Total Pageviews

Wednesday, 9 August 2017

翻墙程序goproxy-vps的修改版Yap

Yet Another Proxy powered by Golang.
Linux Build Status Go Report Card Apache License Version 2.0
Yap is a HTTP1.1/HTTP2 proxy which forked and refactored from branch vps of Goproxy

Usage

First of all, download the latest Yap program from Release page according to your os and arch.

Prepare for Server

  • A domain: example.org
  • Certificate for the domain: example.org.cer
  • Key of the certificate for the domain: example.org.key

Create a config file : yap.toml

[default]
reject_nil_sni = false

[[http2]]
listen = ":443"
# server name for http2 proxy
server_name = ["example.org"]
# cert file
cert_file = "example.org.cer"
# key file
key_file = "example.org.key"

[http]
listen = ":8088"

(注:以上的橘黄色部分其实是多余的。)

Start Yap Server:

git clone https://github.com/yaproxy/yap yap-dir

cd yap-dir

root@gcv:~/yap-dir# ls
auth.go  cli         Gopkg.toml  handler.go  pwauth    yap.go      yaputil
cert.go  Gopkg.lock  hack     LICENSE     README.md    yap.toml
root@gcv:~/yap-dir# wget https://github.com/yaproxy/yap/releases/download/v0.1.0/yap_linux_amd64_v0.1.0.tar.gz

root@gcv:~/yap-dir# tar zxvf yap_linux_amd64_v0.1.0.tar.gz 

(解压得到可执行文件yap_linux_amd64_v0.1.0)

root@gcv:~/yap-dir# mv yap_linux_amd64_v0.1.0 yap

把可执行文件yap_linux_amd64_v0.1.0重命名为yap)

root@gcv:~/yap-dir# ls
auth.go  cert.go  cli  Gopkg.lock  Gopkg.toml  hack  handler.go  LICENSE  pwauth  README.md  yap  yap.go  yap_linux_amd64_v0.1.0.tar.gz  yap.toml  yaputil

root@gcv:~/yap-dir# cp yap.toml yap.toml.bak

root@gcv:~/yap-dir# rm yap.toml

root@gcv:~/yap-dir# nano yap.toml

(yap.toml文件的内容如下:

[default]
reject_nil_sni = false

[[http2]]
listen = ":9443"
# server name for http2 proxy
server_name = ["example.org"]
# cert file
cert_file = "/path/to/example.org.cer"
# key file
key_file = "/path/to/example.org.key" )

root@gcv:~/yap-dir# ./yap yap.toml > /dev/null &

(以上粉红色文字系我所添加)

Use Yap

1. Use HTTP2 Proxy in Chrome or Firefox

Create a new pac proxy configuration for you browser and setting:
function FindProxyForURL(url, host) {
  return "HTTPS example.org:443";
}

2. Use Yap in Proxy Chains

[http]
listen = "localhost:8088"
upstream_proxy = "https://example.org:443"
./yap yap.toml
Config HTTP Proxy localhost:8088 for you application.

Enjoy you life

Configuration

Yap supports multiple format configuration files such as toml, yaml and so on.

Section - default

TBD

Section - http2

http2 section contains a list for HTTP2 proxy.
  • network - optional
    The network must be a stream-oriented network:
    "tcp", "tcp4", "tcp6", "unix" or "unixpacket".
    Currently, only support tcp, tcp4, tcp6.
  • listen
    The syntax of listen is "host:port", e.g. ":443"
  • server_name
    The server name for http2 proxy, should be a list, such as ["example.org", "yap.example.org"]
  • proxy_fallback - optional
    The fallback URL for non-proxy request
  • pem - optional
    The pem file location for key pair contains cert and key, if pem is setting, the cert_file and key_file will be not used.
  • cert_file - optional
    The certificate file location
  • key_file - optional
    The key file location
  • upstream_proxy - optional
    The upstream proxy URL, used for proxy chain.
  • proxy_auth_method - optional
    The proxy authenticate method, currently contains 3 options: "pam", "htpasswd", "build-in".
    Leave it blank for disable proxy authenticate
  • proxy_auth_htpasswd_path - optional
    The htpasswd file location.
    Only used when proxy_auth_method is set to htpasswd.
  • proxy_auth_buildin_credential - optional
    The build-in authentication credential. Only used when proxy_auth_method is set to build-in.

Section - http

  • network - optional
    The network must be a stream-oriented network:
    "tcp", "tcp4", "tcp6", "unix" or "unixpacket".
    Currently, only support tcp, tcp4, tcp6.
  • listen
    The syntax of listen is "host:port", e.g. ":443"
  • upstream_proxy - optional
    The upstream proxy URL, used for proxy chain.
  • proxy_auth_method - optional
    The proxy authenticate method, currently contains 3 options: "pam", "htpasswd", "build-in".
    Leave it blank for disable proxy authenticate
    Please reference Authentication section.
  • proxy_auth_htpasswd_path - optional
    The htpasswd file location.
    Only used when proxy_auth_method is set to htpasswd.
  • proxy_auth_buildin_credential - optional
    The build-in authentication credential. Only used when proxy_auth_method is set to build-in.

Authentication

Yap supports two auth methods.

Build-in Authentication

Set proxy_auth_method to build-in. Set proxy_auth_buildin_credential to username:password.

Basic Authentication - htpasswd file auth

Set proxy_auth_method to htpasswd. Set proxy_auth_htpasswd_path to htpasswd file path.
Configuration:
# ...
proxy_auth_method = "htpasswd"
proxy_auth_htpasswd_path = "/path/to/htpasswd"
# ...
Generate htpasswd:
htpasswd -bc /path/to/htpasswd username passwd

PAM Authentication

Install python for PAM authentication. Set proxy_auth_method to pam.

Use Yap in Docker

Quick start:
docker run -d \
    -v /path/to/yap.toml:/yap.toml \
    -v /path/to/example.cert:/example.cert \
    -v /path/to/example.key:/example.key \
    -v /path/to/htpasswd:/htpasswd \
    -p 443:443 \
    -p 8088:8088 \
    yaproxy/yap
You can find more details from Yap in Docker hub.

from https://github.com/yaproxy/yap
---------------

可以到www.namesilo.com注册一个top域名(第一年才2usd)
它这里的top域名在第二年的费用才7usd多。然后再到这里https://cheapsslsecurity.com/sslproducts/domainvalidatedssl.html,购买一个Comodo PositiveSSL证书,8usd/年(如果一次购买3年,才15usd.平均5usd/年

 相关帖子:http://briteming.blogspot.com/2017/05/goproxyvpstls13-http2.html

如果想使用let's encrypt的免费证书,请看:
http://briteming.blogspot.com/2017/06/lets-encryptsslcertbot.html 

No comments:

Post a Comment

Note: only a member of this blog may post a comment.