The author of this project found that a large number of developers based on the project for secondary development or using a large number of core code of the project without complying with the GPLv3 agreement, which seriously violates the original intention of using the GPLv3 open source agreement in this project. In view of this situation, the project adopts the source. The code delays the release strategy, to a certain extent, to curb these behaviors that do not respect open source and do not respect the labor results of others.
This project will continue to update the iterations, and continue to release the full platform binary program, providing you with powerful and convenient proxy tools.
If you have customized, business needs, please send an email to arraykeys@gmail.com
In order to provide excellent proxy functionality, please be sure to update your proxy within one month of the release of the latest version of the proxy. The official does not guarantee that the availability of the old version will be discontinued at any time after the release of the latest version, and will be discontinued at any time. Older versions will also have prompts when they start. Your use of the Program means that you agree to the update policy.
- chain-style proxy: the program itself can be a primary proxy, and if a parent proxy is set, it can be used as a second level proxy or even a N level proxy.
- Encrypted communication: if the program is not a primary proxy, and the parent proxy is also the program, then it can communicate with the parent proxy by encryption. The TLS encryption is high-intensity encryption, and it is safe and featureless.
- Intelligent HTTP, SOCKS5 proxy: the program will automatically determine whether the site which it access is blocked, if the site is blocked, the program will use parent proxy (the premise is you set up a parent proxy) to access the site. If the site isn't blocked, in order to speed up the access, the program will directly access the site and don't use parent proxy.
- The black-and-white list of domain: It is very flexible to control the way which you visite site.
- Cross platform: no mater what the os (such as Linux, windows, and even Raspberry Pi) you use, you always can use proxy well.
- Multi protocol support: the program support HTTP (S), TCP, UDP, Websocket, SOCKS5 proxy.
- The TCP/UDP port forwarding is supported.
- Nat forwarding in different network is supported: the program support TCP protocol and UDP protocol.
- SSH forwarding: HTTP (S), SOCKS5 proxy support SSH transfer, parent Linux server does not need any server, a local proxy can be happy to access the Internet.
- KCP protocol is supported: HTTP (S), SOCKS5 proxy supports the KCP protocol which can transmit data, reduce latency, and improve the browsing experience.
- The integrated external API, HTTP (S): SOCKS5 proxy authentication can be integrated with the external HTTP API, which can easily control the user's access through the external system.
- Reverse proxy: goproxy supports directly parsing the domain to proxy monitor IP, and then proxy will help you to access the HTTP (S) site that you need to access.
- Transparent proxy: with the iptables, goproxy can directly forward the 80 and 443 port's traffic to proxy in the gateway, and can realize the unaware intelligent router proxy.
- Protocol conversion: The existing HTTP (S) or SOCKS5 or ss proxy can be converted to a proxy which support HTTP (S), SOCKS5 and ss by one port, if the converted SOCKS5 and ss proxy's parent proxy is SOCKS5, which can support the UDP function.Also support powerful cascading authentication.
- Custom underlying encrypted transmission, HTTP(s)\sps\socks proxy can encrypt TCP data through TLS standard encryption and KCP protocol encryption. In addition, it also supports custom encryption after TLS and KCP. That is to say, custom encryption and tls|kcp can be used together. The internal uses AES256 encryption, and it only needs to define one password by yourself when is used.
- Low level compression and efficient transmission,The HTTP(s)\sps\socks proxy can encrypt TCP data through a custom encryption and TLS standard encryption and KCP protocol encryption, and can also compress the data after encryption. That is to say, the compression and custom encryption and tls|kcp can be used together.
- The secure DNS proxy, Through the DNS proxy provided by the local proxy, you can encrypted communicate with the father proxy to realize the DNS query of security and pollution prevention.
- Load balance,High availability,HTTP(S)\SOCKS5\SPS proxy support Superior load balance and high availability. Multiple superiors repeat -P parameters.
