首先登录linux vps,
wget https://nodejs.org/dist/v4.1.0/node-v4.1.0-linux-x64.tar.xz
tar Jxvf node-v4.1.0-linux-x64.tar.xz
root@wh:~# cd node-v4.1.0-linux-x64
root@wh:~/node-v4.1.0-linux-x64# ls
CHANGELOG.md LICENSE README.md bin include lib share
root@wh:~/node-v4.1.0-linux-x64# cd bin
root@wh:~/node-v4.1.0-linux-x64/bin# ls
node npm
root@wh:~/node-v4.1.0-linux-x64/bin# echo 'export PATH=$PATH:/root/node-v4.1.0-linux-x64/bin' >> /etc/profile && . /etc/profile
root@wh:~/node-v4.1.0-linux-x64/bin# cd ~
root@wh:~# which node
/root/node-v4.1.0-linux-x64/bin/node
root@wh:~# which npm
/root/node-v4.1.0-linux-x64/bin/npm
root@wh:~# npm install -g spdyproxy
/root/node-v4.1.0-linux-x64/bin/spdyproxy -> /root/node-v4.1.0-linux-x64/lib/node_modules/spdyproxy/bin/spdyproxy
+ spdyproxy@0.2.7
added 7 packages from 15 contributors in 2.851s
root@wh:~#
这样,vps上的node环境就搭建好了。(不要编译node-v0.8.x版-https://nodejs.org/dist/v0.8.23/),否则运行命令:
npm install -g spdyproxy会遇错。可见,一般来说,如果遇错,就装较高版本的程序往往能解决问题。但是版本也不能太高,这里建议安装v4.1.0,参见:https://github.com/slashdotdash/node-ledger-web/issues/14, 否则会遇到这个issue:
https://github.com/igrigorik/node-spdyproxy/issues/68所描述的错误)
cd /root/
~# openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout private.key -out public.crt
所有步骤的问题可以一律回车。
/root/下就会生成private.key和public.crt这2个文件.
spdyproxy -k /root/private.key -c /root/public.crt -p 344 -U yourusername -P yourpassword > /dev/null &
按此文http://briteming.blogspot.com/2016/08/daemonize-daemon.html,编译daemonize,然后运行
daemonize -c . /root/node-v4.1.0-linux-x64/bin/node /root/node-v4.1.0-linux-x64/bin/spdyproxy -k /root/private.key -c /root/public.crt -p 344 -U yourusername -P yourpassword
以daemon方式运行好过“> /dev/null &”这样的运行方式。
spdyproxy -k /root/private.key -c /root/public.crt -p 345 -U yourusername -P yourpassword > /dev/null &
(自从后来在这里-http://briteming.blogspot.jp/2016/03/lightswordlevel4iossurge.html,为了安装lightsword而更新了node到v5.x后,用spdyproxy就不能正常翻墙了,因为运行spdyproxy -k /root/private.key -c /root/public.crt -p 345 -U yourusername -P yourpassword其实是运行
node spdyproxy -k /root/private.key -c /root/public.crt -p 345 -U yourusername -P yourpassword,而这里的node是更新后的v5.x版的node,此版本的node下的spdyproxy不能正常的用来翻墙。因此我们可以重新安装较低版本,比如4.1.0版的node.
killall spdyproxy
spdyproxy -k /root/private.key -c /root/public.crt -p 344 -U yourusername -P yourpassword > /dev/null &
启动cmd.exe,然后cd到chrome.exe所在的目录,输入chrome.exe --proxy-server=https://yourvps-ip:344 --ignore-certificate-errors即可启动chrome.exe,访问任意一个被封的网站,就会弹出一个窗口,在该窗口里输入上面设置的用户名和密码,即可翻墙.上面的--proxy-server=https://yourvps-ip:344也可改成
--proxy-pac-url=d:\spdy.pac ,spdy.pac的内容为
function FindProxyForURL(url, host)
{ return "HTTPS vps-ip:344"; }
保存spdy.pac到d:\实验中,发现使用chrome的绿色版,也可使用本程序翻墙,真是太爽了。
注意:端口并不一定要设为443,比如设为344也可。
(在mac上的做法:
在终端中运行:
open /Applications/Google\ Chrome.app/ --args --proxy-server=https://yourvps-ip:344 --ignore-certificate-errors即可。或者:
建议把nohup spdyproxy -k /root/private.key -c /root/public.crt -p 344 -U yourusername -P yourpassword > log &添加到/etc/rc.local里面。
open "/Applications/google chrome.app/" --args --proxy-server=https://yourvps-ip:344 --ignore-certificate-errors
你可把open "/Applications/google chrome.app/" --args --proxy-server=https://yourvps-ip:344 --ignore-certificate-errors保存为start-chrome.sh,然后chmod 755 start-chrome.sh ,然后
./start-chrome.sh
参考:https://code.google.com/p/goagent/issues/detail?id=7049)你可把open "/Applications/google chrome.app/" --args --proxy-server=https://yourvps-ip:344 --ignore-certificate-errors保存为start-chrome.sh,然后chmod 755 start-chrome.sh ,然后
./start-chrome.sh
用来看youtube很流畅。
也可这样设置windows上的chrome浏览器的代理:
右键查看chrome浏览器的桌面快捷方式,在“目标”末尾的chrome.exe处,空一格,加上参数
--proxy-server=https://yourvps-ip:344 --ignore-certificate-errors然后点击确定.
重启chrome浏览器,访问任意页面会提示代理认证,输入用户名和密码即可翻墙.(可以使用chrome浏览器的保存密码功能,保存用户名和密码,避免重复输入)。
使用chrome浏览器的保存密码功能的具体操作如下:
Enabling saved passwords
- In Chrome click the tool-wrench and select Preferences.
- In the Preferences window select the Personal Stuff tab.
- On the Personal Stuff tab check that Offer to save passwords is enabled.
Saving the password
- Quit and restart Chrome.
- Enable the 12VPN Chrome extension.
- Open any website.
- The username/password dialog for the 12VPN Chrome server will now show up. The dialog does NOT show you a Save password option.
- Enter your 12VPN Chrome username/password and click Login.
- Chrome will continue to load the website.
- Once the website is loaded Chrome will display a banner at the top of the page offering to Save the password.
Important notes
- When you restart your Chrome browser it may ask you the username/password again. Fortunately it will remember the saved username/password and fill them in automatically. You only have to press ENTER or click Login.
- Entering the username/password and completing the Save password procedure will have to be done once.
参考资料:
http://www.chromium.org/spdy/
http://en.wikipedia.org/wiki/SPDY
--------------------------------------------
HTTPS代理(进阶用法)
Chrome 浏览器支持最新的 HTTPS 代理(Safari 也支持),顾名思义,就是在传统的 HTTP 代理上加了安全协议。搭建代理服务器也是比较简单,可以直接用 NodeJS 安装 spdyproxy 来实现:npm install -g spdyproxy
很好用,也很方便。
spdyproxy -k <您的私钥> -c <您的证书> -p <代理端口> -U <用户名,可选> -P <密码,可选>
但是,这个是在前台运行的,退出就没了,可以安装
forever 模块来让它在后台运行:
当然也可以直接用
nohup 命令让它后台运行,forever 的好处是,当它挂了会自动重启!nohup spdyproxy -k path/to/key.pem -c path/to/cert.pem -p ...
然后,就可以在你的“网络偏好”中设置“安全的Web代理”了。
另外,一个值得权衡的问题是:不加密码(-U -P 参数),那么你的服务器容易被别人扫描发现;加密码,每次输入又很麻烦(有些系统下,每次网页请求都要输入密码,而不是第一次请求)。于是本人 Fork 了
spdyproxy 的 Github 源代码(https://github.com/igrigorik/node-spdyproxy),并添加了白名单支持:spdyproxy -k path/to/key.pem -c path/to/cert.pem -p 44300 -U username -P password -W whitelist.json
whitelist.json 中是一个 JSON 数组,每个元素是不需要密码的 IP 地址:
这样,添加自己常用的 IP 为白名单,自己访问不用密码,其他人访问需要密码,一定程度上防止别人盗用!
安装方式:
git clone https://github.com/rickytan/node-spdyproxy
npm install -g node-spdyproxy/package.json
自动代理配置
以上工作并没有完,让 Chrome 访问所有网站都通过代理不是明智的选择,于是在
VPS 上安装 nginx 或 apache 做为文件服务器,编写一个 PAC 文件,选择性使用代理:更好的方式
用自己的
VPS 为文件服务器是可行的,但是不方便。如之前所说,国内 ssh 访问非常慢,如果你要修改 proxy.pac 文件比较麻烦。同时,Chrome 启动时加载一个国外的配置文件会导致启动变慢。于是就想到了用 https://leancloud.cn 的云代码功能,可以托管一些静态文件。- 登录 AVOSCloud,新建应用
- 打开应用设置,添加 “Web主机” 的二级域名:
your-subdomain.avosapps.com - 打开 “云代码” 面板,下载项目框架,Web主机版
- 解压,在
public目录下放置你的 proxy.pac 文件 - 将项目建立 git repo,并 push 到 Github,或 Bitbucket(推荐,可私用)
- 在 AVOSCloud 应用下的 “云代码” 面板下,填写Repo地址,并复制
Deploy Key到你的 Repo 中 - 在 “部署” 下,点“部署”
- 在 Mac 中设置自动代理配置地址为:
http://your-subdomain.avosapps.com/proxy.pac
以后想添加新的网站到翻墙列表,打开你的 Repo,在线编辑之后,登录 AVOSCloud 再点一次“部署”,重启你的 Chrome 即可,不用 ssh 登录到你的
VPS 了。同时,由于 AVOSCloud 在国内,访问速度较快,启动时间也没有影响。总结
越是限制,越是激发人的潜能与创造力。以上,我们就用每年 $15 的费用建立起了一个私人的翻墙服务。感谢各个为人类的自由作出贡献的无私开发者,感谢 AVOSCloud 提供的免费托管服务.
- -----------------------------------------------------------
SPDY & Secure Proxy Support in Google Chrome
One of the unique features of Google Chrome is the built-in support for SSL-based proxies. Although HTTP proxies can tunnel SSL, the initial connection to the proxy is done in plain text, which allows an intruder to eavesdrop on the hosts you are navigating to. Historically, to address this limitation we have had to rely on additional client-side software to create a VPN tunnel (ex, OpenVPN), or route our connections via SSH (ex, SOCKS tunnels over SSH with
With Chrome, you can simply give the browser a URL of an HTTPS proxy, and the rest is taken care of: a TLS tunnel is established to the proxy, and the proxied requests are sent over a secure link. No eavesdropping allowed!
If your browser needs to fetch an HTTP resource, it uses the same SPDY connection, but in its SPDY frame it allocates a new "Stream ID", which indicates to the proxy that this is an independent request. The proxy can then fetch the HTTP resource on your behalf and stream it back over SPDY. Best of all, this same workflow also works for HTTPS, which means that we can tunnel SSL over SSL, and hence we can tunnel SPDY over SPDY:
If we inspect chrome://net-internals#spdy, we can see that in the example above we are connected to a local SPDY v2 proxy, running on port 44300. However, when we request
You will need node.js 0.8.x+ for NPN support (follow instructions in the readme). Once spdyproxy is installed, you can give it your SSL keys and launch a local instance. Now we just need to tell Google Chrome when to use our proxy. For that, we can create a proxy auto-configuration (PAC) file, which consists of a single JavaScript function:
Save the above file, and we can now start Chrome with the
The above scenario only scratches the surface of what we can do:
from https://www.igvita.com/2012/06/25/spdy-and-secure-proxy-support-in-google-chrome/
https://github.com/igrigorik/node-spdyproxy
https://github.com/igrigorik/node-spdyproxy/#installation--configuration
----------------------------------------------------------------------------------------------------------------------ssh -D).With Chrome, you can simply give the browser a URL of an HTTPS proxy, and the rest is taken care of: a TLS tunnel is established to the proxy, and the proxied requests are sent over a secure link. No eavesdropping allowed!
