Yet Another Proxy powered by Golang.
Yap is a HTTP1.1/HTTP2 proxy which forked and refactored from branch vps of Goproxy
Create a config file :
root@gcv:~/yap-dir# ls
root@gcv:~/yap-dir# ls
Config HTTP Proxy
Configuration:
Generate htpasswd:
from https://github.com/yaproxy/yap
---------------
可以到www.namesilo.com注册一个top域名(第一年才2usd)
它这里的top域名在第二年的费用才7usd多。然后再到这里https://cheapsslsecurity.com/sslproducts/domainvalidatedssl.html,购买一个Comodo PositiveSSL证书,8usd/年(如果一次购买3年,才15usd.平均5usd/年)
相关帖子:http://briteming.blogspot.com/2017/05/goproxyvpstls13-http2.html
如果想使用let's encrypt的免费证书,请看:
http://briteming.blogspot.com/2017/06/lets-encryptsslcertbot.html
Yap is a HTTP1.1/HTTP2 proxy which forked and refactored from branch vps of Goproxy
Usage
First of all, download the latest Yap program from Release page according to your os and arch.Prepare for Server
- A domain:
example.org - Certificate for the domain:
example.org.cer - Key of the certificate for the domain:
example.org.key
Create a config file : yap.toml
[default]
reject_nil_sni = false
[[http2]]
listen = ":443"
# server name for http2 proxy
server_name = ["example.org"]
# cert file
cert_file = "example.org.cer"
# key file
key_file = "example.org.key"
[http]
listen = ":8088"
(注:以上的橘黄色部分其实是多余的。)
Start Yap Server:
git clone https://github.com/yaproxy/yap yap-dir
cd yap-dir
root@gcv:~/yap-dir# ls
auth.go cli Gopkg.toml handler.go pwauth yap.go yaputil
cert.go Gopkg.lock hack LICENSE README.md yap.toml
root@gcv:~/yap-dir# wget https://github.com/yaproxy/yap/releases/download/v0.1.0/yap_linux_amd64_v0.1.0.tar.gz
root@gcv:~/yap-dir# tar zxvf yap_linux_amd64_v0.1.0.tar.gz
(解压得到可执行文件yap_linux_amd64_v0.1.0)
root@gcv:~/yap-dir# mv yap_linux_amd64_v0.1.0 yap
(把可执行文件yap_linux_amd64_v0.1.0重命名为yap)
root@gcv:~/yap-dir# ls
auth.go cert.go cli Gopkg.lock Gopkg.toml hack handler.go LICENSE pwauth README.md yap yap.go yap_linux_amd64_v0.1.0.tar.gz yap.toml yaputil
root@gcv:~/yap-dir# cp yap.toml yap.toml.bak
root@gcv:~/yap-dir# rm yap.toml
root@gcv:~/yap-dir# nano yap.toml
(yap.toml文件的内容如下:
[default]
reject_nil_sni = false
[[http2]]
listen = ":9443"
# server name for http2 proxy
server_name = ["mydomain.com"]
# cert file
cert_file = "/path/to/cert.pem"
# key file
key_file = "/path/to/key.pem" )
root@gcv:~/yap-dir# ./yap yap.toml &
不过命令:./yap yap.toml &仍然容易退出运行,我们可以利用systemd,来把该命令运行为service:
nano /etc/systemd/system/yap.service
内容为:
[Unit]
After=network.target
[Service]
ExecStart=/root/yap-dir/yap /root/yap-dir/yap.toml
Restart=always
[Install]
WantedBy=multi-user.target
然后运行:
systemctl start yap
systemctl enable yap
服务器端搭建完毕。
然后在客户机上,安装chrome,并安装chrome的插件switchyomega
(https://chrome.google.com/webstore/detail/proxy-switchyomega/padekgcemlokbadohgkifijomclgjgif)
安装chrome的插件switchyomega后,点击chrome的右上角的switchyomega图标,然后点击“选项”-“新建情景模式”-“情景模式名称”取名为https proxy by yap(名称可以随便取)-点击“创建”- “代理协议”选择https,"代理服务器"栏填写你所绑定的域名mydomain.com,“代理端口”填写9443-点击“应用选项”。
然后在chrome中,即可翻墙。
(以上粉红色文字系我所添加)
Use Yap
1. Use HTTP2 Proxy in Chrome or Firefox
Create a new pac proxy configuration for you browser and setting:function FindProxyForURL(url, host) {
return "HTTPS example.org:443";
}
2. Use Yap in Proxy Chains
[http]
listen = "localhost:8088"
upstream_proxy = "https://example.org:443"
./yap yap.toml
localhost:8088 for you application.Enjoy you life
Configuration
Yap supports multiple format configuration files such astoml, yaml and so on.Section - default
TBDSection - http2
http2 section contains a list for HTTP2 proxy.-
network - optional
The network must be a stream-oriented network:
"tcp", "tcp4", "tcp6", "unix" or "unixpacket".
