Monday, September 24, 2018

GoQuiet/Shadowsocks

Server: 

`wget https://github.com/cbeuw/GoQuiet/releases/download/v1.2.1/gq-server-linux-arm64-1.2.1`

` mv gq-server-linux-arm64-1.2.1 /usr/local/bin`

`chmod +x /usr/local/bin/gq-server-linux-arm64-1.2.1`
 
`vi /etc/gqserver.json`
`{
"WebServerAddr":"127.0.0.1:444", // Nginx Https Server On port 444
"Key":"qFR0UtSfyUJuYan9"
}`

...Install Shadowsocks-libev...
`vi /etc/shadowsocks-libev/config.json`
`{
"server":"0.0.0.0",
"server_port":443,
"local_port":1080,
"password":"V12n2IiyqYygJUuj",
"timeout":60,
"method":"chacha20",
"plugin":"/usr/local/bin/
gq-server-linux-arm64-1.2.1",
"plugin_opts":"/etc/gqserver.json"

}`
Test:
`ss-server -c /etc/shadowsocks-libev/config.json`

Start on boot:
`vi /etc/systemd/system/shadowsocks-libev.service`
 
`[Unit]
Description=Shadowsocks-libev Server
After=network.target

[Service]
ExecStart=/usr/bin/ss-server -c /etc/shadowsocks-libev/config.json
Restart=on-abort

[Install]
WantedBy=multi-user.target`

Command:
`reboot`

`systemctl start shadowsocks-libev`
`systemctl enable shadowsocks-libev`

Client

Download Shadowsocks for Windows

Visit Github and identify the latest release of Shadowsocks for Windows. At the time of writing, it was Shadowsocks-4.0.8.zip.
Download and unzip this file. It creates a folder named, for example, Shadowsocks-4.0.8.

Download GoQuiet Client

Visit Github and identify the latest release of GoQuiet for your platform. At the time of writing, for a 64-bit Windows PC, this was gq-client-win64-1.0.0.exe.
Download this file and place it in the same folder as Shadowsocks for Windows. In our example, that folder is Shadowsocks-4.0.8.

Configure GoQuiet

Before launching the program, in the same folder, use Notepad++ to create a new file named gqclient.json.
`{
"ServerName":"www.theorymag.ml",
"Key":"qFR0UtSfyUJuYan9",
"TicketTimeHint":3600,
"Browser":"chrome"
}`
The Key is the preshared key (PSK) for GoQuiet, which may be different from your Shadowsocks password.

Launch and Configure Shadowsocks

Double-click on Shadowsocks.exe to launch the program.
You may get a warning to say, "Malicious file" or "Windows protected your PC," and you will need to click on Run anyway.
Configure the Shadowsocks client on Windows to match the settings on the server. For the plugin and plugin options, give the full path to the files, unless they are in the same folder as your Shadowsocks executable.
@reference_1_github.com
GoQuiet
@reference_2_dcamero.azurewebsites.net
Shadowsocks + GoQuiet

Saturday, September 22, 2018

HTTPS/SSL/NGINX/V2RAY

1. Generating a Private Key:
`openssl genrsa -out domainname.com.key 2048`

2. Generating a Certificate Signing Request:
`openssl req -new -key domainname.com.key -out domainname.com.csr`

3. Create a Self-signed certificate (you can share this certificate):
`openssl x509 -req -days 365 -in domainname.com.csr -signkey domainname.com.key -out sinomail.ml.crt`

@reference_1_tutorials.jenkov.com
OpenSSL for Web Servers

@reference_2_stackexchange.com
How do I produce a CA signed public key?

4. Nginx Configration:
`server {
    listen 443 ssl;
    server_name _;

    root /var/www/domainname.com;

    ssl on;
    ssl_certificate     /root/certs/domainname.com.crt;
    ssl_certificate_key /root/certs/domainname.com.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

    location / {
                index Login.html index.html index.htm;
    }

    location /dir1/dir2 {
                 proxy_redirect off;
                 proxy_pass http://127.0.0.1:12345;
                 proxy_http_version 1.1;
                 proxy_set_header Upgrade $http_upgrade;
                 proxy_set_header Connection "upgrade";
                 proxy_set_header Host $http_host;
                 proxy_set_header X-Forwarded-For $proxy_protocol_addr;
    }

}`

@reference_3_nginx.org
Configuring HTTPS servers
@reference_4_theviper24.today
v2ray tips
@reference_5_chrad.ml
使用V2Ray实现科学爱国
-----------------------------
V2Ray server:

    "streamSettings": {
      "network": "ws",
      "wsSettings": {
        "path": "/dir1/dir2"   //该路径可以自定义,但是要在Nginx、客户端中保持一致
      }
    }

Nginx server:

    location /dir1/dir2 //这里要与上面的路径一致
     {
          proxy_redirect off;
          proxy_pass http://127.0.0.1:12345; //端口与上面一致
          proxy_http_version 1.1;
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection "upgrade";
          proxy_set_header Host $http_host;
      }

V2Ray client:

    "streamSettings": {
      "network": "ws",
      "security": "tls",
      "tlsSettings": {
      "serverName": "domainname.com",  //填入你网站的域名
      "allowInsecure": true
      },
      "wsSettings": {
        "connectionReuse": true,
        "path": "/dir1/dir2",   //与上面的路径一致
        "headers": {
               "Host": "domainname.com",
               "User-Agent": "Mozilla/5.0 **********************************",
               "Accept-Language": "en-US,en;q=0.8",
               "Accept": "image/webp,image/apng,image/*,*/*;q=0.8"
        }

      }

    }

Note that:
如果证书是自签证书或免费证书(如let's encrypt),会出现
x509: certificate signed by unknown authority
需要在client的streamSettings加上
"tlsSettings":{
"allowInsecure": true
}

-------------------------------------------------
V2Ray shadowsocks server:

{
  "method": "aes-256-cfb",
  "password": "***************",
  "network": "tcp"
}


V2Ray shadowsocks client:

{
        "servers": [{
              "address": "domainname.com",
              "port": 443,
              "method": "aes-256-cfb",
              "password": "***************"
        }]
 }

@reference_6_v2ray.com
Shadowsocks

VMESS Client:

  "outbound": {
    "protocol": "vmess",
    "settings": {
        "vnext": [
        {
          "address": "domainname.com",
          "port": 443,
          "users": [
          {
             "id": "23********************************",
             "alterId": 10,
             "security": "auto",
             "level": 0
          }
          ]
       }
      ]
   },

VMESS Server:

{
  "log" : {
    "access": "/var/log/v2ray/access.log",
    "error": "/var/log/v2ray/error.log",
    "loglevel": "warning"
  },
  "inbound": {
    "port": 8080,
    "protocol": "vmess",
    "settings": {
      "clients": [
        {
          "id": "23***********************************",
          "level": 1,
          "alterId": 64
        }
      ]
    },
   
    "streamSettings": {
      "network": "ws",
      "wsSettings": {
        "path": "/dir1/dir2"
       }
    }

  },
  "outbound": {
    "protocol": "freedom",
    "settings": {}
  },
  "outboundDetour": [
    {
      "protocol": "blackhole",
      "settings": {},
      "tag": "blocked"
    }
  ],
  "routing": {
    "strategy": "rules",
    "settings": {
      "rules": [
        {
          "type": "field",
          "ip": ["geoip:private"],
          "outboundTag": "blocked"
        }
      ]
    }
  }
}