```bash -### glider config file - -# verbose mode, print logs -verbose - -# listen on 8443, serve as http/socks5 proxy on the same port. -listen=:8443 - -# listen on udp port 5353, forward dns requests via tcp protocol -listen=dnstun://:5353=8.8.8.8:53 - -# upstream forward proxy -forward=socks5://192.168.1.10:1080 - -# upstream forward proxy -forward=ss://method:pass@1.1.1.1:8443 - -# upstream forward proxy (forward chain) -forward=http://1.1.1.1:8080,socks5://2.2.2.2:1080 - -# multiple upstream proxies forwad strategy -strategy=rr - -# Used to connect via forwarders, if the host is unreachable, the forwarder -# will be set to disabled. -# MUST be a HTTP website server address, format: HOST[:PORT]. HTTPS NOT SUPPORTED. -checkwebsite=www.apple.com - -# check duration -checkduration=30 - - -# Setup a dns forwarding server -dns://53 -# global remote dns server (you can specify different dns server in rule file) -dnsserver=8.8.8.8:53 - -# Create and mange ipset on linux based on destinations in rule files -# - add ip/cidrs in rule files on startup -# - add resolved ips for domains in rule files by dns forwarder server -# Usually used in transparent proxy mode on linux -ipset=glider - -# RULE FILES -rules-dir=rules.d -#rulefile=office.rule -#rulefile=home.rule -``` -See: +## Advance Usage +- [config file & rule file](config) - [glider.conf.example](config/glider.conf.example) -- [examples](config/examples) - -## Rule File -Rule file, **same as the config file but specify forwarders based on destinations**: -```bash -# YOU CAN USE ALL KEYS IN THE GLOBAL CONFIG FILE EXCEPT "listen", "rulefile" -forward=socks5://192.168.1.10:1080 -forward=ss://method:pass@1.1.1.1:8443 -forward=http://192.168.2.1:8080,socks5://192.168.2.2:1080 -strategy=rr -checkwebsite=www.apple.com -checkduration=30 - -# DNS SERVER for domains in this rule file -dnsserver=208.67.222.222:53 - -# YOU CAN SPECIFY DESTINATIONS TO USE THE ABOVE FORWARDERS -# matches abc.com and *.abc.com -domain=abc.com - -# matches 1.1.1.1 -ip=1.1.1.1 - -# matches 192.168.100.0/24 -cidr=192.168.100.0/24 - -# we can include a list file with only destinations settings -include=office.list.example - -``` -See: - [office.rule.example](config/rules.d/office.rule.example) - [examples](config/examples) +- Transparent Proxy: + - [with dnsmasq](config/examples/8.transparent_proxy_with_dnsmasq) + - [without dnsmasq](config/examples/9.transparent_proxy_without_dnsmasq) ## Service - systemd: [https://github.com/nadoo/glider/blob/master/systemd/](https://github.com/nadoo/glider/blob/master/systemd/) diff --git a/config/README.md b/config/README.md new file mode 100644 index 0000000..05e8137 --- /dev/null +++ b/config/README.md @@ -0,0 +1,91 @@ + +## Config File +Command: +```bash +glider -config glider.conf +``` +Config file, **just use the command line flag name as the key name**: +```bash +### glider config file + +# verbose mode, print logs +verbose + +# listen on 8443, serve as http/socks5 proxy on the same port. +listen=:8443 + +# listen on udp port 5353, forward dns requests via tcp protocol +listen=dnstun://:5353=8.8.8.8:53 + +# upstream forward proxy +forward=socks5://192.168.1.10:1080 + +# upstream forward proxy +forward=ss://method:pass@1.1.1.1:8443 + +# upstream forward proxy (forward chain) +forward=http://1.1.1.1:8080,socks5://2.2.2.2:1080 + +# multiple upstream proxies forwad strategy +strategy=rr + +# Used to connect via forwarders, if the host is unreachable, the forwarder +# will be set to disabled. +# MUST be a HTTP website server address, format: HOST[:PORT]. HTTPS NOT SUPPORTED. +checkwebsite=www.apple.com + +# check duration +checkduration=30 + + +# Setup a dns forwarding server +dns://53 +# global remote dns server (you can specify different dns server in rule file) +dnsserver=8.8.8.8:53 + +# Create and mange ipset on linux based on destinations in rule files +# - add ip/cidrs in rule files on startup +# - add resolved ips for domains in rule files by dns forwarder server +# Usually used in transparent proxy mode on linux +ipset=glider + +# RULE FILES +rules-dir=rules.d +#rulefile=office.rule +#rulefile=home.rule +``` +See: +- [glider.conf.example](config/glider.conf.example) +- [examples](config/examples) + +## Rule File +Rule file, **same as the config file but specify forwarders based on destinations**: +```bash +# YOU CAN USE ALL KEYS IN THE GLOBAL CONFIG FILE EXCEPT "listen", "rulefile" +forward=socks5://192.168.1.10:1080 +forward=ss://method:pass@1.1.1.1:8443 +forward=http://192.168.2.1:8080,socks5://192.168.2.2:1080 +strategy=rr +checkwebsite=www.apple.com +checkduration=30 + +# DNS SERVER for domains in this rule file +dnsserver=208.67.222.222:53 + +# YOU CAN SPECIFY DESTINATIONS TO USE THE ABOVE FORWARDERS +# matches abc.com and *.abc.com +domain=abc.com + +# matches 1.1.1.1 +ip=1.1.1.1 + +# matches 192.168.100.0/24 +cidr=192.168.100.0/24 + +# we can include a list file with only destinations settings +include=office.list.example + +``` +See: +- [office.rule.example](rules.d/office.rule.example) +- [examples](examples) diff --git a/config/examples/9.transparent_proxy_without_dnsmasq/README.md b/config/examples/9.transparent_proxy_without_dnsmasq/README.md index a0a2a98..64a821d 100644 --- a/config/examples/9.transparent_proxy_without_dnsmasq/README.md +++ b/config/examples/9.transparent_proxy_without_dnsmasq/README.md @@ -1,8 +1,9 @@ ## 9. Transparent Proxy without dnsmasq -### Glider Roles: -In this mode, glider will act as the following roles: +PC Client -> Gateway with glider running(linux box) -> Upstream Forwarders -> Internet + +#### In this mode, glider will act as the following roles: 1. A transparent proxy server 2. A dns forwarding server 3. A ipset manager @@ -75,14 +76,14 @@ use the linux server'ip as your dns server #### When client requesting to access http://example1.com(in office.rule), the whole process: - dns resolving: - 1. client send a udp dns request to linux server, and the glider will receive the request(as it listen on default dns port :53) + 1. client sends a udp dns request to linux server, and glider will receive the request(as it listen on default dns port :53) 2. upstream dns server choice: glider will lookup it's rule config and find out the dns server to use for this domain(matched "example1.com" in office.rule, so 208.67.222.222:53 will be choosen) 3. glider uses the forwarder in office.rule to ask 208.67.222.222:53 for the resolve answers 4. glider updates it's office rule config, add the resolved ip address to it 5. glider adds the resolved ip into ipset "glider", and return the dns answer to client -- access the destination: - 1. client send http request to the resolved ip of example1.com - 2. as the default gateway, linux server will get the request +- destination accessing: + 1. client sends http request to the resolved ip of example1.com + 2. linux gateway server will get the request 3. iptabes matches the ip in ipset "glider" and redirect this request to :1081(glider) - 4. glider will now get the request and find the ip in the office rule, and then choose the forwarder in office.rule to complete the request + 4. glider finds the ip in office rule, and then choose a forwarder in office.rule to complete the request