Currently, only supporttcp,tcp4,tcp6.
-
listen
The syntax of listen is "host:port", e.g. ":443"
-
server_name
The server name for http2 proxy, should be a list, such as["example.org", "yap.example.org"]
-
proxy_fallback - optional
The fallback URL for non-proxy request
-
pem - optional
The pem file location for key pair contains cert and key, if pem is setting, thecert_fileandkey_filewill be not used.
-
cert_file - optional
The certificate file location
-
key_file - optional
The key file location
-
upstream_proxy - optional
The upstream proxy URL, used for proxy chain.
-
proxy_auth_method - optional
The proxy authenticate method, currently contains 3 options: "pam", "htpasswd", "build-in".
Leave it blank for disable proxy authenticate
-
proxy_auth_htpasswd_path - optional
The htpasswd file location.
Only used whenproxy_auth_methodis set tohtpasswd.
-
proxy_auth_buildin_credential - optional
The build-in authentication credential. Only used whenproxy_auth_methodis set tobuild-in.
Section - http
-
network - optional
The network must be a stream-oriented network:
"tcp", "tcp4", "tcp6", "unix" or "unixpacket".
Currently, only supporttcp,tcp4,tcp6.
-
listen
The syntax of listen is "host:port", e.g. ":443"
-
upstream_proxy - optional
The upstream proxy URL, used for proxy chain.
-
proxy_auth_method - optional
The proxy authenticate method, currently contains 3 options: "pam", "htpasswd", "build-in".
Leave it blank for disable proxy authenticate
Please reference Authentication section.
-
proxy_auth_htpasswd_path - optional
The htpasswd file location.
Only used whenproxy_auth_methodis set tohtpasswd.
-
proxy_auth_buildin_credential - optional
The build-in authentication credential. Only used whenproxy_auth_methodis set tobuild-in.
Authentication
Yap supports two auth methods.Build-in Authentication
Setproxy_auth_method to build-in.
Set proxy_auth_buildin_credential to username:password.Basic Authentication - htpasswd file auth
Setproxy_auth_method to htpasswd.
Set proxy_auth_htpasswd_path to htpasswd file path.Configuration:
# ...
proxy_auth_method = "htpasswd"
proxy_auth_htpasswd_path = "/path/to/htpasswd"
# ...
htpasswd -bc /path/to/htpasswd username passwd
PAM Authentication
Installpython for PAM authentication.
Set proxy_auth_method to pam.Use Yap in Docker
Quick start:docker run -d \
-v /path/to/yap.toml:/yap.toml \
-v /path/to/example.cert:/example.cert \
-v /path/to/example.key:/example.key \
-v /path/to/htpasswd:/htpasswd \
-p 443:443 \
-p 8088:8088 \
yaproxy/yap
from https://github.com/yaproxy/yap
---------------
可以到www.namesilo.com注册一个top域名(第一年才2usd)
它这里的top域名在第二年的费用才7usd多。然后再到这里https://cheapsslsecurity.com/sslproducts/domainvalidatedssl.html,购买一个Comodo PositiveSSL证书,8usd/年(如果一次购买3年,才15usd.平均5usd/年)
相关帖子:http://briteming.blogspot.com/2017/05/goproxyvpstls13-http2.html
如果想使用let's encrypt的免费证书,请看:
http://briteming.blogspot.com/2017/06/lets-encryptsslcertbot.html
No comments:
Post a Comment