systemctl edit danted.service
systemctl daemon-reload
service danted restarttouch /var/log/sockd.log
chown root:proxy !$
chmod 0664 !$useradd --system -M -U -s /usr/bin/false -d /dev/null -- proxy-user
passwd !$curl --socks5 proxy-user:[email protected]:1080 https://example.com| # vim: set filetype=apache : | |
| # file: /etc/danted.conf | |
| # Server logging | |
| logoutput: /var/log/sockd.log | |
| errorlog: /var/log/sockd.log | |
| debug: 0 | |
| # Define the internal and external network interfaces | |
| internal: 0.0.0.0 port = 1080 | |
| external: eth0 | |
| # when doing something that can require privilege (use userid of): | |
| user.privileged: root # proxy | |
| # when running as usual (use userid of): | |
| user.unprivileged: nobody | |
| # when compiled with libwrap support (use userid of): | |
| user.libwrap: nobody | |
| # Define the method of authentication | |
| socksmethod: username # none | |
| # Define access | |
| socks pass { | |
| from: 0.0.0.0/0 to: 0.0.0.0/0 | |
| log: error connect disconnect | |
| } | |
| client pass { | |
| from: 0.0.0.0/0 to: 0.0.0.0/0 | |
| log: connect disconnect | |
| } |
| # vim: set filetype=ini : | |
| # file: /etc/systemd/system/danted.service.d/override.conf | |
| [Service] | |
| ReadWritePaths=/var/log/sockd.log |
| # vim: set filetype=apache : | |
| # custom logrotate | |
| # | |
| # file: /etc/logrotate.d/sockd | |
| /var/log/sockd.log { | |
| missingok | |
| create 0664 root proxy | |
| notifempty | |
| compress | |
| delaycompress | |
| rotate 7 | |
| postrotate | |
| /usr/sbin/service danted force-reload 2> /dev/null || true | |
| endscript | |
| } |