翻墙程序goproxy-vps的修改版Yap

Yet Another Proxy powered by Golang.

Yap is a HTTP1.1/HTTP2 proxy which forked and refactored from branch vps of Goproxy

Usage

First of all, download the latest Yap program from Release page according to your os and arch.

Prepare for Server

A domain: example.org
Certificate for the domain: example.org.cer
Key of the certificate for the domain: example.org.key

Create a config file : `yap.toml`

[default]
reject_nil_sni = false

[[http2]]
listen = ":443"
# server name for http2 proxy
server_name = ["example.org"]
# cert file
cert_file = "example.org.cer"
# key file
key_file = "example.org.key"

[http]
listen = ":8088"

(注：以上的橘黄色部分其实是多余的。）

Start Yap Server:

git clone https://github.com/yaproxy/yap yap-dir

cd yap-dir

root@gcv:~/yap-dir# ls
auth.go cli Gopkg.toml handler.go pwauth yap.go yaputil
cert.go Gopkg.lock hack LICENSE README.md yap.toml
root@gcv:~/yap-dir# wget https://github.com/yaproxy/yap/releases/download/v0.1.0/yap_linux_amd64_v0.1.0.tar.gz

root@gcv:~/yap-dir# tar zxvf yap_linux_amd64_v0.1.0.tar.gz

(解压得到可执行文件yap_linux_amd64_v0.1.0）

root@gcv:~/yap-dir# mv yap_linux_amd64_v0.1.0 yap

（把可执行文件yap_linux_amd64_v0.1.0重命名为yap)

root@gcv:~/yap-dir# ls
auth.go cert.go cli Gopkg.lock Gopkg.toml hack handler.go LICENSE pwauth README.md yap yap.go yap_linux_amd64_v0.1.0.tar.gz yap.toml yaputil

root@gcv:~/yap-dir# cp yap.toml yap.toml.bak

root@gcv:~/yap-dir# rm yap.toml

root@gcv:~/yap-dir# nano yap.toml

(yap.toml文件的内容如下：

[default]
reject_nil_sni = false

[[http2]]
listen = ":9443"
# server name for http2 proxy
server_name = ["example.org"]
# cert file
cert_file = "/path/to/example.org.cer"
# key file
key_file = "/path/to/example.org.key" )

root@gcv:~/yap-dir#./yap yap.toml > /dev/null &

(以上粉红色文字系我所添加）

Use Yap

1. Use HTTP2 Proxy in Chrome or Firefox

Create a new pac proxy configuration for you browser and setting:

functionFindProxyForURL(url, host) {
return"HTTPS example.org:443";
}

2. Use Yap in Proxy Chains

[http]
listen = "localhost:8088"
upstream_proxy = "https://example.org:443"

./yap yap.toml

Config HTTP Proxy localhost:8088 for you application.

Enjoy you life

Configuration

Yap supports multiple format configuration files such as toml, yaml and so on.

Section - default

TBD

Section - http2

http2 section contains a list for HTTP2 proxy.

network - optional
The network must be a stream-oriented network:
"tcp", "tcp4", "tcp6", "unix" or "unixpacket".
Currently, only support tcp, tcp4, tcp6.
listen
The syntax of listen is "host:port", e.g. ":443"
server_name
The server name for http2 proxy, should be a list, such as ["example.org", "yap.example.org"]
proxy_fallback - optional
The fallback URL for non-proxy request
pem - optional
The pem file location for key pair contains cert and key, if pem is setting, the cert_file and key_file will be not used.
cert_file - optional
The certificate file location
key_file - optional
The key file location
upstream_proxy - optional
The upstream proxy URL, used for proxy chain.
proxy_auth_method - optional
The proxy authenticate method, currently contains 3 options: "pam", "htpasswd", "build-in".
Leave it blank for disable proxy authenticate
proxy_auth_htpasswd_path - optional
The htpasswd file location.
Only used when proxy_auth_method is set to htpasswd.
proxy_auth_buildin_credential - optional
The build-in authentication credential. Only used when proxy_auth_method is set to build-in.

Section - http

network - optional
The network must be a stream-oriented network:
"tcp", "tcp4", "tcp6", "unix" or "unixpacket".
Currently, only support tcp, tcp4, tcp6.
listen
The syntax of listen is "host:port", e.g. ":443"
upstream_proxy - optional
The upstream proxy URL, used for proxy chain.
proxy_auth_method - optional
The proxy authenticate method, currently contains 3 options: "pam", "htpasswd", "build-in".
Leave it blank for disable proxy authenticate
Please reference Authentication section.
proxy_auth_htpasswd_path - optional
The htpasswd file location.
Only used when proxy_auth_method is set to htpasswd.
proxy_auth_buildin_credential - optional
The build-in authentication credential. Only used when proxy_auth_method is set to build-in.

Authentication

Yap supports two auth methods.

Build-in Authentication

Set proxy_auth_method to build-in. Set proxy_auth_buildin_credential to username:password.

Basic Authentication - htpasswd file auth

Set proxy_auth_method to htpasswd. Set proxy_auth_htpasswd_path to htpasswd file path.
Configuration:

# ...
proxy_auth_method = "htpasswd"
proxy_auth_htpasswd_path = "/path/to/htpasswd"
# ...

Generate htpasswd:

htpasswd -bc /path/to/htpasswd username passwd

PAM Authentication

Install python for PAM authentication. Set proxy_auth_method to pam.

Use Yap in Docker

Quick start:

docker run -d \
    -v /path/to/yap.toml:/yap.toml \
    -v /path/to/example.cert:/example.cert \
    -v /path/to/example.key:/example.key \
    -v /path/to/htpasswd:/htpasswd \
    -p 443:443 \
    -p 8088:8088 \
    yaproxy/yap

You can find more details from Yap in Docker hub.

from https://github.com/yaproxy/yap
---------------

可以到www.namesilo.com注册一个top域名（第一年才2usd)
它这里的top域名在第二年的费用才7usd多。然后再到这里https://cheapsslsecurity.com/sslproducts/domainvalidatedssl.html，购买一个Comodo PositiveSSL证书，8usd/年(如果一次购买3年，才15usd.平均5usd/年）

相关帖子：http://briteming.blogspot.com/2017/05/goproxyvpstls13-http2.html

如果想使用let's encrypt的免费证书，请看：
http://briteming.blogspot.com/2017/06/lets-encryptsslcertbot.html