SHARE
TWEET

Untitled

a guest Oct 13th, 2019 59 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Proxing via ShadowSocks and Tor
  2. Complex proxy to send some traffic via Tor and Shadowsocks.
  3. Optional obfs4 for Tor is included.
  4. First install packages:
  5. pacman -S tor privoxy squid
  6. Add to /etc/tor/torrc:
  7. RunAsDaemon 0
  8. ExcludeExitNodes {ru}, {ua}, {by}, {kz}, {cn}
  9. ExitPolicy reject *:* # no exits allowed
  10. ExitPolicy reject6 *:* # no exits allowed
  11. Needed for logs:
  12. mkdir /var/lib/tor
  13. sudo chown -R tor:tor /var/lib/tor
  14. Turn on Tor:
  15. systemctl enable tor
  16. systemctl start tor
  17. Replace /etc/privoxy/config with ~/wiki/privoxy/config:
  18. cp -rf /privoxy/config /etc/privoxy/config
  19. Prepare:
  20. chown root:root /etc/privoxy/config
  21. Enable Privoxy:
  22. systemctl enable privoxy
  23. systemctl start privoxy
  24. Cook Squid:
  25. Replace /etc/squid/squid.conf with ~/wiki/squid/squid.conf
  26. cp -rf ~/wiki/squid/squid.conf /etc/squid/squid.conf
  27. Add lists:
  28. cp ~/wiki/config /etc/squid/redirect-to-privoxy.dat
  29. Add Autoupdate of squid blacklist
  30. Create and change mod of ads blacklist:
  31. touch /etc/squid/squid-ads.acl
  32. chmod 666 /etc/squid/squid-ads.acl
  33. pacman -S cronie
  34. systemctl enable cronie.service
  35. systemctl start cronie.service
  36. crontab-e
  37. And add a new cron:
  38. @weekly ~/wiki/squid/blacklist_update.sh
  39. Enable service:
  40. systemctl enable squid.service
  41. Needed dirs:
  42. mkdir /var/cache/squid
  43. mkdir /var/log/squid
  44. mkdir /etc/squid/acl/
  45. sudo chown -R proxy:proxy /var/cache/squid
  46. sudo chown -R proxy:proxy /var/log/squid
  47. Accept settings:
  48. squid -k parse
  49. squid -k reconfigure
  50. systemctl enable squid
  51. systemctl start squid
  52. Add to /etc/environment to use proxy for all connections:
  53. all_proxy=http://127/0.0.1:3128
  54. http_proxy=http://127.0.0.1:3128
  55. https_proxy=http://127.0.0.1:3128
  56. ftp_proxy=http://127.0.0.1:3128
  57. no_proxy=localhost,127.0.0.1,::1
  58.  
  59. Shandowsocks
  60. Install and enable fastest avaliable proxy:
  61. pacman -S shadowsocks-libev
  62. cp ~/wiki/shadowsocks/config.json /etc/shadowsocks/config.json
  63. systemctl enable shadowsocks-libev@config
  64. systemctl start shadowsocks-libev@config
  65. For serverside use ~/wiki/shadowsocks/docker-compose.yml
  66. Just place it in server then:
  67. docker-compose up -d
  68. Look at privoxy/config to choose ssocks or Tor to redirect
  69.  
  70. Obfs with Tor (optional):
  71. trizen -S obfs4proxy
  72. Add to /etc/tor/trorrc:
  73. BridgeRelay 1
  74. ORPort 39331
  75. ExtORPort auto
  76. ClientTransportPlugin obfs4 exec /usr/local/bin/obfs4proxy
  77. RelayBandwidthRate 50 KBytes
  78. RelayBandwidthBurst 100 KBytes
  79.  
  80.  
  81. --------Privoxy config
  82. # Now forward through shadowsocks
  83. forward-socks5 / 127.0.0.1:1080 .
  84. # Use next line to forward via Tor
  85. # forward-socks4a / 127.0.0.1:9500 .
  86. forward-socks4a .onion 127.0.0.1:9050 .
