Make a fortune quietly! 项目地址:NaiveProxy
大概搭建步骤
- 在外网 VPS 端搭建 NaiveProxy 服务端(Caddy或者sing-box)
- 在本地端搭建 NaiveProxy 客户端
安装 GO
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
| apt update && apt install jq wget curl -y
export GOLANG_LATEST_STABLE_VERSION=$(curl "https://go.dev/dl/?mode=json" | jq -r '.[0].files[].filename | select(test("go.*.linux-amd64.tar.gz"))')
wget -O "go.tar.gz" "https://go.dev/dl/$GOLANG_LATEST_STABLE_VERSION"
tar -xf go.tar.gz -C /usr/local
echo 'export GOROOT=/usr/local/go' >> /etc/profile echo 'export PATH=$GOROOT/bin:$PATH' >> /etc/profile
source /etc/profile
|
Caddy
编译 Caddy
1 2
| go install github.com/caddyserver/xcaddy/cmd/xcaddy@latest ~/go/bin/xcaddy build --with github.com/caddyserver/forwardproxy@caddy2=github.com/klzgrad/forwardproxy@naive
|
编译完成后的caddy
执行文件在当前编译时所处的终端目录。创建一个caddy.json
配置文件,配置文件示例:
caddy支持自动申请和续订SSL证书。由于本配置禁用了自动HTTP重定向,访问伪装网站时注意加上前缀https访问: https://exp.com
。或者将disable_redirects
改成false
,让caddy处理自动HTTP到HTTPS的重定向,但这样caddy会占用80端口,请注意nginx等的端口冲突。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73
| { "admin": { "disabled": true }, "apps": { "http": { "servers": { "srv0": { "listen": [":443"], "automatic_https": { "disable_redirects": true }, "tls_connection_policies": [ { "match": { "sni": ["exp.com"] } } ], "routes": [ { "handle": [ { "auth_user_deprecated": "user", "auth_pass_deprecated": "password", "handler": "forward_proxy", "hide_ip": true, "hide_via": true, "probe_resistance": {} }, { "handler": "file_server", "root": "/path/to/html" } ] } ] } } }, "tls": { "certificates": { "automate": [ "exp.com" ] }, "automation": { "policies": [ { "subjects": [ "exp.com" ], "issuers": [ { "email": "exp@gmail.com", "module": "acme", "challenges": { "http": { "disabled": true }, "tls-alpn": { "disabled": false } } } ] } ] } } } }
|
或者手动申请 SSL 证书,并在caddy.json
配置文件中指定证书目录。点击查看如何申请 SSL 证书。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57
| { "admin": { "disabled": true }, "apps": { "http": { "servers": { "srv0": { "listen": [":443"], "automatic_https": { "disable": true }, "tls_connection_policies": [ { "match": { "sni": ["exp.com"] }, "certificate_selection": { "all_tags": ["exp.com"] } } ], "routes": [ { "handle": [ { "auth_user_deprecated": "user", "auth_pass_deprecated": "password", "handler": "forward_proxy", "hide_ip": true, "hide_via": true, "probe_resistance": {} }, { "handler": "file_server", "root": "/path/to/html" } ] } ] } } }, "tls": { "certificates": { "load_files": [ { "certificate": "/path/to/cert.pem", "key": "/path/to/key.pem", "tags": ["exp.com"] } ] } } } }
|
1 2 3 4 5 6 7 8 9
| ./caddy validate --config caddy.json
./caddy run --config caddy.json
pm2 start ./caddy -n caddy -- run --config caddy.json
|
sing-box
如果不想用caddy,也可以试试 sing-box
由于预发布的二进制文件没有包含acme等模块,这里我们手动编译:
1
| go install -v -tags with_quic,with_utls,with_reality_server,with_acme,with_clash_api github.com/sagernet/sing-box/cmd/sing-box@dev-next
|
编译完成后的sing-box
执行文件在$GOPATH/bin
目录下(/root/go/bin)
。创建一个sing-box.json
配置文件,配置文件示例:
sing-box也支持自动申请SSL证书
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
| { "log": { "disabled": false, "level": "warn", "timestamp": true }, "inbounds": [ { "type": "naive", "tag": "naive", "listen": "0.0.0.0", "listen_port": 443, "users": [ { "username": "user", "password": "password" } ], "tls": { "enabled": true, "server_name": "exp.com", "acme": { "domain": ["exp.com"], "data_directory": "/path/to/cert", "email": "exp@gmail.com", "provider": "letsencrypt", "disable_http_challenge": true, "disable_tls_alpn_challenge": false, "alternative_tls_port": 443 } } } ], "outbounds": [ { "type": "direct", "tag": "direct" } ] }
|
或者手动申请 SSL 证书,并在sing-box.json
配置文件中指定证书目录。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
| { "log": { "disabled": false, "level": "warn", "timestamp": true }, "inbounds": [ { "type": "naive", "tag": "naive", "listen": "0.0.0.0", "listen_port": 443, "users": [ { "username": "user", "password": "password" } ], "tls": { "enabled": true, "server_name": "exp.com", "certificate_path": "/path/to/cert.pem", "key_path": "/path/to/key.pem" } } ], "outbounds": [ { "type": "direct", "tag": "direct" } ] }
|
1 2 3 4 5 6 7 8 9
| ./sing-box check -c sing-box.json
./sing-box run -c sing-box.json
pm2 start ./sing-box -n sing-box -- run -c sing-box.json
|
目前 sing-box 的 naiveproxy 入站暂不支持伪装网站或fallback,在意防主动探测的慎用。
NaiveProxy 客户端配置
访问 releases 网站下载 NaiveProxy 对应的客户端,修改config.json
配置文件,示例如下
1 2 3 4
| { "listen": "socks://0.0.0.0:1080", "proxy": "https://user:password@exp.com", }
|