- Notifications
You must be signed in to change notification settings - Fork467
glider is a forward proxy with multiple protocols support, and also a dns/dhcp server with ipset management features(like dnsmasq).
License
NotificationsYou must be signed in to change notification settings
nadoo/glider
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
glider is a forward proxy with multiple protocols support, and also a dns/dhcp server with ipset management features(like dnsmasq).
we can set up local listeners as proxy servers, and forward requests to internet via forwarders.
|Forwarder ----------------->| Listener -->|| Internet|Forwarder --> Forwarder->...|
- Act as both proxy client and proxy server(protocol converter)
- Flexible proxy & protocol chains
- Load balancing with the following scheduling algorithm:
- rr: round robin
- ha: high availability
- lha: latency based high availability
- dh: destination hashing
- Rule & priority based forwarder choosing:Config Examples
- DNS forwarding server:
- dns over proxy
- force upstream querying by tcp
- association rules between dns and forwarder choosing
- association rules between dns and ipset
- dns cache support
- custom dns record
- IPSet management (linux kernel version >= 2.6.32):
- add ip/cidrs from rule files on startup
- add resolved ips for domains from rule files by dns forwarding server
- Serve http and socks5 on the same port
- Periodical availability checking for forwarders
- Send requests from specific local ip/interface
- Services:
- dhcpd: a simple dhcp server that can run in failover mode
click to see details
| Protocol | Listen/TCP | Listen/UDP | Forward/TCP | Forward/UDP | Description |
|---|---|---|---|---|---|
| Mixed | √ | √ | http+socks5 server | ||
| HTTP | √ | √ | client & server | ||
| SOCKS5 | √ | √ | √ | √ | client & server |
| SS | √ | √ | √ | √ | client & server |
| Trojan | √ | √ | √ | √ | client & server |
| Trojanc | √ | √ | √ | √ | trojan cleartext(without tls) |
| VLESS | √ | √ | √ | √ | client & server |
| VMess | √ | √ | client only | ||
| SSR | √ | client only | |||
| SSH | √ | client only | |||
| SOCKS4 | √ | client only | |||
| SOCKS4A | √ | client only | |||
| TCP | √ | √ | tcp tunnel client & server | ||
| UDP | √ | √ | udp tunnel client & server | ||
| TLS | √ | √ | transport client & server | ||
| KCP | √ | √ | transport client & server | ||
| Unix | √ | √ | √ | √ | transport client & server |
| VSOCK | √ | √ | transport client & server | ||
| Smux | √ | √ | transport client & server | ||
| Websocket(WS) | √ | √ | transport client & server | ||
| WS Secure | √ | √ | websocket secure (wss) | ||
| Proxy Protocol | √ | version 1 server only | |||
| Simple-Obfs | √ | transport client only | |||
| Redir | √ | linux redirect proxy | |||
| Redir6 | √ | linux redirect proxy(ipv6) | |||
| TProxy | √ | linux tproxy(udp only) | |||
| Reject | √ | √ | reject all requests |
- Binary:https://github.com/nadoo/glider/releases
- Docker:
docker pull nadoo/glider - Manjaro:
pamac install glider - ArchLinux:
sudo pacman -S glider - Homebrew:
brew install glider - MacPorts:
sudo port install glider - Source:
go install github.com/nadoo/glider@latest
glider -verbose -listen :8443# docker run --rm -it nadoo/glider -verbose -listen :8443glider -help
