Last active
August 29, 2025 14:36
-
-
Save ALfheimr-SAO/937048d6eef31e30ffa172c0c4b1ffb7 to your computer and use it in GitHub Desktop.
Revisions
-
ALfheimr-SAO revised this gist
Mar 19, 2020 . 1 changed file with 3 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -2,7 +2,7 @@ 原帖来自于[Vmess + TCP + TLS 方式的 HTTP 分流和网站伪装](https://gist.github.com/liberal-boy/f3db4e413a96fa80719db1414f011325#vmess--tcp--tls-%E6%96%B9%E5%BC%8F%E7%9A%84-http-%E5%88%86%E6%B5%81%E5%92%8C%E7%BD%91%E7%AB%99%E4%BC%AA%E8%A3%85) 这里只是塞了个trojan进去, [ **背景** ](https://gist.github.com/liberal-boy/f3db4e413a96fa80719db1414f011325#%E8%83%8C%E6%99%AF) 请看原帖。 利用haproxy listen 443端口,同时处理web+trojan+v2ray流量。 @@ -162,4 +162,5 @@ backend default_web --- 提供一个思路而已,有更好的思路欢迎提comment -
Mar 19, 2020 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,4 @@ # [ **v2ray+trojan搭配haproxy网站伪装隐藏代理** ](https://gist.github.com/ALfheimr-SAO/937048d6eef31e30ffa172c0c4b1ffb7#file-v2ray-trojan-haproxy-md) 原帖来自于[Vmess + TCP + TLS 方式的 HTTP 分流和网站伪装](https://gist.github.com/liberal-boy/f3db4e413a96fa80719db1414f011325#vmess--tcp--tls-%E6%96%B9%E5%BC%8F%E7%9A%84-http-%E5%88%86%E6%B5%81%E5%92%8C%E7%BD%91%E7%AB%99%E4%BC%AA%E8%A3%85) -
Mar 19, 2020 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -2,7 +2,7 @@ 原帖来自于[Vmess + TCP + TLS 方式的 HTTP 分流和网站伪装](https://gist.github.com/liberal-boy/f3db4e413a96fa80719db1414f011325#vmess--tcp--tls-%E6%96%B9%E5%BC%8F%E7%9A%84-http-%E5%88%86%E6%B5%81%E5%92%8C%E7%BD%91%E7%AB%99%E4%BC%AA%E8%A3%85) 这里只是塞了个trojan进去, **[背景](https://gist.github.com/liberal-boy/f3db4e413a96fa80719db1414f011325#%E8%83%8C%E6%99%AF)** 请看原帖。 利用haproxy listen 443端口,同时处理web+trojan+v2ray流量。 -
Mar 19, 2020 . 1 changed file with 9 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -6,6 +6,8 @@ 利用haproxy listen 443端口,同时处理web+trojan+v2ray流量。 流程图如下:( **不知道为啥gist不显示,typora里倒是显示正常** ) ``` flow s=>start: Start e=>end: End @@ -30,16 +32,12 @@ op_haproxy->is_trojan is_trojan(yes, right)->out_trojan is_trojan(no)->is_cdn is_cdn(yes, right)->out_apache is_cdn(no)->is_wss is_wss(yes, right)->out_apache is_wss(no)->is_tcp is_tcp(yes, right)->sub_haproxy is_tcp(no)->out_default sub_haproxy(right)->is_http is_http(yes)->out_default is_http(no)->out_v2ray_tcp @@ -72,6 +70,8 @@ apache https listen 4443端口,若请求域名是CDN/WSS的则分给apache处 v2ray TCP listen 2333端口,若请求域名是TCP则在haproxy上终结ssl后分流给apache的80端口和v2ray的tcp配置端口 ## haproxy配置 ```python global log /dev/log local0 @@ -158,3 +158,8 @@ backend default_web server web 127.0.0.1:80 ``` **ps:mkdir /run/haproxy 要确保这个path存在否则无法启动** --- 提供一个思路而以,有更好的思路欢迎提comment -
Mar 19, 2020 . 1 changed file with 32 additions and 24 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -2,23 +2,10 @@ 原帖来自于[Vmess + TCP + TLS 方式的 HTTP 分流和网站伪装](https://gist.github.com/liberal-boy/f3db4e413a96fa80719db1414f011325#vmess--tcp--tls-%E6%96%B9%E5%BC%8F%E7%9A%84-http-%E5%88%86%E6%B5%81%E5%92%8C%E7%BD%91%E7%AB%99%E4%BC%AA%E8%A3%85) 这里只是塞了个trojan进去,**[背景](https://gist.github.com/liberal-boy/f3db4e413a96fa80719db1414f011325#%E8%83%8C%E6%99%AF)**请看原帖。 