NaiveProxy 搭建教程
Make a fortune quietly! 项目地址:NaiveProxy
大概搭建步骤 #
- 在外网 VPS 端搭建 NaiveProxy 服务端(Caddy或者sing-box)
- 在本地端搭建 NaiveProxy 客户端
安装 GO #
## 安装依赖
apt update && apt install jq wget curl -y
## 获取go最新版本
export GOLANG_LATEST_STABLE_VERSION=$(curl "https://go.dev/dl/?mode=json" | jq -r '.[0].files[].filename | select(test("go.*.linux-amd64.tar.gz"))')
## 下载
wget -O "go.tar.gz" "https://go.dev/dl/$GOLANG_LATEST_STABLE_VERSION"
## 解压至/usr/local/
tar -xf go.tar.gz -C /usr/local
## 添加 Go 环境变量:
echo 'export GOROOT=/usr/local/go' >> /etc/profile
echo 'export PATH=$GOROOT/bin:$PATH' >> /etc/profile
## 使变量立即生效
source /etc/profile
Caddy #
编译 Caddy
go install github.com/caddyserver/xcaddy/cmd/xcaddy@latest
~/go/bin/xcaddy build --with github.com/caddyserver/forwardproxy@caddy2=github.com/klzgrad/forwardproxy@naive
编译完成后的caddy执行文件在当前编译时所处的终端目录。创建一个caddy.json配置文件,配置文件示例:
caddy支持自动申请和续订SSL证书。由于本配置禁用了自动HTTP重定向,访问伪装网站时注意加上前缀https访问: https://exp.com。或者将disable_redirects改成false,让caddy处理自动HTTP到HTTPS的重定向,但这样caddy会占用80端口,请注意nginx等的端口冲突。
{
"admin": {
"disabled": true
},
"apps": {
"http": {
"servers": {
"srv0": {
"listen": [
":443"
],
"automatic_https": {
"disable_redirects": true
},
"tls_connection_policies": [
{
"match": {
"sni": [
"exp.com"
]
}
}
],
"routes": [
{
"handle": [
{
"auth_user_deprecated": "user",
"auth_pass_deprecated": "password",
"handler": "forward_proxy",
"hide_ip": true,
"hide_via": true,
"probe_resistance": {}
},
{
"handler": "file_server",
"root": "/path/to/html"
}
]
}
]
}
}
},
"tls": {
"certificates": {
"automate": [
"exp.com"
]
},
"automation": {
"policies": [
{
"subjects": [
"exp.com"
],
"issuers": [
{
"email": "exp@gmail.com",
"module": "acme",
"challenges": {
"http": {
"disabled": true
},
"tls-alpn": {
"disabled": false
}
}
}
]
}
]
}
}
}
}
或者手动申请 SSL 证书,并在caddy.json配置文件中指定证书目录。点击查看如何申请 SSL 证书。
{
"admin": {
"disabled": true
},
"apps": {
"http": {
"servers": {
"srv0": {
"listen": [
":443"
],
"automatic_https": {
"disable": true
},
"tls_connection_policies": [
{
"match": {
"sni": [
"exp.com"
]
},
"certificate_selection": {
"all_tags": [
"exp.com"
]
}
}
],
"routes": [
{
"handle": [
{
"auth_user_deprecated": "user",
"auth_pass_deprecated": "password",
"handler": "forward_proxy",
"hide_ip": true,
"hide_via": true,
"probe_resistance": {}
},
{
"handler": "file_server",
"root": "/path/to/html"
}
]
}
]
}
}
},
"tls": {
"certificates": {
"load_files": [
{
"certificate": "/path/to/cert.pem",
"key": "/path/to/key.pem",
"tags": [
"exp.com"
]
}
]
}
}
}
}
## 验证配置文件
./caddy validate --config caddy.json
## 启动
./caddy run --config caddy.json
## 没问题后使用pm2后台运行和进程守护
## https://lhy.life/20211219-pm2/
pm2 start ./caddy -n caddy -- run --config caddy.json
sing-box #
如果不想用caddy,也可以试试 sing-box,配置文件sing-box.json示例:
sing-box也支持自动申请SSL证书
{
"log": {
"disabled": false,
"level": "warn",
"timestamp": true
},
"inbounds": [
{
"type": "naive",
"tag": "naive",
"listen": "0.0.0.0",
"listen_port": 443,
"users": [
{
"username": "user",
"password": "password"
}
],
"tls": {
"enabled": true,
"server_name": "exp.com",
"acme": {
"domain": [
"exp.com"
],
"data_directory": "/path/to/cert",
"email": "exp@gmail.com",
"provider": "letsencrypt",
"disable_http_challenge": true,
"disable_tls_alpn_challenge": false,
"alternative_tls_port": 443
}
}
}
],
"outbounds": [
{
"type": "direct",
"tag": "direct"
}
]
}
或者手动申请 SSL 证书,并在sing-box.json配置文件中指定证书目录。
{
"log": {
"disabled": false,
"level": "warn",
"timestamp": true
},
"inbounds": [
{
"type": "naive",
"tag": "naive",
"listen": "0.0.0.0",
"listen_port": 443,
"users": [
{
"username": "user",
"password": "password"
}
],
"tls": {
"enabled": true,
"server_name": "exp.com",
"certificate_path": "/path/to/cert.pem",
"key_path": "/path/to/key.pem"
}
}
],
"outbounds": [
{
"type": "direct",
"tag": "direct"
}
]
}
## 验证配置文件
./sing-box check -c sing-box.json
## 启动
./sing-box run -c sing-box.json
## 没问题后使用pm2后台运行和进程守护
## https://lhy.life/20211219-pm2/
pm2 start ./sing-box -n sing-box -- run -c sing-box.json
目前 sing-box 的 naiveproxy 入站暂不支持伪装网站或fallback,在意防主动探测的慎用。
NaiveProxy 客户端配置 #
访问 releases 网站下载 NaiveProxy 对应的客户端,修改config.json配置文件,示例如下
{
"listen": "socks://0.0.0.0:1080",
"proxy": "https://user:password@exp.com",
}