你的位置:首页 > 互联网IT
gost,gost3,gost-v3,gost3配置文件教材,http代理,socks5代理,转发端口,shadowsocks代理,SS代理,负载均衡,中转服务,端口映射,gost3命令教材,配置,命
gost,gost3,gost-v3,gost3配置文件教材,http代理,socks5代理,转发端口,shadowsocks代理,SS代理,负载均衡,中转服务,端口映射,gost3命令教材,配置,命令行,配置文件
系统:Windows/linux
软件:gost v3.0
功能:http代理,socks5代理,转发端口,shadowsocks代理,SS代理,负载均衡,中转服务,端口映射
项目地址:https://github.com/go-gost/gost
gost-v3-beta.6(使用很久,稳定版本)
本地下载1-Windows-32位:gost-windows-386-3.0.0-beta.6.zip
本地下载2-Windows-64位:gost-windows-amd64-3.0.0-beta.6.zip
本地下载3-linux-32位:gost-linux-386-3.0.0-beta.6.gz
本地下载4-linux-64位:gost-linux-amd64-3.0.0-beta.6.gz
gost-v3.0.0-rc8
本地下载5-Windows-32位:gost_3.0.0-rc8_windows_386.zip
本地下载6-Windows-64位:gost_3.0.0-rc8_windows_amd64.zip
本地下载7-linux-32位:gost_3.0.0-rc8_linux_386.tar.gz
本地下载8-linux-64位:gost_3.0.0-rc8_linux_amd64.tar.gz
项目地址下载地址:https://github.com/go-gost/gost/releases
本文内容:配置,命令行,配置文件
gost,gost3,gost-v3版本-配置文件文章
https://www.zhuguodong.com/?id=771
gost,gost3,gost-v3版本-命令文章
https://www.zhuguodong.com/?id=767
同类型gost-v2.0(gost2)版本
https://www.zhuguodong.com/?id=700
-----------------------------------------------------------
Windows隐藏运行软件,cmd隐藏运行,bat隐藏运行,命令窗口隐藏运行
https://www.zhuguodong.com/?id=520
linux隐藏运行软件
nohup /root/gost -L ss://aes-256-cfb:123456@:23333 >/dev/null 2>&1 &
nohup 《内容替换》 >/dev/null 2>&1 &
-----------------------------------------------------------
简单配置运行:
Windows:新建 gost.bat 文件
linux:命令窗口隐藏运行,gost要加入权限:chmod +x gost
启动参数:-c
Windows:start "" "gost.exe" -C gost.yaml
linux:gost -C gost.yaml
说明:.yaml配置文件不能有空行,或者不必要的空格,不然会运行不成功
启动参数:-c
Windows:start "" "gost.exe" -C gost.json
linux:gost -C gost.json
程序gost与文件同一目录下,说明:.json与.yaml配置文件格式(这个文件格式配置不能出现空格),教材就用.json格式演示
配置.json与.yaml格式可相互转换的
输出yaml格式配置
gost -L http://:8080 -O yaml
输出json格式配置
gost -L http://:8080 -O json
将json格式配置转成yaml格式
gost -C gost.json -O yaml
gost -C gost.yaml -O json
-----------------------------------------------------------
命令行参数¶
GOST目前有以下几个命令行参数项:
-L - 指定本地服务,可设置多个。
此参数值为类URL格式(方括号中的内容可以省略):
[scheme://][username:password@host]:port[?key1=value1&key2=value2]
或用于端口转发模式
scheme://[bind_address]:port/[host]:hostport[?key1=value1&key2=value2]
scheme
可以是处理器(Handler)与监听器(Listener)的组合,也可以是单独的处理器(监听器默认为tcp)或监听器(处理器默认为auto),例如:
http+tls - 处理器http与监听器tls的组合,指定HTTPS代理服务
http - 等价与http+tcp,处理器http与监听器tcp的组合,指定HTTP代理服务
tcp - 等价与tcp+tcp,处理器tcp与监听器tcp的组合,指定TCP端口转发
tls - 等价与auto+tls,处理器auto与监听器tls的组合
示例
gost -L http://:8080
gost -L http://:8080 -L socks5://:1080?foo=bar
gost -L http+tls://gost:gost@:8443
gost -L tcp://:8080/192.168.1.1:80
gost -L tls://:8443
转发地址列表
端口转发模式支持转发目标地址列表形式:
gost -L tcp://:8080/192.168.1.1:80,192.168.1.2:80,192.168.1.3:8080
-F - 指定转发服务,可设置多个,构成转发链。
此参数值为类URL格式(方括号中的内容可以省略):
[scheme://][username:password@host]:port[?key1=value1&key2=value2]
scheme
可以是连接器(Connector)与拨号器(Dialer)的组合,也可以是单独的连接器(拨号器默认为tcp)或拨号器(连接器默认为http),例如:
http+tls - 连接器http与拨号器tls的组合,指定HTTPS代理节点
http - 等价与http+tcp,处理器http与监听器tcp的组合,指定HTTP代理节点
tls - 等价与http+tls
Example
gost -L http://:8080 -F http://gost:gost@192.168.1.1:8080 -F socks5+tls://192.168.1.2:1080?foo=bar
节点组
也可以通过设置地址列表构成节点组:
gost -L http://:8080 -F http://gost:gost@192.168.1.1:8080,192.168.1.2:8080
-C - 指定外部配置文件。
Example
使用配置文件gost.yml
gost -C gost.yml
-O - 指定配置输出格式,目前支持yaml或json。
Example
输出yaml格式配置
gost -L http://:8080 -O yaml
输出json格式配置
gost -L http://:8080 -O json
将json格式配置转成yaml格式
gost -C gost.json -O yaml
-D - 开启Debug模式,更详细的日志输出。
Example
gost -L http://:8080 -D
-V - 查看版本,显示当前运行的GOST版本号。
Example
gost -V
-api - 指定WebAPI地址。
Example
gost -L http://:8080 -api :18080
-metrics - 指定prometheus metrics API地址。
Example
gost -L http://:8080 -metrics :9000
scheme参数在命令行中的问题
macOS系统默认的zsh不支持命令行参数使用?和&,所以在macOS环境下,如果你的scheme包含特殊字符,请使用双引号"",否则会报错:“zsh: no matches found: ...”。
Bash
Zsh
gost -L http://:8080 -L socks5://:1080?foo=bar
-----------------------------------------------------------
配置文件¶
GOST配置文件使用yaml或json格式,完整的配置文件的结构如下:
yaml格式
services:
- name: service-0
addr: ":8080"
interface: eth0
sockopts:
mark: 1
admission: admission-0
bypass: bypass-0
resolver: resolver-0
hosts: hosts-0
handler:
type: http
auth:
username: user
password: pass
auther: auther-0
chain: chain-0
retries: 1
metadata:
foo: bar
bar: baz
listener:
type: tcp
auth:
username: user
password: pass
auther: auther-0
chain: chain-0
tls:
certFile: cert.pem
keyFile: key.pem
caFile: ca.pem
metadata:
abc: xyz
def: 456
forwarder:
nodes:
- name: target-0
addr: 192.168.1.1:1234
- name: target-1
addr: 192.168.1.2:2345
selector:
strategy: rand
maxFails: 1
failTimeout: 30s
chains:
- name: chain-0
selector:
strategy: round
maxFails: 1
failTimeout: 30s
hops:
- name: hop-0
interface: 192.168.1.2
sockopts:
mark: 1
selector:
strategy: rand
maxFails: 3
failTimeout: 60s
bypass: bypass-0
nodes:
- name: node-0
addr: ":1080"
interface: eth1
sockopts:
mark: 1
bypass: bypass-0
connector:
type: socks5
auth:
username: user
password: pass
metadata:
foo: bar
dialer:
type: tcp
auth:
username: user
password: pass
tls:
caFile: "ca.pem"
secure: true
serverName: "example.com"
metadata:
bar: baz
tls:
certFile: "cert.pem"
keyFile: "key.pem"
caFile: "ca.pem"
authers:
- name: auther-0
auths:
- username: user1
password: pass1
- username: user2
password: pass2
admissions:
- name: admission-0
whitelist: false
matchers:
- 127.0.0.1
- 192.168.0.0/16
bypasses:
- name: bypass-0
whitelist: false
matchers:
- "*.example.com"
- .example.org
- 0.0.0.0/8
resolvers:
- name: resolver-0
nameservers:
- addr: udp://8.8.8.8:53
chain: chain-0
ttl: 60s
prefer: ipv4
clientIP: 1.2.3.4
timeout: 3s
- addr: tcp://1.1.1.1:53
- addr: tls://1.1.1.1:853
- addr: https://1.0.0.1/dns-query
hostname: cloudflare-dns.com
hosts:
- name: hosts-0
mappings:
- ip: 127.0.0.1
hostname: localhost
- ip: 192.168.1.10
hostname: foo.mydomain.org
aliases:
- foo
- ip: 192.168.1.13
hostname: bar.mydomain.org
aliases:
- bar
- baz
log:
output: stderr
level: debug
format: json
rotation:
maxSize: 100
maxAge: 10
maxBackups: 3
localTime: false
compress: false
profiling:
addr: ":6060"
api:
addr: ":18080"
pathPrefix: /api
accesslog: true
auth:
username: user
password: pass
auther: auther-0
metrics:
addr: :9000
path: /metrics
json格式
{
"services": [
{
"name": "service-0",
"addr": ":8080",
"interface": "eth0",
"admission": "admission-0",
"bypass": "bypass-0",
"resolver": "resolver-0",
"hosts": "hosts-0",
"handler": {
"type": "http",
"auth": {
"username": "gost",
"password": "gost"
},
"auther": "auther-0",
"retries": 1,
"chain": "chain-0",
"metadata": {
"bar": "baz",
"foo": "bar"
}
},
"listener": {
"type": "tcp",
"auth": {
"username": "user",
"password": "pass"
},
"auther": "auther-0",
"chain": "chain-0",
"tls": {
"certFile": "cert.pem",
"keyFile": "key.pem",
"caFile": "ca.pem"
},
"metadata": {
"abc": "xyz",
"def": 456
}
},
"forwarder": {
"nodes": [
{
"name": "target-0",
"addr": "192.168.1.1:1234"
},
{
"name": "target-1",
"addr": "192.168.1.2:2345"
}
],
"selector": {
"strategy": "round",
"maxFails": 1,
"failTimeout": 30
}
}
}
],
"chains": [
{
"name": "chain-0",
"selector": {
"strategy": "round",
"maxFails": 1,
"failTimeout": 30
},
"hops": [
{
"name": "hop-0",
"interface": "192.168.1.2",
"selector": {
"strategy": "rand",
"maxFails": 3,
"failTimeout": 60
},
"bypass": "bypass-0",
"nodes": [
{
"name": "node-0",
"addr": ":1080",
"interface": "eth1",
"bypass": "bypass-0",
"connector": {
"type": "socks5",
"auth": {
"username": "user",
"password": "pass"
},
"metadata": {
"foo": "bar"
}
},
"dialer": {
"type": "tcp",
"auth": {
"username": "user",
"password": "pass"
},
"tls": {
"caFile": "ca.pem",
"secure": true,
"serverName": "example.com"
},
"metadata": {
"bar": "baz"
}
}
}
]
}
]
}
],
"authers": [
{
"name": "auther-0",
"auths": [
{
"username": "user1",
"password": "pass1"
},
{
"username": "user2",
"password": "pass2"
}
]
}
],
"admissions": [
{
"name": "admission-0",
"whitelist": false,
"matchers": [
"127.0.0.1",
"192.168.0.0/16"
]
}
],
"bypasses": [
{
"name": "bypass-0",
"whitelist": false,
"matchers": [
"*.example.com",
".example.org",
"0.0.0.0/8"
]
}
],
"resolvers": [
{
"name": "resolver-0",
"nameservers": [
{
"addr": "udp://8.8.8.8:53",
"chain": "chain-0",
"prefer": "ipv4",
"clientIP": "1.2.3.4",
"ttl": 60,
