Closed diyism closed 4 months ago
zedifen
commented
8 months ago I think we need to wait for the changes being merged into naiveproxy's fork of forwardproxy, then we can build caddy with naiveproxy support as well as the new updates on "multiauth". 😊
zedifen
commented
8 months ago Then to set multiple users, I think just adding multiple basic_auth directives to Caddyfile will do:
{
order forward_proxy before file_server
}
:443, example.com {
tls me@example.com
forward_proxy {
basic_auth user pass
+ basic_auth john doe
hide_ip
hide_via
probe_resistance
}
file_server {
root /var/www/html
}
}
diyism
commented
8 months ago I've compared github.com/caddyserver/forwardproxy@caddy2 and github.com/klzgrad/forwardproxy@naive , there are many differences in 4 main go files: httpclient.go, acl.go, caddyfile.go, forwardproxy.go , @klzgrad or anybody else has time to merge them?
klzgrad
commented
8 months ago Upstream still needs some fixes for errors with the log directive. Then the caddy2 patch needs to be merged and I'll rebase the naive patch.
zedifen
commented
8 months ago @diyism If you're eager to try out the updates, I've been doing this in my fork. Please notice that this fork also contains UoT support from SagerNet. Although it seems to have no effect on normal use cases, please be sure to backup your important data for possible rollbacks before have a try on it.
diyism
commented
8 months ago @diyism If you're eager to try out the updates, I've been doing this in my fork. Please notice that this fork also contains UoT support from SagerNet. Although it seems to have no effect on normal use cases, please be sure to backup your important data for possible rollbacks before have a try on it.
Great, thanks, I'll try your version.
Ujwal-Sharma
commented
8 months ago Here is my multi-user config.json for your reference, it is based on the one made by pocat ( https://hub.docker.com/r/pocat/naiveproxy ) and has been working with klzgrad's forward proxy for a year for me. Please replace the username password combinations (username password), domain name (example.com), and email address (example@example.com) with yours shall you wish to use it.
{
"admin": {
"disabled": true
},
"logging": {
"logs": {
"default": {
"writer": {
"filename": "/var/log/caddy/access.log",
"output": "file"
},
"level": "INFO"
}
}
},
"apps": {
"http": {
"servers": {
"srv0": {
"listen": [
":443"
],
"routes": [
{
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"auth_user_deprecated": "username0",
"auth_pass_deprecated": "password0",
"handler": "forward_proxy",
"hide_ip": true,
"hide_via": true,
"probe_resistance": {
"domain": ""
}
}
]
},
{
"handle": [
{
"auth_user_deprecated": "username1",
"auth_pass_deprecated": "password1",
"handler": "forward_proxy",
"hide_ip": true,
"hide_via": true,
"probe_resistance": {
"domain": ""
}
}
]
},
{
"handle": [
{
"auth_user_deprecated": "username2",
"auth_pass_deprecated": "password2",
"handler": "forward_proxy",
"hide_ip": true,
"hide_via": true,
"probe_resistance": {
"domain": ""
}
}
]
},
{
"handle": [
{
"auth_user_deprecated": "username3",
"auth_pass_deprecated": "password3",
"handler": "forward_proxy",
"hide_ip": true,
"hide_via": true,
"probe_resistance": {
"domain": ""
}
}
]
},
{
"handle": [
{
"auth_user_deprecated": "username4",
"auth_pass_deprecated": "password4",
"handler": "forward_proxy",
"hide_ip": true,
"hide_via": true,
"probe_resistance": {
"domain": ""
}
}
]
},
{
"handle": [
{
"auth_user_deprecated": "username5",
"auth_pass_deprecated": "password5",
"handler": "forward_proxy",
"hide_ip": true,
"hide_via": true,
"probe_resistance": {
"domain": ""
}
}
]
},
{
"handle": [
{
"auth_user_deprecated": "username6",
"auth_pass_deprecated": "password6",
"handler": "forward_proxy",
"hide_ip": true,
"hide_via": true,
"probe_resistance": {
"domain": ""
}
}
]
},
{
"handle": [
{
"auth_user_deprecated": "username7",
"auth_pass_deprecated": "password7",
"handler": "forward_proxy",
"hide_ip": true,
"hide_via": true,
"probe_resistance": {
"domain": ""
}
}
]
},
{
"handle": [
{
"auth_user_deprecated": "username8",
"auth_pass_deprecated": "password8",
"handler": "forward_proxy",
"hide_ip": true,
"hide_via": true,
"probe_resistance": {
"domain": ""
}
}
]
},
{
"handle": [
{
"auth_user_deprecated": "username9",
"auth_pass_deprecated": "password9",
"handler": "forward_proxy",
"hide_ip": true,
"hide_via": true,
"probe_resistance": {
"domain": ""
}
}
]
},
{
"handle": [
{
"auth_user_deprecated": "username10",
"auth_pass_deprecated": "password10",
"handler": "forward_proxy",
"hide_ip": true,
"hide_via": true,
"probe_resistance": {
"domain": ""
}
}
]
},
{
"handle": [
{
"handler": "file_server",
"hide": [
"./Caddyfile"
],
"root": "/var/www/html"
}
]
}
]
}
]
}
],
"tls_connection_policies": [{
"protocol_min": "tls1.3",
"protocol_max": "tls1.3"
}],
"protocols": [
"h1",
"h2"
]
},
"srv1": {
"listen": [
":80"
],
"routes": [
{
"handle": [
{
"handler": "static_response",
"headers": {
"Location": [
"https://{http.request.host}{http.request.uri}"
]
},
"status_code": 301
}
]
}
]
}
}
},
"tls": {
"certificates": {
"automate": [
"example.com",
"www.example.com"
]
},
"automation": {
"policies": [
{
"subjects": [
"example.com",
"www.example.com"
],
"issuers": [
{
"module": "acme",
"email": "example@example.com"
},
{
"module": "zerossl",
"email": "example@example.com"
}
],
"must_staple": true,
"renewal_window_ratio": 0.3,
"key_type": "p256"
}
]
},
"session_tickets": {
"disabled": true
}
}
}
}
privatesupport
commented
7 months ago @diyism If you're eager to try out the updates, I've been doing this in my fork. Please notice that this fork also contains UoT support from SagerNet. Although it seems to have no effect on normal use cases, please be sure to backup your important data for possible rollbacks before have a try on it.
I`m testing your fork specially UoT. It works fine. Can you please add a PR add UoT support? Hopefully @klzgrad accept it 😁
zedifen
commented
7 months ago @privatesupport I think there were issues discussing about UoT suport and turns out a dedicate UDP proxy might be what you'll want. Anyway the UoT support is there if you'd really like to use it with naiveproxy, and I don't think we should bundle everything together, which brings unnecessary complexity and makes it difficult for developers to maintain their software.
5l2
commented
5 months ago @diyism If you're eager to try out the updates, I've been doing this in my fork. Please notice that this fork also contains UoT support from SagerNet. Although it seems to have no effect on normal use cases, please be sure to backup your important data for possible rollbacks before have a try on it.
I`m testing your fork specially UoT. It works fine. Can you please add a PR add UoT support? Hopefully @klzgrad accept it 😁
@zedifen @privatesupport https://github.com/klzgrad/naiveproxy/issues/617
klzgrad
commented
4 months ago
https://github.com/caddyserver/forwardproxy/pull/99 This issue has been merged into caddy2, so how to set multiple users and passwords in Naiveproxy?