Skip to content

Instantly share code, notes, and snippets.

@irLinja

irLinja/haproxy healthcheck socks5

Last active December 7, 2023 09:37
Show Gist options
  • Save irLinja/4c27988c4220738e40cd8b4a7294d94a to your computer and use it in GitHub Desktop.
Save irLinja/4c27988c4220738e40cd8b4a7294d94a to your computer and use it in GitHub Desktop.
Download ZIP
systemd services for shadowsocks, KCPTUN, simple obfs and shadowsocks server sample configuration + haproxy + haproxy external check script and privoxy for sure
Raw
haproxy healthcheck socks5
#!/bin/bash
/usr/bin/curl -sSf --socks5-hostname $(echo ${3}):$(echo ${4}) www.google.com >/dev/null
Raw
haproxy.cfg
global
log /dev/log local0
log /dev/log local1 notice
#chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group haproxy
daemon
external-check
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
# An alternative list with additional directives can be obtained from
# https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3
defaults
log global
mode tcp
option tcplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
#---------------------------------------------------------------------
# STATS frontend
#---------------------------------------------------------------------
frontend stats
bind *:8080
option httplog
mode http
stats enable
stats hide-version
stats realm Haproxy\ Statistics
stats uri /
stats auth admin:admin
#---------------------------------------------------------------------
# TCP frontend
#---------------------------------------------------------------------
frontend proxy
bind *:8000
use_backend proxy
default_backend proxy
backend proxy
option external-check
external-check path "/bin:/var/lib/haproxy"
external-check command /var/lib/haproxy/check.sh
balance leastconn
server s1-obfs 127.0.0.1:1081 check
server s1-direct 127.0.0.1:1080 check backup
Raw
kcp-server.service
[Unit]
Description=kcptun Server
After=network.target
[Service]
ExecStart=/usr/sbin/kcptun-server -l 0.0.0.0:53 -t 127.0.0.1:8388 --key *d8JQw9n --crypt cast5 --mode fast3 --log /var/log/kcptun-server.log
ExecStop=/bin/kill $MAINPID
Restart=always
[Install]
WantedBy=multi-user.target
Raw
obfs-server.service
[Unit]
Description=Simple obfs server
After=network.target
[Service]
ExecStart=/usr/local/bin/obfs-server -p 443 --obfs http -r 127.0.0.1:8388>> /var/log/obfs-server.log
ExecStop=/bin/kill $MAINPID
Restart=always
[Install]
WantedBy=multi-user.target
Raw
privoxy config
hostname proxy.privoxy
listen-address 0.0.0.0:8118
listen-address [::1]:8118
toggle 1
enable-remote-toggle 1
enable-remote-http-toggle 0
enable-edit-actions 1
enforce-blocks 0
buffer-limit 4096
enable-proxy-authentication-forwarding 0
forward-socks5 / 127.0.0.1:8000 .
forward localhost/ .
forward 172.17.64.0/22 .
forwarded-connect-retries 1
accept-intercepted-requests 0
allow-cgi-request-crunching 0
split-large-forms 0
keep-alive-timeout 150
tolerate-pipelining 1
socket-timeout 300
max-client-connections 400
Raw
shadow.conf
{
"server_port":8388,
"password":"Fo0B@r",
"method": "chacha20-ietf",
"timeout":600
}
Raw
shadowsocks-server.service
[Unit]
Description=Shadowsocks Server
After=network.target
[Service]
ExecStart=/usr/sbin/shadowsocks-server -c /etc/shadowsocks/shadow.conf >> /var/log/shadowsocks-server.log
ExecStop=/bin/kill $MAINPID
Restart=always
[Install]
WantedBy=multi-user.target
@irLinja
Copy link
Author

irLinja commented Jun 10, 2018
edited
Loading

How to use?

Just download and move binaries to desired location on server and make sure if they have x permission, then copy service files to /etc/systemd/system/ and run:

systemctl daemon-reload
systemctl enable --now shadowsocks-server.service
systemctl enable --now kcp-server.service
systemctl enable --now obfs-server.service

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment