Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Proxing via ShadowSocks and Tor
- Complex proxy to send some traffic via Tor and Shadowsocks.
- Optional obfs4 for Tor is included.
- First install packages:
- pacman -S tor privoxy squid
- Add to /etc/tor/torrc:
- RunAsDaemon 0
- ExcludeExitNodes {ru}, {ua}, {by}, {kz}, {cn}
- ExitPolicy reject *:* # no exits allowed
- ExitPolicy reject6 *:* # no exits allowed
- Needed for logs:
- mkdir /var/lib/tor
- sudo chown -R tor:tor /var/lib/tor
- Turn on Tor:
- systemctl enable tor
- systemctl start tor
- Replace /etc/privoxy/config with ~/wiki/privoxy/config:
- cp -rf /privoxy/config /etc/privoxy/config
- Prepare:
- chown root:root /etc/privoxy/config
- Enable Privoxy:
- systemctl enable privoxy
- systemctl start privoxy
- Cook Squid:
- Replace /etc/squid/squid.conf with ~/wiki/squid/squid.conf
- cp -rf ~/wiki/squid/squid.conf /etc/squid/squid.conf
- Add lists:
- cp ~/wiki/config /etc/squid/redirect-to-privoxy.dat
- Add Autoupdate of squid blacklist
- Create and change mod of ads blacklist:
- touch /etc/squid/squid-ads.acl
- chmod 666 /etc/squid/squid-ads.acl
- pacman -S cronie
- systemctl enable cronie.service
- systemctl start cronie.service
- crontab-e
- And add a new cron:
- @weekly ~/wiki/squid/blacklist_update.sh
- Enable service:
- systemctl enable squid.service
- Needed dirs:
- mkdir /var/cache/squid
- mkdir /var/log/squid
- mkdir /etc/squid/acl/
- sudo chown -R proxy:proxy /var/cache/squid
- sudo chown -R proxy:proxy /var/log/squid
- Accept settings:
- squid -k parse
- squid -k reconfigure
- systemctl enable squid
- systemctl start squid
- Add to /etc/environment to use proxy for all connections:
- all_proxy=http://127/0.0.1:3128
- http_proxy=http://127.0.0.1:3128
- https_proxy=http://127.0.0.1:3128
- ftp_proxy=http://127.0.0.1:3128
- no_proxy=localhost,127.0.0.1,::1
- Shandowsocks
- Install and enable fastest avaliable proxy:
- pacman -S shadowsocks-libev
- cp ~/wiki/shadowsocks/config.json /etc/shadowsocks/config.json
- systemctl enable shadowsocks-libev@config
- systemctl start shadowsocks-libev@config
- For serverside use ~/wiki/shadowsocks/docker-compose.yml
- Just place it in server then:
- docker-compose up -d
- Look at privoxy/config to choose ssocks or Tor to redirect
- Obfs with Tor (optional):
- trizen -S obfs4proxy
- Add to /etc/tor/trorrc:
- BridgeRelay 1
- ORPort 39331
- ExtORPort auto
- ClientTransportPlugin obfs4 exec /usr/local/bin/obfs4proxy
- RelayBandwidthRate 50 KBytes
- RelayBandwidthBurst 100 KBytes
- --------Privoxy config
- # Now forward through shadowsocks
- forward-socks5 / 127.0.0.1:1080 .
- # Use next line to forward via Tor
- # forward-socks4a / 127.0.0.1:9500 .
- forward-socks4a .onion 127.0.0.1:9050 .
- confdir /etc/privoxy
- logdir /var/log/privoxy
- actionsfile default.action # Main actions file
- actionsfile user.action # User customizations
- filterfile default.filter
- logfile logfile
- debug 4096 # Startup banner and warnings
- debug 8192 # Errors — *we highly recommended enabling this*
- user-manual /usr/share/doc/privoxy/user-manual
- listen-address 127.0.0.1:8118
- toggle 1
- enable-remote-toggle 0
- enable-edit-actions 0
- enable-remote-http-toggle 0
- buffer-limit 4096
- ------Shadowsocks config.json
- {
- "server":"x.x.x.x",
- "server_port":8390,
- "local_address": "127.0.0.1",
- "local_port":1080,
- "password":"roadtohell",
- "timeout":300,
- "method":"aes-256-cfb",
- "workers": 1
- }
- ------Shadowsocks on server docker-compose.yml
- shadowsocks:
- image: shadowsocks/shadowsocks-libev:latest
- environment:
- - PASSWORD=roadtohell
- - METHOD=aes-256-cfb
- - ARGS=--fast-open
- ports:
- - "8390:8390"
- restart: unless-stopped
- --------squid.conf
- acl SSL_ports port 443
- acl Safe_ports port 80 # http
- acl Safe_ports port 21 # ftp
- acl Safe_ports port 443 # https
- acl Safe_ports port 70 # gopher
- acl Safe_ports port 210 # wais
- acl Safe_ports port 1025-65535 # unregistered ports
- acl Safe_ports port 280 # http-mgmt
- acl Safe_ports port 488 # gss-http
- acl Safe_ports port 591 # filemaker
- acl Safe_ports port 777 # multiling http
- acl CONNECT method CONNECT
- # Blacklist
- acl banners dstdomain "/etc/squid/squid-ads.acl"
- # Redirect to Tor urls
- acl redirect-to-proxy dstdomain "/etc/squid/redirect-to-proxy.dat"
- acl redirect-to-onion dstdomain .onion
- # Where we redirect
- cache_peer 127.0.0.1 parent 8118 0 no-query proxy-only default name=tor-proxy-01
- never_direct allow redirect-to-proxy
- never_direct allow redirect-to-onion
- always_direct allow all !redirect-to-proxy !redirect-to-onion
- http_access deny banners
- http_access deny !Safe_ports
- http_access deny CONNECT !SSL_ports
- http_access allow localhost manager
- http_access deny manager
- http_access allow localhost
- http_access deny all
- http_port 3128
- coredump_dir /var/spool/squid/
- refresh_pattern ^ftp: 1440 20% 10080
- refresh_pattern ^gopher: 1440 0% 1440
- refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
- refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
- refresh_pattern . 0 20% 4320
- shutdown_lifetime 3 seconds
- -------redirect-to-proxy.dat
- 2ip.ru
- kinozal.tv
- rutracker.org
- pornolab.net
- linkedin.com
- *.pornhub.com
- bt.t-ru.org
- bt2.t-ru.org
- bt3.t-ru.org
- bt4.t-ru.org
- telegram.*
- tdesktop.*
- whoer.net
- ------blacklist_update.sh
- #!/bin/bash
- wget -q https://www.squidblacklist.org/downloads/squid-ads.acl -O /etc/squid/squid-ads.acl
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement