学点木匠活
这是一个 HTTP / HTTP over TLS 代理服务器,支持:
-
提供 HTTP 代理和 HTTP over TLS 代理,并兼容 HTTP Forward
-
将请求的特定域重定向到指定的IP地址或经 DNS over TLS 或 DNS over UDP 查询得到的地址
-
对特定域抹除或修改TLS SNI字段
-
为不同的域指定不同的出站代理服务器
-
支持 DNS over TLS 实现加密的DNS查询,传统DNS (DNS over UDP) 方式也同样支持。也可以直接为域名指定IP地址。
-
入站支持 HTTP 代理和 HTTP over TLS 代理。出站可以不经代理协议直接发送,也支持转发至外部 HTTP 代理或 HTTP over TLS 代理服务器。
-
可改写或移除 TLS 包的 SNI 字段。
-
为不同的域指定不同的SNI改写、DNS查询服务器或出站方式。
-
纯异步实现网络数据传输。
It's a HTTP / HTTP over TLS proxy server, which supports:
- HTTP proxy and HTTP over TLS proxy
- Redirect the request to specific domains to the given IP address or address queried from DNS over TLS or DNS over UDP server.
- Remove or modify the TLS SNI field for specific domains.
- Assign different outbound proxy servers for specific domains.
- Equip your mechine with Rust toolchain.
- Check the config file
config/core.toml
. Especially make sure theopenssl_path
field has pointed to a valid OpenSSL executable. - Run
cargo run --release
. - Set your application or OS to use this HTTP proxy.
[env]
openssl_path = "openssl" # The path to OpenSSL binary (ensure added to PATH if using "openssl" directly)
[inbound.normal] # Start a proxy server named "normal"
enable = true # enable
listen = "http://0.0.0.0:7890" # it's a HTTP proxy server with listen address and port
# ... only HTTP(http) or HTTP over TLS(https) protocol supported
[inbound.secure] # Start a proxy server named "normal"
enable = true # enable
listen = "https://0.0.0.0:7899" # it's a HTTP over TLS proxy server with listen address and port
hostname = "localhost" # TLS certification require hostname
[outbound.fanq] # An outbound proxy destination named "fanq"
enable = true #
origin = "https://127.0.0.1:7898" # proxy server protocol (only http/https) and address
[log]
log_level = 5 # Log level: 5(debug), 4(info), 3(warn), 2(error), 1(panic)
[dns] # DNS querier
cache-expiration = 7200 # query result caching expiration (in seconds)
load-local-host-file = true # whether to load HOST file into query result cache
[dns-server] # DNS server protocol and address
normal = "udp://223.5.5.5" # DNS over UDP server, named "normal"
secure = "tls://101.101.101.101" # DNS over TLS server, named "secure"
Format: One rule pre line.
hostname +action option
Hostname supports hostname matcher rule, see below.
Supported querier actions and options:
+dns secure
Query the current hostname via the given DNS server with name "secure". The DNS server name is assigned incore.toml
.+to target
Redirect to the given target (specific hostname or IP address), then act further query if needed.
Example:
github.com +dns secure
..wikipedia.org +to 91.198.174.192
*.wiki*.org +to wikipedia.org
Format: One rule pre line.
hostname:port +transformer options
Supported transformer and options:
+direct
Do not modify tunnel data.+sni
Modify or remove TLS SNI data.- modify SNI:
+sni hello.com
- remove SNI:
+sni _
- use orginal SNI:
+sni *
- modify SNI:
Example:
*:443 +direct
..steamcommunity.com:443 +sni _
Format: One rule pre line.
hostname:port +action options
Supported outbound proxy action:
+direct
connect directly, no more proxy+server fanq
connect via the given proxy server named "fanq"
Example:
*:0 +direct
*.baidu.com:0 +server fanq
Hostname:
wikipedia.org
match exactly hostnamewikipedia.org
but no sub-domain*.wikipedia.org
match sub-domains ofwikipedia.org
, such asupload.wikipedia.org
, but excludeswikipedia.org
itself...wikipedia.org
match this domain itself and its sub-domains.
Port:
0
: any ports.- other number: the corresponding port number.
Comments:
- Any contents following hash symbol
#
is viewed as comments.