Skip to content

Instantly share code, notes, and snippets.

@shankerwangmiao

shankerwangmiao/60-stream.conf

Last active September 13, 2018 04:16
Show Gist options
  • Save shankerwangmiao/b192a0ecfd0860fed887b4a8aa918da9 to your computer and use it in GitHub Desktop.
Save shankerwangmiao/b192a0ecfd0860fed887b4a8aa918da9 to your computer and use it in GitHub Desktop.
Download ZIP
nginx-transp-proxy
Raw
60-stream.conf
stream {
log_format main '$remote_addr:$remote_port => $server_addr:$server_port'
' [$time_local] $protocol $status $bytes_sent $bytes_received '
'$session_time "$ssl_preread_server_name" $will_bind_local_addr';
server {
listen 127.0.0.1:3003 transparent;
proxy_pass $real_connect_to;
proxy_bind $will_bind_local_addr;
ssl_preread on;
access_log /var/log/nginx/proxy_ssl.log main;
}
map $ssl_preread_server_name $real_hostname{
default $ssl_preread_server_name;
}
map $real_hostname $real_connect_to{
default $server_addr:$server_port;
~*(^|\.)scholar\.google\.com(\.|$) goo.gle.scholar.proxy:443;
}
include "/etc/nginx/conf.d/bypass.confi";
}
Raw
bypass.confi
map $real_hostname $should_bypass{
hostnames;
.acm.org 1;
.springer.com 1;
.patentcloud.com 1;
default 0;
}
map $real_hostname $should_force_https{
hostnames;
~*(^|\.)google(\.|$) 1;
~*(^|\.)youtube(\.|$) 1;
~*(^|\.)googleusercontent(\.|$) 1;
default 0;
}
map $should_bypass $will_bind_local_addr{
1 pub.lic.add.ress;
0 tun.nel.add.ress;
}
Raw
ip rule and route
ip rule add fwmark 100 lookup 101
ip route add local default dev lo table 101
ip -6 rule add fwmark 100 lookup 101
ip -6 route add local default dev lo table 101
Raw
ip6tables
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -s cli:ent::addr:ess/prfx -p tcp -m tcp --dport 80 -j TPROXY --on-port 3002 --on-ip ::1 --tproxy-mark 0x64/0xffffffff
Raw
iptables
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -s cli.ent.addr.net/prfx -p tcp -m tcp --dport 80 -j TPROXY --on-port 3002 --on-ip 127.0.0.1 --tproxy-mark 0x64/0xffffffff
-A PREROUTING -s cli.ent.addr.net/prfx -p tcp -m tcp --dport 443 -j TPROXY --on-port 3003 --on-ip 127.0.0.1 --tproxy-mark 0x64/0xffffffff
Raw
proxy
log_format main '$remote_addr:$remote_port => $server_addr:$server_port '
'- $remote_user [$time_local] "$scheme" "$http_host" "$request" '
'$status $body_bytes_sent $sent_http_content_type "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
server {
listen 127.0.0.1:3002 transparent;
location / {
if ($should_force_https = 1) {
return 302 https://$http_host$request_uri;
}
if ($should_force_https = 0) {
proxy_pass http://$server_addr:$server_port;
}
}
proxy_bind $will_bind_local_addr;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
access_log /var/log/nginx/proxy_http.log main;
error_page 504 502 =444 @fail;
location @fail{
return 444;
}
}
map $http_host $real_hostname{
default $http_host;
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' '';
}
server {
listen [::1]:3002 transparent ipv6only=on;
location / {
#return 200 '$remote_addr:$remote_port => $server_addr:$server_port $should_force_https';
if ($should_force_https = 1) {
return 302 https://$http_host$request_uri;
}
if ($should_force_https = 0) {
proxy_pass http://[$server_addr]:$server_port;
}
}
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
access_log /var/log/nginx/proxy_http.log main;
error_page 504 502 =444 @fail;
location @fail{
return 444;
}
}
include /etc/nginx/conf.d/bypass.confi;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment