proxy_float

This escaper provide the capability to access the target upstream through dynamic remote proxies.

The following remote proxy protocols are supported:

  • Http Proxy

  • Https Proxy

  • Socks5 Proxy

The following interfaces are supported:

  • tcp connect

  • udp relay (only socks5 peer)

  • udp connect (only socks5 peer)

  • http(s) forward

The Cap’n Proto RPC publish command is supported on this escaper, the published data should be an array of or just one peer.

The following egress path selection values is supported:

  • string id

    If matched, a peer with the same ID will be used.

    Added in version 1.9.2.

  • json value

    If matched, the JSON MAP value will be parsed as a peer and it will be used.

    Added in version 1.9.2.

Config Keys

The following common keys are supported:

source

optional, type: url str | map | null

Set the fetch source for peers.

We support many type of sources. The type is detected by reading the scheme field of url, or the type key of the map. See sources for all supported type of sources.

default: passive

cache

recommend, type: file path

Set the cache file.

It is recommended to set this as the fetch of peers at startup may be finished after the first batch of requests.

The file will be created if not existed.

default: not set

refresh_interval

optional, type: humanize duration

Set the refresh interval to update peers from the configured source.

default: 1s

bind_ipv4

optional, type: ipv4 addr str

Set the bind ip address for inet sockets.

default: not set

bind_ipv6

optional, type: ipv6 addr str

Set the bind ip address for inet6 sockets.

default: not set

tls_client

optional, type: bool | openssl tls client config

Enable https peer, and set TLS parameters for this local TLS client. If set to true or empty map, a default config is used.

default: not set

tcp_connect_timeout

optional, type: humanize duration

Set the tcp connect application level timeout value.

default: 30s

tcp_keepalive

optional, type: tcp keepalive

Set tcp keepalive.

The tcp keepalive set in user config won’t be taken into account.

default: 60s

expire_guard_duration

optional, type: humanize duration

If the peer has an expire value, we won’t connect to it if we can reach the expire time after adding this value.

default: 5s

Sources

For map format, the type key should always be set.

passive

Do not fetch peers. Only publish is needed.

The root value of source may be set to null to use passive source.

redis

Fetch peers from a redis db.

The keys used in the map format are:

  • sets_key

    required, type: str

    Set the key for the sets that store the peers. Each string record in the set is a single peer. See peers for its formats.

  • nested redis config map

For url str values, the format is:

redis://[username][:<password>@]<addr>/<db>?sets_key=<sets_key>

Peers

We use json string to represent a peer, with a map type as root element.

Common keys

  • type

    required, type: str

    It tells us the peer type.

  • id

    optional, type: str

    Set ID for this peer.

    Added in version 1.7.23.

  • addr

    required, type: sockaddr str

    Set the socket address we can connect to the peer. No domain name is allowed here.

  • isp

    optional, type: str

    ISP for the egress ip address.

  • eip

    optional, type: ip addr str

    The egress ip address from external view.

  • area

    optional, type: egress area

    Area of the egress ip address.

  • expire

    optional, type: rfc3339 datetime str

    Set the expire time for this peer.

  • tcp_sock_speed_limit

    optional, type: tcp socket speed limit

    Set the speed limit for each tcp connections to this peer.

The following types are supported:

http

  • username

    optional, type: username

    Set the username for HTTP basic auth.

  • password

    optional, type: password

    Set the password for HTTP basic auth.

  • http_connect_rsp_header_max_size

    optional, type: humanize usize

    Set the max header size for received CONNECT response.

    default: 4KiB

  • extra_append_headers

    optional, type: map

    Set extra headers append to the requests sent to upstream. The key should be the header name, both the key and the value should be in ascii string type.

    Note

    No duplication check is done here, use it with caution.

https

The https peer has all config keys as http peer, the following keys are also supported:

  • tls_name

    optional, type: tls name

    Set the tls server name for server certificate verification.

    default: not set

socks5

  • username

    optional, type: username

    Set the username for Socks5 User auth.

  • password

    optional, type: password

    Set the password for Socks5 User auth.

  • udp_sock_speed_limit

    optional, type: udp socket speed limit

    Set speed limit for each udp socket.

    default: no limit

    Added in version 1.7.22.

  • transmute_udp_peer_ip

    optional, type: bool or map

    Set this option if the UDP peer IP returned from the remote proxy should be transmuted.

    For map value, the key should be the returned IP, and the value should be the real IP to use. If the map is empty, the peer IP used by the tcp connection will be used.

    For bool value, an empty map will be used if set to true, or disabled if set to false.

    default: false

    Added in version 1.7.22.

  • end_on_control_closed

    optional, type: bool

    Set to true if you want to end the UDP Associate Session whenever the peer closed the control TCP connection.

    By default the session will be ended if:

    • Error occur on the TCP control connection at any time

    • Clean close of the TCP control connection if at least one UDP packet has been received

    default: false

    Added in version 1.9.9.

socks5s

The socks5s peer has all config keys as socks5 peer, the following keys are also supported:

  • tls_name

    optional, type: tls name

    Set the tls server name for server certificate verification.

    default: not set

Added in version 1.9.9.