- Designated exporting IP,HTTP(S)\SOCKS5\SPS proxy supports the client to connect with the entry IP,Using the entry IP as the exporting IP to visit the target website。If the entry IP is the intranet IP,Exporting IP will not use entry IP
- Support speed limit. HTTP (S) \SOCKS5\SPS proxy supports speed limit.
- SOCKS5 proxy supports cascade authentication.
- Certificate parameters use base64 data. By default, the - C, - K parameters are the path of the CRT certificate and key file. If “base64://” begins, the subsequent data is thought to be Base64 encoded which will be decoded and used.
- Because for some reason, we cannot access our services elsewhere. We can build a secure tunnel to access our services through multiple connected proxy nodes.
- WeChat interface is developed locally, which is convenient to debug.
- Remote access to intranet machines.
- Play with partners in a LAN game.
- something used to be played only in the LAN, now it can be played anywhere.
- Instead of 剑内网通,显IP内网通,花生壳,frp and so on.
- ...
The manual on this page applies to the latest version of goproxy. Other versions may not be applicable. Please use the help command according to your own instructions.
Click to join the proxy group of gitter Click to join the proxy group of telegram
- Environmental Science
- Use configuration file
- Debug output
- Using log files
- Daemon mode
- Monitor mode
- Generating a communication certificate file
- Safety advice
- Load balance and high available
- Jump through proxy server
- Stop domains
- 1.HTTP proxy
- 1.1 Common HTTP proxy
- 1.2 Common HTTP second level proxy
- 1.3 HTTP second level proxy(encrypted)
- 1.4 HTTP third level proxy(encrypted)
- 1.5 Basic Authentication
- 1.6 HTTP proxy traffic force to go to parent http proxy
- 1.7 Transfer through SSH
- 1.8 KCP protocol transmission
- 1.9 HTTP(S) reverse proxy
- 1.10 HTTP(S) transparent proxy
- 1.11 Custom DNS
- 1.12 Custom encryption
- 1.13 Compressed transmission
- 1.14 load balance
- 1.15 speed limit
- 1.16 Designated exporting IP
- 1.17 Certificate parameters using Base64 data
- 1.18 Intelligent mode
- 1.19 View help
- 2.TCP proxy
- 3.UDP proxy
- 4.Nat forward
- 5.SOCKS5 proxy
- 5.1 Common SOCKS5 proxy
- 5.2 Common SOCKS5 second level proxy
- 5.3 SOCKS5 second level proxy(encrypted)
- 5.4 SOCKS third level proxy(encrypted)
- 5.5 SOCKS proxy traffic force to go to parent socks proxy
- 5.6 Transfer through SSH
- 5.7 Authentication
- 5.8 KCP protocol transmission
- 5.9 Custom DNS
- 5.10 Custom encryption
- 5.11 Compressed transmission
- 5.12 load balance
- 5.13 speed limit
- 5.14 Designated exporting IP
- 5.15 Cascade authentication
- 5.16 Certificate parameters using Base64 data
- 5.17 Intelligent mode
- 5.18 View help
- 6.Proxy protocol conversion
- 6.1 Functional introduction
- 6.2 HTTP(S) to HTTP(S) + SOCKS5
- 6.3 SOCKS5 to HTTP(S) + SOCKS5
- 6.4 SS to HTTP(S)+SOCKS5+SS
- 6.5 Chain style connection
- 6.6 Listening on multiple ports
- 6.7 Authentication
- 6.8 Custom encryption
- 6.9 Compressed transmission
- 6.10 Disable-protocol
- 6.11 speed limit
- 6.12 Designated exporting IP
- 6.13 Certificate parameters using Base64 data
- 6.14 Independent service
- 6.15 View Help
- 7.KCP Configuration
- 8.DNS anti pollution server
tips:all operations require root permissions.
0. If your VPS is linux64, you can complete the automatic installation and configuration by the following sentence.
curl -L https://raw.githubusercontent.com/snail007/goproxy/master/install_auto.sh | bash The installation is completed, the configuration directory is /etc/proxy, For more detailed usage, please refer to the manual above to further understand the functions you want to use.