利用haproxy listen 443端口,同时处理web+trojan+v2ray流量。 ``` flow s=>start: Start e=>end: End @@ -63,6 +50,27 @@ out_v2ray_tcp->e out_default->e ``` ## 思路 haproxy bind 433端口,对流量进行分流处理。 示例给出trojan代理,v2ray的CDN,WSS和TCP代理方式,分成以下3组: 1. trojan代理 2. v2ray的CDN和WSS代理 3. v2ray的TCP代理 通过sni区分域名请求,转发上述流量。 TCP需要特别处理,在haproxy上处理tls后分流,http流量给web,其余的交给v2ray处理。 * haproxy1.8以上,apache2.4以上 trojan listen 8080端口,若请求域名是trojan的则分给trojan处理 apache https listen 4443端口,若请求域名是CDN/WSS的则分给apache处理 v2ray TCP listen 2333端口,若请求域名是TCP则在haproxy上终结ssl后分流给apache的80端口和v2ray的tcp配置端口 ```python global @@ -104,17 +112,17 @@ frontend tcp_in # trojan域名代理trojan # CDN域名代理v2ray wss走CDN的情况 # WSS域名代理v2ray的wss模式 acl is_Trojan req_ssl_sni -i trojan.domain.com acl is_CDN req_ssl_sni -i cdn.domain.com acl is_WSS req_ssl_sni -i wss.domain.com # TCP域名分流 acl is_TCP req_ssl_sni -i tcp.domain.com use_backend TROJAN if is_Trojan use_backend CDN if is_CDN use_backend WSS if is_WSS use_backend TCP if is_TCP # 其它任何tcp 443端口流量交给web default_backend default_web @@ -123,7 +131,7 @@ frontend tcp_in # apache可以是其它的web server backend TROJAN server trojan 127.0.0.1:8080 backend CDN server v2ray_cdn 127.0.0.1:4443 @@ -138,15 +146,15 @@ frontend TCP_TLS mode tcp bind abns@/var/run/haproxy_tcp.sock accept-proxy ssl crt /etc/ssl/private/tcp.domain.com.pem # 解tls后正常http给web,否则交给v2ray的tcp处理 use_backend default_web if HTTP default_backend v2ray_tcp # 2333是v2ray的tcp端口 backend v2ray_tcp server server_v2ray_tcp 127.0.0.1:2333 backend default_web server web 127.0.0.1:80 ``` -
Mar 19, 2020 . 1 changed file with 42 additions and 7 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -19,13 +19,48 @@ haproxy bind 433端口,对流量进行分流处理。 TCP需要特别处理,在haproxy上处理tls后分流,http流量给web,其余的交给v2ray处理。 * haproxy1.8以上,apache2.4以上 ``` flow s=>start: Start e=>end: End op_haproxy=>operation: haproxy sub_haproxy=>subroutine: due to tcp in_haproxy=>inputoutput: https in port:443 out_trojan=>inputoutput: to trojan:port:8080 out_apache=>inputoutput: to apache:port:4443 out_v2ray_tcp=>inputoutput: to v2ray tcp configure:port:2333 out_default=>inputoutput: to default web:port:80 is_trojan=>condition: if trojan domain is_cdn=>condition: if CDN domain is_wss=>condition: if WSS domain is_tcp=>condition: if TCP domain is_http=>condition: if HTTP request s->in_haproxy in_haproxy->op_haproxy op_haproxy->is_trojan is_trojan(yes, right)->out_trojan is_trojan(no)->is_cdn is_cdn(yes, right)->out_apache is_cdn(no)->is_wss is_wss(yes, right)->out_apache is_wss(no)->is_tcp is_tcp(yes, right)->sub_haproxy is_tcp(no)->out_default sub_haproxy(right)->is_http is_http(yes)->out_default is_http(no)->out_v2ray_tcp out_trojan->e out_apache->e out_v2ray_tcp->e out_default->e ``` -
Mar 19, 2020 . 1 changed file with 8 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -19,7 +19,14 @@ haproxy bind 433端口,对流量进行分流处理。 TCP需要特别处理,在haproxy上处理tls后分流,http流量给web,其余的交给v2ray处理。 * haproxy1.8以上,apache2.4以上 ``` mermaid graph LR A[方形] -->B(圆角) B --> C{条件a} C -->|a=1| D[结果1] C -->|a=2| E[结果2] F[流程图] ``` ```python -
