Advertisement
Guest User

Untitled

a guest
Oct 13th, 2019
2,086
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.30 KB | None | 0 0
  1. Proxing via ShadowSocks and Tor
  2. Complex proxy to send some traffic via Tor and Shadowsocks.
  3. Optional obfs4 for Tor is included.
  4. First install packages:
  5. pacman -S tor privoxy squid
  6. Add to /etc/tor/torrc:
  7. RunAsDaemon 0
  8. ExcludeExitNodes {ru}, {ua}, {by}, {kz}, {cn}
  9. ExitPolicy reject *:* # no exits allowed
  10. ExitPolicy reject6 *:* # no exits allowed
  11. Needed for logs:
  12. mkdir /var/lib/tor
  13. sudo chown -R tor:tor /var/lib/tor
  14. Turn on Tor:
  15. systemctl enable tor
  16. systemctl start tor
  17. Replace /etc/privoxy/config with ~/wiki/privoxy/config:
  18. cp -rf /privoxy/config /etc/privoxy/config
  19. Prepare:
  20. chown root:root /etc/privoxy/config
  21. Enable Privoxy:
  22. systemctl enable privoxy
  23. systemctl start privoxy
  24. Cook Squid:
  25. Replace /etc/squid/squid.conf with ~/wiki/squid/squid.conf
  26. cp -rf ~/wiki/squid/squid.conf /etc/squid/squid.conf
  27. Add lists:
  28. cp ~/wiki/config /etc/squid/redirect-to-privoxy.dat
  29. Add Autoupdate of squid blacklist
  30. Create and change mod of ads blacklist:
  31. touch /etc/squid/squid-ads.acl
  32. chmod 666 /etc/squid/squid-ads.acl
  33. pacman -S cronie
  34. systemctl enable cronie.service
  35. systemctl start cronie.service
  36. crontab-e
  37. And add a new cron:
  38. @weekly ~/wiki/squid/blacklist_update.sh
  39. Enable service:
  40. systemctl enable squid.service
  41. Needed dirs:
  42. mkdir /var/cache/squid
  43. mkdir /var/log/squid
  44. mkdir /etc/squid/acl/
  45. sudo chown -R proxy:proxy /var/cache/squid
  46. sudo chown -R proxy:proxy /var/log/squid
  47. Accept settings:
  48. squid -k parse
  49. squid -k reconfigure
  50. systemctl enable squid
  51. systemctl start squid
  52. Add to /etc/environment to use proxy for all connections:
  53. all_proxy=http://127/0.0.1:3128
  54. http_proxy=http://127.0.0.1:3128
  55. https_proxy=http://127.0.0.1:3128
  56. ftp_proxy=http://127.0.0.1:3128
  57. no_proxy=localhost,127.0.0.1,::1
  58.  
  59. Shandowsocks
  60. Install and enable fastest avaliable proxy:
  61. pacman -S shadowsocks-libev
  62. cp ~/wiki/shadowsocks/config.json /etc/shadowsocks/config.json
  63. systemctl enable shadowsocks-libev@config
  64. systemctl start shadowsocks-libev@config
  65. For serverside use ~/wiki/shadowsocks/docker-compose.yml
  66. Just place it in server then:
  67. docker-compose up -d
  68. Look at privoxy/config to choose ssocks or Tor to redirect
  69.  
  70. Obfs with Tor (optional):
  71. trizen -S obfs4proxy
  72. Add to /etc/tor/trorrc:
  73. BridgeRelay 1
  74. ORPort 39331
  75. ExtORPort auto
  76. ClientTransportPlugin obfs4 exec /usr/local/bin/obfs4proxy
  77. RelayBandwidthRate 50 KBytes
  78. RelayBandwidthBurst 100 KBytes
  79.  
  80.  
  81. --------Privoxy config
  82. # Now forward through shadowsocks
  83. forward-socks5 / 127.0.0.1:1080 .
  84. # Use next line to forward via Tor
  85. # forward-socks4a / 127.0.0.1:9500 .
