Skip to content

Configuration options

Jump to bottom Edit New page
Joe Hu edited this page Oct 7, 2015 · 7 revisions

Configuration is defined in config.json located in the same directory of nyapass. Items that are missing will be loaded from config.json.example.

Common options

  • log_level: Log level of nyapass, can be one of the levels defined by logging module of Python. Set to INFO or higher to disable request logging.

  • password: Password used for authentication. PBKDF2 with SHA512 is used to derive actual keys used internally.

  • salt: Salt used in PBKDF2.

  • key_interval: How often (in seconds) does nyapass change its internal key for signing requests.

  • pbkdf2_rounds: Number of rounds of PBKDF2.

  • use_custom_dns_resolver: Use dnspython to resolve domains, which should be faster on many systems thanks to internal caching.

  • threadpool_workers: Number of thread pool workers. Thread pool is mainly used by DNS resolver, setting this to a high value can increase number of parallel DNS requests, in expense of memory.

Client options

  • port: Listening port of local HTTP proxy. Set to null to disable HTTP proxy support.

  • socks5_port: Listening port of local Socks5 proxy. Set to null to disable Socks5 proxy support.

  • shadowsocks_port: Listening port of shadowsocks server. This is intended to be used on a server inside China to provide authenticated proxy service. Set to null to disable.

  • listen_host: Listening host of all the local services.

  • server_host: Host of nyapass server. Normally this should be the same as common name or subject alt name of certificate installed on your server, though IP address can be used if self-signed certificate is installed.

  • server_port: Port of nyapass server.

  • divert_banned_requests: Whether the client should directly connect to websites that are banned by server. This is used to implement chnroutes-like functionality.

  • socks5_hijack_http: Normally Socks5/shadowsocks requests are implemented as HTTP CONNECT requests, if this option is true, Socks5/shadowsocks requests to port 80 are handled like going through HTTP proxy (IP address in Socks5 header is ignored), so that a round-trip is saved.

  • shadowsocks_password: Password of shadowsocks server. Set to empty string or null to use the main password.

  • shadowsocks_method: Encryption method of shadowsocks server.

  • ssl_verify: Whether the client should verify certificate of nyapass server.

  • pin_server_cert: Set to true to raise a critical error when certificate of server changes between requests, preventing MITM attack.

  • known_hosts_file: Path to file saving fingerprints of server certificates.

Server options

  • port: Listening port of nyapass server. Should be 443 normally.

  • listen_host: Listening address of nyapass server.

  • masq_host: Host of the website that will be presented to unauthenticated clients.

  • masq_port: Port of the website that will be presented to unauthenticated clients.

  • masq_strip_cookies: Whether to strip all cookies coming from masq_host.

  • standalone_mode: If set to false, requests will be forwarded to another HTTP proxy (specified by forwarder_host and forwarder_port). If set to true, nyapass server will forward requests itself.

  • forwarder_host: Host of forwarding HTTP proxy. Ignored if standalone_mode if true.

  • forwarder_port: Port of forwarding HTTP proxy. Ignored if standalone_mode if true.

  • banned_network_list: Path to a file listing all IP networks that will be refused by nyapass server. Use chnetworks-build.py to build this file with all Chinese IP networks.

  • banned_domains: List of domain suffixes that will be refused by nyapass server. (Some Chinese websites offer CDN outside China, so their IP will not be inside China and has to be listed in here.)

  • tls_cert: Path to certificate used by nyapass server.

  • tls_key: Path to private key file used by nyapass server.

  • tls_ciphers: TLS cipher list (in OpenSSL format) that nyapass server uses.

Add a custom footer
Add a custom sidebar
Clone this wiki locally