Mar 19, 2020 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -2,7 +2,7 @@ 原帖来自于[Vmess + TCP + TLS 方式的 HTTP 分流和网站伪装](https://gist.github.com/liberal-boy/f3db4e413a96fa80719db1414f011325#vmess--tcp--tls-%E6%96%B9%E5%BC%8F%E7%9A%84-http-%E5%88%86%E6%B5%81%E5%92%8C%E7%BD%91%E7%AB%99%E4%BC%AA%E8%A3%85) 这里只是塞了个trojan进去,**[背景](https://gist.github.com/liberal-boy/f3db4e413a96fa80719db1414f011325#%E8%83%8C%E6%99%AF)** 请看原帖。 ## 思路 -
Mar 19, 2020 . 1 changed file with 110 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1 +1,110 @@ # [**v2ray+trojan搭配haproxy网站伪装隐藏代理**](https://gist.github.com/ALfheimr-SAO/937048d6eef31e30ffa172c0c4b1ffb7#file-v2ray-trojan-haproxy-md) 原帖来自于[Vmess + TCP + TLS 方式的 HTTP 分流和网站伪装](https://gist.github.com/liberal-boy/f3db4e413a96fa80719db1414f011325#vmess--tcp--tls-%E6%96%B9%E5%BC%8F%E7%9A%84-http-%E5%88%86%E6%B5%81%E5%92%8C%E7%BD%91%E7%AB%99%E4%BC%AA%E8%A3%85) 这里只是塞了个trojan进去,**[背景](https://gist.github.com/liberal-boy/f3db4e413a96fa80719db1414f011325#%E8%83%8C%E6%99%AF)**请看原帖。 ## 思路 haproxy bind 433端口,对流量进行分流处理。 示例给出trojan代理,v2ray的CDN,WSS和TCP代理方式,分成以下3组: 1. trojan代理 2. v2ray的CDN和WSS代理 3. v2ray的TCP代理 通过sni区分域名请求,转发上述流量。 TCP需要特别处理,在haproxy上处理tls后分流,http流量给web,其余的交给v2ray处理。 * haproxy1.8以上,apache2.4以上 ```python global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy # mkdir /run/haproxy 要确保这个path存在 stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners stats timeout 30s user haproxy group haproxy daemon # ca-base /etc/ssl/certs # crt-base /etc/ssl/private # 仅使用支持 FS 和 AEAD 的加密套件 ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 # 禁用 TLS 1.2 之前的 TLS ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 tune.ssl.default-dh-param 2048 defaults log global mode tcp option dontlognull timeout connect 5s # 空闲连接等待时间,这里使用与 V2Ray 默认 connIdle 一致的 300s timeout client 300s timeout server 300s frontend tcp_in bind *:443 alpn h2,http/1.1 tcp-request inspect-delay 5s tcp-request content accept if { req_ssl_hello_type 1 } # trojan域名代理trojan # CDN域名代理v2ray wss走CDN的情况 # WSS域名代理v2ray的wss模式 acl is_Trojan req_ssl_sni -i trojan.domain.com acl is_CDN req_ssl_sni -i cdn.domain.com acl is_WSS req_ssl_sni -i wss.domain.com # TCP域名分流 acl is_TCP req_ssl_sni -i tcp.domain.com use_backend TROJAN if is_Trojan use_backend CDN if is_CDN use_backend WSS if is_WSS use_backend TCP if is_TCP # 其它任何tcp 443端口流量交给web default_backend default_web # 8080是trojan端口 # 4443是apache tls端口,CDN和WSS在apache和v2ray里是一样的配置,靠apache解tls反代ws给v2ray处理 # apache可以是其它的web server backend TROJAN server trojan 127.0.0.1:8080 backend CDN server v2ray_cdn 127.0.0.1:4443 backend WSS server v2ray_wss 127.0.0.1:4443 backend TCP server TCP_TLS abns@/var/run/haproxy_tcp.sock send-proxy-v2 frontend TCP_TLS mode tcp bind abns@/var/run/haproxy_tcp.sock accept-proxy ssl crt /etc/ssl/private/tcp.domain.com.pem # 解tls后正常http给web,否则交给v2ray的tcp处理 use_backend default_web if HTTP default_backend v2ray_tcp # 2333是v2ray的tcp端口 backend v2ray_tcp server server_v2ray_tcp 127.0.0.1:2333 backend default_web server web 127.0.0.1:80 ``` -
Mar 19, 2020 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1 @@ # 233