Usage: glider [-listen URL]... [-forward URL]... [OPTION]... e.g. glider -config /etc/glider/glider.conf glider -listen :8443 -forward socks5://serverA:1080 -forward socks5://serverB:1080 -verboseOPTION: -check string check=tcp[://HOST:PORT]: tcp port connect check check=http://HOST[:PORT][/URI][#expect=REGEX_MATCH_IN_RESP_LINE] check=https://HOST[:PORT][/URI][#expect=REGEX_MATCH_IN_RESP_LINE] check=file://SCRIPT_PATH: run a check script, healthy when exitcode=0, env vars: FORWARDER_ADDR,FORWARDER_URL check=disable: disable health check (default"http://www.msftconnecttest.com/connecttest.txt#expect=200")-checkdisabledonly check disabled fowarders only-checkinterval int fowarder check interval(seconds) (default 30)-checklatencysamples int use the average latency of the latest N checks (default 10)-checktimeout int fowarder check timeout(seconds) (default 10)-checktolerance int fowarder check tolerance(ms), switch only when new_latency< old_latency - tolerance, only usedin lha mode-config string config file path-dialtimeout int dial timeout(seconds) (default 3)-dns stringlocal dns server listen address-dnsalwaystcp always use tcp to query upstream dns servers no matter there is a forwarder or not-dnscachelog show query log of dns cache-dnscachesize int max number of dns responsein CACHE (default 4096)-dnsmaxttl int maximum TTL valueforentriesin the CACHE(seconds) (default 1800) -dnsminttl int minimum TTL valueforentriesin the CACHE(seconds) -dnsnoaaaa disable AAAA query -dnsrecord value custom dns record, format: domain/ip -dnsserver value remote dns server address -dnstimeout int timeout value usedin multiple dnsservers switch(seconds) (default 3) -example show usage examples -forward value forward url, see the URL section below -include value include file -interface stringsource ip orsource interface -listen value listen url, see the URL section below -logflags intdo not change itif youdo not know what it is, ref: https://pkg.go.dev/log#pkg-constants (default 19) -maxfailures int max failures to change forwarder status to disabled (default 3) -relaytimeout int relay timeout(seconds) -rulefile value rule file path -rules-dir string rule file folder -scheme string showhelp message of proxy scheme, use'all' to see all schemes -service value run specified services, format: SERVICE_NAME[,SERVICE_CONFIG] -strategy string rr: Round Robin mode ha: High Availability mode lha: Latency based High Availability mode dh: Destination Hashing mode (default"rr") -tcpbufsize int tcp buffer sizein Bytes (default 32768) -udpbufsize int udp buffer sizein Bytes (default 2048) -verbose verbose modeURL: proxy: SCHEME://[USER:PASS@][HOST]:PORT chain: proxy,proxy[,proxy]... e.g. -listen socks5://:1080 -listen tls://:443?cert=crtFilePath&key=keyFilePath,http:// (protocol chain) e.g. -forward socks5://server:1080 -forward tls://server.com:443,http:// (protocol chain) -forward socks5://serverA:1080,socks5://serverB:1080 (proxy chain)SCHEME: listen: http kcp mixed pxyproto redir redir6 smux sni socks5 ss tcp tls tproxy trojan trojanc udp unix vless vsock ws wss forward: direct http kcp reject simple-obfs smux socks4 socks4a socks5 ss ssh ssr tcp tls trojan trojanc udp unix vless vmess vsock ws wss Note: use'glider -scheme all' or'glider -scheme SCHEME' to seehelp infofor the scheme.--Forwarder Options: FORWARD_URL#OPTIONS priority: the priority of that forwarder, the larger the higher, default: 0 interface: thelocal interface or ip address used to connect remote server. e.g. -forward socks5://server:1080#priority=100 -forward socks5://server:1080#interface=eth0 -forward socks5://server:1080#priority=100&interface=192.168.1.99Services: dhcpd: service=dhcpd,INTERFACE,START_IP,END_IP,LEASE_MINUTES[,MAC=IP,MAC=IP...] service=dhcpd-failover,INTERFACE,START_IP,END_IP,LEASE_MINUTES[,MAC=IP,MAC=IP...] e.g. service=dhcpd,eth1,192.168.1.100,192.168.1.199,720--Help: glider -help glider -scheme all glider -examplesee README.md and glider.conf.examplefor more details.--glider 0.16.4, https://github.com/nadoo/glider (glider.proxy@gmail.com)
glider -scheme all
