diff --git a/proxyhub/Dockerfile b/proxyhub/Dockerfile new file mode 100644 index 0000000..54d817d --- /dev/null +++ b/proxyhub/Dockerfile @@ -0,0 +1,44 @@ +# +# Dockerfile for ProxyHub +# + +FROM ubuntu:14.04 +MAINTAINER kev + +RUN apt-get update +RUN apt-get install -y build-essential pdnsd haproxy nginx +RUN apt-get clean + +RUN curl -sSL https://bootstrap.pypa.io/get-pip.py | python +RUN pip install supervisor shadowsocks + +ADD ./supervisord.conf /etc/supervisor/ +ADD ./services.conf /etc/supervisor/conf.d/ +ADD ./pdnsd.conf /etc/ +ADD ./shadowsocks /etc/shadowsocks +ADD ./haproxy.cfg /etc/haproxy/ + +ADD https://download.libsodium.org/libsodium/releases/libsodium-1.0.2.tar.gz /tmp/pkgs/ +ADD http://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-proxy-1.4.3.tar.gz /tmp/pkgs/ + +WORKDIR /tmp/pkgs/ + +RUN tar xzf libsodium-1.0.2.tar.gz && \ + cd libsodium-1.0.2 && \ + ./configure && \ + make && \ + make install + +RUN echo /usr/local/lib > /etc/ld.so.conf.d/local.conf && ldconfig + +RUN tar xzf dnscrypt-proxy-1.4.3.tar.gz && \ + cd dnscrypt-proxy-1.4.3 && \ + ./configure && \ + make && \ + make install + +WORKDIR / +RUN rm -r /tmp/pkgs/ +EXPOSE 80 1080 + +CMD supervisord -n -c /etc/supervisor/supervisord.conf diff --git a/proxyhub/README.md b/proxyhub/README.md new file mode 100644 index 0000000..4de2611 --- /dev/null +++ b/proxyhub/README.md @@ -0,0 +1,29 @@ +ProxyHub +======== + +## About + +- shadowsocks: A secure socks5 proxy, designed to protect your Internet traffic. +- haproxy: A free, very fast and reliable solution offering high availability, + load balancing, and proxying for TCP and HTTP-based applications. +- dnscrypt: A protocol for securing communications between a client and a DNS resolver. +- pdnsd: A DNS server designed for local caching of DNS information. +- nginx: an open source reverse proxy server for HTTP, HTTPS, SMTP, POP3, + and IMAP protocols, as well as a load balancer, caching and SSL offload. + +## Fig + + proxyhub: + image: vimagick/proxyhub + ports: + - "1080:1080" + restart: always + +## Run + + fig up -d + +## Test + + curl -x socks5h://localhost:1080 https://www.youtube.com + diff --git a/proxyhub/fig.yml b/proxyhub/fig.yml new file mode 100644 index 0000000..cf4b464 --- /dev/null +++ b/proxyhub/fig.yml @@ -0,0 +1,7 @@ +dnscrypt: + image: vimagick/dnscrypt + ports: + - "1080:1080" + dns: + - 127.0.0.1 + restart: always diff --git a/proxyhub/haproxy.cfg b/proxyhub/haproxy.cfg new file mode 100644 index 0000000..78a424f --- /dev/null +++ b/proxyhub/haproxy.cfg @@ -0,0 +1,21 @@ +global + maxconn 4000 + +defaults + mode tcp + timeout connect 5000ms + timeout client 50000ms + timeout server 50000ms + +frontend front + bind *:1080 + default_backend back + +backend back + balance roundrobin + server s1 127.0.0.1:1981 check + server s2 127.0.0.1:1982 check + server s3 127.0.0.1:1983 check + server s4 127.0.0.1:1984 check + server s5 127.0.0.1:1985 check + diff --git a/proxyhub/pdnsd.conf b/proxyhub/pdnsd.conf new file mode 100644 index 0000000..da2765e --- /dev/null +++ b/proxyhub/pdnsd.conf @@ -0,0 +1,37 @@ +global { + perm_cache=16384; + cache_dir="/var/cache/pdnsd"; + run_as="pdnsd"; + server_ip = 0.0.0.0; + status_ctl = on; + query_method=udp_tcp; + min_ttl=15m; # Retain cached entries at least 15 minutes. + max_ttl=1w; # One week. + timeout=10; # Global timeout option (10 seconds). + neg_domain_pol=on; + udpbufsize=1024; # Upper limit on the size of UDP messages. +} + +server { + label = "dnscrypt-proxy"; + ip = 127.0.0.1; + port = 2053; + timeout = 4; + uptest = query; + interval = 15m; + proxy_only=on; +} + +source { + owner=localhost; + file="/etc/hosts"; +} + + +rr { + name=localhost; + reverse=on; + a=127.0.0.1; + owner=localhost; + soa=localhost,root.localhost,42,86400,900,86400,86400; +} diff --git a/proxyhub/services.conf b/proxyhub/services.conf new file mode 100644 index 0000000..fb4a0f5 --- /dev/null +++ b/proxyhub/services.conf @@ -0,0 +1,23 @@ +[program:dnscrypt] +priority = 100 +command = dnscrypt-proxy -a 127.0.0.1:2053 -R opendns + +[program:pdnsd] +priority = 200 +command = pdnsd -c /etc/pdnsd.conf + +[program:shadowsocks] +priority = 300 +command = /usr/bin/sslocal -c /etc/shadowsocks/%(process_num)d.json +numprocs_start = 1981 +numprocs = 5 +process_name = %(process_num)d + +[program:haproxy] +priority = 400 +command = /usr/bin/haproxy -f /etc/haproxy/haproxy.cfg + +[program:nginx] +priority = 500 +command = /usr/bin/nginx -g "daemon off; pid /run/nginx.pid; error_log stderr;" + diff --git a/proxyhub/shadowsocks/1981.json b/proxyhub/shadowsocks/1981.json new file mode 100644 index 0000000..61a1c84 --- /dev/null +++ b/proxyhub/shadowsocks/1981.json @@ -0,0 +1,9 @@ +{ + "server": "free1.5z3.pw", + "server_port": 443, + "local_address": "127.0.0.1", + "local_port": 1981, + "password": "fogss.com", + "method": "rc4-md5", + "timeout": 600 +} diff --git a/proxyhub/shadowsocks/1982.json b/proxyhub/shadowsocks/1982.json new file mode 100644 index 0000000..9b0e846 --- /dev/null +++ b/proxyhub/shadowsocks/1982.json @@ -0,0 +1,9 @@ +{ + "server": "192.243.118.108", + "server_port": 8989, + "local_address": "127.0.0.1", + "local_port": 1982, + "password": "dht.me", + "method": "aes-256-cfb", + "timeout": 600 +} diff --git a/proxyhub/shadowsocks/1983.json b/proxyhub/shadowsocks/1983.json new file mode 100644 index 0000000..58754e8 --- /dev/null +++ b/proxyhub/shadowsocks/1983.json @@ -0,0 +1,9 @@ +{ + "server": "ova.pw", + "server_port": 8388, + "local_address": "127.0.0.1", + "local_port": 1983, + "password": "goagent", + "method": "aes-256-cfb", + "timeout": 600 +} diff --git a/proxyhub/shadowsocks/1984.json b/proxyhub/shadowsocks/1984.json new file mode 100644 index 0000000..34683d7 --- /dev/null +++ b/proxyhub/shadowsocks/1984.json @@ -0,0 +1,8 @@ +{ + "server": "107.191.53.58", + "server_port": 1789, + "local_address": "127.0.0.1", + "local_port": 1984, + "password": "123_FUCK_gfw", + "method": "aes-192-cfb" +} diff --git a/proxyhub/shadowsocks/1985.json b/proxyhub/shadowsocks/1985.json new file mode 100644 index 0000000..921d49e --- /dev/null +++ b/proxyhub/shadowsocks/1985.json @@ -0,0 +1,8 @@ +{ + "server": "104.238.180.87", + "server_port": 1789, + "local_address": "127.0.0.1", + "local_port": 1985, + "password": "123_FUCK_gfw", + "method": "aes-192-cfb" +} diff --git a/proxyhub/supervisord.conf b/proxyhub/supervisord.conf new file mode 100644 index 0000000..dac7764 --- /dev/null +++ b/proxyhub/supervisord.conf @@ -0,0 +1,141 @@ +; Sample supervisor config file. +; +; For more information on the config file, please see: +; http://supervisord.org/configuration.html +; +; Notes: +; - Shell expansion ("~" or "$HOME") is not supported. Environment +; variables can be expanded using this syntax: "%(ENV_HOME)s". +; - Comments must have a leading space: "a=b ;comment" not "a=b;comment". + +[unix_http_server] +file=/tmp/supervisor.sock ; (the path to the socket file) +;chmod=0700 ; socket file mode (default 0700) +;chown=nobody:nogroup ; socket file uid:gid owner +;username=user ; (default is no username (open server)) +;password=123 ; (default is no password (open server)) + +[inet_http_server] ; inet (TCP) server disabled by default +port=0.0.0.0:9001 ; (ip_address:port specifier, *:port for all iface) +;username=user ; (default is no username (open server)) +;password=123 ; (default is no password (open server)) + +[supervisord] +logfile=/tmp/supervisord.log ; (main log file;default $CWD/supervisord.log) +logfile_maxbytes=50MB ; (max main logfile bytes b4 rotation;default 50MB) +logfile_backups=10 ; (num of main logfile rotation backups;default 10) +loglevel=info ; (log level;default info; others: debug,warn,trace) +pidfile=/tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid) +nodaemon=false ; (start in foreground if true;default false) +minfds=1024 ; (min. avail startup file descriptors;default 1024) +minprocs=200 ; (min. avail process descriptors;default 200) +;umask=022 ; (process file creation umask;default 022) +;user=chrism ; (default is current user, required if root) +;identifier=supervisor ; (supervisord identifier, default is 'supervisor') +;directory=/tmp ; (default is not to cd during start) +;nocleanup=true ; (don't clean up tempfiles at start;default false) +;childlogdir=/tmp ; ('AUTO' child log dir, default $TEMP) +;environment=KEY="value" ; (key value pairs to add to environment) +;strip_ansi=false ; (strip ansi escape codes in logs; def. false) + +; the below section must remain in the config file for RPC +; (supervisorctl/web interface) to work, additional interfaces may be +; added by defining them in separate rpcinterface: sections +[rpcinterface:supervisor] +supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface + +[supervisorctl] +serverurl=unix:///tmp/supervisor.sock ; use a unix:// URL for a unix socket +;serverurl=http://127.0.0.1:9001 ; use an http:// url to specify an inet socket +;username=chris ; should be same as http_username if set +;password=123 ; should be same as http_password if set +;prompt=mysupervisor ; cmd line prompt (default "supervisor") +;history_file=~/.sc_history ; use readline history if available + +; The below sample program section shows all possible program subsection values, +; create one or more 'real' program: sections to be able to control them under +; supervisor. + +;[program:theprogramname] +;command=/bin/cat ; the program (relative uses PATH, can take args) +;process_name=%(program_name)s ; process_name expr (default %(program_name)s) +;numprocs=1 ; number of processes copies to start (def 1) +;directory=/tmp ; directory to cwd to before exec (def no cwd) +;umask=022 ; umask for process (default None) +;priority=999 ; the relative start priority (default 999) +;autostart=true ; start at supervisord start (default: true) +;autorestart=unexpected ; whether/when to restart (default: unexpected) +;startsecs=1 ; number of secs prog must stay running (def. 1) +;startretries=3 ; max # of serial start failures (default 3) +;exitcodes=0,2 ; 'expected' exit codes for process (default 0,2) +;stopsignal=QUIT ; signal used to kill process (default TERM) +;stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10) +;stopasgroup=false ; send stop signal to the UNIX process group (default false) +;killasgroup=false ; SIGKILL the UNIX process group (def false) +;user=chrism ; setuid to this UNIX account to run the program +;redirect_stderr=true ; redirect proc stderr to stdout (default false) +;stdout_logfile=/a/path ; stdout log path, NONE for none; default AUTO +;stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) +;stdout_logfile_backups=10 ; # of stdout logfile backups (default 10) +;stdout_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) +;stdout_events_enabled=false ; emit events on stdout writes (default false) +;stderr_logfile=/a/path ; stderr log path, NONE for none; default AUTO +;stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) +;stderr_logfile_backups=10 ; # of stderr logfile backups (default 10) +;stderr_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) +;stderr_events_enabled=false ; emit events on stderr writes (default false) +;environment=A="1",B="2" ; process environment additions (def no adds) +;serverurl=AUTO ; override serverurl computation (childutils) + +; The below sample eventlistener section shows all possible +; eventlistener subsection values, create one or more 'real' +; eventlistener: sections to be able to handle event notifications +; sent by supervisor. + +;[eventlistener:theeventlistenername] +;command=/bin/eventlistener ; the program (relative uses PATH, can take args) +;process_name=%(program_name)s ; process_name expr (default %(program_name)s) +;numprocs=1 ; number of processes copies to start (def 1) +;events=EVENT ; event notif. types to subscribe to (req'd) +;buffer_size=10 ; event buffer queue size (default 10) +;directory=/tmp ; directory to cwd to before exec (def no cwd) +;umask=022 ; umask for process (default None) +;priority=-1 ; the relative start priority (default -1) +;autostart=true ; start at supervisord start (default: true) +;autorestart=unexpected ; whether/when to restart (default: unexpected) +;startsecs=1 ; number of secs prog must stay running (def. 1) +;startretries=3 ; max # of serial start failures (default 3) +;exitcodes=0,2 ; 'expected' exit codes for process (default 0,2) +;stopsignal=QUIT ; signal used to kill process (default TERM) +;stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10) +;stopasgroup=false ; send stop signal to the UNIX process group (default false) +;killasgroup=false ; SIGKILL the UNIX process group (def false) +;user=chrism ; setuid to this UNIX account to run the program +;redirect_stderr=true ; redirect proc stderr to stdout (default false) +;stdout_logfile=/a/path ; stdout log path, NONE for none; default AUTO +;stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) +;stdout_logfile_backups=10 ; # of stdout logfile backups (default 10) +;stdout_events_enabled=false ; emit events on stdout writes (default false) +;stderr_logfile=/a/path ; stderr log path, NONE for none; default AUTO +;stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) +;stderr_logfile_backups ; # of stderr logfile backups (default 10) +;stderr_events_enabled=false ; emit events on stderr writes (default false) +;environment=A="1",B="2" ; process environment additions +;serverurl=AUTO ; override serverurl computation (childutils) + +; The below sample group section shows all possible group values, +; create one or more 'real' group: sections to create "heterogeneous" +; process groups. + +;[group:thegroupname] +;programs=progname1,progname2 ; each refers to 'x' in [program:x] definitions +;priority=999 ; the relative start priority (default 999) + +; The [include] section can just contain the "files" setting. This +; setting can list multiple files (separated by whitespace or +; newlines). It can also contain wildcards. The filenames are +; interpreted as relative to this file. Included files *cannot* +; include files themselves. + +[include] +files = conf.d/*.ini