SPDY Proxy via SSL NPN
The added benefit of supporting HTTPS proxies is that we can use SSL's Next Protocol Negotiation (NPN) to upgrade our connection to speak SPDY! Once the tunnel is established, the browser and the proxy can multiplex multiple SPDY streams over the same connection, allowing us to minimize latency and optimize throughput - especially useful on mobile device. In fact, this is precisely how Amazon's Silk browser operates: single SPDY connection to an AWS proxy!If your browser needs to fetch an HTTP resource, it uses the same SPDY connection, but in its SPDY frame it allocates a new "Stream ID", which indicates to the proxy that this is an independent request. The proxy can then fetch the HTTP resource on your behalf and stream it back over SPDY. Best of all, this same workflow also works for HTTPS, which means that we can tunnel SSL over SSL, and hence we can tunnel SPDY over SPDY:
If we inspect chrome://net-internals#spdy, we can see that in the example above we are connected to a local SPDY v2 proxy, running on port 44300. However, when we request
https://www.google.com, the browser negotiates a SPDY v3 session with the Google servers. We are tunneling an SSL session within another SSL session! The proxy only knows that we are connected to google.com, but cannot inspect any of the encrypted data. Perhaps slightly meta, but this is a very powerful feature - read more about HTTPS tunneling.DIY SPDY Proxy with node.js
One way to see SPDY proxy in action is to pickup a Kindle Fire device. Alternatively, we can reproduce our own local "Silk proxy" setup in just a few lines of code and configuration:
node-spdyproxy - SPDY forwarding proxy - fast and secure.
$> npm install -g spdyproxy
$> spdyproxy -k keys/mykey.pem -c keys/mycert.pem -p 44300 -vfunction FindProxyForURL(url, host) {
// Route all HTTP requests to our proxy
if (shExpMatch(url, "http:*")) return "HTTPS localhost:43000";
// HTTPS requests go directly to the host (Amazon's Silk setup)
// See: http://www.amazon.com/gp/help/customer/display.html/?nodeId=200775440
if (shExpMatch(url, "https:*")) return "DIRECT";
// Alternatively, we can route *all* traffic through our SPDY
// proxy by simply providing one rule in our PAC file:
return "HTTPS localhost:43300";
}--proxy-pac-url flag:$> /path/to/Chrome --proxy-pac-url=file:///path/to/config.pac --use-npn- Setup advanced routing rules within the PAC file
- Provide failover and fallback proxy servers
- Auto-configure the browser via Web Proxy Auto-Discovery Protocol (WPAD)
- Setup Web-VPN access proxy for your intranet, or home network
- Setup a proxy to secure all of your browsing (ex, public wifi)
- Create a custom proxy extension, or leverage an existing one
from https://www.igvita.com/2012/06/25/spdy-and-secure-proxy-support-in-google-chrome/
https://github.com/igrigorik/node-spdyproxy
https://github.com/igrigorik/node-spdyproxy/#installation--configuration
利用node.js+SPDYproxy+chrome翻墙的另一种操作办法(这个方法不行,有问题)
SPDY daemon
This is a wrapper around the original Google's SPDY Framer. It includes a standalone server (spdyd) which can act as a SPDY-HTTP proxy (or use yet another HTTP proxy) as well as a Rack adapter. The server is built around Eventmachine, and should be pretty fast.Installation:
Gem
- gem build spdy.gemspec
- sudo gem install ./spdy-0.1.gem
Manual
- gem install em-http-request -v 0.3.0
- Optional, for daemonization: gem install daemons
- cd ext; ruby extconf.rb; make
Running standalone server:
Running it standalone is as simple as:bin/spdyd
bin/spdyd -h for options.Rack:
You can also run it as a rack server:rackup -s Spdy examples/local.ru
rackup -s Spdy config.ru
TODO:
- Integrate with npn-enabled openssl which can be built using these steps: https://gist.github.com/944386
---------------------------------------------------------
类似项目:
https://github.com/xkxx/node-spdy-proxy(这个不行,有问题)
另外Apache和nginx也有都提供了SPDY支持,不知道结合其自身代理功能能否搭建类似SPDY Proxy,有兴趣的研究:
https://developers.google.com/speed/spdy/mod_spdy/
http://nginx.org/patches/spdy/README.txt
相关帖子: http://briteming.blogspot.jp/2011/12/web-vpn-secure-proxies-with-spdy-chrome.html
类似方法:
http://briteming.blogspot.com/2015/08/nghttpx-http2.html
或者
http://briteming.blogspot.jp/2015/09/spdy-ssl-proxy.html
-------------
https://code.google.com/archive/p/mod-spdy/
http://www.chromium.org/spdy