"timeout": 30
},
{
"addr": "tcp://1.1.1.1:53"
},
{
"addr": "tls://1.1.1.1:853"
},
{
"addr": "https://1.0.0.1/dns-query",
"hostname": "cloudflare-dns.com"
}
]
}
],
"hosts": [
{
"name": "hosts-0",
"mappings": [
{
"ip": "127.0.0.1",
"hostname": "localhost"
},
{
"ip": "192.168.1.10",
"hostname": "foo.mydomain.org",
"aliases": [
"foo"
]
},
{
"ip": "192.168.1.13",
"hostname": "bar.mydomain.org",
"aliases": [
"bar",
"baz"
]
}
]
}
],
"tls": {
"certFile": "cert.pem",
"keyFile": "key.pem",
"caFile": "ca.pem"
},
"log": {
"output": "stderr",
"level": "debug",
"format": "json",
"rotation": {
"maxSize": 100,
"maxAge": 10,
"maxBackups": 3,
"localTime": false,
"compress": false
}
},
"profiling": {
"addr": ":6060",
"enabled": true
},
"api": {
"addr": ":18080",
"pathPrefix": "/api",
"accesslog": true,
"auth": {
"username": "user",
"password": "password"
},
"auther": "auther-0"
},
"metrics": {
"addr": ":9000",
"path": "/metrics"
}
}
服务(Service)¶
name (string, required)
服务名称
addr (string, required)
服务地址
interface (string)
网络接口名或IP地址
sockopts (object)
Socket参数
admission (string, ref)
admission名称,引用admissions.name
bypass (string, ref)
bypass名称,引用bypasses.name
resolver (string, ref)
resolver名称,引用resolvers.name
hosts (string, ref)
hosts名称,对应hosts.name
handler (object, required)
处理器对象
listener (object, required)
监听器对象
forwarder (object)
转发器对象,用于端口转发
处理器(Handler)¶
type (string, required)
处理器类型
auther (string)
认证器名称,引用authers.name
auth (object)
认证信息,如果设置了auther,此字段无效。
chain (string, ref)
转发链名称,引用chains.name
retries (int, default=0)
请求处理失败后重试次数
metadata (map)
处理器实例相关参数
监听器(Listener)¶
type (string, required)
监听器类型
chain (string, ref)
转发链名称,对应chains.name
auther (string)
认证器名称,引用authers.name
auth (object)
认证信息,如果设置了auther,此字段无效。
tls (object)
监听器实例TLS配置
metadata (map)
监听器实例相关参数
转发器(Forwarder)¶
nodes (objects)
转发目标节点列表
selector (object)
负载均衡策略
转发链(Chain)¶
name (string, required)
转发链名称
selector (object)
转发链层级节点选择器,用于负载均衡
hops (hop-list)
跳跃点列表
跳跃点(Hop)¶
name (string, required)
跳跃点名称
interface (string)
网络接口名或IP地址
sockopts (object)
Socket参数
selector (object)
跳跃点层级节点选择器,如果设置,则覆盖转发链层级选择器
bypass (string, ref)
bypass名称,引用bypasses.name
nodes (node-list)
节点列表
节点(Node)¶
name (string, required)
节点名称
addr (string, required)
节点地址
interface (string)
网络接口名或IP地址,如果设置,则会覆盖hop.interface
sockopts (object)
Socket参数,如果设置,则会覆盖hop.sockopts
bypass (string, ref)
bypass名称,引用bypasses.name。
connector (object)
连接器对象
dialer (object)
拨号器对象
连接器(Connector)¶
type (string, required)
连接器类型
auth (object)
认证信息
metadata (map)
连接器实例相关参数
拨号器(Dialer)¶
type (string, required)
拨号器类型
auth (object)
认证信息
tls (object)
TLS配置
metadata (map)
拨号器实例相关参数
TLS¶
certFile (string)
证书公钥文件
keyFile (string)
证书私钥文件
caFile (string)
CA证书文件
