Skip to content

Commit

Permalink
update reverse proxy
Browse files Browse the repository at this point in the history
  • Loading branch information
@ginuerzh
ginuerzh committed Jun 14, 2024
1 parent 8d05eac commit 5036f82
Show file tree
Hide file tree
Showing 10 changed files with 229 additions and 131 deletions.
2 changes: 1 addition & 1 deletion docs/concepts/hop.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,7 @@ services:
listener:
type: tcp
forwarder:
name: hop-0
hop: hop-0
hops:
- name: hop-0
Expand Down
20 changes: 17 additions & 3 deletions docs/concepts/observer.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,14 +30,14 @@ observers:
`addr` (string, required)
: 插件服务地址

`tls` (duration, default=null)
`tls` (object, default=null)
: 设置后将使用TLS加密传输,默认不使用TLS加密。

## 使用观测器

当服务的状态变化时会通过服务上的观测器上报状态,如果服务开启了统计(`enableStats`选项),同时也会上报连接和流量统计信息。

```yaml hl_lines="4 10"
```yaml hl_lines="4 10 11"
services:
- name: service-0
addr: ":8080"
Expand All @@ -48,6 +48,7 @@ services:
type: tcp
metadata:
enableStats: true # 开启统计
observePeriod: 5s
observers:
- name: observer-0
Expand All @@ -59,6 +60,9 @@ observers:
serverName: example.com
```

`observePeriod` (duration, default=5s)
: 观测器上报周期。

## HTTP插件

```yaml
Expand All @@ -67,8 +71,12 @@ observers:
plugin:
type: http
addr: http://127.0.0.1:8000/observer
timeout: 10s
```

`timeout` (duration, default=0s)
: 上报请求超时时长。

### 请求示例

**上报服务状态**
Expand Down Expand Up @@ -128,13 +136,15 @@ curl -XPOST http://127.0.0.1:8000/observer \

对于支持认证的代理服务(HTTP,HTTP2,SOCKS4,SOCKS5,Relay),观测器也可以用在处理器上。

```yaml hl_lines="6"
```yaml hl_lines="6 8"
services:
- name: service-0
addr: ":8080"
handler:
type: http
observer: observer-0
metadata:
observePeriod: 5s
listener:
type: tcp
Expand All @@ -144,6 +154,10 @@ observers:
addr: 127.0.0.1:8000
```

`observePeriod` (duration, default=5s)
: 观测器上报周期。


### 基于用户标识的流量统计

服务级别的观测器只能用来观测服务整体的统计信息,无法针对用户进行更细的划分。如果需要实现此功能需要组合使用认证器插件和处理器上的观测器插件。
Expand Down
16 changes: 8 additions & 8 deletions docs/tutorials/probe-resistance.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ GOST对HTTP/HTTPS/HTTP2代理提供了探测防御功能。当代理服务收到
=== "命令行"

```
gost -L=http://gost:gost@:8080?probeResistance=code:400&knock=www.example.com
gost -L=http://gost:gost@:8080?probeResist=code:400&knock=www.example.com
```

=== "配置文件"
Expand All @@ -28,35 +28,35 @@ GOST对HTTP/HTTPS/HTTP2代理提供了探测防御功能。当代理服务收到
password: gost
metadata:
knock: www.example.com
probeResistance: code:404
probeResist: code:404
listener:
type: tcp
```

## probeResistance
## `probeResist`选项

代理服务通过`probeResistance`参数来指定防御策略。参数值的格式为:`type:value`
代理服务通过`probeResist`参数来指定防御策略。参数值的格式为:`type:value`

type可选值有:

* `code` - 对应value为HTTP响应码,代理服务器会回复客户端指定的响应码。例如:
```
gost -L=http://gost:gost@:8080?probeResistance=code:403
gost -L=http://gost:gost@:8080?probeResist=code:403
```
* `web` - 对应的value为URL,代理服务器会使用HTTP GET方式访问此URL,并将响应返回给客户端。例如:
```
gost -L=http://gost:gost@:8080?probeResistance=web:example.com/page.html
gost -L=http://gost:gost@:8080?probeResist=web:example.com/page.html
```
* `host` - 对应的value为主机地址,代理服务器会将客户端请求转发给设置的主机地址,并将主机的响应返回给客户端,代理服务器在这里相当于端口转发服务。例如:
```
gost -L=https://gost:gost@:443?probeResistance=host:www.example.com:8080
gost -L=https://gost:gost@:443?probeResist=host:www.example.com:8080
```
* `file` - 对应的value为本地文件路径,代理服务器会回复客户端200响应码,并将指定的文件内容作为Body发送给客户端。例如:
```
gost -L=http2://gost:gost@:443?probeResistance=file:/send/to/client/file.txt
gost -L=http2://gost:gost@:443?probeResist=file:/send/to/client/file.txt
```
## knock
Expand Down
24 changes: 16 additions & 8 deletions docs/tutorials/reverse-proxy-tunnel.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -197,10 +197,12 @@ services:
nodes:
- name: example-com
addr: 192.168.1.1:80
host: example.com
filter:
host: example.com
- name: sub-example-com
addr: 192.168.1.2:80
host: sub.example.com
filter:
host: sub.example.com
- name: fallback
addr: 192.168.2.1:80
chains:
Expand Down Expand Up @@ -378,10 +380,12 @@ services:
nodes:
- name: ssh
addr: 192.168.2.1:22
host: ssh.srv-2.local
filter:
host: ssh.srv-2.local
- name: redis
addr: 192.168.2.2:6379
host: redis.srv-3.local
filter:
host: redis.srv-3.local
chains:
- name: chain-0
hops:
Expand Down Expand Up @@ -471,10 +475,12 @@ services:
nodes:
- name: dns-1
addr: 192.168.2.1:53
host: dns.srv-2.local
filter:
host: dns.srv-2.local
- name: dns-2
addr: 192.168.2.2:53
host: dns.srv-3.local
filter:
host: dns.srv-3.local
chains:
- name: chain-0
hops:
Expand Down Expand Up @@ -651,7 +657,8 @@ TCP和UDP服务可以共用同一个隧道,隧道会对TCP和UDP的客户端
nodes:
- name: iperf
addr: :5201
host: iperf.local
filter:
host: iperf.local
- name: iperf-udp
addr: :0
handler:
Expand All @@ -663,7 +670,8 @@ TCP和UDP服务可以共用同一个隧道,隧道会对TCP和UDP的客户端
nodes:
- name: iperf
addr: :5201
host: iperf.local
filter:
host: iperf.local
chains:
- name: chain-0
hops:
Expand Down
Loading

0 comments on commit 5036f82

Please sign in to comment.