Direct scheme: direct://Only needed when you want to specify the outgoing interface: glider -verbose -listen :8443 -forward direct://#interface=eth0Or load balance multiple interfaces directly: glider -verbose -listen :8443 -forward direct://#interface=eth0 -forward direct://#interface=eth1 -strategy rrOr you can use the high availability mode: glider -verbose -listen :8443 -forward direct://#interface=eth0&priority=100 -forward direct://#interface=eth1&priority=200 -strategy ha--Http scheme: http://[user:pass@]host:port--KCP scheme: kcp://CRYPT:KEY@host:port[?dataShards=NUM&parityShards=NUM&mode=MODE] Available crypt typesfor KCP: none, sm4, tea, xor, aes, aes-128, aes-192, blowfish, twofish, cast5, 3des, xtea, salsa20 Available modesfor KCP: fast, fast2, fast3, normal, default: fast--Simple-Obfs scheme: simple-obfs://host:port[?type=TYPE&host=HOST&uri=URI&ua=UA] Available typesfor simple-obfs: http, tls--Reject scheme: reject://--Smux scheme: smux://host:port--Socks4 scheme: socks4://host:port--Socks5 scheme: socks5://[user:pass@]host:port--SS scheme: ss://method:pass@host:port Available methodsfor ss: AEAD Ciphers: AEAD_AES_128_GCM AEAD_AES_192_GCM AEAD_AES_256_GCM AEAD_CHACHA20_POLY1305 AEAD_XCHACHA20_POLY1305 Stream Ciphers: AES-128-CFB AES-128-CTR AES-192-CFB AES-192-CTR AES-256-CFB AES-256-CTR CHACHA20-IETF XCHACHA20 CHACHA20 RC4-MD5 Alias: chacha20-ietf-poly1305 = AEAD_CHACHA20_POLY1305, xchacha20-ietf-poly1305 = AEAD_XCHACHA20_POLY1305 Plain: NONE--SSH scheme: ssh://user[:pass]@host:port[?key=keypath&timeout=SECONDS] timeout: timeout of ssh handshake and channel operation, default: 5--SSR scheme: ssr://method:pass@host:port?protocol=xxx&protocol_param=yyy&obfs=zzz&obfs_param=xyz--TLS client scheme: tls://host:port[?serverName=SERVERNAME][&skipVerify=true][&cert=PATH][&alpn=proto1][&alpn=proto2] Proxy over tls client: tls://host:port[?skipVerify=true][&serverName=SERVERNAME],scheme:// tls://host:port[?skipVerify=true],http://[user:pass@] tls://host:port[?skipVerify=true],socks5://[user:pass@] tls://host:port[?skipVerify=true],vmess://[security:]uuid@?alterID=num TLS server scheme: tls://host:port?cert=PATH&key=PATH[&alpn=proto1][&alpn=proto2] Proxy over tls server: tls://host:port?cert=PATH&key=PATH,scheme:// tls://host:port?cert=PATH&key=PATH,http:// tls://host:port?cert=PATH&key=PATH,socks5:// tls://host:port?cert=PATH&key=PATH,ss://method:pass@--Trojan client scheme: trojan://pass@host:port[?serverName=SERVERNAME][&skipVerify=true][&cert=PATH] trojanc://pass@host:port (cleartext, without TLS) Trojan server scheme: trojan://pass@host:port?cert=PATH&key=PATH[&fallback=127.0.0.1] trojanc://pass@host:port[?fallback=127.0.0.1] (cleartext, without TLS)--Unix domain socket scheme: unix://path--VLESS scheme: vless://uuid@host:port[?fallback=127.0.0.1:80]--VMess scheme: vmess://[security:]uuid@host:port[?alterID=num]if alterID=0 or not set, VMessAEAD will be enabled Available securityfor vmess: zero, none, aes-128-gcm, chacha20-poly1305--Websocket client scheme: ws://host:port[/path][?host=HOST][&origin=ORIGIN] wss://host:port[/path][?serverName=SERVERNAME][&skipVerify=true][&cert=PATH][&host=HOST][&origin=ORIGIN] Websocket server scheme: ws://:port[/path][?host=HOST] wss://:port[/path]?cert=PATH&key=PATH[?host=HOST] Websocket with a specified proxy protocol: ws://host:port[/path][?host=HOST],scheme:// ws://host:port[/path][?host=HOST],http://[user:pass@] ws://host:port[/path][?host=HOST],socks5://[user:pass@] TLS and Websocket with a specified proxy protocol: tls://host:port[?skipVerify=true][&serverName=SERVERNAME],ws://[@/path[?host=HOST]],scheme:// tls://host:port[?skipVerify=true],ws://[@/path[?host=HOST]],http://[user:pass@] tls://host:port[?skipVerify=true],ws://[@/path[?host=HOST]],socks5://[user:pass@] tls://host:port[?skipVerify=true],ws://[@/path[?host=HOST]],vmess://[security:]uuid@?alterID=num--VM socket scheme(linux only): vsock://[CID]:portif you want to listen on any address, justset CID to 4294967295.
