β

搭建 sniproxy

nosa.me 201 阅读

sniproxy 源码在 https://github.com/dlundquist/sniproxy ,它的作用是:

Proxies incoming HTTP and TLS connections based on the hostname contained in the initial request of the TCP session.

安装:

rpm -ivh http://mirror.zhoufengjie.cn/centos/el6/x86_64/RPMS/tyumenmirror-1.0-1.el6.noarch.rpm

yum -y install sniproxy

如果使用源码编译,最要把 udns 编译进去,否则如果配置 .* *:443 类似规则的时候会报:Only socket address backends are permitted when compiled without libudns

修改配置文件 /usr/local/sniproxy/etc/sniproxy.conf:

user daemon
pidfile /var/run/sniproxy.pid

error_log {
syslog daemon
priority notice
}

listen 443 {
protocol tls
table https_hosts

access_log {
filename /var/log/sniproxy.log
}
}

table https_hosts {
.* *:443
}

listen 80 {
protocol http
table http_hosts

access_log {
filename /var/log/sniproxy.log
}
}

table http_hosts {
.* *:80
}

table {
.* 127.0.0.1
}

启动:

/usr/local/sniproxy/sbin/sniproxy -c /usr/local/sniproxy/etc/sniproxy.conf

然后修改 /etc/hosts 测试:

52.221.229.x play.google.com
52.221.229.x www.baidu.com

# curl -I “https://play.google.com/store/apps/details?hl=en&id=tr.com.fugo.kelimeavi2.en”
HTTP/1.1 200 OK

# curl -I http://www.baidu.com
HTTP/1.1 200 OK

都是 OK 的。

修改 hosts 很麻烦,可以使用  dnsmasq 来管理你的解析,在 dnsmasq 上把你需要的域名修改成你的 sniproxy,配合 dnscrypt,防止 DNS 被污染。详情请看:

https://www.logcg.com/archives/981.html

https://gist.github.com/tawateer/fff8798407693d74b80d44e46806cc82

No related posts.

作者:nosa.me
未来不会有sa
原文地址:搭建 sniproxy, 感谢原作者分享。

发表评论