Total Pageviews

Thursday, 26 March 2020

socks-nginx-module

An nginx_http_proxy_module fork with SOCKS5 support.

Building

nginx >= 1.9.1 is supported.
# apt-get install git build-essential zlib1g-dev libpcre3 libpcre3-dev unzip

$ git clone https://github.com/dannote/socks-nginx-module
$ wget http://nginx.org/download/nginx-1.9.15.tar.gz

$ tar -xzvf nginx-1.9.15.tar.gz

$ cd nginx-1.9.15

# See http://nginx.org/en/docs/configure.html for more configuration options
$ ./configure --add-module=../socks-nginx-module

$ make
# make install

Configuring

Sample HTTP to SOCKS5 proxy configuration:
location / {
  socks_set_header Host $http_host;
  socks_set_header Proxy-Connection '';
  socks_pass_header Server;
  socks_redirect off;
  socks_http_version 1.1;
  socks_tunnel_header X-Connect;
  socks_buffers 16 16k; 
  socks_buffer_size 32k;
  socks_cache proxy;
  socks_cache_valid 30s;
  socks_cache_use_stale error timeout invalid_header updating
                        http_500 http_502 http_503 http_504;
  socks_pass socks5://127.0.0.1:1080;
}
All ngx_http_proxy_module directives are supported.

socks_tunnel_header

Context: httpserverlocation
As nginx HTTP parser doesn't support HTTP CONNECT method, a special header can be set to indicate tunnel connection.
This directive can be exploited with the following HAProxy configuration:
frontend local
  bind *:8080
  mode http
  http-request set-method GET if METH_CONNECT
  http-request set-uri https://%[req.hdr(Host)]/ if METH_CONNECT
  http-request add-header X-Connect true if METH_CONNECT
  default_backend nginx

backend nginx
  mode http
  server proxy 127.0.0.1:8080 maxconn 100000

socks_set_host

Context: httpserverlocation
Default: socks_set_host $http_host;
Overrides the endpoint server.
This example will proxy requests to ipinfo.io via local Tor daemon:
location /ip {
  socks_pass socks5://127.0.0.1:9050;
  socks_set_host ipinfo.io;
  socks_set_header Host ipinfo.io; 
  socks_redirect off;
  socks_http_version 1.1;
}
from https://github.com/dannote/socks-nginx-module
----
Socks5 proxy server based on nginx stream module implementation.

ngx_stream_socks_module

Description

Socks5 proxy server based on nginx stream module implementation.

But this module now only support tcp proxy.

Installation

$ cd nginx 
$ ./configure --add-module=/path/ngx_stream_socks_module --with-stream
$ make && make install

Configuration directives

socks

  • syntaxsocks
  • default-
  • contextserver

Set socks server in current server context.

socks_user_passwd

  • syntaxsocks_user_passwd user passwd
  • default-
  • contextstream,server

Add username/password authentication to socks5 server. Adding this conf is like opening the socks5 username/password Authentication. You can use this conf to add multilateral username/password authentication for many times.

socks_proxy_bind

  • syntaxsocks_proxy_bind address [transparent] | off;
  • default-
  • contextstream,server

Makes outgoing connections to a socks proxied server originate from the specified local IP address. Parameter value can contain variables (1.11.2). The special value off cancels the effect of the socks_proxy_bind directive inherited from the previous configuration level, which allows the system to auto-assign the local IP address.

socks_proxy_socket_keepalive

  • syntaxsocks_proxy_socket_keepalive on | off;
  • defaultsocks_proxy_socket_keepalive off;
  • contextstream,server

Configures the “TCP keepalive” behavior for outgoing connections to a socks proxied server. By default, the operating system’s settings are in effect for the socket. If the directive is set to the value “on”, the SO_KEEPALIVE socket option is turned on for the socket.

socks_proxy_buffer_size

  • syntaxsocks_proxy_buffer_size size;
  • defaultsocks_proxy_buffer_size 16k;
  • contextstream,server

Sets the size of the buffer used for reading data from the proxied server. Also sets the size of the buffer used for reading data from the client.

socks_proxy_connect_timeout

  • syntaxsocks_proxy_connect_timeout time;
  • defaultsocks_proxy_buffer_size 60s;
  • contextstream,server

Defines a timeout for establishing a connection with a proxied server.

socks_proxy_timeout

  • syntaxsocks_proxy_timeout time;
  • defaultsocks_proxy_timeout 10m;
  • contextstream,server

Sets the timeout between two successive read or write operations on client or proxied server connections. If no data is transmitted within this time, the connection is closed.

socks_proxy_upload_rate

  • syntaxsocks_proxy_upload_rate rate;
  • defaultsocks_proxy_upload_rate 0;
  • contextstream,server

Limits the speed of reading the data from the client. The rate is specified in bytes per second. The zero value disables rate limiting. The limit is set per a connection, so if the client simultaneously opens two connections, the overall rate will be twice as much as the specified limit.

socks_proxy_download_rate

  • syntaxsocks_proxy_download_rate rate;
  • defaultsocks_proxy_download_rate 0;
  • contextstream,server

Limits the speed of reading the data from the proxied server. The rate is specified in bytes per second. The zero value disables rate limiting. The limit is set per a connection, so if nginx simultaneously opens two connections to the proxied server, the overall rate will be twice as much as the specified limit.

Variables

$socks_connect_addr

socks connect contain addr and port

$socks_name

socks auth user name in current connection

$socks_passwd

socks auth password in current connection

Usage

stream {
    resolver 8.8.8.8;
    log_format socks 'socks: $socks_connect_addr $socks_name $socks_passwd';
    server {         
        listen     0.0.0.0:22345;
        socks;
        socks_user_passwd <user1> <password1>;
        socks_user_passwd <user2> <password2>;
        access_log socks_access.log socks;
    }
}
from https://github.com/attenuation/ngx_stream_socks_module
-----

Example nginx.conf

stream {
    upstream trojan {
        hash $socks5_dst_addr consistent;

        server s1.example.com:443;
        server s1.example.com:443;
        server s1.example.com:443;
        server s1.example.com:443;
    }

    log_format basic '$remote_addr [$time_local] '
                '$protocol $socks5_dst_addr:$socks5_dst_port $status $bytes_sent $bytes_received '
                '$upstream_addr $upstream_connect_time $upstream_bytes_sent $upstream_bytes_received '
                '$session_time';

    access_log logs/nginx-access.log basic buffer=32k flush=20s;
    server {
        listen 9090;
        socks5_client_header_timeout 20s;
        socks5_upstream_password 123456;
        socks5_ssl_server_name off;
        socks5_ssl_trusted_certificate cacert-2020-01-01.pem;
        socks5_ssl_verify off;
        socks5_pass trojan://trojan;
    }
} 
from https://github.com/wangkun611/nginx_socks5