glider -example
Examples: glider -config glider.conf -run glider with specified config file. glider -listen :8443 -verbose -listen on :8443, serve as http/socks5 proxy on the same port,in verbose mode. glider -listen socks5://:1080 -listen http://:8080 -verbose -multiple listeners: listen on :1080 as socks5 proxy server, and on :8080 as http proxy server. glider -listen :8443 -forward direct://#interface=eth0 -forward direct://#interface=eth1 -multiple forwarders: listen on 8443 and forward requests via interface eth0 and eth1in round robin mode. glider -listen tls://:443?cert=crtFilePath&key=keyFilePath,http:// -verbose -protocol chain: listen on :443 as a https(http over tls) proxy server. glider -listen http://:8080 -forward socks5://serverA:1080,socks5://serverB:1080 -proxy chain: listen on :8080 as a http proxy server, forward all requests via forward chain. glider -listen :8443 -forward socks5://serverA:1080 -forward socks5://serverB:1080#priority=10 -forward socks5://serverC:1080#priority=10 -forwarder priority: serverA will only be used when serverB and serverC are not available. glider -listen tcp://:80 -forward tcp://serverA:80 -tcp tunnel: listen on :80 and forward all requests to serverA:80. glider -listen udp://:53 -forward socks5://serverA:1080,udp://8.8.8.8:53 -udp tunnel: listen on :53 and forward all udp requests to 8.8.8.8:53 via remote socks5 server. glider -verbose -dns=:53 -dnsserver=8.8.8.8:53 -forward socks5://serverA:1080 -dnsrecord=abc.com/1.2.3.4 -dns over proxy: listen on :53 as dns server, forward to 8.8.8.8:53 via socks5 server.
glider -config CONFIG_PATH
- dhcpd / dhcpd-failover:
- service=dhcpd,INTERFACE,START_IP,END_IP,LEASE_MINUTES[,MAC=IP,MAC=IP...]
- service=dhcpd,eth1,192.168.1.100,192.168.1.199,720,fc:23:34:9e:25:01=192.168.1.101
- service=dhcpd-failover,eth2,192.168.2.100,192.168.2.199,720
- note:
dhcpd-failoveronly serves requests when there's no other dhcp server exists in lan- detect interval: 1min
- service=dhcpd,INTERFACE,START_IP,END_IP,LEASE_MINUTES[,MAC=IP,MAC=IP...]
docker: click to see details
- run glider (config file path: /etc/glider/glider.conf)
docker run -d --name glider --net host --restart=always \ -v /etc/glider:/etc/glider \ -v /etc/localtime:/etc/localtime:ro \ nadoo/glider -config=/etc/glider/glider.conf - run watchtower if you need auto update
docker run -d --name watchtower --restart=always \ -v /var/run/docker.sock:/var/run/docker.sock \ containrrr/watchtower --interval 21600 --cleanup \ glider - open udp ports if you need udp nat fullcone
iptables -I INPUT -p udp -m udp --dport 1024:65535 -j ACCEPT
- run glider (config file path: /etc/glider/glider.conf)
You can customize and build glider if you want a smaller binary (click to see details)
- Clone the source code:
git clone https://github.com/nadoo/glider&&cd glider
- Customize features:
open`feature.go`&`feature_linux.go`, comment out the packages you don't need// _ "github.com/nadoo/glider/proxy/kcp"
- Build it:
go build -v -ldflags"-s -w"In glider, you can easily chain several proxy servers or protocols together (click to see details)
Chain proxy servers:
forward=http://1.1.1.1:80,socks5://2.2.2.2:1080,ss://method:pass@3.3.3.3:8443@
Chain protocols: https proxy (http over tls)
forward=tls://server.com:443,http://
Chain protocols: vmess over ws over tls
forward=tls://server.com:443,ws://,vmess://5a146038-0b56-4e95-b1dc-5c6f5a32cd98@?alterID=2Chain protocols and servers:
forward=socks5://1.1.1.1:1080,tls://server.com:443,vmess://5a146038-0b56-4e95-b1dc-5c6f5a32cd98@?alterID=2Chain protocols in listener: https proxy server
listen=tls://:443?cert=crtFilePath&key=keyFilePath,http://
Chain protocols in listener: http over smux over websocket proxy server
listen=ws://:10000,smux://,http://
About
glider is a forward proxy with multiple protocols support, and also a dns/dhcp server with ipset management features(like dnsmasq).
Topics
Resources
License
Uh oh!
There was an error while loading.Please reload this page.
Stars
Watchers
Forks
Packages0
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.