1. Install xcaddy
`cd /tmp`
`wget https://github.com/caddyserver/xcaddy/releases/download/v0.1.9/xcaddy_0.1.9_freebsd_amd64.tar.gz`
`tar xvf xcaddy_0.1.9_freebsd_amd64.tar.gz`
`mv xcaddy /usr/local/bin`
2. build and run Caddy v2 with naïve fork of forwardproxy:
`xcaddy build --with github.com/caddyserver/forwardproxy@caddy2=github.com/klzgrad/forwardproxy@naive`
Allow 80and 443 binding:
`setcap cap_net_bind_service=+ep ./caddy`
`mv caddy /usr/local/bincaddy version`
3. Create caddy user and group
`groupadd --system caddy-g`
`useradd --system --gid caddy-g --create-home --home-dir /var/lib/caddy --shell /usr/sbin/nologin --comment "Caddy web server" caddy-u`
`chown root:root /usr/local/bin/caddy`, `chmod 755 /usr/local/bin/caddy`
4. Create other directories for Caddy
`mkdir /etc/caddy`, `chown -R root:caddy-g /etc/caddy`
`mkdir /etc/ssl/caddy`, `chown -R root:caddy /etc/ssl/caddy`
`chmod 0770 /etc/ssl/caddy`
`mkdir /var/www`, `chown caddy-u:caddy-g /var/www`
5. Create configuration file, service and log for Caddy
`touch /etc/caddy/Caddyfile`, `chmod 644 /etc/caddy/Caddyfile`
Use `head /dev/urandom | tr -dc a-z0-9 | head -c 16 ; echo ''` to generate a password.
Copy the following text into the Caddyfile file:
`:443, example.com
tls example123@gmail.com
route {
forward_proxy {
basic_auth username password
hide_ip
hide_via
probe_resistance
}
file_server { root /var/www }
}
log {
output file /var/log/caddy/access.log {
roll_size 1gb
roll_keep 10
roll_keep_for 720h
}
}`
`touch /etc/systemd/system/caddy.service`
`chmod 644 /etc/systemd/system/caddy.service`
Copy the following text into the caddy.service file:
`[Unit]
Description=Caddy HTTP/2 web server
Documentation=https://caddyserver.com/docs/
After=network-online.target
Wants=network-online.target systemd-networkd-wait-online.service
StartLimitIntervalSec=14400
StartLimitBurst=10
[Service]
Restart=on-abnormal
User=caddy-u
Group=caddy-g
Environment=CADDYPATH=/etc/ssl/caddy
ExecStart= /usr/local/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload= /usr/local/bin/caddy reload --config /etc/caddy/Caddyfile
KillMode=mixed
KillSignal=SIGQUIT
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
PrivateDevices=false
ProtectHome=true
ProtectSystem=full
ReadWritePaths=/etc/ssl/caddy
ReadWriteDirectories=/etc/ssl/caddy
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target`
`touch /var/log/caddy/access.log`
`chown root:caddy-g /var/log/caddy/access.log`
`chmod 770 /var/log/caddy/access.log`
6. Install NaiveProxy server
`apt install libnss3 xz-utils`
`wget https://github.com/klzgrad/naiveproxy/releases/download/v90.0.4430.85-6/naiveproxy-v90.0.4430.85-6-linux-x64.tar.xz`
`tar -xf naiveproxy-v90.0.4430.85-6-linux-x64.tar.xz`
`cd naiveproxy-v90.0.4430.85-6-linux-x64`, `cp naive /usr/local/bin`
`touch /etc/systemd/system/naive.service`
Copy the following into the naive.service file:
`[Unit]
Description=NaiveProxy Server Service
After=network-online.target
[Service]
Type=simple
User=nobody
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
ExecStart=/usr/local/bin/naive /etc/naive/config.json
[Install]
WantedBy=multi-user.target`
`mkdir /etc/naive`, `touch /etc/naive/config.json`
Copy the following into the config.json file:
`{
"listen": "socks://127.0.0.1:1080",
"proxy": "https://username:password@example.com",
"padding": true
}`
7. Start & Enable services
`systemctl daemon-reload`
`systemctl enable naive`, `systemctl enable caddy`
`systemctl start naive` , `systemctl start caddy`
`systemctl status naive`, `systemctl status caddy`
8. Install NaiveProxy client
Copy the following into the config.json file:
`{
"listen": "socks://127.0.0.1:1080",
"proxy": "https://username:password@example.com",
"log": "",
"padding": true
}`
