From b7c90f51e678e95941fa0ff167bbe029cd3dc851 Mon Sep 17 00:00:00 2001 From: Micooz Date: Sun, 17 Jun 2018 11:30:19 +0800 Subject: [PATCH] docs: add http2/http2-caddy examples --- docs/examples/http2-caddy/Caddyfile | 9 +++++ docs/examples/http2-caddy/README.md | 40 +++++++++++++++++++ .../http2-caddy/blinksocks.client.json | 15 +++++++ .../http2-caddy/blinksocks.server.json | 14 +++++++ docs/examples/http2/README.md | 32 +++++++++++++++ docs/examples/http2/blinksocks.client.json | 15 +++++++ docs/examples/http2/blinksocks.server.json | 12 ++++++ 7 files changed, 137 insertions(+) create mode 100644 docs/examples/http2-caddy/Caddyfile create mode 100644 docs/examples/http2-caddy/README.md create mode 100644 docs/examples/http2-caddy/blinksocks.client.json create mode 100644 docs/examples/http2-caddy/blinksocks.server.json create mode 100644 docs/examples/http2/README.md create mode 100644 docs/examples/http2/blinksocks.client.json create mode 100644 docs/examples/http2/blinksocks.server.json diff --git a/docs/examples/http2-caddy/Caddyfile b/docs/examples/http2-caddy/Caddyfile new file mode 100644 index 0000000..74899eb --- /dev/null +++ b/docs/examples/http2-caddy/Caddyfile @@ -0,0 +1,9 @@ +example.com { + proxy / https://127.0.0.1:59463 { + insecure_skip_verify + header_upstream Host {host} + header_upstream X-Real-IP {remote} + header_upstream X-Forwarded-For {remote} + header_upstream X-Forwarded-Proto {scheme} + } +} diff --git a/docs/examples/http2-caddy/README.md b/docs/examples/http2-caddy/README.md new file mode 100644 index 0000000..806d19d --- /dev/null +++ b/docs/examples/http2-caddy/README.md @@ -0,0 +1,40 @@ +# http2-caddy + +**Minimal Version Required: v3.4.0** + +blinksocks can transfer data through [caddy] proxy server using http2: + +``` + +--------------------------------------------------+ + | Caddy Server | ++-------------+ | +-----------+ | +------------+ +| | h2://site.com/path | :433 h2://127.0.0.1:1234 | | | tcp:// | | +| bs-client <-----------------------> proxy /path +--------------------> bs-server <-------------> Target | +| | (encrypted) | (encrypted) | | | (raw) | | ++-------------+ | +-----------+ | +------------+ + | | + +--------------------------------------------------+ +``` + +When use `h2://` as transport on **server side**, make sure both `tls_cert` and `tls_key` is provided: + +``` +{ + ... + "tls_key": "key.pem", + "tls_cert": "cert.pem" + ... +} +``` + +**self-signed** tls_cert is ok because we set `insecure_skip_verify` in Caddyfile. + +## Generate key.pem and cert.pem + +``` +// self-signed certificate +$ openssl req -x509 -newkey rsa:4096 -nodes -sha256 -subj '/CN=example.com' \ + -keyout key.pem -out cert.pem +``` + +[caddy]: https://caddyserver.com diff --git a/docs/examples/http2-caddy/blinksocks.client.json b/docs/examples/http2-caddy/blinksocks.client.json new file mode 100644 index 0000000..61070e8 --- /dev/null +++ b/docs/examples/http2-caddy/blinksocks.client.json @@ -0,0 +1,15 @@ +{ + "service": "socks5://127.0.0.1:1080", + "server": { + "service": "h2://example.com:64270", + "key": "zAcy9wve53gpm{YC", + "presets": [ + { + "name": "ss-base" + }, + { + "name": "obfs-random-padding" + } + ] + } +} \ No newline at end of file diff --git a/docs/examples/http2-caddy/blinksocks.server.json b/docs/examples/http2-caddy/blinksocks.server.json new file mode 100644 index 0000000..bf6a282 --- /dev/null +++ b/docs/examples/http2-caddy/blinksocks.server.json @@ -0,0 +1,14 @@ +{ + "service": "h2://0.0.0.0:64270", + "key": "zAcy9wve53gpm{YC", + "presets": [ + { + "name": "ss-base" + }, + { + "name": "obfs-random-padding" + } + ], + "tls_key": "key.pem", + "tls_cert": "cert.pem" +} \ No newline at end of file diff --git a/docs/examples/http2/README.md b/docs/examples/http2/README.md new file mode 100644 index 0000000..ea65f59 --- /dev/null +++ b/docs/examples/http2/README.md @@ -0,0 +1,32 @@ +# http2 + +**Minimal Version Required: v3.4.0** + +blinksocks can transfer data using `http2`: + +``` ++-------------+ +-------------+ +------------+ +| | h2://site.com/path | | tcp:// | | +| bs-client <----------------------> bs-server <-----------> Target | +| | | | | | ++-------------+ +-------------+ +------------+ +``` + +When use `h2://` as transport, make sure both `tls_cert` and `tls_key` is provided to `bs-server`. + +> If your are using self-signed certificate on server, please also provide the same `tls_cert` on client and also set `"tls_cert_self_signed": true`. + +Make sure you provide **Common Name** of certificate NOT IP in client config: + +``` +{ + ... + "server": { + "service": "h2://:", + "tls_cert": "cert.pem", + "tls_cert_self_signed": true + ... + }, + ... +} +``` diff --git a/docs/examples/http2/blinksocks.client.json b/docs/examples/http2/blinksocks.client.json new file mode 100644 index 0000000..61283ea --- /dev/null +++ b/docs/examples/http2/blinksocks.client.json @@ -0,0 +1,15 @@ +{ + "service": "socks5://127.0.0.1:1080", + "server": { + "service": "h2://example.com:18732", + "key": "TZr[JmZYjNJ3USYq", + "presets": [ + { + "name": "ss-base" + }, + { + "name": "obfs-random-padding" + } + ] + } +} \ No newline at end of file diff --git a/docs/examples/http2/blinksocks.server.json b/docs/examples/http2/blinksocks.server.json new file mode 100644 index 0000000..7c47b14 --- /dev/null +++ b/docs/examples/http2/blinksocks.server.json @@ -0,0 +1,12 @@ +{ + "service": "tcp://0.0.0.0:18732", + "key": "TZr[JmZYjNJ3USYq", + "presets": [ + { + "name": "ss-base" + }, + { + "name": "obfs-random-padding" + } + ] +} \ No newline at end of file