- Notifications
You must be signed in to change notification settings - Fork19
🔌 A simple tool that wraps HTTPS proxies into a SOCKS5 proxy.
License
NotificationsYou must be signed in to change notification settings
Equim-chan/h2s
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
You can view therelease page for handy prebuilt binaries.
An example config file:
{// bind is the address h2s will listen to.// Note that since HTTPS proxy support only TCP, the h2s wrapped SOCKS5// proxy consequently support only TCP as well."bind":"127.0.0.1:1080",// upstreams are HTTPS proxy upstreams.// h2s will do a simple round-robin load balance."upstreams":[{// If no port is specified, 80 is assumed by default."address":"proxy1.example.com",},{"address":"proxy2.example.com:3128",// username and password are optional for proxy authentication."username":"Alice","password":"secret here"},{// An HTTPS proxy over TLS upstream.// You have to specify port explicitly (usually 443), and set the tls field."address":"secure.proxy.example.com:443","username":"Secure","password":"Yeah!",// h2s only provides some basic TLS settings. If you are an advanced user and// looking for other settings, you may use stunnel(1) to handle TLS instead,// and simply leave a naive TCP interface to h2s."tlsConfig":{// If empty, serverName is set to the hostname from address.// Most users could just leave it empty."serverName":"secure.proxy.example.com",// If you prefer to set a fingerprint instead of providing certs, you can// set this to true.// Do not set to true unless you know what you are doing."insecureSkipVerify":false,// Server's SHA256 fingerprint, used to verify as an alternative to providing// the whole server certs, should be used with insecureSkipVerify to true.// If both rootCA and sha256Fingerprint are provided, they will both be// verified.//// An example to get fingerprint of a given cert:// openssl x509 -fingerprint -sha256 -noout -in cert.cer | cut -f2 -d'=' | sed s/://g// or of a server with TLS enabled:// openssl s_client -showcerts -connect example.com:443 < /dev/null | \// openssl x509 -fingerprint -sha256 -noout | cut -f2 -d'=' | sed s/://g"sha256fingerprint":"22B975A1409850EF7F4522183E9C5A8955758FC899D70FE257112DA2FC430CCC",// rootCA is useful for self-signed certs. Be careful with it.// If the server has a trusted cert, you don't have to set it."rootCA":"/path/to/the/ca/cert",// certFile and keyFile are advanced options for client authentication.// Most users could just leave it empty."certFile":"/path/to/the/client/cert","keyFile":"/path/to/the/client/key"}}],// accounts is an optional array of accounts for SOCKS5 authentication// with no accounts, authentication is disabled"accounts":[{"username":"test server","password":"test"}],// timeout optionally sets timeout value when dialing to a upstream// default "20s""timeout":"20s",// retries optionally specifies the max retries count of dialing to upstreams// default 3."retries":3}
About
🔌 A simple tool that wraps HTTPS proxies into a SOCKS5 proxy.
Topics
Resources
License
Stars
Watchers
Forks
Packages0
No packages published