From 38fc123c1692774eb930927b8e3d871914a03fc7 Mon Sep 17 00:00:00 2001 From: klzgrad Date: Tue, 16 Jun 2020 20:19:15 +0800 Subject: [PATCH] Update README.md --- README.md | 90 ++++++++++++++++++++++++++++++++++++------------------- 1 file changed, 60 insertions(+), 30 deletions(-) diff --git a/README.md b/README.md index 168cc83f51..e5181fe3f5 100644 --- a/README.md +++ b/README.md @@ -19,56 +19,86 @@ NaïveProxy uses Chrome's network stack. The traffic behavior intercepted by the Frontend also reroutes unauthenticated users and active probes to a backend HTTP server, making it impossible to detect the existence of a proxy, like this: Probe ⟶ Frontend ⟶ index.html +Starting from v84, users can run a naïve fork of Caddy forwardproxy without the Naïve server. + ## Download -See [latest release](https://github.com/klzgrad/naiveproxy/releases/latest). +See [latest release](https://github.com/klzgrad/naiveproxy/releases/latest). Linux, Windows, Mac OS, and various OpenWrt targets are supported. + +Users should always use the latest version to keep signatures identical to Chrome. Note: On Linux libnss3 must be installed before using the prebuilt binary. ## Setup -On the server, download Caddy (from https://caddyserver.com/download with plugin: http.forwardproxy): -``` -curl -OJ 'https://caddyserver.com/download/linux/amd64?plugins=http.forwardproxy&license=personal' -tar xf ./caddy_*.tar.gz -sudo setcap cap_net_bind_service=+ep caddy +On the server, build and run Caddy v2 with naïve fork of forwardproxy: +```sh +git clone -b naive https://github.com/klzgrad/forwardproxy +go get -u github.com/caddyserver/xcaddy/cmd/xcaddy +~/go/bin/xcaddy build --with github.com/caddyserver/forwardproxy=./forwardproxy +sudo setcap cap_net_bind_service=+ep ./caddy +./caddy run --config caddy.json ``` -Run `./caddy` with the following Caddyfile (replace the example values accordingly): -``` -domain.example -root /var/www/html -tls myemail@example.com -forwardproxy { - basicauth user pass - hide_ip - hide_via - probe_resistance secret.localhost - upstream http://127.0.0.1:8080 -} -``` - -and `./naive` with the following `config.json`: +`caddy.json` using Let's Encrypt (replace the example values accordingly): +
+Example caddy.json using Let's Encrypt (replace example values accordingly) ```json { - "listen": "http://127.0.0.1:8080", - "padding": true + "apps": { + "http": { + "servers": { + "srv0": { + "listen": [":443"], + "routes": [{ + "handle": [{ + "handler": "forward_proxy", + "hide_ip": true, + "hide_via": true, + "auth_user": "username", + "auth_pass": "password", + "probe_resistance": {"domain": "secret.localhost"} + }] + }, { + "match": [{"host": ["example.com", "www.example.com"]}], + "handle": [{ + "handler": "file_server", + "root": "/var/www/html" + }], + "terminal": true + }], + "tls_connection_policies": [{ + "match": {"sni": ["example.com", "www.example.com"]} + }] + } + } + }, + "tls": { + "automation": { + "policies": [{ + "subjects": ["example.com", "www.example.com"], + "issuer": { + "email": "admin@example.com", + "module": "acme" + } + }] + } + } + } } ``` +
-Locally run `./naive` with `config.json`: + +Locally run `./naive` with the following `config.json` to get a SOCKS5 proxy at local port 1080. ```json { "listen": "socks://127.0.0.1:1080", - "proxy": "https://user:pass@domain.example", - "padding": true + "proxy": "https://username:password@example.com" } ``` -to get a SOCKS5 proxy at local port 1080. -See [USAGE.txt](https://github.com/klzgrad/naiveproxy/blob/master/USAGE.txt) on how to configure `config.json`. See also [Parameter Tuning](https://github.com/klzgrad/naiveproxy/wiki/Parameter-Tuning) to improve client-side performance. - -It's possible to run Caddy without Naive server, but you need to remove `padding` from `config.json` and `upstream` from Caddyfile. +See [USAGE.txt](https://github.com/klzgrad/naiveproxy/blob/master/USAGE.txt) for more parameters in `config.json`. See also [Parameter Tuning](https://github.com/klzgrad/naiveproxy/wiki/Parameter-Tuning) to improve client-side performance. ## Build