  86. forward-socks4a .onion 127.0.0.1:9050 .
  87. confdir /etc/privoxy
  88. logdir /var/log/privoxy
  89. actionsfile default.action # Main actions file
  90. actionsfile user.action # User customizations
  91. filterfile default.filter
  92.  
  93. logfile logfile
  94.  
  95. debug 4096 # Startup banner and warnings
  96. debug 8192 # Errors — *we highly recommended enabling this*
  97.  
  98. user-manual /usr/share/doc/privoxy/user-manual
  99. listen-address 127.0.0.1:8118
  100. toggle 1
  101. enable-remote-toggle 0
  102. enable-edit-actions 0
  103. enable-remote-http-toggle 0
  104. buffer-limit 4096
  105.  
  106. ------Shadowsocks config.json
  107.  
  108. {
  109. "server":"x.x.x.x",
  110. "server_port":8390,
  111. "local_address": "127.0.0.1",
  112. "local_port":1080,
  113. "password":"roadtohell",
  114. "timeout":300,
  115. "method":"aes-256-cfb",
  116. "workers": 1
  117. }
  118.  
  119. ------Shadowsocks on server docker-compose.yml
  120. shadowsocks:
  121. image: shadowsocks/shadowsocks-libev:latest
  122. environment:
  123. - PASSWORD=roadtohell
  124. - METHOD=aes-256-cfb
  125. - ARGS=--fast-open
  126. ports:
  127. - "8390:8390"
  128. restart: unless-stopped
  129.  
  130. --------squid.conf
  131. acl SSL_ports port 443
  132. acl Safe_ports port 80 # http
  133. acl Safe_ports port 21 # ftp
  134. acl Safe_ports port 443 # https
  135. acl Safe_ports port 70 # gopher
  136. acl Safe_ports port 210 # wais
  137. acl Safe_ports port 1025-65535 # unregistered ports
  138. acl Safe_ports port 280 # http-mgmt
  139. acl Safe_ports port 488 # gss-http
  140. acl Safe_ports port 591 # filemaker
  141. acl Safe_ports port 777 # multiling http
  142. acl CONNECT method CONNECT
  143.  
  144. # Blacklist
  145. acl banners dstdomain "/etc/squid/squid-ads.acl"
  146.  
  147. # Redirect to Tor urls
  148. acl redirect-to-proxy dstdomain "/etc/squid/redirect-to-proxy.dat"
  149. acl redirect-to-onion dstdomain .onion
  150.  
  151. # Where we redirect
  152. cache_peer 127.0.0.1 parent 8118 0 no-query proxy-only default name=tor-proxy-01
  153. never_direct allow redirect-to-proxy
  154. never_direct allow redirect-to-onion
  155. always_direct allow all !redirect-to-proxy !redirect-to-onion
  156.  
  157. http_access deny banners
  158. http_access deny !Safe_ports
  159. http_access deny CONNECT !SSL_ports
  160. http_access allow localhost manager
  161. http_access deny manager
  162. http_access allow localhost
  163. http_access deny all
  164. http_port 3128
  165.  
  166. coredump_dir /var/spool/squid/
  167.  
  168. refresh_pattern ^ftp: 1440 20% 10080
  169. refresh_pattern ^gopher: 1440 0% 1440
  170. refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
  171. refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
  172. refresh_pattern . 0 20% 4320
  173.  
  174. shutdown_lifetime 3 seconds
  175.  
  176.  
  177. -------redirect-to-proxy.dat
  178. 2ip.ru
  179. kinozal.tv
  180. rutracker.org
  181. pornolab.net
  182. linkedin.com
  183. *.pornhub.com
  184. bt.t-ru.org
  185. bt2.t-ru.org
  186. bt3.t-ru.org
  187. bt4.t-ru.org
  188. telegram.*
  189. tdesktop.*
  190. whoer.net
  191.  
  192. ------blacklist_update.sh
  193. #!/bin/bash
  194. wget -q https://www.squidblacklist.org/downloads/squid-ads.acl -O /etc/squid/squid-ads.acl
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement