glider

glider is a forward proxy with multiple protocols support, and also a dns forwarding server with ipset management features(like dnsmasq).

we can set up local listeners as proxy servers, and forward requests to internet via forwarders.

                |Forwarder ----------------->|
   Listener --> |                            | Internet
                |Forwarder --> Forwarder->...|

Features

Act as both proxy client and proxy server(protocol converter)
Flexible proxy & protocol chains
Load balancing with the following scheduling algorithm:
- rr: round robin
- ha: high availability
- lha: latency based high availability
- dh: destination hashing
Rule & priority based forwarder choosing: Config Examples
DNS forwarding server:
- dns over proxy
- force upstream querying by tcp
- association rules between dns and forwarder choosing
- association rules between dns and ipset
- dns cache support
- custom dns record
IPSet management (linux kernel version >= 2.6.32):
- add ip/cidrs from rule files on startup
- add resolved ips for domains from rule files by dns forwarding server
Serve http and socks5 on the same port
Periodical availability checking for forwarders
Send requests from specific local ip/interface

Protocols

click to see details

Protocol	Listen/TCP	Listen/UDP	Forward/TCP	Forward/UDP	Description
http	√		√		client & server
socks4			√		client only
socks5	√	√	√	√	client & server
mixed	√	√			http+socks5 server
ss	√	√	√	√	client & server
ssr			√		client only
ssh			√		client only
trojan			√	√	client only
vmess			√		client only
redir	√				linux only
redir6	√				linux only(ipv6)
tls	√		√		transport client & server
kcp		√	√		transport client & server
unix	√		√		transport client & server
websocket			√		transport client only
simple-obfs			√		transport client only
tcptun	√				transport server only
udptun		√			transport server only
uottun		√			transport server only
reject			√	√	reject all requests

Install

Binary Download:

https://github.com/nadoo/glider/releases

Build from source code (requires Go 1.14+ ):

git clone https://github.com/nadoo/glider
cd glider && go build

ArchLinux:

sudo pacman -S glider

Usage

glider -h

click to see details

glider 0.10.2 usage:
  -checkdisabledonly
    	check disabled fowarders only
  -checkinterval int
    	proxy check interval(seconds) (default 30)
  -checktimeout int
    	proxy check timeout(seconds) (default 10)
  -checkwebsite string
    	proxy check HTTP(NOT HTTPS) website address, format: HOST[:PORT], default port: 80 (default "www.apple.com")
  -config string
    	config file path
  -dialtimeout int
    	dial timeout(seconds) (default 3)
  -dns string
    	local dns server listen address
  -dnsalwaystcp
    	always use tcp to query upstream dns servers no matter there is a forwarder or not
  -dnsmaxttl int
    	maximum TTL value for entries in the CACHE(seconds) (default 1800)
  -dnsminttl int
    	minimum TTL value for entries in the CACHE(seconds)
  -dnsrecord value
    	custom dns record, format: domain/ip
  -dnsserver value
    	remote dns server address
  -dnstimeout int
    	timeout value used in multiple dnsservers switch(seconds) (default 3)
  -forward value
    	forward url, format: SCHEME://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS[,SCHEME://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS]
  -include value
    	include file
  -interface string
    	source ip or source interface
  -listen value
    	listen url, format: SCHEME://[USER|METHOD:PASSWORD@][HOST]:PORT?PARAMS
  -maxfailures int
    	max failures to change forwarder status to disabled (default 3)
  -relaytimeout int
    	relay timeout(seconds)
  -rulefile value
    	rule file path
  -rules-dir string
    	rule file folder
  -strategy string
    	forward strategy, default: rr (default "rr")
  -verbose
    	verbose mode

Available schemes:
  listen: mixed ss socks5 http redir redir6 tcptun udptun uottun tls unix kcp
  forward: reject ss socks4 socks5 http ssr ssh vmess trojan tls ws unix kcp simple-obfs

SS scheme:
  ss://method:pass@host:port

Available methods for ss:
  AEAD Ciphers:
    AEAD_AES_128_GCM AEAD_AES_192_GCM AEAD_AES_256_GCM AEAD_CHACHA20_POLY1305 AEAD_XCHACHA20_POLY1305
  Stream Ciphers:
    AES-128-CFB AES-128-CTR AES-192-CFB AES-192-CTR AES-256-CFB AES-256-CTR CHACHA20-IETF XCHACHA20 CHACHA20 RC4-MD5
  Alias:
    chacha20-ietf-poly1305 = AEAD_CHACHA20_POLY1305, xchacha20-ietf-poly1305 = AEAD_XCHACHA20_POLY1305
  Plain: DUMMY

SSR scheme:
  ssr://method:pass@host:port?protocol=xxx&protocol_param=yyy&obfs=zzz&obfs_param=xyz

SSH scheme:
  ssh://user[:pass]@host:port[?key=keypath]

VMess scheme:
  vmess://[security:]uuid@host:port?alterID=num

Trojan scheme:
  trojan://pass@host:port[?skipVerify=true]

Available securities for vmess:
  none, aes-128-gcm, chacha20-poly1305

TLS client scheme:
  tls://host:port[?skipVerify=true][&serverName=SERVERNAME]

Proxy over tls client:
  tls://host:port[?skipVerify=true][&serverName=SERVERNAME],scheme://
  tls://host:port[?skipVerify=true],http://[user:pass@]
  tls://host:port[?skipVerify=true],socks5://[user:pass@]
  tls://host:port[?skipVerify=true],vmess://[security:]uuid@?alterID=num

TLS server scheme:
  tls://host:port?cert=PATH&key=PATH

Proxy over tls server:
  tls://host:port?cert=PATH&key=PATH,scheme://
  tls://host:port?cert=PATH&key=PATH,http://
  tls://host:port?cert=PATH&key=PATH,socks5://
  tls://host:port?cert=PATH&key=PATH,ss://method:pass@

Websocket scheme:
  ws://host:port[/path][?host=HOST]

Websocket with a specified proxy protocol:
  ws://host:port[/path][?host=HOST],scheme://
  ws://host:port[/path][?host=HOST],http://[user:pass@]
  ws://host:port[/path][?host=HOST],socks5://[user:pass@]
  ws://host:port[/path][?host=HOST],vmess://[security:]uuid@?alterID=num

TLS and Websocket with a specified proxy protocol:
  tls://host:port[?skipVerify=true][&serverName=SERVERNAME],ws://[@/path[?host=HOST]],scheme://
  tls://host:port[?skipVerify=true],ws://[@/path[?host=HOST]],http://[user:pass@]
  tls://host:port[?skipVerify=true],ws://[@/path[?host=HOST]],socks5://[user:pass@]
  tls://host:port[?skipVerify=true],ws://[@/path[?host=HOST]],vmess://[security:]uuid@?alterID=num

Unix domain socket scheme:
  unix://path

KCP scheme:
  kcp://CRYPT:KEY@host:port[?dataShards=NUM&parityShards=NUM]

Available crypt types for KCP:
  none, sm4, tea, xor, aes, aes-128, aes-192, blowfish, twofish, cast5, 3des, xtea, salsa20

Simple-Obfs scheme:
  simple-obfs://host:port[?type=TYPE&host=HOST&uri=URI&ua=UA]

Available types for simple-obfs:
  http, tls

DNS forwarding server:
  dns=:53
  dnsserver=8.8.8.8:53
  dnsserver=1.1.1.1:53
  dnsrecord=www.example.com/1.2.3.4
  dnsrecord=www.example.com/2606:2800:220:1:248:1893:25c8:1946

Available forward strategies:
  rr: Round Robin mode
  ha: High Availability mode
  lha: Latency based High Availability mode
  dh: Destination Hashing mode

Forwarder option scheme: FORWARD_URL#OPTIONS
  priority: set the priority of that forwarder, default:0
  interface: set local interface or ip address used to connect remote server
  -
  Examples:
    socks5://1.1.1.1:1080#priority=100
    vmess://[security:]uuid@host:port?alterID=num#priority=200
    vmess://[security:]uuid@host:port?alterID=num#priority=200&interface=192.168.1.99
    vmess://[security:]uuid@host:port?alterID=num#priority=200&interface=eth0

Config file format(see `./glider.conf.example` as an example):
  # COMMENT LINE
  KEY=VALUE
  KEY=VALUE
  # KEY equals to command line flag name: listen forward strategy...

Examples:
  ./glider -config glider.conf
    -run glider with specified config file.

  ./glider -listen :8443 -verbose
    -listen on :8443, serve as http/socks5 proxy on the same port, in verbose mode.

