Allow shadowsocks server to use socks proxy (and http proxy)

[hugozhu]

Some website requires US ip address, as described situation above, we need allow shadowsocks server to fetch remote content via socks proxy.

Would you mind to add this feature? I can make a patch for it.

Thanks, Hugo

[cyfdecyf]

Something that's I am concerned to add this feature:

• How to define the rules of using parent proxy?
• The server would have to specify parent proxy, the config file syntax has to extend.

If the implementation is simple and not complex, I would not mind to merge your patch.

Another question, do you need this feature badly? For me, I would just define a rule in some browser extension, and then use two shadowsocks servers. (Of course, this won't work on the phone.)

[clowwindy]

I think simply running the server with tsocks would solve the problem.

[hugozhu]

I can't use two shadowsocks servers in this case, because the US server is already blocked by GFW. So I need the middle man in HK. I believe there are others having the same issue.

​Allowing proxy can also caching the remote content easily. 

​I have implemented and tested socks5 proxy support, and will add http proxy support soon. I will request the code review later.

— Sent from Mailbox for iPhone

On Tue, Jun 11, 2013 at 6:45 PM, Chen Yufei notifications@github.com wrote:

Several problems I am concerned to add this feature:

• How to define the rules of using parent proxy?

• The server would have to specify parent proxy, the config file syntax has to extend. If the implementation is simple and not complex, I would not mind to merge your patch. Another question, do you need this feature badly? For me, I would just define a rule in some browser extension, and then use two shadowsocks servers. (Of course, this won't work on the phone.)

  Reply to this email directly or view it on GitHub: https://github.com/shadowsocks/shadowsocks-go/issues/15#issuecomment-19254139

[hugozhu]

tsocks could be an option, does it support http proxy? 在 2013-6-11 下午6:55，"clowwindy" notifications@github.com写道：

I think simply running the server with tsockshttp://tsocks.sourceforge.net/would solve the problem.

— Reply to this email directly or view it on GitHubhttps://github.com/shadowsocks/shadowsocks-go/issues/15#issuecomment-19254520 .

[hugozhu]

@clowwindy tested with tsocks and it doesn't work.

tsocks curl http://getip.greencompute.org is working but tsocks ./shadowsocks-server -c config.json is not using socks server.

[cyfdecyf]

I guess this problem has something related to Go.

tsocks uses LD_PRELOAD to intercept the connect syscall. Maybe Go's implementation of calling syscall (or something else) bypasses the shared library mechanism tsocks relies on. I need to make a check.

@hugozhu Did you enable CGO when compiling shadowsocks-server?

[hugozhu]

I didn't enable CGO when compiling

Below are the changes for socks5 proxy and basic http proxy support I have made so far: https://github.com/hugozhu/shadowsocks-go/commit/63d2cff095a423fff7695a2fa6a62a2877dd8d40 https://github.com/hugozhu/shadowsocks-go/commit/5e3f9afb1a4a3356b5d165ff12128aaa3e3a43cd

[cyfdecyf]

You can compile the server with CGO enabled and try tsocks again. (CGO is enabled by default in a Go installation, my build script disables it for cross platform compilation.) If that fails, you can also give shadowsocks-libev a try.

If you can install shadowsocks server on the US server, I suggest you use it as a shadowsocks parent proxy in the HK server. The shadowsocks package's Dial function can be used to create a tunnel through a shadowsocks server. You just need to change this line, replace net.Dial with ss.Dial to use the US proxy to connect to a remote site. This would be much easier.

And again, my main concerns is about how to define the parent proxy usage rule and keep things simple. Config syntax is important to make it right at first, because we can't easily change it later.

I have implemented a http proxy which supports socks5, shadowsocks and http parent proxy. Support socks parent and shadowsocks parent are easy.

Support HTTP parent proxy would have some issues:

1. Your implementation uses CONNECT to create a tunnel through the http parent, this is a simple and effective solution
2. But you won't be able to do authentication with the http parent in shadowsocks server this way
   • The client can/need to do the authentication
   • In order to do authentication in shadowsocks server requires full http proxy functionality

[hugozhu]

I like the idea to use shadowsocks server as parent, so I don't need to run autossh on HK server. for the syntax of Proxy, can we use the URI standard?

ParentProxy: <schema>://<user>:<password>@<host>:<port>

schema can be: socks5, socks5, http, shadowsocks

Another way is to read parent proxy setting in environment variables like http_proxy (Go's net/http pkg does this way)

I will also take a look of your project COW.

[hugozhu]

I have added shadowsocks as parent proxy supports: https://github.com/hugozhu/shadowsocks-go/commits/hugozhu

the setting key in config.json for parent proxy is: server_parent_proxy, e.g.: shadowsocks://bf-cfb:password@127.0.0.1:3888

[cyfdecyf]

I don't know how many people are going to need this feature. Please keep it in your own fork for now, I'll merge your patch when there are others requesting this feature.

[clowwindy]

Another way is to use haproxy or iptables on your HK server. Simply forward traffic to your US server, and you're done.

[hugozhu]

Not easy to do user authentication for iptable?

Hugo

Sent from my iPhone 5

On Jun 12, 2013, at 7:34 PM, clowwindy notifications@github.com wrote:

Another way is to use haproxy or iptables on your HK server. Simply forward traffic to your US server, and you're done.

— Reply to this email directly or view it on GitHub.

[bitraft]

This is already merged or not ? It is very very useful for some case.

and also, can we have TransparentProxy ?

[cyfdecyf]

Currently, I have no plan to add parent proxy support in shadowsocks-go.

About transparent proxy, maybe you can checkout shadowsocks-libev, take a look at "advanced usage".

[bitraft]

thanks for the tip, I will check on shadowsocks-libev.

[bitraft]

shadowsocks-libev seems only support linux and only work as local side.

Lack of parent proxy will make it less useful for other platform. Can I ask why there is no plan add parent proxy?

[hugozhu]

You can use my fork to get parent proxy support: https://github.com/hugozhu/shadowsocks-goI have been using it for a while, working very well.--Hugo Zhu  Original Message  Sender: Loong Changnotifications@github.comRecipient: shadowsocks/shadowsocks-goshadowsocks-go@noreply.github.comCc: Hugo Zhuhugozhu@gmail.comDate: Thursday, Dec 19, 2013 12:13Subject: Re: [shadowsocks-go] Allow shadowsocks server to use socks proxy (andhttp proxy) (#15)shadowsocks-libev seems only support linux and only work as local side.

Lack of parent proxy will make it less useful for other platform. Can I ask why there is no plan add parent proxy?

—Reply to this email directly or view it on GitHub.