Pages

Sunday, 25 August 2024

利用HTTPS proxy server程序Socratex翻墙

MIT licensed Node.js Package, Docker Image CodeQL

This project is under active development. Everything may change soon.

Socratex extends the native net.createServer, and it acts as a real transparent HTTPS-proxy built on top of TCP-level.

It's a real HTTPS proxy, not HTTPS over HTTP. It allows upstream client-request dynamically to other proxies or works as a single layer encrypted proxy.

Socratex will request and set up the certificate automatically, and it will automatically renew the certificate when it expires. You don't need to worry about the dirty work about HTTPS/SSL.

It supports Basic Proxy-Authentication and Token-Based-Authentication as default. Socratex will create a new token at the first run, you don't need to worry about it.

Screen Shot 2022-04-15 at 8 47 01 PM

Why another proxy?

First of all, many people in particular countries need proxy software that is easy to deploy and could be used to secure their network traffic. Second, because of the limitation on App Store, especially in China, VPN and proxy software are not allowed to be used. So we need to find a way to avoid censorship without any client apps. Secure Web Proxy is the only choice and a promising one.

You need a domain name and set an A-record pointed to your cloud virtual machine.

Usually, that virtual machine can not be located in China.

Assumes that you have a workable Node.js (v16 or above) environment.

Now let's make the magic happen!

  • Modern method:
$ sudo su
# cd ~
# npx socratex --domain=example.com --bypass=cn
  • Classic method:
$ git clone git@github.com:Leask/socratex.git
$ cd socratex
$ npm install
$ sudo ./main.mjs --domain=example.com --bypass=cn
  • With Docker:
$ touch ~/.socratex.json
$ docker pull leask/socratex
$ docker run -d --restart=always -p 80:80 -p 443:443 \
    -v ~/.socratex.json:/root/.socratex.json \
    leask/socratex --domain=example.com --bypass=cn

If everything works fine, you should see a message like this:

[SOCRATEX Vx.y.z] https://github.com/Leask/socratex
[SOCRATEX] Secure Web Proxy started at https://example.com:443 (IPv6 ::).
[SOCRATEX] HTTP Server started at http://example.com:80 (IPv6 ::).
[SSL] Creating new private-key and CSR...
[SSL] Done.
[SSL] Updating certificate...
[SSL] Done.
[SOCRATEX] * Token authentication:
[SOCRATEX]   - PAC:  https://example.com/proxy.pac?token=959c298e-9f38-b201-2e7e-14af54469889
[SOCRATEX]   - WPAD: https://example.com/wpad.dat?token=959c298e-9f38-b201-2e7e-14af54469889
[SOCRATEX]   - Log:  https://example.com/console?token=959c298e-9f38-b201-2e7e-14af54469889
[SOCRATEX] * Basic authentication:
[SOCRATEX]   - PAC:   https://foo:bar@example.com/proxy.pac
[SOCRATEX]   - WPAD:  https://foo:bar@example.com/wpad.dat
[SOCRATEX]   - Log:   https://foo:bar@example.com/console
[SOCRATEX]   - Proxy: https://foo:bar@example.com

Copy the PAC url or WPAD url and paste it into your system's Automatic Proxy Configuration settings. That is all you need to do.

Screen Shot 2022-04-15 at 5 26 22 PM

Screen Shot 2022-04-15 at 5 25 41 PM

Note: You can also use the log url to monitor the system's activity.

Command line args

All args are optional. In most cases, you just need to set the domain name. Of cause, you can also set the bypass countries to reduce proxy traffics.

Param Type Description
domain String Domain to deploy the proxy.
http With/Without Use HTTP-only-mode for testing only.
bypass String Bypass IPs in these countries, could be multiple, example: --bypass=CN --bypass=US
user String Use user and password to enable Basic Authorization.
password String Use user and password to enable Basic Authorization.
token String Use to enable Token Authorization.
address String Activate/Handle Proxy-Authentication. Returns or solves to Boolean.
port Number Default 443 to handle incoming connection.

Limitations

Why not use sudo npx ... directly?

Socratex works at default HTTP (80) and HTTPS (443) ports. You need to be root to listen to these ports on some systems. Because of this issue: npm/cli#3110, if you are in a folder NOT OWN by root, you CAN NOT use sudo npm ... or sudo npx ... directly to run socratex.

Why doesn't work with iOS?

Socratex can be used with macOS, Chrome OS, Windows, Linux and Android. But it's NOT compatible with iOS currently. Because iOS does not support Secure Web Proxy yet. I will keep an eye on this issue and try any possible walk-around solutions.

Why name it Socratex?

Socratex was named after Socrates, a Greek philosopher from Athens credited as the founder of Western philosophy and among the first moral philosophers of the ethical tradition of thought.

from https://github.com/Leask/socratex 

-------

这位Leask就是著名的Flora_Pac程序(https://github.com/Leask/Flora_Pac)的作者.

-----

相关帖子:

https://briteming.blogspot.com/2015/07/florapacpy-pac.html

 

No comments:

Post a Comment