NaiveProxy使用

简介

旧的协议已经完蛋了，目前naiveproxy好像不错就学习一下

搭建

服务器端操作系统 ubuntu22.04 amd64

编译安装caddy+naive：

apt install golang-go
go install github.com/caddyserver/xcaddy/cmd/xcaddy@latest
~/go/bin/xcaddy build --with github.com/caddyserver/forwardproxy@caddy2=github.com/klzgrad/forwa

Caddyfile配置：

:443, naive.buliang0.tk #你的域名
tls example@example.com #你的邮箱
route {
 forward_proxy {
   basic_auth user pass #用户名和密码
   hide_ip
   hide_via
   probe_resistance
  }
 #支持多用户
 forward_proxy {
   basic_auth user2 pass2 #用户名和密码
   hide_ip
   hide_via
   probe_resistance
  }
 reverse_proxy  https://demo.cloudreve.org  { #伪装网址
   header_up  Host  {upstream_hostport}
   header_up  X-Forwarded-Host  {host}
  }
}

caddy常用指令：

前台运行caddy：./caddy run
后台运行caddy：./caddy start
停止caddy：./caddy stop
重载配置：./caddy reload

caddy配置守护进程（开机自启）：https://github.com/klzgrad/naiveproxy/wiki/Run-Caddy-as-a-daemon

自定义端口：

naive如果要用自定义端口，需要使用json的配置方式，新手可以直接跳过

启动方式：./caddy start --config config.json

config.json内容：

//需删除注释内容caddy才能加载
{
 "apps": {
   "http": {
     "servers": {
       "srv0": {
         "listen": [
           ":4431"   //监听端口
         ],
         "routes": [
           {
             "handle": [
               {
                 "auth_user_deprecated": "user",   //用户名
                 "auth_pass_deprecated": "pass",  //密码
                 "handler": "forward_proxy",
                 "hide_ip": true,
                 "hide_via": true,
                 "probe_resistance": {}
               }
             ]
           },
           {
             "handle": [
               {
                 "handler": "reverse_proxy",
                 "headers": {
                   "request": {
                     "set": {
                       "Host": [
                         "{http.reverse_proxy.upstream.hostport}"
                       ],
                       "X-Forwarded-Host": [
                         "{http.request.host}"
                       ]
                     }
                   }
                 },
                 "transport": {
                   "protocol": "http",
                   "tls": {}
                 },
                 "upstreams": [
                   {
                     "dial": "demo.cloudreve.org:443"  //伪装网址
                   }
                 ]
               }
             ]
           }
         ],
         "tls_connection_policies": [
           {
             "match": {
               "sni": [
                 "naive.buliang0.tk"  //域名
               ]
             },
             "certificate_selection": {
               "any_tag": [
                 "cert0"
               ]
             }
           }
         ],
         "automatic_https": {
           "disable": true
         }
       }
     }
   },
   "tls": {
     "certificates": {
       "load_files": [
         {
           "certificate": "/root/a.crt",  //公钥路径
           "key": "/root/a.key",   //私钥路径
           "tags": [
             "cert0"
           ]
         }
       ]
     }
   }
 }
}

客户端配置

naive客户端：https://github.com/klzgrad/naiveproxy/releases/latest

客户端配置：

{
  "listen": "socks://127.0.0.1:1080",
  "proxy": "https://user:pass@example.com"
}

搭建过程中遇到的问题

443端口被封的情况下，就只能自定义端口，需要申请证书，使用x-ui里面的acme.sh来申请，然后通过命令来导出证书到指定目录。代码如下

~/.acme.sh/acme.sh --installcert -d mydomain.com --key-file /root/private.key --fullchain-file /root/cert.crt

客户端配置方面

{
  "listen": "socks://127.0.0.1:1080",
  "proxy": "https://user:pass@example.com:4431",
  "log": ""
}