If the installation fails or your VPS is not a linux64 system, please follow the semi-automatic step below:
Download address: https://github.com/snail007/goproxy/releases
cd /root/proxy/
wget https://github.com/snail007/goproxy/releases/download/v6.0/proxy-linux-amd64.tar.gz
cd /root/proxy/
wget https://raw.githubusercontent.com/snail007/goproxy/master/install.sh
chmod +x install.sh
./install.sh The following tutorial defaults system is Linux, the program is proxy and all operations require root permissions.
If the system are windows, please use proxy.exe.
The following tutorial is to introduce the useage by the command line parameters, or by reading the configuration file to get the parameters.
The specific format is to specify a configuration file by the @ symbol, for example, ./proxy @configfile.txt.
configfile.txt's format: The first line is the subcommand name, and the second line begins a new line: the long format of the parameter = the parameter value, there is no space and double quotes before and after.
The long format of the parameter's beginning is --, the short format of the parameter's beginning is -. If you don't know which short form corresponds to the long format, please look at the help command.
For example, the contents of configfile.txt are as follows:
http
--local-type=tcp
--local=:33080By default, the log output information does not contain the number of file lines. In some cases, in order to eliminate and positione the program problem, You can use the --debug parameter to output the number of lines of code and the wrong time.
By default, the log is displayed directly on the console, and if you want to save it to the file, you can use the --log parameter.
for example, --log proxy.log, The log will be exported to proxy.log file which is easy to troubleshoot.
HTTP, TCP, UDP proxy process will communicate with parent proxy. In order to secure, we use encrypted communication. Of course, we can choose not to encrypted communication. All communication with parent proxy in this tutorial is encrypted, requiring certificate files.
1.Generate signed certificates and key files through the following commands.
./proxy keygen -C proxy
The certificate file proxy.crt and key file proxy.key will be generated under the current directory.
2.Through the following commands, use the signed certificate proxy.crt and key file proxy.key to issue new certificates: goproxy.crt and goproxy.key.
./proxy keygen -s -C proxy -c goproxy
The certificate file goproxy.crt and key file goproxy.key will be generated under the current program directory.
3.By default, the domain name in the certificate is a random domain and can be specified using the -n test.com parameter.
4.More usage:proxy keygen --help。
After the default execution of proxy, if you want to keep proxy running, you can't close the command line.
If you want to run proxy in the daemon mode, the command line can be shut down, just add the --daemon parameter at the end of the command.
for example: ./proxy http -t tcp -p "0.0.0.0:38080" --daemon
Monitor mode parameter --forever, for example: proxy http --forever,
Proxy will fork subprocess, then monitor the child process, if the subprocess exits, restarts the subprocess after 5 seconds.
This parameter, with the parameter --daemon and the log parameter --log, can guarantee that the proxy has been ran in the background and not exited accidentally.
And you can see the output log of proxy through the log file.
for example: proxy http -p ":9090" --forever --log proxy.log --daemon
When vps is behind the NAT, the network card IP on VPS is an internal network IP, and then you can add the VPS's external network IP to prevent the dead cycle by -g parameter.
Assuming that your VPS outer external network IP is 23.23.23.23, the following command sets the 23.23.23.23 through the -g parameter.
./proxy http -g "23.23.23.23"
HTTP(S)\SOCKS5\SPS proxy support Superior load balance and high availability. Multiple superiors repeat -P parameters.
Load balancing have 5 kinds of policy, It can be specified by the --lb-method parameter.:
roundrobin take turns
leastconn Using minimum connection number
leasttime Use minimum connection time
hash Use the client address to calculate a fixed superior
weight According to the weight and connection number of each superior, choose a superior
Tips:
The load balance check interval can be set by --lb-retrytime, unit milliseconds.
Load balancing connection timeout can be set by --lb-timeout, unit milliseconds.
If the load balance policy is weighted (weight), the -P format is: 2.2.2.2:3880@1,1 is the weight which is greater than 0.
If the load balance strategy is hash, the default is to select the parent based on the client address, and the parent can be selected by switching `- lb-hashtarget', using the access destination address.
http(s),sps, intranet penetration, tcp functions support the connection of superiors through intermediate third-party proxy server. The parameters are: --jumper, all the formats are as follows:
http://username:password@host:port
http://host:port
https://username:password@host:port
https://host:port
socks5://username:password@host:port
socks5://host:port
socks5s://username:password@host:port
socks5s://host:port
ss://method:password@host:port
http,socks5 represents the normal http and socks5 proxy. https,socks5s represents the http and socks5 proxy protected by tls. That is http proxy over TLS, socks over TLS.
The socks/http(s)/sps proxy supports domain name blacklists. Use the --stop parameter to specify a domain name list file. When the user connects these domains in the file, the connection will be disconnected.
The format of the blacklist domain name file is as follows:
**.baidu.com
*.taobao.com
a.com
192.168.1.1
192.168.*.*
?.qq.com
Description:
1.One domain name per line, domain name writing supports wildcards * and ?, * represents any number of characters, ? represents an arbitrary character.
2.**.baidu.com matches no matter how many levels all suffixes are .baidu.com domain name.
3.*.taobao.com The matching suffix is the third-level domain name of .taobao.com.
4. Can also be directly an IP address.
5.# at the beginning of the comment.
./proxy http -t tcp -p "0.0.0.0:38080"
Using local port 8090, assume the parent HTTP proxy is: 22.22.22.22:8080
./proxy http -t tcp -p "0.0.0.0:8090" -T tcp -P "22.22.22.22:8080"
The connection pool is closed by default. If you want to speed up access speed, -L can open the connection pool, the 10 is the size of the connection pool, and the 0 is closed.
It is not good to stability of connection pool when the network is not good.
./proxy http -t tcp -p "0.0.0.0:8090" -T tcp -P "22.22.22.22:8080" -L 10
We can also specify the black and white list files of the domain name, one line for one domain name. The matching rule is the most right-hand matching, for example, baidu.com, which matches ..baidu.com. The domain name of the blacklist is directly headed by the parent proxy, and the domain name of the white list does not go to the parent proxy.
./proxy http -p "0.0.0.0:8090" -T tcp -P "22.22.22.22:8080" -b blocked.txt -d direct.txt
HTTP first level proxy(VPS,IP:22.22.22.22)
./proxy http -t tls -p ":38080" -C proxy.crt -K proxy.key
HTTP second level proxy(local Linux)
./proxy http -t tcp -p ":8080" -T tls -P "22.22.22.22:38080" -C proxy.crt -K proxy.key
accessing the local 8080 port is accessing the proxy port 38080 above VPS.
HTTP second level proxy(local windows)
./proxy.exe http -t tcp -p ":8080" -T tls -P "22.22.22.22:38080" -C proxy.crt -K proxy.key
In your windows system, the mode of the program that needs to surf the Internet by proxy is setted up as HTTP mode, the address is 127.0.0.1, the port is: 8080, the program can go through the encrypted channel through VPS to surf on the internet.
HTTP first level proxy VPS_01,IP:22.22.22.22
./proxy http -t tls -p ":38080" -C proxy.crt -K proxy.key
HTTP second level proxy VPS_02,IP:33.33.33.33
./proxy http -t tls -p ":28080" -T tls -P "22.22.22.22:38080" -C proxy.crt -K proxy.key
HTTP third level proxy(local)
./proxy http -t tcp -p ":8080" -T tls -P "33.33.33.33:28080" -C proxy.crt -K proxy.key
Then access to the local 8080 port is access to the HTTP first level proxy which port is 38080.
We can do Basic authentication for the HTTP proxy, The authenticated username and password can be specified at the command line.
./proxy http -t tcp -p ":33080" -a "user1:pass1" -a "user2:pass2"
If you need multiple users, repeat the -a parameters.
You can also be placed in a file, which is a line, a ‘username: password’, and then specified in -F.
./proxy http -t tcp -p ":33080" -F auth-file.txt
In addition, the HTTP (s) proxy also integrates external HTTP API authentication, and we can specify a HTTP URL interface address by the --auth-url parameter.
When somebody connect the proxy, which will request this URL by GET way, with the following four parameters, and if the HTTP state code 204 is returned, the authentication is successful.
In other cases, authentication failed.
for example:
./proxy http -t tcp -p ":33080" --auth-url "http://test.com/auth.php"
When the user connecte the proxy, which will request this URL by GET way("http://test.com/auth.php"),
with user, pass, IP, and target four parameters:
http://test.com/auth.php?user={USER}&pass={PASS}&ip={IP}&target={TARGET}
user:username
pass:password
ip:user's IP,for example: 192.168.1.200
target:URL user connect to, for example: http://demo.com:80/1.html or https://www.baidu.com:80
If there is no -a or -F or --auth-url parameters, Basic authentication is closed.
By default, proxy will intelligently judge whether a domain name can be accessed. If it cannot be accessed, it will access to parent HTTP proxy.
Through --always, all HTTP proxy traffic can be coercion to the parent HTTP proxy.
./proxy http --always -t tls -p ":28080" -T tls -P "22.22.22.22:38080" -C proxy.crt -K proxy.key
Explanation: the principle of SSH transfer is to take advantage of SSH's forwarding function, which is, after you connect to SSH, you can access to the target address through the SSH proxy.
Suppose there is a vps
- IP is 2.2.2.2, ssh port is 22, ssh username is user, ssh password is demo
- The SSH private key of the user is user.key
Local HTTP (S) proxy use 28080 port,excute:
./proxy http -T ssh -P "2.2.2.2:22" -u user -A demo -t tcp -p ":28080"
Local HTTP (S) proxy use 28080 port,excute:
./proxy http -T ssh -P "2.2.2.2:22" -u user -S user.key -t tcp -p ":28080"
The KCP protocol requires a --kcp-key parameter to set a password which can encrypt and decrypt data.
Http first level proxy(VPS,IP:22.22.22.22)
./proxy http -t kcp -p ":38080" --kcp-key mypassword
Http second level proxy(os is Linux)
./proxy http -t tcp -p ":8080" -T kcp -P "22.22.22.22:38080" --kcp-key mypassword
Then access to the local 8080 port is access to the proxy's port 38080 on the VPS, and the data is transmitted through the KCP protocol.
Proxy supports not only set up a proxy through in other software, to provide services for other software, but support the request directly to the website domain to proxy monitor IP when proxy monitors 80 and 443 ports, then proxy will automatically access to the HTTP proxy access website for you.
How to use:
On the last level proxy computer, because proxy is disguised as all websites and the default port of HTTP is 80, HTTPS is 443, the proxy listens to 80 and 443 port. Parameters -p multiple addresses are separated by commas.
./proxy http -t tcp -p :80,:443
This command starts a proxy on the computer, and listens to 80 and 443 ports. It can be used as a common proxy and it can directly resolve the domain that needs proxy to the IP of the computer.
If a parent proxy exist, you can refer to the above tutorial to set up a parent. The way of use is exactly the same.
./proxy http -t tcp -p :80,:443 -T tls -P "2.2.2.2:33080" -C proxy.crt -K proxy.key
Notice:
The result of the DNS parsing of the server in which proxy is located can not affected by a custom parsing, if not, it is dead cycle.
The mode needs a certain network knowledge, if the related concepts don't understand, you must search it by yourself.
Assuming that proxy is now running on the router, the boot command is as follows:
./proxy http -t tcp -p :33080 -T tls -P "2.2.2.2:33090" -C proxy.crt -K proxy.key
Then the iptables rule is added, and the following rule is a reference rule:
#IP of parent proxy:
proxy_server_ip=2.2.2.2
#Proxy that the router runs monitor the port:
proxy_local_port=33080
#The following don't need to be modified
#create a new chain named PROXY
iptables -t nat -N PROXY
# Ignore your PROXY server's addresses
# It's very IMPORTANT, just be careful.
iptables -t nat -A PROXY -d $proxy_server_ip -j RETURN
# Ignore LANs IP address
iptables -t nat -A PROXY -d 0.0.0.0/8 -j RETURN
iptables -t nat -A PROXY -d 10.0.0.0/8 -j RETURN
iptables -t nat -A PROXY -d 127.0.0.0/8 -j RETURN
iptables -t nat -A PROXY -d 169.254.0.0/16 -j RETURN
iptables -t nat -A PROXY -d 172.16.0.0/12 -j RETURN
iptables -t nat -A PROXY -d 192.168.0.0/16 -j RETURN
iptables -t nat -A PROXY -d 224.0.0.0/4 -j RETURN
iptables -t nat -A PROXY -d 240.0.0.0/4 -j RETURN
# Anything to port 80 443 should be redirected to PROXY's local port
iptables -t nat -A PROXY -p tcp --dport 80 -j REDIRECT --to-ports $proxy_local_port
iptables -t nat -A PROXY -p tcp --dport 443 -j REDIRECT --to-ports $proxy_local_port
# Apply the rules to nat client
iptables -t nat -A PREROUTING -p tcp -j PROXY
# Apply the rules to localhost
iptables -t nat -A OUTPUT -p tcp -j PROXY- Clearing the whole chain command is iptables -F chain name, such as iptables -t NAT -F PROXY
- Deleting the specified chain that user defined command is iptables -X chain name, such as iptables -t NAT -X PROXY
- Deleting the rules of the chain command is iptables -D chain name from the selected chain, such as iptables -t nat -D PROXY -d 223.223.192.0/255.255.240.0 -j RETURN
--dns-address and --dns-ttl parameters can be used to specify DNS(--dns-address) when you use proxy to access to a domain.
they also can specify dns result cache time (--dns-ttl) which unit is second. they can avoid the interference of system DNS to proxy. cache can reduce DNS resolution time and increase access speed.
for example:
./proxy http -p ":33080" --dns-address "8.8.8.8:53" --dns-ttl 300
HTTP(s) proxy can encrypt TCP data by TLS standard encryption and KCP protocol encryption, in addition to supporting custom encryption after TLS and KCP, That is to say, custom encryption and tls|kcp can be combined to use. The internal AES256 encryption is used, and it only needs to define one password by yourself. Encryption is divided into two parts, the one is whether the local (-z) is encrypted and decrypted, the other is whether the parents (-Z) is encrypted and decrypted.
Custom encryption requires both ends are proxy. Next, we use two level example and three level example as examples:
two level example
First level VPS (ip:2.2.2.2) execution:
proxy http -t tcp -z demo_password -p :7777
Local second level execution:
proxy http -T tcp -P 2.2.2.2:777 -Z demo_password -t tcp -p :8080
through this way, When you visits the website by local proxy 8080, it visits the target website by encryption transmission with the parents proxy.
three level example
First level VPS (ip:2.2.2.2) execution:
proxy http -t tcp -z demo_password -p :7777
Second level VPS (ip:2.2.2.2) execution:
proxy http -T tcp -P 2.2.2.2:7777 -Z demo_password -t tcp -z other_password -p :8888
Local third level execution:
proxy http -T tcp -P 3.3.3.3:8888 -Z other_password -t tcp -p :8080
through this way, When you visits the website by local proxy 8080, it visits the target website by encryption transmission with the parents proxy.
HTTP(s) proxy can encrypt TCP data through TCP standard encryption and KCP protocol encryption, and can also compress data before custom encryption.
That is to say, compression and custom encryption and tls|kcp can be used together, compression is divided into two parts, the one is whether the local (-z) is compressed transmission, the other is whether the parents (-Z) is compressed transmission.
The compression requires both ends are proxy. Compression also protects the (encryption) data in certain extent. we use two level example and three level example as examples:
two level example
First level VPS (ip:2.2.2.2) execution:
proxy http -t tcp -m -p :7777
Local second level execution:
proxy http -T tcp -P 2.2.2.2:777 -M -t tcp -p :8080
through this way, When you visits the website by local proxy 8080, it visits the target website by compressed transmission with the parents proxy.
three level example
First level VPS (ip:2.2.2.2) execution:
proxy http -t tcp -m -p :7777
Second level VPS (ip:3.3.3.3) execution:
proxy http -T tcp -P 2.2.2.2:7777 -M -t tcp -m -p :8888
Local third level execution:
proxy http -T tcp -P 3.3.3.3:8888 -M -t tcp -p :8080
through this way, When you visits the website by local proxy 8080, it visits the target website by compressed transmission with the parents proxy.
HTTP (S) proxy supports superior load balance, and multiple -P parameters can be repeated by multiple superiors.
proxy http --lb-method=hash -T tcp -P 1.1.1.1:33080 -P 2.1.1.1:33080 -P 3.1.1.1:33080
proxy http --lb-method=leastconn --lb-retrytime 300 --lb-timeout 300 -T tcp -P 1.1.1.1:33080 -P 2.1.1.1:33080 -P 3.1.1.1:33080 -t tcp -p :33080
proxy http --lb-method=weight -T tcp -P 1.1.1.1:33080@1 -P 2.1.1.1:33080@2 -P 3.1.1.1:33080@1 -t tcp -p :33080
proxy http --lb-hashtarget --lb-method=leasttime -T tcp -P 1.1.1.1:33080 -P 2.1.1.1:33080 -P 3.1.1.1:33080 -t tcp -p :33080
The speed limit is 100K, which can be specified through the -l parameter, for example: 100K 2000K 1M . 0 means unlimited.
proxy http -t tcp -p 2.2.2.2:33080 -l 100K
The --bind-listen parameter open the client's ability to access the target site with an entry IP connection, using the entry IP as the exporting IP. If the entry IP is the intranet IP, the exporting IP will not use the entry IP..
proxy http -t tcp -p 2.2.2.2:33080 --bind-listen
By default, the -C and -K parameters are the paths of CRT certificates and key files, If it is the beginning of base64://, then it is considered that the data behind is Base64 encoded and will be used after decoding.
Intelligent mode setting which can be one of intelligent|direct|parent.
default:intelligent.
The meaning of each value is as follows:
--intelligent=direct, Targets that are not in blocked directly connected.
--intelligent=parent, Targets that are not in direct connect to parent proxy.
--intelligent=intelligent, Targets that are not in direct and blocked Neither can intelligently judge on whether to connetc parent proxy.
./proxy help http
Local execution:
./proxy tcp -p ":33080" -T tcp -P "192.168.22.33:22" -L 0
Then access to the local 33080 port is the 22 port of access to 192.168.22.33.
VPS(IP:22.22.22.33) execute:
./proxy tcp -p ":33080" -T tcp -P "127.0.0.1:8080" -L 0
local execution:
./proxy tcp -p ":23080" -T tcp -P "22.22.22.33:33080"
Then access to the local 23080 port is the 8080 port of access to 22.22.22.33.
TCP first level proxy VPS_01,IP:22.22.22.22
./proxy tcp -p ":38080" -T tcp -P "66.66.66.66:8080" -L 0
TCP second level proxy VPS_02,IP:33.33.33.33
./proxy tcp -p ":28080" -T tcp -P "22.22.22.22:38080"
TCP third level proxy (local)
./proxy tcp -p ":8080" -T tcp -P "33.33.33.33:28080"
Then access to the local 8080 port is to access the 8080 port of the 66.66.66.66 by encrypting the TCP tunnel.
VPS(IP:22.22.22.33) execute:
./proxy tcp --tls -p ":33080" -T tcp -P "127.0.0.1:8080" -L 0 -C proxy.crt -K proxy.key
local execution:
./proxy tcp -p ":23080" -T tls -P "22.22.22.33:33080" -C proxy.crt -K proxy.key
Then access to the local 23080 port is to access the 8080 port of the 22.22.22.33 by encrypting the TCP tunnel.