Create proxy_user_build_record.md #4
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,144 @@ | ||
| # 1.在自己的linux server上下载vproxy | ||
| 我在root目录下建了个vproxy目录,在里面执行 | ||
|
|
||
| `wget https://github.com/wkgcass/vproxy/releases/download/1.0.0-BETA-9/vproxy-linux` | ||
|
|
||
| 然后更改权限 | ||
|
|
||
| `chmod 777 vproxy-linux` | ||
|
|
||
| (当然,也可以不下载vproxy-linux这个二进制文件,而是自行下载jre-11或jdk-11,再下载vproxy.jar,`java -Deploy=WebSocksProxyServe -jar vproxy.jar`效果等同于`./vproxy-linux -Deploy=WebSocksProxyServe`) | ||
|
|
||
| # 2.自制证书 | ||
|
Owner
There was a problem hiding this comment. 使用一键脚本时,证书会放在 ./vproxy/cert.pem 文件里。 |
||
|
|
||
| 创建cert目录 | ||
|
|
||
| `mkdir cert` | ||
|
|
||
| 进入 | ||
|
|
||
| `cd cert` | ||
|
|
||
| 生成证书(-days是证书有效天数),需要输入私钥密码(自行设置记住,后面要用),Country Name(填CN),接下来随意填,然后Common Name(填域名或server的ip) | ||
|
|
||
| `openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 36500` | ||
|
|
||
| 解密私钥,需要输入刚刚设置的密码 | ||
|
|
||
| `openssl rsa -in key.pem > key.decrypt.pem` | ||
|
|
||
| 复制证书和私钥到一个文件 | ||
|
|
||
| `cat cert.pem key.decrypt.pem > certkey.pem` | ||
|
|
||
| 用这个文件生成pkcs12文件,这里又需要设置一个导出密码,在后面启动vproxy server时要用 | ||
|
|
||
| `openssl pkcs12 -export -in certkey.pem -out certkey.p12` | ||
|
|
||
| 然后回到上一层目录 | ||
|
|
||
| # 3.启动server | ||
|
|
||
| 这里我是用nohup的方式来后台运行的,为了方便,我们可以编写一个restart.sh脚本,如下 | ||
| ~~~ | ||
| ps -ef | grep 'vproxy-linux' | awk '{print $2}' | xargs kill -9 | ||
| nohup \ | ||
| ./vproxy-linux \ | ||
| -Deploy=WebSocksProxyServer \ | ||
| listen 443 auth $user:$pass \ | ||
| ssl pkcs12 cert/certkey.p12 pkcs12pswd $pkcs12pswd \ | ||
| kcp \ | ||
| redirectport 80 \ | ||
| webroot /var/www/html \ | ||
| & | ||
| ~~~ | ||
| $user 和 $pass 任意指定,在启动vproxy agent时要用, $pkcs12pswd 是生成pkcs12文件时设定的密码 | ||
|
|
||
| webroot指定的路径里可以放一些index.html之类的静态html文件,当然也可以放弃这一参数(路径不存在会报错) | ||
|
|
||
| 这个配置占用了443和80端口(也可以换成别的,redirectport 80这行也可以不要) | ||
|
|
||
| 编写好后,更改权限 | ||
|
|
||
| `chmod 777 restart.sh` | ||
|
|
||
| 然后就可以执行了 | ||
|
|
||
| `./restart.sh` | ||
|
|
||
| 可以在nohup.out中查看输出 | ||
|
|
||
| 另外,注意开启端口,对于我用的virmach centos7.1来说,我用下面的命令成功开启了443端口 | ||
| ~~~ | ||
| firewall-cmd --zone=public --add-port=443/tcp --permanent | ||
| firewall-cmd --zone=public --add-port=443/udp --permanent | ||
| firewall-cmd --reload | ||
| ~~~ | ||
| 至此server端就搞定了,开始搞客户端 | ||
|
|
||
| # 4.客户端(windows环境) | ||
|
|
||
| 下载java11,我这里是下的zip,没有添加环境变量,在使用时用完整路径就可以,我的java目录是D:\programs\java\jdk-11.0.7 | ||
|
|
||
| 大家可以自行调整目录,后文都按照我自己的目录说明 | ||
|
|
||
| 下载vproxy.jar,我放在了目录D:\programs\vproxy下 | ||
|
|
||
| 由于server使用了证书,因此客户端也需要使用,才能达到加密的效果,我们需要将自签名证书打到keystore文件里 | ||
|
|
||
| 创建一个D:\programs\vproxy\cert目录,将server上的cert.pem文件下载下来(如果有多个自制证书,建议改名,例如添上ip) | ||
|
|
||
| 在此目录打开cmd,执行 | ||
|
|
||
| `D:\programs\java\jdk-11.0.7\bin\keytool -importcert -file cert.pem -alias $alias -keystore $keystore -storepass $storepass` | ||
|
|
||
| 其中 $alias 随意取名, $keystore 是一个文件名(自己命名,比如就命名成 keystore ,或者 ip.keystore ), $storepass 是 keystore 的密码,自行设置,后面要用 | ||
|
|
||
| 然后是agent的配置文件,这里有一个网页可以生成 | ||
| *https://vproxy-tools.github.io/vpwsui/index.html* | ||
| 不过生成后也有一些地方需要调整,下面是我调整后的配置,供参考 | ||
| ~~~ | ||
| # generated by vpws-ui | ||
|
|
||
| agent.socks5.listen 1080 | ||
| agent.gateway off | ||
|
|
||
| agent.cacerts.path D:\programs\vproxy\cert\keystore | ||
| agent.cacerts.pswd $storepass | ||
|
|
||
| proxy.server.auth $user:$pass | ||
|
|
||
| proxy.server.hc on | ||
| agent.cert.verify off | ||
| agent.pool 4 | ||
|
|
||
| proxy.server.list.start DEFAULT | ||
| websockss:kcp://$ip:443 | ||
| proxy.server.list.end | ||
|
|
||
| proxy.domain.list.start DEFAULT | ||
| # /.*/ | ||
|
Owner
There was a problem hiding this comment. 对于使用switchyomega的,这个list直接配一个 |
||
| pixiv.net | ||
| /.*google.*/ | ||
| [https://gitee.com/wkgcass/gfwlist/raw/master/gfwlist.txt] | ||
| proxy.domain.list.end | ||
| no-proxy.domain.list.start DEFAULT | ||
| baidu.com | ||
|
Owner
There was a problem hiding this comment. 这个列表是白名单。如果任意白名单的规则符合,那么就一定不会做代理。一般来说这个列表可以留空。 |
||
| no-proxy.domain.list.end | ||
| proxy.resolve.list.start DEFAULT | ||
| proxy.resolve.list.end | ||
|
|
||
| https-sni-erasure.domain.list.start | ||
| https-sni-erasure.domain.list.end | ||
| ~~~ | ||
| 其中 $storepass 是打keystore文件时设置的密码 | ||
|
|
||
| $user和$pass是启动server的脚本中指定的 | ||
|
|
||
| $ip是server的ip,端口与server启动脚本的LINSEN一致(这里都是443,也可以换成别的) | ||
|
|
||
| 将配置文件命名为D:\programs\vproxy\vpws-agent.txt,在这个写一个bat脚本来一键启动,如下 | ||
|
|
||
| `D:\programs\java\jdk-11.0.7\bin\java -Deploy=WebSocksProxyAgent -jar vproxy.jar vpws-agent.txt` | ||
|
|
||
| 这样启动这个bat脚本就可以启动agent了 | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
服务端部署可以使用一键脚本 start-vproxy-websocks-proxy.sh