Idea: implement an obfs plugin for Apache and/or nginx #32
Comments
|
Yes, it's possible. Actually we can reuse any of the following tunnels, fork them as a SIP003 plugin: |
|
BTW, simple-obfs is unable to work with apache/nginx, which is just a header obfuscation tool. |
|
What I meant is something like this but as a plug in: https://github.com/shadowsocks/shadowsocks-dotcloud So that the server looks like a normal website and can tunnel shadowsocks traffic at the same time. |
|
Hmm actually we can add a configuration to server options: failover=(IP or hostname)[:(port)] Default port is 80 or 443 correspondingly. If an invalid request is received, obfs-server just simply forward raw request to failover server. Now if I want to make my website work, I can make it listen on (for example) 8080 and let obfs-server listen on 80 and set failover=localhost:8080. Maybe we can also add an "obfs-path" option to both local and server? |
|
OK, so it works like HAProxy. I think it's doable and we can implement in obfs-server easily. It will forward any request not to
|
|
@madeye Then only for HTTP? |
|
In addition, if we implement a websocket SIP003 plugin, we can run shadowsocks behind Apache/Nginx, even a CDN. Both of these two approaches would work. |
|
@Mygod Not elegant, but acceptable. What about a pull request? 😄 |
|
Let's take the forwarding approach since the web server can be written in a wide variety of languages... |
|
Actually that's just to prevent conflict (what if there's also a web socket server running at |
|
Please try ec9b0c1. |
|
Tested with HTTP. Works perfectly. Thanks! |
|
Wait. What about the |
|
Hmm on second thought it's not really important... (but nice to have) |
|
Wait. I just realized I accidentally configured obfs-server use tls while it should use http for 80. I did another test, it seems: (port 80)
HTTP with failover disabled: Instant Segmentation fault. |
|
Please try d3c9b8c. |
|
Failover is working now but the connection is only working when failover is disabled. |
|
Fully working now! Thanks. |
|
Just tried connecting behind CloudFlare. Doesn't work. (woulda been amazing if it had worked) I connected to a wrong domain name, I get log output like: Then I realized that I need to use correct domain name, then there was no traffic. |
|
Also according to CloudFlare, WebSockets should work: https://support.cloudflare.com/hc/en-us/articles/200169466-Can-I-use-CloudFlare-with-WebSockets- |
|
Unfortunately, it's expected. And that's why I suggest to implement other plugins in the first comment. |
|
Hmmm okay... I will try them some day when I feel like it. |
|
@Mygod nginx在8443端口配置好ssl 并且obfs的failover=127.0.0.1:8443 |
|
@madeye I haven't tested TLS mode thoroughly so this may be a bug. |
|
Okay! 😅 |
|
I tried shadowsocks over WebSocket tunnel with CloudFlare Free CDN, using nginx as reverse proxy on a web server. It works, and largely improves download speed. |
|
@zeptoTantalum I am trying to run obs-server with failover to my nginx web server running on port 443. I am using the json config to configure my ss-libev-server (running on port 8530) with simple-obfs. My config looks like this:
I would like to confirm if I am doing it right? Thanks |
I have a server running an Apache front-end. It would be great if this cam be integrated into Apache and/or nginx.
The text was updated successfully, but these errors were encountered: