NaïveProxy

提供: ArchWiki
2023年8月27日 (日) 16:36時点におけるKusanaginoturugi (トーク | 投稿記録)による版 (英語版より転載)
(差分) ← 古い版 | 最新版 (差分) | 新しい版 → (差分)
ナビゲーションに移動 検索に移動

関連記事

NaïveProxy is a cross-platform proxy that uses Chromium's network stack to camouflage traffic and provides strong censorship resistence and low detectablility when bypassing the Great Firewall of China. It can mitigate TLS fingerprint issues which lead to detection and survived large scale blocking of TLS-based censorship circumvention tools in China. It requires a naiveproxy client and requires a Caddy server with forwardproxy module to work.

Installation

Install naiveproxyAUR or naiveproxy-gitAUR for latest development build and run naiveproxy config.json. Here is an example config file:

config.json
{
  "listen": "socks://127.0.0.1:1080",
  "proxy": "https://myUsername:myStrongPassword@my.domain"
}

Configuration

Naiveproxy cannot run without a caddy server with forwardproxy module. You can build it with xcaddy:

$ go install github.com/caddyserver/xcaddy/cmd/xcaddy@latest
$ ~/go/bin/xcaddy build --with github.com/caddyserver/forwardproxy@caddy2テンプレート:=github.com/klzgrad/forwardproxy@naive

Then, config caddy:

/etc/caddy/Caddyfile
{
  order forward_proxy before file_server
}
:443, my.domain:443 {
  tls /etc/caddy/ssl.cer /etc/caddy/ssl.key
  forward_proxy {
    basic_auth myUsername myStrongPassword
    hide_ip
    hide_via
    probe_resistance
  }
  file_server {
    root /var/www/html
  }
}

Note that :443 must appear first for this Caddyfile to work. See Caddyfile docs for how to configure TLS certificates.

Then start caddy server:

# setcap cap_net_bind_serviceテンプレート:=+ep ./caddy && ./caddy start

You may also want to run caddy as a damon.