search

qwj / python-proxy

HTTP/HTTP2/HTTP3/Socks4/Socks5/Shadowsocks/ShadowsocksR/SSH/Redirect/Pf TCP/UDP asynchronous tunnel proxy implemented in Python 3 asyncio.
MIT License
1.99k stars 334 forks source link

config file draft #53

Open mosajjal opened 5 years ago

mosajjal commented 5 years ago

Hi, here's a very basic config file template designed to work with pproxy. I'm open for all sorts of feedback and improvement as this probably covers ~60 percent of what pproxy offers. 

{
    "general":{
        "block":{
            "enabled": true,
            "type": "path_list/regex_list",
            "values": [
                "1.1.1.1/24",
                "2.2.2.2/24",
                "in case of path_list => /path/to/the/file1",
                "in case of path_list => /path/to/the/file2"
            ]
        },
        "check_alive":{
            "enabled": true,
            "interval": 30
        },
        "schedule":{
            "enabled":true,
            "algorithm": "fa"
        },
        "pac":{
            "enabled": true,
            "path": "asdasds"
        },
        "sys":{
            "enabled": true
        },
        "test":{
            "enabled": true,
            "path": "http://ident.me"
        }

    },
    "servers":[
            {
                "enabled": true,
                "name": "SERVER1",
                "type": "in/out",
                "addr": "0.0.0.0",
                "port": "80",
                "unix_socket": "/tmp/myproxy",
                "inverse": false,
                "http_settings":{
                    "enabled": true,
                    "disable_http_connect": true,

                    "auth": {
                        "enabled": true,
                        "creds": [
                            "user1:pass1",
                            "user2:pass2"
                        ]
                    },
                    "ssl": {
                        "enabled": true,
                        "type": "base64/path/insecure",
                        "cert": "asdasdasd",
                        "key": "asdasdasd"
                    }
                },
                "socks_settings":{
                    "enabled":true,
                    "version": "4/5/4+5",
                    "auth": {
                        "enabled": true,
                        "creds": [
                            "user1:pass1",
                            "user2:pass2"
                        ]
                    },
                    "ssl": {
                        "enabled": true,
                        "type": "base64/path/insecure",
                        "cert": "asdasdasd",
                        "key": "asdasdasd"
                    }                  
                },
                "ss_settings":{
                    "enabled": true,
                    "password": "123",
                    "cipher": "aes-256-gcm",
                    "ssl": {
                        "enabled": true,
                        "type": "base64/path/insecure",
                        "cert": "asdasdasd",
                        "key": "asdasdasd"
                    }
                },
                "ssr_settings":{
                    "enabled":true,
                    "password": "123",
                    "cipher": "aes-256-gcm",
                    "plugins":{
                        "enabled": true,
                        "values":[
                            "plain",
                            "origin",
                            "http_simple",
                            "tls1.2_ticket_auth",
                            "verify_simple",
                            "verify_deflate"
                        ]
                    }
                },
                "redir_settings":{
                    "enabled": true
                },
                "tunnel_settings":{
                    "enabled": true,
                    "hosts": ["www.google.com"]
                },
                "ssh_settings":{
                    "enabled": true,
                    "remote_host": "1.2.3.4",
                    "remote_port": 22,
                    "cred_type": "password/key_path/key_base64",
                    "username": "root",
                    "cred": "whatever"
                },
                "ws_settings":{
                    "enabled": true,
                    "ssl": {
                        "enabled": true,
                        "type": "base64/path/insecure",
                        "cert": "asdasdasd",
                        "key": "asdasdasd"
                    }
                }                
            }     
        ]
}
mosajjal commented 5 years ago

couple of points: 1) It's json instead of yaml (#45) because I didn't want to introduce a new dependency 2) I have no idea how to implement relays (with __ syntax) in this json :)

qwj commented 5 years ago

Cool template design! My suggestion is relays can be implemented by adding a key "relay" in "servers". It can be nested with several layers. for example:

"servers": [
    {
        "enabled": true,
        "name": "SERVER1",
        ........
        "relay": {
            "enabled": true,
            "name": "SERVER2",
            ........
            "relay": {
                "enabled": true,
                "name": "FINAL_SERVE",
                ........
            }
        }
    }
]
mosajjal commented 5 years ago

ok I think I got your point. But here's a bigger question. Do we need to identify one of the methods (config file or command line arguments) as a main template and convert the other one to the template? This way we can make pluggable configuration formats connected to pproxy if we wanted.

qwj commented 5 years ago

Currently I don't see great benefits of using a configuration file. Maybe converting from json config file to command line argument parameter is a good way to make it easier.

mosajjal commented 5 years ago

I agree with this not being a high priority. Let's keep this here as an open improvement issue but with lower priority. Meanwhile, I'll try to work on some low hanging fruit.

ghost commented 4 years ago

Form my side i dont like that auth informations are handled via command option. I'm under linux and when im doing ps i see my proxy password what i dont want to!

So in general a +1 from me for the config file! Maybe start with a MVP just for the pw ;)

It would be nice if passwords are not stored in plaintext somewhere. Instead it would be nice if passwords are fetched from linux keyring. e.g. via secret-tool but i guess that is to os specific.

Jonney commented 4 years ago

Form my side i dont like that auth informations are handled via command option. I'm under linux and when im doing ps i see my proxy password what i dont want to!

So in general a +1 from me for the config file! Maybe start with a MVP just for the pw ;)

It would be nice if passwords are not stored in plaintext somewhere. Instead it would be nice if passwords are fetched from linux keyring. e.g. via secret-tool but i guess that is to os specific.

I use python script to avoid auth information leak via command option. Python script is better than config file, I think.

Jonney commented 3 years ago

Forget shadowsocks. We config like this:

arg=( '-l','socks5://127.0.0.1:8080', '-r','ss://cipher:key@127.0.0.1:8000', ) pproxy.server.main(args)

Isn't it cool?