Make a fortune quietly! 项目地址:NaiveProxy
大概搭建步骤
- 在外网 VPS 端搭建 NaiveProxy 服务端(Caddy或者sing-box)
- 在本地端搭建 NaiveProxy 客户端
安装 GO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
apt update && apt install jq wget curl -y
export GOLANG_LATEST_STABLE_VERSION=$(curl "https://go.dev/dl/?mode=json" | jq -r '.[0].files[].filename | select(test("go.*.linux-amd64.tar.gz"))')
wget -O "go.tar.gz" "https://go.dev/dl/$GOLANG_LATEST_STABLE_VERSION"
tar -xf go.tar.gz -C /usr/local
echo 'export GOROOT=/usr/local/go' >> /etc/profile
echo 'export PATH=$GOROOT/bin:$PATH' >> /etc/profile
source /etc/profile
|
Caddy
编译 Caddy
1
2
| go install github.com/caddyserver/xcaddy/cmd/xcaddy@latest
~/go/bin/xcaddy build --with github.com/caddyserver/forwardproxy@caddy2=github.com/klzgrad/forwardproxy@naive
|
编译完成后的caddy执行文件在当前编译时所处的终端目录。创建一个caddy.json配置文件,配置文件示例:
caddy支持自动申请和续订SSL证书。由于本配置禁用了自动HTTP重定向,访问伪装网站时注意加上前缀https访问: https://exp.com。或者将disable_redirects改成false,让caddy处理自动HTTP到HTTPS的重定向,但这样caddy会占用80端口,请注意nginx等的端口冲突。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
| {
"admin": {
"disabled": true
},
"apps": {
"http": {
"servers": {
"srv0": {
"listen": [":443"],
"automatic_https": {
"disable_redirects": true
},
"tls_connection_policies": [
{
"match": {
"sni": ["exp.com"]
}
}
],
"routes": [
{
"handle": [
{
"auth_user_deprecated": "user",
"auth_pass_deprecated": "password",
"handler": "forward_proxy",
"hide_ip": true,
"hide_via": true,
"probe_resistance": {}
},
{
"handler": "file_server",
"root": "/path/to/html"
}
]
}
]
}
}
},
"tls": {
"certificates": {
"automate": [
"exp.com"
]
},
"automation": {
"policies": [
{
"subjects": [
"exp.com"
],
"issuers": [
{
"email": "exp@gmail.com",
"module": "acme",
"challenges": {
"http": {
"disabled": true
},
"tls-alpn": {
"disabled": false
}
}
}
]
}
]
}
}
}
}
|
或者手动申请 SSL 证书,并在caddy.json配置文件中指定证书目录。点击查看如何申请 SSL 证书。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
| {
"admin": {
"disabled": true
},
"apps": {
"http": {
"servers": {
"srv0": {
"listen": [":443"],
"automatic_https": {
"disable": true
},
"tls_connection_policies": [
{
"match": {
"sni": ["exp.com"]
},
"certificate_selection": {
"all_tags": ["exp.com"]
}
}
],
"routes": [
{
"handle": [
{
"auth_user_deprecated": "user",
"auth_pass_deprecated": "password",
"handler": "forward_proxy",
"hide_ip": true,
"hide_via": true,
"probe_resistance": {}
},
{
"handler": "file_server",
"root": "/path/to/html"
}
]
}
]
}
}
},
"tls": {
"certificates": {
"load_files": [
{
"certificate": "/path/to/cert.pem",
"key": "/path/to/key.pem",
"tags": ["exp.com"]
}
]
}
}
}
}
|
1
2
3
4
5
6
7
8
9
|
./caddy validate --config caddy.json
./caddy run --config caddy.json
pm2 start ./caddy -n caddy -- run --config caddy.json
|
sing-box
如果不想用caddy,也可以试试 sing-box
由于预发布的二进制文件没有包含acme等模块,这里我们手动编译:
1
| go install -v -tags with_quic,with_utls,with_reality_server,with_acme,with_clash_api github.com/sagernet/sing-box/cmd/sing-box@dev-next
|
编译完成后的sing-box执行文件在$GOPATH/bin目录下(/root/go/bin)。创建一个sing-box.json配置文件,配置文件示例:
sing-box也支持自动申请SSL证书
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
| {
"log": {
"disabled": false,
"level": "warn",
"timestamp": true
},
"inbounds": [
{
"type": "naive",
"tag": "naive",
"listen": "0.0.0.0",
"listen_port": 443,
"users": [
{
"username": "user",
"password": "password"
}
],
"tls": {
"enabled": true,
"server_name": "exp.com",
"acme": {
"domain": ["exp.com"],
"data_directory": "/path/to/cert",
"email": "exp@gmail.com",
"provider": "letsencrypt",
"disable_http_challenge": true,
"disable_tls_alpn_challenge": false,
"alternative_tls_port": 443
}
}
}
],
"outbounds": [
{
"type": "direct",
"tag": "direct"
}
]
}
|
或者手动申请 SSL 证书,并在sing-box.json配置文件中指定证书目录。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
| {
"log": {
"disabled": false,
"level": "warn",
"timestamp": true
},
"inbounds": [
{
"type": "naive",
"tag": "naive",
"listen": "0.0.0.0",
"listen_port": 443,
"users": [
{
"username": "user",
"password": "password"
}
],
"tls": {
"enabled": true,
"server_name": "exp.com",
"certificate_path": "/path/to/cert.pem",
"key_path": "/path/to/key.pem"
}
}
],
"outbounds": [
{
"type": "direct",
"tag": "direct"
}
]
}
|
1
2
3
4
5
6
7
8
9
|
./sing-box check -c sing-box.json
./sing-box run -c sing-box.json
pm2 start ./sing-box -n sing-box -- run -c sing-box.json
|
目前 sing-box 的 naiveproxy 入站暂不支持伪装网站或fallback,在意防主动探测的慎用。
NaiveProxy 客户端配置
访问 releases 网站下载 NaiveProxy 对应的客户端,修改config.json配置文件,示例如下
1
2
3
4
| {
"listen": "socks://0.0.0.0:1080",
"proxy": "https://user:password@exp.com",
}
|