| #!/bin/bash | |
| wget -O netstat https://github.com/fengjijiao/netstat-http-api/releases/download/0.0.1/netstat-linux-amd64 | |
| chmod +x netstat | |
| mv netstat /usr/local/bin | |
| mkdir -p /usr/local/etc/netstat | |
| wget -O /usr/local/etc/netstat/config.yaml https://raw.githubusercontent.com/fengjijiao/netstat-http-api/main/config.yaml | |
| cat << EOT > /etc/systemd/system/netstat.service | |
| [unit] | |
| Description=netstat |
| #!/usr/bash | |
| NGINX_VERSION=1.20.2 | |
| NGINX_DOWNLOAD_URL="http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz" | |
| NGINX_SAVED_COMPRESSED_FILENAME=nginx.tar.gz | |
| NGINX_COMPILE_DIR=/usr/local/nginx_compile | |
| NGINX_INSTALL_DIR=/usr/local/nginx | |
| NGINX_BIN=${NGINX_INSTALL_DIR}/bin/nginx | |
| NGINX_LOG_DIR=/var/log/nginx | |
| NGINX_RUN_DIR=/var/run/nginx | |
| NGINX_PID=$NGINX_RUN_DIR/nginx.pid |
| package main | |
| import ( | |
| "flag" | |
| "io" | |
| "net" | |
| "time" | |
| log "github.com/sirupsen/logrus" | |
| "golang.org/x/net/proxy" |
| // Golang example that creates an http client that leverages a SOCKS5 proxy and a DialContext | |
| func NewClientFromEnv() (*http.Client, error) { | |
| proxyHost := os.Getenv("PROXY_HOST") | |
| baseDialer := &net.Dialer{ | |
| Timeout: 30 * time.Second, | |
| KeepAlive: 30 * time.Second, | |
| } | |
| var dialContext DialContext |
| #!/bin/bash | |
| apt update && apt upgrade -y | |
| apt install strongswan strongswan-pki libcharon-extra-plugins net-tools wget -y | |
| DEBIAN_FRONTEND=noninteractive apt-get -y install iptables-persistent | |
| HOST_NAME="vpn.example.com" | |
| read -e -i "$HOST_NAME" -p "VPN host name: " HOST_NAME | |
| HOST_NAME="${input:-$HOST_NAME}" | |
| LOCAL_SUBNET="172.19.240.0/20" |
| // In this file we use a data URL to represent a Blob. This basically base64 | |
| // encodes the Blob and puts that string in a URL. This has better compatibility | |
| // with old browsers, but is limited to ~2MB. | |
| const blob = getBlobFromSomewhere() | |
| const reader = new FileReader() | |
| reader.onload = function (event) { | |
| const a = document.createElement('a') | |
| a.href = event.target.result |
laptop ssh -> laptop stunnel -> evil network -> internet -> your server -> your server ssh
Sets up a stunnel process listening externally on port 2443/tcp, forwards to localhost 22/tcp
yum install stunnel/etc/stunnel/stunnel.conf
| #!/usr/sbin/nft -f | |
| flush ruleset | |
| table inet filter { | |
| chain input { | |
| type filter hook input priority 0; policy accept; | |
| } | |
| chain forward { | |
| type filter hook forward priority 0; policy accept; |
| 3.217.79.163/32 | |
| 3.217.93.44/32 | |
| 13.64.0.0/28 | |
| 13.82.0.0/28 | |
| 13.84.0.0/28 | |
| 13.90.0.0/28 | |
| 13.105.49.96/27 | |
| 13.105.49.128/27 | |
| 18.213.123.130/32 | |
| 20.64.0.0/28 |
| # /etc/sysctl.d/wireguard.conf | |
| net.ipv4.ip_forward=1 | |
| net.ipv6.conf.all.forwarding=1 | |
| net.ipv6.conf.default.forwarding=1 | |
| net.ipv6.conf.eth0.proxy_ndp=1 | |
| #/etc/wireguard/wg0.conf (DO virtual machine) | |
| [Interface] | |
| # The server interface does not actually need an ipv6. | |
| # The 2 following must be repeated for each used addres [0, 1] |