Naiveproxy 折腾记录

type

Post

status

Published

date

Jan 1, 2023

slug

naiveproxy

summary

naiveproxy完整教程，服务端+客户端，目前唯一还能稳定运行的代理

环境：Ubuntu or Debian

Naiveproxy由于需要用到custom的caddy，所以我们需要使用xcaddy来编译我们想要的版本

caddy和xcaddy都需要go环境，我们第一步先安装go环境

我们使用apt安装的golang 我实测编译有问题，我的机器是arm

提前安装好：

apt install git libnss3

安装`golang`

使用下面的脚本来安装

wget -q -O - https://git.io/vQhTU | bash

卸载：

wget -q -O - https://git.io/vQhTU | bash -s -- --remove

安装`xcaddy`

go install github.com/caddyserver/xcaddy/cmd/xcaddy@latest

编译`caddy`

trojan是可选

这里我们编译了Caddy with trojan+naiveproxy+https support

~/go/bin/xcaddy build --with github.com/caddyserver/forwardproxy@caddy2=github.com/klzgrad/forwardproxy@naive --with github.com/imgk/caddy-trojan

把编译好的caddy拷贝打开exec目录下

cp caddy /usr/bin/

sudo setcap 'cap_net_bind_service=+ep' /usr/bin/caddy

然后我们给caddy创建一个systemservice

vim /etc/systemd/system/caddy.service


[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target

[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

开启caddy


systemctl daemon-reload
systemctl enable caddy
systemctl restart caddy

在/etc/caddy 创建配置文件 Caddyfile


{
  servers  {
       listener_wrappers {
      trojan
    }
    protocol {
      allow_h2c
      strict_sni_host
    }
  }
}
:443, example.com {
tls  admin@example.com
route {
  trojan
  forward_proxy {
    basic_auth user password 
    hide_ip
    hide_via
    probe_resistance  
 }
  file_server {
  root /usr/share/caddy
  }
}
}

添加trojan user (可选)

curl -X POST -H "Content-Type: application/json" -d '{"password": "test1234"}' http://localhost:2019/trojan/users/add

使用caddy命令检查配置文件


caddy validate --config /etc/caddy/Caddyfile
caddy adapt --config /etc/caddy/Caddyfile
caddy fmt  /etc/caddy/Caddyfile --overwrite

可以使用service caddy status 查看运行状态

通过`ss`中转`naive`代理

首先我们配置好客户端的naive

我们先下载对应客户端，我这里是liunx 下载地址：r

先查找最新版本

export VERSION=$(curl -s "https://api.github.com/repos/klzgrad/naiveproxy/releases/latest" | jq -r .tag_name)

然后开始下载

wget https://github.com/klzgrad/naiveproxy/releases/download/${VERSION}/naiveproxy-${VERSION}-linux-x64.tar.xz

解压并存到 /usr/local/bin 下

tar -xJvf $(find -name "naiveproxylinux-x64*") -C . && mv naiveproxylinux-x64*/naive /usr/local/bin

按照之前的方法，我们给naiveproxy也创建一个server

vim /etc/systemd/system/naive.service


[Unit]
Description=NaiveProxy Server Service
After=network-online.target

[Service]
Type=simple
User=nobody
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
ExecStart=/usr/local/bin/naive /etc/naive/config.json

[Install]
WantedBy=multi-user.target

创建配置文件：

vim /etc/naive/config.json


{
  "listen": "socks://127.0.0.1:1080",
  "proxy": "https://user:pass@domain.example",
  "log": ""
}

启动naive


systemctl daemon-reload
systemctl start naive
systemctl status naive

在中转机跑naive代理，端口是1080，然后安装gost，通过ss来中转naive的代理，方便使用各种客户端

开始做gost中转

我这里gost使用一段时间之后就会假死，所以建议做个定时任务，1小时重启一下

docker run -d \
--name gost \
--restart=always \
--net=host \
ginuerzh/gost -L=ss://aes-128-cfb:passwd@:7008 -F socks5://127.0.0.1:1080

-L 指定本地服务配置，可设置多个

-F指定转发服务配置，可设置多个，构成转发链

-L=ss://aes-128-cfb:pas@:7008

-F socks5://127.0.0.1:1080

也可以使用-C 执行外部配置文件


{
    "Debug": true,
    "Retries": 0,
    "ServeNodes": [
        "ss://aes-128-cfb:passwd@:7008"
    ],
    "ChainNodes": [
        "socks5://127.0.0.1:1080"
    ]
}

详细的参考：https://v2.gost.run/getting-started/

环境：Ubuntu or Debian

安装golang

安装xcaddy

编译caddy