Pages

Saturday, 25 November 2017

使用nghttpx搭配域名,创建HTTP2代理服务器,用来翻墙

参考http://briteming.blogspot.com/2015/08/nghttpx-http2.html
操作到"root@localhost:~/nghttp2# nghttpx"这里暂停。

然后把你的某个域名yourdomain.com解析到你服务器的ip.
然后按此文http://briteming.blogspot.com/2017/06/lets-encryptsslcertbot.html,替你的域名生成证书文件和私匙文件。生成的证书文件和私匙文件分别为:
 /etc/letsencrypt/live/yourdomain.com/cert.pem和 /etc/letsencrypt/live/yourdomain.com/privkey.pem

然后,
root@localhost:~/nghttp2# cp nghttpx.conf nghttpx-for-domain.conf
root@localhost:~/nghttp2# nano nghttpx-for-domain.conf
root@localhost:~/nghttp2# cat nghttpx-for-domain.conf
frontend=0.0.0.0,4443
backend=127.0.0.1,28358
private-key-file=/etc/letsencrypt/live/yourdomain.com/privkey.pem
certificate-file=/etc/letsencrypt/live/yourdomain.com/cert.pem
http2-proxy=yes
workers=2
no-ocsp=yes
root@RegalMusty-VM:~/nghttp2# nghttpx --conf=/root/nghttp2/nghttpx-for-domain.conf -s --daemon
回车2次。服务器端就搭建好了。
(如果遇错如下:
root@umh:~/nghttp2# nghttpx --conf=nghttpx-for-domain.conf -s 
nghttpx: error while loading shared libraries: libnghttp2.so.14: cannot open shared object file: No such file or directory
root@umh:~/nghttp2# ldconfig
(运行一下ldconfig ,即可解决问题)
root@umh:~/nghttp2# nghttpx --conf=nghttpx-for-domain.conf -s 
2019-01-21T05:43:36.083+08:00 2447 2447 973e5d80 NOTICE (shrpx.cc:2788) Loading configuration from nghttpx-for-domain.conf
2019-01-21T05:43:36.083+08:00 2447 2447 973e5d80 NOTICE (shrpx.cc:859) Listening on 0.0.0.0:4443, tls
2019-01-21T05:43:36.084+08:00 2447 2447 973e5d80 NOTICE (shrpx.cc:1302) Worker process [2448] spawned
2019-01-21T05:43:36.093+08:00 2447 2447 973e5d80 NOTICE (shrpx_worker_process.cc:211) Renew new ticket keys
2019-01-21T05:43:36.171+08:00 2447 2447 973e5d80 NOTICE (shrpx_connection_handler.cc:311) [LISTEN:0x7ffdfec109e0] Created worker thread #0
2019-01-21T05:43:36.171+08:00 2447 2447 973e5d80 NOTICE (shrpx_connection_handler.cc:311) [LISTEN:0x7ffdfec109e0] Created worker thread #1

^C

root@umh:~/nghttp2# )

(在centos vps上,则是:
wget https://raw.githubusercontent.com/nghttp2/nghttp2/master/nghttpx.conf.sample
cp nghttpx.conf.sample nghttpx-for-domain.conf
nghttpx --conf=/root/nghttpx-for-domain.conf -s --daemon )

不过运行nghttpx --conf=/root/nghttp2/nghttpx-for-domain.conf -s --daemon ,nghttpx并不会随vps的启动而自动启动。所以还是用systemd来设置,更合适:
nano /etc/systemd/system/nghttpx-for-domain.service
内容为:
[Unit]
After=network.target

[Service]
WorkingDirectory=/root/nghttp2/
ExecStart=/usr/local/bin/nghttpx --conf=nghttpx-for-domain.conf -s 
Restart=always

[Install]

WantedBy=multi-user.target

然后运行:

systemctl start nghttpx-for-domain
systemctl enable nghttpx-for-domain
服务器端就搭建好了。

上面的28358是我搭建的http代理服务器程序tinyproxy所监听的端口号。当然你也可把28358换成你所安装的squid的端口号,比如3128.

然后在客户机上,安装chrome,并安装chrome的插件switchyomega
(https://chrome.google.com/webstore/detail/proxy-switchyomega/padekgcemlokbadohgkifijomclgjgif)

安装chrome的插件switchyomega后,点击chrome的右上角的switchyomega图标,然后点击“选项”-“新建情景模式”-“情景模式名称”取名为nghttpx proxy(名称可以随便取)-选择情景模式的类型为代理服务器-点击“创建”- “代理协议”选择https,"代理服务器"栏填写你所绑定的域名yourdomain.com,“代理端口”填写4443-点击“应用选项”。
然后在chrome中,即可翻墙。
或者:
安装chrome的插件switchyomega后,点击chrome的右上角的switchyomega图标,然后点击“选项”-“新建情景模式”-“情景模式名称”取名为nghttpx for domain pac mode(名称可以随便取)-选择情景模式的类型为pac情景模式-点击“创建”-然后,在pac脚本框里,删除原有的内容,输入如下内容:
function FindProxyForURL(url, host) 
{ return "HTTPS yourdomain.com:4443"; }
然后点击“应用选项”。
注意:上面的yourdomain.com必须填写域名,不要填写ip地址。

参考:https://nghttp2.org/documentation/nghttpx-howto.html#http-2-proxy-mode

这样,到目前为止,chrome 搭配域名(https)翻墙的方法共有5种:
本文为第一种,
http://briteming.blogspot.com/2017/05/goproxyvpstls13-http2.html为第二种。
http://briteming.blogspot.com/2017/11/socks5-over-tls-https-and-http2-gost.html为第三种。
http://briteming.blogspot.com/2017/11/caddyhttp2-proxy.html为第四种。
https://briteming.blogspot.com/2017/08/goproxy-vpsyap.htmll为第五种。

相关帖子:
https://briteming.blogspot.com/2015/08/nghttpx-http2.html
https://briteming.blogspot.com/2018/07/https.html