python-proxy
python-proxy copied to clipboard
qwj
config file draft
Hi, here's a very basic config file template designed to work with pproxy. I'm open for all sorts of feedback and improvement as this probably covers ~60 percent of what pproxy offers.
{
"general":{
"block":{
"enabled": true,
"type": "path_list/regex_list",
"values": [
"1.1.1.1/24",
"2.2.2.2/24",
"in case of path_list => /path/to/the/file1",
"in case of path_list => /path/to/the/file2"
]
},
"check_alive":{
"enabled": true,
"interval": 30
},
"schedule":{
"enabled":true,
"algorithm": "fa"
},
"pac":{
"enabled": true,
"path": "asdasds"
},
"sys":{
"enabled": true
},
"test":{
"enabled": true,
"path": "http://ident.me"
}
},
"servers":[
{
"enabled": true,
"name": "SERVER1",
"type": "in/out",
"addr": "0.0.0.0",
"port": "80",
"unix_socket": "/tmp/myproxy",
"inverse": false,
"http_settings":{
"enabled": true,
"disable_http_connect": true,
"auth": {
"enabled": true,
"creds": [
"user1:pass1",
"user2:pass2"
]
},
"ssl": {
"enabled": true,
"type": "base64/path/insecure",
"cert": "asdasdasd",
"key": "asdasdasd"
}
},
"socks_settings":{
"enabled":true,
"version": "4/5/4+5",
"auth": {
"enabled": true,
"creds": [
"user1:pass1",
"user2:pass2"
]
},
"ssl": {
"enabled": true,
"type": "base64/path/insecure",
"cert": "asdasdasd",
"key": "asdasdasd"
}
},
"ss_settings":{
"enabled": true,
"password": "123",
"cipher": "aes-256-gcm",
"ssl": {
"enabled": true,
"type": "base64/path/insecure",
"cert": "asdasdasd",
"key": "asdasdasd"
}
},
"ssr_settings":{
"enabled":true,
"password": "123",
"cipher": "aes-256-gcm",
"plugins":{
"enabled": true,
"values":[
"plain",
"origin",
"http_simple",
"tls1.2_ticket_auth",
"verify_simple",
"verify_deflate"
]
}
},
"redir_settings":{
"enabled": true
},
"tunnel_settings":{
"enabled": true,
"hosts": ["www.google.com"]
},
"ssh_settings":{
"enabled": true,
"remote_host": "1.2.3.4",
"remote_port": 22,
"cred_type": "password/key_path/key_base64",
"username": "root",
"cred": "whatever"
},
"ws_settings":{
"enabled": true,
"ssl": {
"enabled": true,
"type": "base64/path/insecure",
"cert": "asdasdasd",
"key": "asdasdasd"
}
}
}
]
}
couple of points:
- It's
jsoninstead ofyaml(#45) because I didn't want to introduce a new dependency - I have no idea how to implement relays (with __ syntax) in this json :)
Cool template design! My suggestion is relays can be implemented by adding a key "relay" in "servers". It can be nested with several layers. for example:
"servers": [
{
"enabled": true,
"name": "SERVER1",
........
"relay": {
"enabled": true,
"name": "SERVER2",
........
"relay": {
"enabled": true,
"name": "FINAL_SERVE",
........
}
}
}
]
ok I think I got your point. But here's a bigger question. Do we need to identify one of the methods (config file or command line arguments) as a main template and convert the other one to the template? This way we can make pluggable configuration formats connected to pproxy if we wanted.
Currently I don't see great benefits of using a configuration file. Maybe converting from json config file to command line argument parameter is a good way to make it easier.
I agree with this not being a high priority. Let's keep this here as an open improvement issue but with lower priority. Meanwhile, I'll try to work on some low hanging fruit.
Form my side i dont like that auth informations are handled via command option. I'm under linux and when im doing ps i see my proxy password what i dont want to!
So in general a +1 from me for the config file! Maybe start with a MVP just for the pw ;)
It would be nice if passwords are not stored in plaintext somewhere. Instead it would be nice if passwords are fetched from linux keyring. e.g. via secret-tool but i guess that is to os specific.
Form my side i dont like that auth informations are handled via command option. I'm under linux and when im doing
psi see my proxy password what i dont want to!So in general a +1 from me for the config file! Maybe start with a MVP just for the pw ;)
It would be nice if passwords are not stored in plaintext somewhere. Instead it would be nice if passwords are fetched from linux keyring. e.g. via secret-tool but i guess that is to os specific.
I use python script to avoid auth information leak via command option. Python script is better than config file, I think.
Forget shadowsocks. We config like this:
arg=( '-l','socks5://127.0.0.1:8080', '-r','ss://cipher:[email protected]:8000', ) pproxy.server.main(args)
Isn't it cool?