  ./glider -listen ss://AEAD_CHACHA20_POLY1305:pass@:8443 -verbose
    -listen on 0.0.0.0:8443 as a ss server.

  ./glider -listen socks5://user1:pass1@:1080 -verbose
    -listen on :1080 as a socks5 proxy server, enable authentication.

  ./glider -listen tls://:443?cert=crtFilePath&key=keyFilePath,http:// -verbose
    -listen on :443 as a https(http over tls) proxy server.

  ./glider -listen http://:8080 -forward socks5://127.0.0.1:1080
    -listen on :8080 as a http proxy server, forward all requests via socks5 server.

  ./glider -listen redir://:1081 -forward ss://method:[email protected]:8443
    -listen on :1081 as a transparent redirect server, forward all requests via remote ss server.

  ./glider -listen redir://:1081 -forward "ssr://method:[email protected]:8444?protocol=a&protocol_param=b&obfs=c&obfs_param=d"
    -listen on :1081 as a transparent redirect server, forward all requests via remote ssr server.

  ./glider -listen redir://:1081 -forward "tls://1.1.1.1:443,vmess://security:uuid@?alterID=10"
    -listen on :1081 as a transparent redirect server, forward all requests via remote tls+vmess server.

  ./glider -listen redir://:1081 -forward "ws://1.1.1.1:80,vmess://security:uuid@?alterID=10"
    -listen on :1081 as a transparent redirect server, forward all requests via remote ws+vmess server.

  ./glider -listen tcptun://:80=2.2.2.2:80 -forward ss://method:[email protected]:8443
    -listen on :80 and forward all requests to 2.2.2.2:80 via remote ss server.

  ./glider -listen udptun://:53=8.8.8.8:53 -forward ss://method:[email protected]:8443
    -listen on :53 and forward all udp requests to 8.8.8.8:53 via remote ss server.

  ./glider -listen uottun://:53=8.8.8.8:53 -forward ss://method:[email protected]:8443
    -listen on :53 and forward all udp requests via udp over tcp tunnel.

  ./glider -listen socks5://:1080 -listen http://:8080 -forward ss://method:[email protected]:8443
    -listen on :1080 as socks5 server, :8080 as http proxy server, forward all requests via remote ss server.

  ./glider -listen redir://:1081 -dns=:53 -dnsserver=8.8.8.8:53 -forward ss://method:pass@server1:port1,ss://method:pass@server2:port2
    -listen on :1081 as transparent redirect server, :53 as dns server, use forward chain: server1 -> server2.

  ./glider -listen socks5://:1080 -forward ss://method:pass@server1:port1 -forward ss://method:pass@server2:port2 -strategy rr
    -listen on :1080 as socks5 server, forward requests via server1 and server2 in round robin mode.

  ./glider -verbose -dns=:53 -dnsserver=8.8.8.8:53 -dnsrecord=www.example.com/1.2.3.4
    -listen on :53 as dns server, forward dns requests to 8.8.8.8:53, return 1.2.3.4 when resolving www.example.com.

run:

glider -verbose -listen :8443 -forward SCHEME://HOST:PORT

glider -config CONFIGPATH

glider -config CONFIGPATH -listen :8080 -verbose

Config

Proxy & Protocol Chains

In glider, you can easily chain several proxy servers or protocols together (click to see details)

Chain proxy servers:

forward=http://1.1.1.1:80,socks5://2.2.2.2:1080,ss://method:[email protected]:8443@

Chain protocols: https proxy (http over tls)
```
forward=tls://1.1.1.1:443,http://
```

Chain protocols: vmess over ws over tls

forward=tls://1.1.1.1:443,ws://,vmess://5a146038-0b56-4e95-b1dc-5c6f5a32cd98@?alterID=2

Chain protocols and servers:

forward=socks5://1.1.1.1:1080,tls://2.2.2.2:443,vmess://5a146038-0b56-4e95-b1dc-5c6f5a32cd98@?alterID=2

Chain protocols in listener: https proxy server

listen=tls://:443?cert=crtFilePath&key=keyFilePath,http://

Service

systemd: https://github.com/nadoo/glider/blob/master/systemd/

jacobjohansen / glider Goto Github PK

glider's Introduction

glider

Features

Protocols

Install

Usage

Config

Proxy & Protocol Chains

Service

Links

glider's People

Contributors

Watchers

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent