Idea: implement an obfs plugin for Apache and/or nginx about simple-obfs HOT 28 CLOSED

In addition, if we implement a websocket SIP003 plugin, we can run shadowsocks behind Apache/Nginx, even a CDN. Both of these two approaches would work.

from simple-obfs.

I tried shadowsocks over WebSocket tunnel with CloudFlare Free CDN, using nginx as reverse proxy on a web server. It works, and largely improves download speed.

from simple-obfs.

Yes, it's possible. Actually we can reuse any of the following tunnels, fork them as a SIP003 plugin:

• https://github.com/erebe/wstunnel
• https://github.com/ginuerzh/gost

from simple-obfs.

BTW, simple-obfs is unable to work with apache/nginx, which is just a header obfuscation tool.

from simple-obfs.

What I meant is something like this but as a plug in: https://github.com/shadowsocks/shadowsocks-dotcloud

So that the server looks like a normal website and can tunnel shadowsocks traffic at the same time.

from simple-obfs.

Hmm actually we can add a configuration to server options:

failover=(IP or hostname)[:(port)]

Default port is 80 or 443 correspondingly. If an invalid request is received, obfs-server just simply forward raw request to failover server. Now if I want to make my website work, I can make it listen on (for example) 8080 and let obfs-server listen on 80 and set failover=localhost:8080.

Maybe we can also add an "obfs-path" option to both local and server?

from simple-obfs.

OK, so it works like HAProxy. I think it's doable and we can implement in obfs-server easily. It will forward any request not to obfs-host or invalid request to Apache/Nginx.

obfs-path may not work as SNI doesn't have information about the URL path.

from simple-obfs.

@madeye Then only for HTTP?

from simple-obfs.

@Mygod Not elegant, but acceptable. What about a pull request? 😄

from simple-obfs.

Let's take the forwarding approach since the web server can be written in a wide variety of languages...

from simple-obfs.

Actually that's just to prevent conflict (what if there's also a web socket server running at /)... I'm okay without it. 🙃

from simple-obfs.

Please try ec9b0c1.

from simple-obfs.

Tested with HTTP. Works perfectly. Thanks!

from simple-obfs.

Wait. What about the obfs-host checking at server side?

from simple-obfs.

Hmm on second thought it's not really important... (but nice to have)

from simple-obfs.

Wait. I just realized I accidentally configured obfs-server use tls while it should use http for 80. I did another test, it seems: (port 80)

HTTP with failover disabled: Instant Segmentation fault.

from simple-obfs.

Please try d3c9b8c.

from simple-obfs.

Failover is working now but the connection is only working when failover is disabled.

from simple-obfs.

Fully working now! Thanks.

from simple-obfs.

Just tried connecting behind CloudFlare. Doesn't work. (woulda been amazing if it had worked)

I connected to a wrong domain name, I get log output like:

remote_recv_cb_recv: Bad address
remote recv: Bad address

Then I realized that I need to use correct domain name, then there was no traffic.

from simple-obfs.

Also according to CloudFlare, WebSockets should work: https://support.cloudflare.com/hc/en-us/articles/200169466-Can-I-use-CloudFlare-with-WebSockets-

from simple-obfs.

Unfortunately, it's expected. And that's why I suggest to implement other plugins in the first comment.

from simple-obfs.

Hmmm okay... I will try them some day when I feel like it.

from simple-obfs.

@Mygod nginx在8443端口配置好ssl 并且obfs的failover=127.0.0.1:8443
结果https://ip:8443 能正常访问 https://ip不能正常访问。请问这正常吗？

from simple-obfs.

@madeye I haven't tested TLS mode thoroughly so this may be a bug.

from simple-obfs.

@Mygod Yes, it's fixed via #47

from simple-obfs.

Okay! 😅

from simple-obfs.

@zeptoTantalum I am trying to run obs-server with failover to my nginx web server running on port 443. I am using the json config to configure my ss-libev-server (running on port 8530) with simple-obfs. My config looks like this:

{ "server":"xxx", "server_port":xxx, "local_port":1080, "password":"xxx", "timeout":600, "method":"chacha20-ietf-poly1305", "fast_open":true, "plugin":"obfs-server", "plugin_opts":"obfs=tls", "failover":"127.0.0.1:443" }

I would like to confirm if I am doing it right? Thanks

from simple-obfs.