summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBinJin <>2019-06-11 07:30:00 (GMT)
committerhdiff <hdiff@hdiff.luite.com>2019-06-11 07:30:00 (GMT)
commit0a401767a3ab144a043aaf7bc98139ecf3367d6f (patch)
tree17bbdea2f14fdd5cba4af858aa4099b673cd307e
parent47a0817e1e003199fd943caba472d7a67f1fd3f0 (diff)
version 0.1.0.10.1.0.1
-rw-r--r--README.md71
-rw-r--r--hprox.cabal98
-rw-r--r--src/HProx.hs (renamed from HProx.hs)0
-rw-r--r--src/Main.hs (renamed from Main.hs)14
4 files changed, 116 insertions, 67 deletions
diff --git a/README.md b/README.md
index c06aa29..1ab6924 100644
--- a/README.md
+++ b/README.md
@@ -1,31 +1,72 @@
## hprox
-hprox is a lightweight HTTP/HTTPS proxy server.
+[![CircleCI](https://circleci.com/gh/bjin/hprox.svg?style=shield)](https://circleci.com/gh/bjin/hprox)
+[![Depends](https://img.shields.io/hackage-deps/v/hprox.svg)](https://packdeps.haskellers.com/feed?needle=hprox)
+[![Release](https://img.shields.io/github/release/bjin/hprox.svg)](https://github.com/bjin/hprox/releases)
+[![Hackage](https://img.shields.io/hackage/v/hprox.svg)](https://hackage.haskell.org/package/hprox)
+[![License](https://img.shields.io/github/license/bjin/hprox.svg)](https://github.com/bjin/hprox/blob/master/LICENSE)
+
+`hprox` is a lightweight HTTP/HTTPS proxy server.
### Features
-* Basic HTTP proxy support, including HTTP GET/HTTP CONNECT support.
+* Basic HTTP proxy functionality.
* Simple password authentication.
-* HTTPS encryption support, requires a valid certificate. Supports TLS 1.3 and
- HTTP 2 out of box. This mode is also known as SPDY Proxy.
-* TLS SNI validation in HTTPS mode. Blocks connections with wrong domain name.
-* Provide PAC file for easy client side configuration. Supports Chrome and Firefox.
-* Can run upon any Haskell Web Application with `wai` interface. Defaults to
- a dumb application which simulate the default empty page from Apache.
-* websocket redirection. Compatible with v2ray-plugin for shadowsocks.
-* Reverse proxy support. Redirect requests to a fallback server.
-
-Use `hprox --help` to list the options for further details.
+* TLS encryption (requires a valid certificate). Supports TLS 1.3 and HTTP 2, also known as SPDY Proxy.
+* TLS SNI validation (blocks all clients with invalid domain name).
+* Provide PAC file for easy client side configuration (supports Chrome and Firefox).
+* Websocket redirection (compatible with [v2ray-plugin for shadowsocks](https://github.com/shadowsocks/v2ray-plugin)).
+* Reverse proxy support (redirect requests to a fallback server).
+* Implemented as a middleware, compatible with any Haskell Web Application with `wai` interface.
+ Defaults to fallback to a dumb application which simulate the default empty page from Apache.
### Installation
-Only Linux and macOS are supported. [stack](https://docs.haskellstack.org/en/stable/README/#how-to-install) is required to build `hprox`.
+`hprox` should build and work on all unix-like OS with `ghc` support, but it's only
+been tested on Linux and macOS.
+
+[stack](https://docs.haskellstack.org/en/stable/README/#how-to-install) is required to build `hprox`.
```sh
+stack setup
stack install
```
+### Usage
+
+Use `hprox --help` to list options with detailed explanation.
+
+* To run `hprox` on port 8080, with simple password authentication:
+
+```sh
+echo "user:pass" > userpass.txt
+chmod 600 userpass.txt
+hprox -p 8080 -a userpass.txt
+```
+
+* To run `hprox` with TLS encryption on port 443, with certificate of `example.com` obtained with [certbot](https://certbot.eff.org/):
+
+```sh
+hprox -p 443 -s example.com:/etc/letsencrypt/live/example.com/fullchain.pem:/etc/letsencrypt/live/example.com/privkey.pem
+```
+
+Browsers can then be configured with PAC file URL `https://example.com/get/hprox.pac`.
+
+* To work with `v2ray-plugin`, with fallback page to ubuntu mirrors:
+
+```sh
+v2ray-plugin -server -localPort 8080 -mode websocket -host example.com -remotePort xxxx
+hprox -p 443 -s example.com:fullchain.pem:privkey.pem --ws 127.0.0.1:8080 --rev archive.ubuntu.com:80
+```
+
+Clients will be able to connect with option `tls;host=example.com`.
+
### Known Issue
-* Only HTTP server are supported for websocket and reverse proxy redirection.
-* Passwords are stored in plain text for now, please avoid using existing password.
+* Only HTTP servers are supported as websocket and reverse proxy redirection destination.
+* Passwords are currently stored in plain text, please set permission accordingly and
+ avoid using existing password.
