传说安全性相对其他会好一些,搭建的同时做个记录.
1. 安装配置软件
yum install wget lrzsz vim tar git -y
2. 安装 Golang
安装目录解压到常用的/usr/local
wget https://go.dev/dl/go1.19.4.linux-amd64.tar.gztar -zxvf go1.19.4.linux-amd64.tar.gz -C /usr/local
设置 GOROOT 和 GOPATH
# 编译位置 vim /etc/profileexport GOROOT=/usr/local/goexport GOPATH=/data/gopathexport PATH=$PATH:$GOROOT/bin:$GOPATH/bin
让配置生效 :source /etc/profile
3. 安装NaiveProxy
go mod initgo install /caddyserver/xcaddy/cmd/xcaddy@latest# 开个快捷到执行目录ln -s /usr/local/go/gopath/bin/xcaddy /usr/bin/xcaddyxcaddy build --with /caddyserver/forwardproxy@caddy2=/klzgrad/forwardproxy@naive --with /porech/caddy-maxmind-geolocation
等待几分钟当前目录会出现 caddy 文件,移动到执行目录
mv caddy /usr/bin/# 查看caddy版本caddy version# 设置允许监听1024以下端口setcap cap_net_bind_service=+ep /usr/bin/caddy
4. 配置NaiveProxy
mkdir /etc/caddytouch /etc/caddy/Caddyfile
写入如下内容,这里做了复合站点配置 。按实际情况修改名字和域名等.
:443 {tls yourname@route {forward_proxy {basic_auth username passwordhide_iphide_viaprobe_resistance}reverse_proxy {header_up Host {upstream_hostport}}}} {redir } {tls yourname@file_server {root /var/www/html}}
测试配置文件是否正确
/usr/bin/caddy run --config /etc/caddy/Caddyfile
5. 配置系统启动等
新建文件 :vim /etc/systemd/system/caddy.service
[Unit]Description=CaddyDocumentation=/docs/After=network.target network-online.targetRequires=network-online.target[Service]Type=notifyUser=rootGroup=rootExecStart=/usr/bin/caddy run --environ --config /etc/caddy/CaddyfileExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --forceTimeoutStopSec=5sLimitNOFILE=1048576LimitNPROC=512PrivateTmp=trueProtectSystem=fullAmbientCapabilities=CAP_NET_BIND_SERVICE[Install]WantedBy=multi-user.target
设置自启动等
systemctl daemon-reload # 重新加载配置文件systemctl enable caddy # 设置启动systemctl start caddy # 启动
平时操作命令
重载caddysystemctl reload caddy重启caddysystemctl restart caddy停止caddysystemctl stop caddy
6. 优化速度
sudo sysctl -w net.ipv4.tcp_congestion_control=bbrsudo sysctl -w net.ipv4.tcp_slow_start_after_idle=0sudo sysctl -w net.ipv4.tcp_notsent_lowat=16384
需要重启reboot
7. 客户端配置
{"listen": "socks://127.0.0.1:1080","concurrency":"2","proxy": "https://user:password@"}
备注:
listen:监听的地址和端口,一般不需要修改proxy:代理的地址,协议可以是https或者quic,使用quic服务端需要放行tls的udp端口;需要修改用户名密码以及域名;若使用的是非443端口,域名后面需要增加服务端绑定的tls端口,如,domain.example:1443
如果觉得《你啊 too young too naiveproxy》对你有帮助,请点赞、收藏,并留下你的观点哦!
