backup/cgproxy
1
0
Fork 0
mirror of https://github.com/springzfx/cgproxy.git synced 2026-04-23 10:11:04 +08:00
Code Issues 1 Projects Releases Wiki Activity

some adjustment

Browse Source
This commit is contained in:
fancy
2020-04-23 13:23:41 +08:00
parent b614d006c1
commit 7a8d46cb01
1 changed files with 25 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
readme.md
View File

@@ -69,6 +69,7 @@ More config in `/etc/cgproxy.conf`:
## any process in this cgroup will be proxied ## any process in this cgroup will be proxied
## must start with slash '/' ## must start with slash '/'
proxy_cgroup="/proxy.slice" proxy_cgroup="/proxy.slice"
# proxy_cgroup="/user.slice"
## listening port of another proxy process, for example v2ray ## listening port of another proxy process, for example v2ray
port=12345 port=12345
@@ -83,12 +84,12 @@ enable_ipv6=true
## only useful if v2ray process is also in proxy_cgroup, for example, you want to proxy whole userspace, ## only useful if v2ray process is also in proxy_cgroup, for example, you want to proxy whole userspace,
## and v2ray is also running in the same userspace ## and v2ray is also running in the same userspace
## otherwise ignore this ## otherwise ignore this
v2ray_so_mark=255 v2ray_outbound_mark=0xff # 255
## do not modify this if you don't known what you are doing ## do not modify this if you don't known what you are doing
table=100 table=100
mark=100 mark=0x01
mark_newin=1 mark_newin=0x02
``` ```
If you changed config, remember to restart service If you changed config, remember to restart service
@@ -97,6 +98,27 @@ If you changed config, remember to restart service
sudo systemctl restart cgproxy.service sudo systemctl restart cgproxy.service
``` ```
## Global transparent proxy
- First, set `proxy_cgroup=/user.slice` in `/etc/cgproxy.conf`, this will proxy your whole user space
- Then, allow proxy software itself connect direct to internet, two available solutions:
- Sloution 1: set all outbound mark in v2ray, and set `v2ray_outbound_mark` in `/etc/cgproxy.conf`
- Sloution 2: run your proxy software in another cgroup that won't be proxyied
```bash
# qv2ray as example
run_in_cgroup --cgroup=/noproxy.slice qv2ray
# v2ray as example
run_in_cgroup --cgroup=/noproxy.slice v2ray --config config_file
```
- Finally, restart service `sudo systemctl restart cgproxy.service`, that's all
##
## Other useful tools provided in this project ## Other useful tools provided in this project
- `cgattach` attach specific process pid to specific cgroup which will create if not exist , cgroup can be only one level down exist cgroup, otherwise created fail. - `cgattach` attach specific process pid to specific cgroup which will create if not exist , cgroup can be only one level down exist cgroup, otherwise created fail.
@@ -115,21 +137,6 @@ sudo systemctl restart cgproxy.service
run_in_cgroup --cgroup=/mycgroup.slice ping 127.0.0.1 run_in_cgroup --cgroup=/mycgroup.slice ping 127.0.0.1
``` ```
## Global transparent proxy
- First run your proxy software (v2ray as example) in another cgroup that won't be proxid
```bash
# qv2ray as example
run_in_cgroup --cgroup=/noproxy.slice qv2ray
# v2ray as example
run_in_cgroup --cgroup=/noproxy.slice v2ray --config config_file
```
- Second, set `proxy_cgroup=/user.slice` in `/etc/cgproxy.conf`, this will proxy your whole user space
- restart service `sudo systemctl restart cgproxy.service`, that's all
## NOTES ## NOTES
- `cgattach` attach pid to specific cgroup, and has *suid* bit set by default, be careful to use on multi-user server for securiry. To avoid this situation, you can remove the *suid* bit , then it will fallback to use *sudo*, with *visudo* you can restrict permission or set NOPASSWD for youself. - `cgattach` attach pid to specific cgroup, and has *suid* bit set by default, be careful to use on multi-user server for securiry. To avoid this situation, you can remove the *suid* bit , then it will fallback to use *sudo*, with *visudo* you can restrict permission or set NOPASSWD for youself.