Building
# apt-get install git build-essential zlib1g-dev libpcre3 libpcre3-dev unzip
$ git clone https://github.com/dannote/socks-nginx-module
$ wget http://nginx.org/download/nginx-1.9.15.tar.gz
$ tar -xzvf nginx-1.9.15.tar.gz
$ cd nginx-1.9.15
# See http://nginx.org/en/docs/configure.html for more configuration options
$ ./configure --add-module=../socks-nginx-module
$ make
# make install
Configuring
location / {
socks_set_header Host $http_host;
socks_set_header Proxy-Connection '';
socks_pass_header Server;
socks_redirect off;
socks_http_version 1.1;
socks_tunnel_header X-Connect;
socks_buffers 16 16k;
socks_buffer_size 32k;
socks_cache proxy;
socks_cache_valid 30s;
socks_cache_use_stale error timeout invalid_header updating
http_500 http_502 http_503 http_504;
socks_pass socks5://127.0.0.1:1080;
}
socks_tunnel_header
http
, server
, location
frontend local
bind *:8080
mode http
http-request set-method GET if METH_CONNECT
http-request set-uri https://%[req.hdr(Host)]/ if METH_CONNECT
http-request add-header X-Connect true if METH_CONNECT
default_backend nginx
backend nginx
mode http
server proxy 127.0.0.1:8080 maxconn 100000
socks_set_host
http
, server
, location
socks_set_host $http_host;
ipinfo.io
via local Tor daemon:location /ip {
socks_pass socks5://127.0.0.1:9050;
socks_set_host ipinfo.io;
socks_set_header Host ipinfo.io;
socks_redirect off;
socks_http_version 1.1;
}
from
https://github.com/dannote/socks-nginx-module
----
Socks5 proxy server based on nginx stream module implementation.
ngx_stream_socks_module
Description
Socks5 proxy server based on nginx stream module implementation.
But this module now only support tcp proxy.
Installation
$ cd nginx $ ./configure --add-module=/path/ngx_stream_socks_module --with-stream $ make && make install
Configuration directives
socks
- syntax:
socks
- default:
-
- context:
server
Set socks server in current server context.
socks_user_passwd
- syntax:
socks_user_passwd user passwd
- default:
-
- context:
stream
,server
Add username/password authentication to socks5 server. Adding this conf is like opening the socks5 username/password Authentication. You can use this conf to add multilateral username/password authentication for many times.
socks_proxy_bind
- syntax:
socks_proxy_bind address [transparent] | off;
- default:
-
- context:
stream
,server
Makes outgoing connections to a socks proxied server originate from the specified local IP address. Parameter value can contain variables (1.11.2). The special value off cancels the effect of the socks_proxy_bind directive inherited from the previous configuration level, which allows the system to auto-assign the local IP address.
socks_proxy_socket_keepalive
- syntax:
socks_proxy_socket_keepalive on | off;
- default:
socks_proxy_socket_keepalive off;
- context:
stream
,server
Configures the “TCP keepalive” behavior for outgoing connections to a socks proxied server. By default, the operating system’s settings are in effect for the socket. If the directive is set to the value “on”, the SO_KEEPALIVE socket option is turned on for the socket.
socks_proxy_buffer_size
- syntax:
socks_proxy_buffer_size size;
- default:
socks_proxy_buffer_size 16k;
- context:
stream
,server
Sets the size of the buffer used for reading data from the proxied server. Also sets the size of the buffer used for reading data from the client.
socks_proxy_connect_timeout
- syntax:
socks_proxy_connect_timeout time;
- default:
socks_proxy_buffer_size 60s;
- context:
stream
,server
Defines a timeout for establishing a connection with a proxied server.
socks_proxy_timeout
- syntax:
socks_proxy_timeout time;
- default:
socks_proxy_timeout 10m;
- context:
stream
,server
Sets the timeout between two successive read or write operations on client or proxied server connections. If no data is transmitted within this time, the connection is closed.
socks_proxy_upload_rate
- syntax:
socks_proxy_upload_rate rate;
- default:
socks_proxy_upload_rate 0;
- context:
stream
,server
Limits the speed of reading the data from the client. The rate is specified in bytes per second. The zero value disables rate limiting. The limit is set per a connection, so if the client simultaneously opens two connections, the overall rate will be twice as much as the specified limit.
socks_proxy_download_rate
- syntax:
socks_proxy_download_rate rate;
- default:
socks_proxy_download_rate 0;
- context:
stream
,server
Limits the speed of reading the data from the proxied server. The rate is specified in bytes per second. The zero value disables rate limiting. The limit is set per a connection, so if nginx simultaneously opens two connections to the proxied server, the overall rate will be twice as much as the specified limit.
Variables
$socks_connect_addr
socks connect contain addr and port
$socks_name
socks auth user name in current connection
$socks_passwd
socks auth password in current connection
Usage
stream {
resolver 8.8.8.8;
log_format socks 'socks: $socks_connect_addr $socks_name $socks_passwd';
server {
listen 0.0.0.0:22345;
socks;
socks_user_passwd <user1> <password1>;
socks_user_passwd <user2> <password2>;
access_log socks_access.log socks;
}
}
from https://github.com/attenuation/ngx_stream_socks_module
-----
Example nginx.conf
stream {
upstream trojan {
hash $socks5_dst_addr consistent;
server s1.example.com:443;
server s1.example.com:443;
server s1.example.com:443;
server s1.example.com:443;
}
log_format basic '$remote_addr [$time_local] '
'$protocol $socks5_dst_addr:$socks5_dst_port $status $bytes_sent $bytes_received '
'$upstream_addr $upstream_connect_time $upstream_bytes_sent $upstream_bytes_received '
'$session_time';
access_log logs/nginx-access.log basic buffer=32k flush=20s;
server {
listen 9090;
socks5_client_header_timeout 20s;
socks5_upstream_password 123456;
socks5_ssl_server_name off;
socks5_ssl_trusted_certificate cacert-2020-01-01.pem;
socks5_ssl_verify off;
socks5_pass trojan://trojan;
}
}
from https://github.com/wangkun611/nginx_socks5