  87. confdir /etc/privoxy
  88. logdir /var/log/privoxy
  89. actionsfile default.action # Main actions file
  90. actionsfile user.action # User customizations
  91. filterfile default.filter
  92.  
  93. logfile logfile
  94.  
  95. debug 4096 # Startup banner and warnings
  96. debug 8192 # Errors — *we highly recommended enabling this*
  97.  
  98. user-manual /usr/share/doc/privoxy/user-manual
  99. listen-address 127.0.0.1:8118
  100. toggle 1
  101. enable-remote-toggle 0
  102. enable-edit-actions 0
  103. enable-remote-http-toggle 0
  104. buffer-limit 4096
  105.  
  106. ------Shadowsocks config.json
  107.  
  108. {
  109.     "server":"x.x.x.x",
  110.     "server_port":8390,
  111.     "local_address": "127.0.0.1",
  112.     "local_port":1080,
  113.     "password":"roadtohell",
  114.     "timeout":300,
  115.     "method":"aes-256-cfb",
  116.     "workers": 1
  117. }
  118.  
  119. ------Shadowsocks on server docker-compose.yml
  120. shadowsocks:
  121.   image: shadowsocks/shadowsocks-libev:latest
  122.   environment:
  123.     - PASSWORD=roadtohell
  124.     - METHOD=aes-256-cfb
  125.     - ARGS=--fast-open
  126.   ports:
  127.     - "8390:8390"
  128.   restart: unless-stopped
  129.  
  130. --------squid.conf
  131. acl SSL_ports port 443
  132. acl Safe_ports port 80        # http
  133. acl Safe_ports port 21        # ftp
  134. acl Safe_ports port 443        # https
  135. acl Safe_ports port 70        # gopher
  136. acl Safe_ports port 210        # wais
  137. acl Safe_ports port 1025-65535    # unregistered ports
  138. acl Safe_ports port 280        # http-mgmt
  139. acl Safe_ports port 488        # gss-http
  140. acl Safe_ports port 591        # filemaker
  141. acl Safe_ports port 777        # multiling http
  142. acl CONNECT method CONNECT
  143.  
  144. # Blacklist
  145. acl banners dstdomain "/etc/squid/squid-ads.acl"
  146.  
  147. # Redirect to Tor urls
  148. acl redirect-to-proxy dstdomain "/etc/squid/redirect-to-proxy.dat"
  149. acl redirect-to-onion dstdomain .onion
  150.  
  151. # Where we redirect
  152. cache_peer 127.0.0.1 parent 8118 0 no-query proxy-only default name=tor-proxy-01
  153. never_direct allow redirect-to-proxy
  154. never_direct allow redirect-to-onion
  155. always_direct allow all !redirect-to-proxy !redirect-to-onion
  156.  
  157. http_access deny banners
  158. http_access deny !Safe_ports
  159. http_access deny CONNECT !SSL_ports
  160. http_access allow localhost manager
  161. http_access deny manager
  162. http_access allow localhost
  163. http_access deny all
  164. http_port 3128
  165.  
  166. coredump_dir /var/spool/squid/
  167.  
  168. refresh_pattern ^ftp:        1440    20%    10080
  169. refresh_pattern ^gopher:    1440    0%    1440
  170. refresh_pattern -i (/cgi-bin/|\?) 0    0%    0
  171. refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
  172. refresh_pattern .        0    20%    4320
  173.  
  174. shutdown_lifetime 3 seconds
  175.  
  176.  
  177. -------redirect-to-proxy.dat
  178. 2ip.ru
  179. kinozal.tv
  180. rutracker.org
  181. pornolab.net
  182. linkedin.com
  183. *.pornhub.com
  184. bt.t-ru.org
  185. bt2.t-ru.org
  186. bt3.t-ru.org
  187. bt4.t-ru.org
  188. telegram.*
  189. tdesktop.*
  190. whoer.net
  191.  
  192. ------blacklist_update.sh
  193. #!/bin/bash
  194. wget -q https://www.squidblacklist.org/downloads/squid-ads.acl -O /etc/squid/squid-ads.acl
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top