-
Notifications
You must be signed in to change notification settings - Fork 560
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Idea: implement an obfs plugin for Apache and/or nginx #32
Comments
Yes, it's possible. Actually we can reuse any of the following tunnels, fork them as a SIP003 plugin: |
BTW, simple-obfs is unable to work with apache/nginx, which is just a header obfuscation tool. |
What I meant is something like this but as a plug in: https://github.com/shadowsocks/shadowsocks-dotcloud So that the server looks like a normal website and can tunnel shadowsocks traffic at the same time. |
Hmm actually we can add a configuration to server options: failover=(IP or hostname)[:(port)] Default port is 80 or 443 correspondingly. If an invalid request is received, obfs-server just simply forward raw request to failover server. Now if I want to make my website work, I can make it listen on (for example) 8080 and let obfs-server listen on 80 and set failover=localhost:8080. Maybe we can also add an "obfs-path" option to both local and server? |
OK, so it works like HAProxy. I think it's doable and we can implement in obfs-server easily. It will forward any request not to
|
@madeye Then only for HTTP? |
In addition, if we implement a websocket SIP003 plugin, we can run shadowsocks behind Apache/Nginx, even a CDN. Both of these two approaches would work. |
@Mygod Not elegant, but acceptable. What about a pull request? 😄 |
Let's take the forwarding approach since the web server can be written in a wide variety of languages... |
Actually that's just to prevent conflict (what if there's also a web socket server running at |
Please try ec9b0c1. |
Tested with HTTP. Works perfectly. Thanks! |
Wait. What about the |
Hmm on second thought it's not really important... (but nice to have) |
Wait. I just realized I accidentally configured obfs-server use tls while it should use http for 80. I did another test, it seems: (port 80)
HTTP with failover disabled: Instant Segmentation fault. |
Please try d3c9b8c. |
Failover is working now but the connection is only working when failover is disabled. |
Fully working now! Thanks. |
Just tried connecting behind CloudFlare. Doesn't work. (woulda been amazing if it had worked) I connected to a wrong domain name, I get log output like:
Then I realized that I need to use correct domain name, then there was no traffic. |
Also according to CloudFlare, WebSockets should work: https://support.cloudflare.com/hc/en-us/articles/200169466-Can-I-use-CloudFlare-with-WebSockets- |
Unfortunately, it's expected. And that's why I suggest to implement other plugins in the first comment. |
Hmmm okay... I will try them some day when I feel like it. |
@Mygod nginx在8443端口配置好ssl 并且obfs的failover=127.0.0.1:8443 |
@madeye I haven't tested TLS mode thoroughly so this may be a bug. |
Okay! 😅 |
I tried shadowsocks over WebSocket tunnel with CloudFlare Free CDN, using nginx as reverse proxy on a web server. It works, and largely improves download speed. |
@zeptoTantalum I am trying to run obs-server with failover to my nginx web server running on port 443. I am using the json config to configure my ss-libev-server (running on port 8530) with simple-obfs. My config looks like this:
I would like to confirm if I am doing it right? Thanks |
I have a server running an Apache front-end. It would be great if this cam be integrated into Apache and/or nginx.
The text was updated successfully, but these errors were encountered: