目录

gost配置反向代理隧道

Derrick 收录于文档

2024-09-11 约 508 字预计阅读 2 分钟次阅读

目录

gost配置反向代理隧道

初始化

1
2
3
4
5
mkdir -p /opt/go/src/github.com/go-gost
cd /opt/go/src/github.com/go-gost
git@github.com:go-gost/gost.git
mkdir gost-plus
cd gost-plus/

配置gost.yaml

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
services:
- name: service-0
  addr: :8080
  handler:
    type: tunnel
    metadata:
      entrypoint: :8000
      ingress: ingress-0
      #scheme: https
  listener:
    type: ws

ingresses:
- name: ingress-0
  plugin:
    type: grpc
    addr: gost-plugins:8000

log:
  level: info

配置docker-compose.yaml

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
version: '3'

services:
  gost-tunnel: 
    image: gogost/gost
    restart: always
    ports:
      - "8081:8081"
      - "8082:8082"
    volumes:
      - /opt/go/src/github.com/go-gost/gost-plus/gost-plus:/etc/gost/

  gost-plugins: 
    image: ginuerzh/gost-plugins
    restart: always
    command: "ingress --addr=:8082 --redis.addr=redis:6379 --redis.db=2 --redis.expiration=24h --domain=gost.p-pp.cn --log.level=debug"

  redis: 
    image: redis:7.2.1-alpine
    restart: always
    command: "redis-server --save 60 1 --loglevel warning"
    volumes:
      - redis:/data

volumes:
  redis:
    driver: local

启动

1
docker compose up -d

配置nginx

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
cat /etc/nginx/sites-enabled/tunnel.gost.p-pp.cn.conf 
upstream internal.infra.gost {
        server localhost:8081;
}

server {
        listen 80;
        server_name tunnel.gost.p-pp.cn;
        return 308 https://$host$request_uri;
}

server {
        listen 443 ssl;
        server_name tunnel.gost.p-pp.cn;
        ssl_certificate gost-cert/tunnel.gost.p-pp.cn.pem;
        ssl_certificate_key gost-cert/tunnel.gost.p-pp.cn.key;
        ssl_protocols TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM;
        ssl_session_cache shared:SSL_WS2:500m;
        ssl_session_timeout 10m;
        ssl_prefer_server_ciphers on;
        access_log /var/log/nginx/tunnel.gost.p-pp.cn.access.log body_main;
        error_log /var/log/nginx/tunnel.gost.p-pp.cn.access.log;

        location / {
                proxy_pass_header server;
                proxy_set_header host $http_host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header x-real-ip $remote_addr;
                proxy_set_header x-scheme $scheme;
                proxy_http_version 1.1;
                proxy_set_header Connection keep-alive;
                proxy_set_header Keep-Alive 3600;
                keepalive_timeout 3600;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_pass http://internal.infra.gost;
        }
}

cat /etc/nginx/sites-enabled/gost.p-pp.cn.conf 
upstream internal.infra.gost-plugin {
        server localhost:8082;
}

server {
        listen 80;
        server_name *.gost.p-pp.cn;
        return 308 https://$host$request_uri;
}

server {
        listen 443 ssl;
        server_name *.gost.p-pp.cn;
        ssl_certificate gost-cert/tunnel.gost.p-pp.cn.pem;
        ssl_certificate_key gost-cert/tunnel.gost.p-pp.cn.key;
        #ssl_certificate gost-cert/$ssl_server_name.pem;
        #ssl_certificate_key gost-cert/$ssl_server_name.key;
        ssl_protocols TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM;
        ssl_session_cache shared:SSL_WS2:500m;
        ssl_session_timeout 10m;
        ssl_prefer_server_ciphers on;
        access_log /var/log/nginx/gost.p-pp.cn.access.log main;
        error_log /var/log/nginx/gost.p-pp.cn.access.log;

        location / {
                proxy_pass_header server;
                proxy_set_header host $http_host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header x-real-ip $remote_addr;
                proxy_set_header x-scheme $scheme;
                proxy_http_version 1.1;
                proxy_set_header Connection keep-alive;
                proxy_set_header Keep-Alive 3600;
                keepalive_timeout 3600;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_pass http://internal.infra.gost-plugin;
        }
}

配置域名解析

域名	类型	地址
gost.p-pp.cn	CNAME	host02.p-pp.cn
*.gost.p-pp.cn	CNAME	host02.p-pp.cn

客户端下载

https://github.com/go-gost/gost/releases

客户端连接

1
2
3
./gost -L rtcp://:/127.0.0.1:3000 -F "tunnel+wss://tunnel.gost.p-pp.cn:443"
{"handler":"rtcp","kind":"service","level":"info","listener":"rtcp","msg":"listening on :0/tcp","service":"service-0","time":"2024-09-11T21:30:01.587+08:00"}
{"connector":"tunnel","dialer":"wss","endpoint":"065d67d07b0a820f","hop":"hop-0","kind":"connector","level":"info","msg":"create tunnel on 065d67d07b0a820f:0/tcp OK, tunnel=d101599e-7040-11ef-a7f4-c4c6e6b12218, connector=03a48873-fdbd-4b49-a034-f517d2e69c29, weight=0","node":"node-0","time":"2024-09-11T21:30:01.656+08:00","tunnel":"d101599e-7040-11ef-a7f4-c4c6e6b12218"}

访问测试

065d67d07b0a820f.gost.p-pp.cn

参考文档

https://gost.run/blog/2023/gost-plus/ https://gost.run/tutorials/reverse-proxy-tunnel/