+
+### License
+
+`hprox` is licensed under the Apache license. See LICENSE file for details.
diff --git a/hprox.cabal b/hprox.cabal
index eb554d0..bfc466d 100644
--- a/hprox.cabal
+++ b/hprox.cabal
@@ -1,54 +1,62 @@
-name: hprox
-version: 0.1.0
-synopsis: a lightweight HTTP proxy server, and more
-description:
- Please see the README on GitHub at <https://github.com/bjin/hprox#readme>
+cabal-version: 1.12
-license: Apache-2.0
-license-file: LICENSE
-author: Bin Jin
-maintainer: bjin@ctrl-d.org
-category: Web
-build-type: Simple
-cabal-version: >=1.10
+-- This file has been generated from package.yaml by hpack version 0.31.1.
+--
+-- see: https://github.com/sol/hpack
+--
+-- hash: a70b4c08df6e0a53013a5ee56b5e14317c0fb952bc34ad9dd8b9c25954559c83
+name: hprox
+version: 0.1.0.1
+synopsis: a lightweight HTTP proxy server, and more
+description: Please see the README on GitHub at <https://github.com/bjin/hprox#readme>
+category: Web
+homepage: https://github.com/bjin/hprox#readme
+bug-reports: https://github.com/bjin/hprox/issues
+author: Bin Jin
+maintainer: bjin@ctrl-d.org
+copyright: 2019 Bin Jin
+license: Apache-2.0
+license-file: LICENSE
+build-type: Simple
extra-source-files:
- README.md
+ README.md
+
+source-repository head
+ type: git
+ location: https://github.com/bjin/hprox
flag static
- description:
- Enable static build
- Default:
- False
+ description: Enable static build
+ manual: True
+ default: False
executable hprox
- main-is:
- Main.hs
- ghc-options:
- -Wall -O2 -threaded -rtsopts "-with-rtsopts=-N -c"
- if flag(static)
- ghc-options:
- -optl-static
+ main-is: Main.hs
other-modules:
- HProx
+ HProx
+ hs-source-dirs:
+ src
+ ghc-options: -Wall -O2 -threaded -rtsopts -with-rtsopts=-N
build-depends:
- async,
- base < 5.0,
- base64-bytestring,
- binary,
- bytestring,
- case-insensitive,
- conduit,
- conduit-extra,
- http-client,
- http-reverse-proxy >= 0.4.0,
- http-types,
- optparse-applicative,
- tls >= 1.5.0,
- unix,
- wai >= 3.2.2,
- wai-extra,
- warp >= 3.2.8,
- warp-tls >= 3.2.5
- default-language:
- Haskell2010
+ async
+ , base >=4.7 && <5
+ , base64-bytestring
+ , binary
+ , bytestring
+ , case-insensitive
+ , conduit
+ , conduit-extra
+ , http-client
+ , http-reverse-proxy >=0.4.0
+ , http-types
+ , optparse-applicative
+ , tls >=1.5.0
+ , unix
+ , wai >=3.2.2
+ , wai-extra
+ , warp >=3.2.8
+ , warp-tls >=3.2.5
+ if flag(static)
+ ghc-options: -optl-static
+ default-language: Haskell2010
diff --git a/HProx.hs b/src/HProx.hs
index 87252ef..87252ef 100644
--- a/HProx.hs
+++ b/src/HProx.hs
diff --git a/Main.hs b/src/Main.hs
index 406434c..0ea7a3c 100644
--- a/Main.hs
+++ b/src/Main.hs
@@ -70,7 +70,7 @@ parser = info (helper <*> opts) fullDesc
( long "bind"
<> short 'b'
<> metavar "bind_ip"
- <> help "The address to bind on (default: all interfaces)")
+ <> help "the ip address to bind on (default: all interfaces)")
port = optional $ option auto
( long "port"
@@ -79,10 +79,10 @@ parser = info (helper <*> opts) fullDesc
<> help "port number (default 3000)")
ssl = many $ option (eitherReader parseSSL)
- ( long "ssl"
+ ( long "tls"
<> short 's'
<> metavar "hostname:cerfile:keyfile"
- <> help "enable SSL and specify a SSL certificates")
+ <> help "enable TLS and specify a domain and associated TLS certificate (can be used multiple times for multiple domains)")
user = optional $ strOption
( long "user"
@@ -93,18 +93,18 @@ parser = info (helper <*> opts) fullDesc
auth = optional $ strOption
( long "auth"
<> short 'a'
- <> metavar "users.txt"
- <> help "password file for proxy authentication (each line with a colon separated user/pass pair)")
+ <> metavar "userpass.txt"
+ <> help "password file for proxy authentication (plain text file with lines each containaing a colon separated user/password pair)")
ws = optional $ strOption
( long "ws"
<> metavar "remote-host:80"
- <> help "remote host to handle websocket requests")
+ <> help "remote host to handle websocket requests (http server only)")
rev = optional $ strOption
( long "rev"
<> metavar "remote-host:80"
- <> help "remote host for revere proxy")
+ <> help "remote host for revere proxy (http server only)")
setuid :: String -> IO ()