backup/cgproxy
1
0
Fork 0
mirror of https://github.com/springzfx/cgproxy.git synced 2026-01-07 13:07:56 +08:00
Code Issues 1 Projects Releases Wiki Activity

updated readme

Browse Source
This commit is contained in:
fancy
2020-04-24 02:03:13 +08:00
parent 04ce6bee1f
commit 7d76a9742b
2 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
cgproxy.conf
View File

@@ -1,7 +1,9 @@
# see how to configure
# https://github.com/springzfx/cgproxy
########################################################################
## cgroup transparent proxy
## any process in cgroup_proxy will be proxied, and cgroup_noproxy is the opposite
## note: v2ray should not run in a proxied cgroup
## any process in cgroup_proxy will be proxied, and cgroup_noproxy the opposite
## cgroup must start with slash '/'
# cgroup_proxy="/"
cgroup_proxy="/proxy.slice"
@@ -17,7 +19,7 @@ enable_tcp=true
enable_udp=true
enable_ipv4=true
enable_ipv6=true
enable_dns=true # due to v2ray bug https://github.com/v2ray/v2ray-core/issues/1432
enable_dns=true
########################################################################

13
readme.md
View File

@@ -70,8 +70,7 @@ More config in `/etc/cgproxy.conf`:
```bash
########################################################################
## cgroup transparent proxy
## any process in cgroup_proxy will be proxied, and cgroup_noproxy is the opposite
## note: v2ray should not run in a proxied cgroup
## any process in cgroup_proxy will be proxied, and cgroup_noproxy the opposite
## cgroup must start with slash '/'
# cgroup_proxy="/"
cgroup_proxy="/proxy.slice"
@@ -87,7 +86,7 @@ enable_tcp=true
enable_udp=true
enable_ipv4=true
enable_ipv6=true
enable_dns=true # due to v2ray bug https://github.com/v2ray/v2ray-core/issues/1432
enable_dns=true
########################################################################
@@ -147,8 +146,12 @@ sudo systemctl restart cgproxy.service
## NOTES
- `cgattach` attach pid to specific cgroup, and has *suid* bit set by default, be careful to use on multi-user server for securiry. To avoid this situation, you can remove the *suid* bit , then it will fallback to use *sudo*, with *visudo* you can restrict permission or set NOPASSWD for youself.
- TPROXY need root or cap_net_admin capability whatever process is listening on port,
v2ray as example: sudo setcap cap_net_admin+ep /usr/lib/v2ray/v2ray
- v2ray TPROXY need root or special permiassion
```bash
sudo setcap "cap_net_bind_service=+ep cap_net_admin=+ep" /usr/lib/v2ray/v2ray
```
## TIPS