Skip to content

Latest commit

 

History

History
218 lines (159 loc) · 4.8 KB

README.md

File metadata and controls

218 lines (159 loc) · 4.8 KB
Raw

g3proxy

The g3proxy is an enterprise level forward proxy, but still with basic support for tcp streaming / tls streaming / transparent proxy / reverse proxy.

User Guide

中文版

Features

Server

  • General

    • Ingress network filter / Target Host filter / Target Port filter
    • Socket Speed Limit / Request Rate Limit / IDLE Check
    • Protocol Inspection / TLS Interception / ICAP Adaptation (experimental)
    • Various TCP / UDP socket config options
    • Rustls TLS Server (default) / Openssl TLS Server
    • Openssl TLS Client
    • 国密《GB/T 38636-2020》(TLCP) client / server (require feature vendored-tongsuo)

  • Forward Proxy

    • Http(s) Proxy

      • TLS / mTLS
      • Http Forward / Https Forward / Http CONNECT / Ftp over HTTP
      • Basic User Authentication
      • Port Hiding

    • Socks Proxy

      • Socks4 Tcp Connect / Socks5 Tcp Connect / Socks5 UDP Associate
      • User Authentication
      • Client side UDP IP Binding / IP Map / Ranged Port

  • Transparent Proxy

    • SNI Proxy

      • Multiple Protocol: TLS SNI extension / HTTP Host Header
      • Host Redirection / Host ACL

  • Reverse Proxy

    • Http(s) Reverse Proxy

      • TLS / mTLS
      • Basic User Authentication
      • Port Hiding
      • Host based Routing

  • Streaming

    • TCP Stream

      • Upstream TLS / mTLS
      • Load Balance: RR / Random / Rendezvous / Jump Hash

    • TLS Stream

      • mTLS
      • Upstream TLS / mTLS
      • Load Balance: RR / Random / Rendezvous / Jump Hash

  • Alias Port

    • Plain TCP Port
      • PROXY Protocol
    • Plain TLS Port
      • PROXY Protocol
      • mTLS
      • based on Rustls
    • Native TLS Port
      • PROXY Protocol
      • mTLS
      • based on OpenSSL
    • Intelli Proxy
      • Multiple protocol: Http Proxy / Socks Proxy
      • PROXY Protocol

Escaper

  • General

    • Happy Eyeballs
    • Socket Speed Limit
    • Various TCP / UDP socket config options
    • IP Bind

  • Direct Connect

    • Fixed

      • TCP Connect / TLS Connect / HTTP(s) Forward / UDP Associate
      • Egress network filter
      • Resolve redirection
      • Index based Egress Path Selection

    • Float

      • TCP Connect / TLS Connect / HTTP(s) Forward / UDP Associate
      • Egress network filter
      • Resolve redirection
      • Dynamic IP Bind
      • Json based Egress Path Selection

  • Proxy Chaining

    • Http Proxy

      • TCP Connect / TLS Connect / HTTP(s) Forward
      • PROXY Protocol
      • Load Balance: RR / Random / Rendezvous / Jump Hash
      • Basic User Authentication

    • Https Proxy

      • TCP Connect / TLS Connect / HTTP(s) Forward
      • PROXY Protocol
      • Load Balance: RR / Random / Rendezvous / Jump Hash
      • Basic User Authentication
      • mTLS

    • Socks5 Proxy

      • TCP Connect / TLS Connect / HTTP(s) Forward / UDP Associate
      • Load Balance: RR / Random / Rendezvous / Jump Hash
      • Basic User Authentication

    • Float

      • Dynamic Proxy: Http Proxy / Https Proxy / Socks5 Proxy
      • Json based Egress Path Selection

Router

  • route-client - based on client addresses
    • exact ip match
    • subnet match
  • route-mapping - based on user supplied rules in requests
    • Index based Egress Path Selection
  • route-query - based on queries to external agent
  • route-resolved - based on resolved IP of target host
  • route-geoip - based on GeoIP rules if the resolved IP
  • route-select - simple load balancer
    • RR / Random / Rendezvous / Jump Hash
    • Json based Egress Path Selection
  • route-upstream - based on original target host
    • exact ip match
    • exact domain match
    • wildcard domain match
    • subnet match
    • regex domain match
  • route-failover - failover between primary and standby escaper

Resolver

  • c-ares
    • UDP
    • TCP
  • hickory
    • UDP / TCP
    • DNS over TLS
    • DNS over HTTPS
    • DNS over HTTP/3
    • DNS over QUIC
  • fail-over

Auth

  • User Authentication and Authorization

    • ACL: Proxy Request / Target Host / Target Port / User Agent
    • Socket Speed Limit / Request Rate Limit / Request Alive Limit / IDLE Check
    • Auto Expire / Block
    • Anonymous user
    • Json based Egress Path Selection
    • Explicit Site Config
      • match by exact ip / exact domain / wildcard domain / subnet
      • request / client traffic / remote traffic metrics
      • task duration histogram metrics

Audit

  • TCP Protocol Inspection
  • TLS Interception
  • TLS Stream Dump
  • Http / H2 Interception
  • ICAP Adaptation & Sampling

Logging

  • Log Types
    • Server: task log
    • Escaper: escape error log
    • Resolver: resolve error log
    • Audit: inspect & intercept log
  • Backend: journald / syslog / fluentd

Metrics

  • Metrics Types
    • Server level metrics
    • Escaper level metrics
    • User level metrics
    • User-Site level metrics
  • Protocol: StatsD

Documents

The detailed docs are resided in the doc directory.

Examples

You can find example config in the examples directory.