secure (bool, default=false)
开启服务器证书和域名校验
serverName (string)
服务器域名,用于域名校验
认证器(Auther)¶
name (string, required)
名称
auths (list)
认证信息列表
认证信息(Auth)¶
username (string)
用户名
password (string)
密码
节点选择器(Selector)¶
strategy (string, default=round)
节点选择策略:
round, rr - 轮询
random, rand - 随机
fifo - 主备模式
maxFails (int, default=1)
节点连接最大失败次数
failTimeout (duration, default=30s)
节点失败标记超时时长
准入控制器(Admission)¶
name (string, required)
admission名称
whitelist (bool, default=false)
切换为白名单
matchers (strings)
地址列表,支持IP,CIDR
分流器(Bypass)¶
name (string, required)
bypass名称
whitelist (bool, default=false)
切换为白名单
matchers (strings)
地址列表,支持IP,CIDR,域名或域名通配符
域名解析器(Resolver)¶
name (string, required)
名称
nameservers (list)
域名服务列表
域名服务(Nameserver)¶
addr (string, required)
域名地址
chain (string, ref)
转发链名称,引用chains.name
prefer (string, default=ipv4)
IP地址类型优先级
ipv4 - IPv4优先
ipv6 - IPv6优先
clientIP (string)
客户端IP,设置后会开启ECS(EDNS Client Subnet)扩展功能。
ttl (duration)
DNS缓存有效期,默认使用DNS查询返回结果中的TTL。当设置为负值,则不使用缓存。
timeout (duration)
DNS请求超时时长
主机映射器(Hosts)¶
主机名-IP地址静态映射表
name (string, required)
映射表名称
mappings (list)
映射列表
映射列表项(mapping)¶
ip (string)
IP地址
hostname (string)
主机名
aliases (strings)
主机别名列表
Socket参数(SockOpts)¶
mark (int)
Linux Socket SO_MARK参数选项
日志(log)¶
日志配置,设置日志级别,格式和输出方式。
level (string, default=info)
日志级别,支持的选项:trace,debug,info,warn,error,fatal。
format (string, default=json)
日志格式,支持的格式:json,text。
output (string, default=stderr)
日志输出方式:
none - 丢弃日志。
stderr - 标准错误流
stdout - 标准输出流
/path/to/file - 指定的文件路径
rotation.maxSize (int, default=100)
文件存储大小,单位为MB。
rotation.maxAge (int)
备份日志文件保存天数,默认不根据时间清理旧文件。
rotation.maxBackups (int)
备份日志文件数量,默认保存所有文件。
rotation.localTime (bool, default=false)
备份文件名是否使用本地时间格式。默认使用UTC时间。
rotation.compress (bool, default=false)
备份文件是否(使用gzip)压缩。
Profiling¶
addr (string)
服务地址
enabled (bool, default=false)
是否开启
API¶
addr (string)
WebAPI服务地址,设置后将开启WebAPI服务
pathPrefix (string)
设置API路径前缀
accesslog (bool, default=false)
开启API访问日志
auth (object)
认证信息,如果设置了auther,此字段无效。
auther (string)
认证器名称,引用authers.name
Metrics¶
addr (string)
服务地址
path (string, default=/metrics)
访问路径
-----------------------------------------------------------
GO Simple Tunnel
GO语言实现的安全隧道
功能特性
多端口监听
多级转发链
多协议支持
TCP/UDP端口转发
TCP/UDP透明代理
DNS解析和代理
TUN/TAP设备
反向代理
负载均衡
路由控制
限速限流
准入控制
动态配置
插件系统
Prometheus监控指标
Web API
Web UI
Telegram讨论群:https://t.me/gogost
Google讨论组:https://groups.google.com/d/forum/go-gost
提交Issue:https://github.com/go-gost/gost/issues
旧版入口:v2.gost.run
下载安装
二进制文件
https://github.com/go-gost/gost/releases
源码编译
git clone https://github.com/go-gost/gost.git
cd gost/cmd/gost
go build
Docker
docker run --rm gogost/gost -V
Shadowsocks Android插件
xausky/ShadowsocksGostPlugin
https://github.com/xausky/ShadowsocksGostPlugin
发表评论: