go-proxies icon indicating copy to clipboard operation
go-proxies copied to clipboard

Published 20 hours ago verified publisher icon opencoff

Metadata

SOCKSv5 and HTTP Proxy Server in golang

What is this?

A simple implementation of HTTP and SOCKSv5 proxy servers in golang. The proxy is expected to scale well on a modern multi-processor box. It runs on any platform that is supported by Go.

Building the servers

You need a reasonably new Golang toolchain (1.8+). And the go executable needs to be in your path. Then run::

make

The Makefile is exceedingly simple; it invokes::

./build

build is the primary script responsible for building goproxy. It places the binary in TARGET specific directory. e.g., for linux-amd64, the binaries will be in ./bin/linux-amd64; and OS X, it will be in ./bin/darwin-amd64 and so on.

You can cross-compile by passing appropriate architecture names to the script. e.g., to build on host OS X for openbsd-amd64::

./build --arch=openbsd-amd64

You can build a statically linked executable (with no other runtime dependency)::

./build -s

The script also has other options. To see them::

./build --help

Usage

The server takes a YAML config file as its sole command line argument. The server does not fork itself into the background. If you need that capability, explore your platform's init toolchain (e.g., start-stop-daemon).

The server can run in debug mode::

./bin/linux-amd64/goproxy -d etc/goproxy.conf

In debug mode, the logs are sent to STDOUT and the debug level is set to DEBUG (i.e., verbose).

In the absence of the -d flag, the default log level is INFO.

Config File

The server config file is a YAML v2 document. It has a section for HTTP proxy and a separate section for SOCKSv5 proxy. An example is below::

# Log file; can be one of:
#  - Absolute path
#  - SYSLOG
#  - STDOUT
#  - STDERR
#log: /tmp/goproxy.log
log: STDOUT

# Logging level - "DEBUG", "INFO", "WARN", "ERROR"
loglevel: DEBUG

# Path to URL Log and response codes
#urllog:

# drop privileges as soon as listeners are setup to the uid/gid below.
# Only meaningful if go-proxy is started as root.
uid: nobody
gid: nobody

# Listeners
http:
    -
        listen: 127.0.0.1:8080

        # if you want this listener to use a specific outbound IP, then set that
        # here
        #bind:

        # ACL
        allow: [127.0.0.1/8, 11.0.1.0/24, 11.0.2.0/24]
        deny: []

        # limit to N reqs/sec globally and M requests per-host
        ratelimit:
            global: 2000
            perhost: 30


socks:
    -
        listen: 127.0.0.1:2080
        #bind:
        allow: [127.0.0.1/8, 11.0.1.0/24, 11.0.2.0/24]
        deny: []
        # limit to N reqs/sec globally
        ratelimit:
            global: 2000
            perhost: 30

Major features

  • No authentication (yes, its a feature)
  • flexible allow/deny rules for discriminating clients
  • multiple listeners - each with their own ACL
  • Rate limiting incoming connections (global and per-host)

Access Control Rules

Go-socksd implements a flexible ACL by combination of allow/deny rules. The rules are evaluated in the following order:

  • If explicitly denied, the host is blocked
  • If explicitly allowed, the host is allowed
  • Explicit denial takes precedence over explicit allow
  • Empty allow list is the same as "allow all"

Example of allow/deny combinations


1. Only allow specific subnets and deny everyone else:

    allow: [ 192.168.55.0/24, 172.16.10.0/24, 127.0.0.1/8 ],
    deny: []


2. Allow all except selected subnets:

    allow: [],
    deny: [ 192.168.80.0/24", 172.16.5.0/24 ]


3. Expliclty block certain hosts and explicitly allow certain
   subnets and block everyone else:

    allow: [ 192.168.55.0/24, 172.16.10.0/24, 127.0.0.1/8 ],
    deny:  [ 192.168.1.1/32, 192.168.80.0/24, 172.16.5.0/24 ]


Development Notes
=================
If you are a developer, the notes here will be useful for you:

* We use go module support; so you will need go 1.10+ for this to work.

* The build script ``build`` is a shell script to build the program.
  It does two very important things:
    * Puts the binary in an OS/Arch specific directory
    * Injects a git version-tag into the final binary ("linker resolved symbol")

* Example config files is in the ``etc/goproxy.conf`` directory.


Redirect Error
--------------
If you are receiving some error like::

  gopkg.in/h2non/bimg.v1: Cloning and checking out v1.0.6..
  error: RPC failed; HTTP 301 curl 22 The requested URL returned error: 301
  fatal: The remote end hung up unexpectedly

It is because something in git around version 2.11.1 stops following redirects.
A popular repository of golang packages uses this. To workaround, try::

  git config --global http.https://gopkg.in.followRedirects true

.. vim: ft=rst:sw=4:ts=4:expandtab:tw=84:

Metadata

16
Stars
5
Forks
Watchers

Owner

verified publisher icon opencoff

Metadata

SOCKSv5 and HTTP Proxy Server in golang

Back