diff --git a/README.md b/README.md index 8178256..73a1712 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ [6]: https://t.me/hysteria_github -[中文 README](README.zh.md) +[中文](README.zh.md) Hysteria is a TCP/UDP relay & SOCKS5/HTTP proxy tool optimized for networks of poor quality (e.g. satellite connections, congested public Wi-Fi, connecting from China to servers abroad) powered by a custom version of QUIC protocol. @@ -86,21 +86,13 @@ Same as the server side, create a `config.json` under the root directory of the }, "http": { "listen": "127.0.0.1:8080" - }, - "relay_tcp": { - "listen": "127.0.0.1:2222", - "remote": "123.123.123.123:22" - }, - "relay_udp": { - "listen": "127.0.0.1:5333", - "remote": "8.8.8.8:53" } } ``` -This config enables a SOCKS5 proxy (with both TCP & UDP support), an HTTP proxy, a TCP relay to `123.123.123.123:22` and -a UDP relay to `8.8.8.8:53` -at the same time. Please modify or remove these entries according to your actual needs. +This config enables a SOCKS5 proxy (with both TCP & UDP support), and an HTTP proxy at the same time. There are many +other modes in Hysteria, be sure to check them out in [Advanced usage](#advanced-usage)! To enable or disable a mode, +simply add or remove its entry in the config file. If your server certificate is not issued by a trusted CA, you need to specify the CA used with `"ca": "/path/to/file.ca"` on the client or use `"insecure": true` to ignore all certificate errors (not @@ -223,15 +215,23 @@ hysteria_traffic_uplink_bytes_total{auth="aGFja2VyISE="} 37452 "key": "/home/ubuntu/my_key.crt" // Key file (HTTPS proxy) }, "relay_tcp": { - "listen": "127.0.0.1:2222", // TCP relay Listen address + "listen": "127.0.0.1:2222", // TCP relay listen address "remote": "123.123.123.123:22", // TCP relay remote address "timeout": 300 // TCP timeout in seconds }, "relay_udp": { - "listen": "127.0.0.1:5333", // UDP relay Listen address + "listen": "127.0.0.1:5333", // UDP relay listen address "remote": "8.8.8.8:53", // UDP relay remote address "timeout": 60 // UDP session timeout in seconds }, + "tproxy_tcp": { + "listen": "127.0.0.1:9000", // TCP TProxy listen address + "timeout": 300 // TCP timeout in seconds + }, + "tproxy_udp": { + "listen": "127.0.0.1:9000", // UDP TProxy listen address + "timeout": 60 // UDP session timeout in seconds + }, "acl": "my_list.acl", // See ACL below "obfs": "AMOGUS", // Obfuscation password "auth": "[BASE64]", // Authentication payload in Base64 @@ -243,6 +243,14 @@ hysteria_traffic_uplink_bytes_total{auth="aGFja2VyISE="} 37452 } ``` +#### Transparency proxy + +TPROXY modes (`tproxy_tcp` & `tproxy_udp`) are only available on Linux. + +References: +- https://www.kernel.org/doc/Documentation/networking/tproxy.txt +- https://powerdns.org/tproxydoc/tproxy.md.html + ## ACL [ACL File Format](ACL.md) diff --git a/README.zh.md b/README.zh.md index de5e122..67b2e31 100644 --- a/README.zh.md +++ b/README.zh.md @@ -79,20 +79,12 @@ Hysteria 是专门针对恶劣网络环境进行优化的 TCP/UDP 转发和代 }, "http": { "listen": "127.0.0.1:8080" - }, - "relay_tcp": { - "listen": "127.0.0.1:2222", - "remote": "123.123.123.123:22" - }, - "relay_udp": { - "listen": "127.0.0.1:5333", - "remote": "8.8.8.8:53" } } ``` -这个配置同时开了 SOCK5 (支持 TCP & UDP) 代理,HTTP 代理,到 `123.123.123.123:22` 的 TCP 转发和到 `8.8.8.8:53` 的 UDP 转发。 -请根据自己实际需要修改和删减。 +这个配置同时开了 SOCK5 (支持 TCP & UDP) 代理和 HTTP 代理。Hysteria 还有很多其他模式,请务必前往 [高级用法](#高级用法) 了解一下! +要启用/禁用一个模式,在配置文件中添加/移除对应条目即可。 如果你的服务端证书不是由受信任的 CA 签发的,需要用 `"ca": "/path/to/file.ca"` 指定使用的 CA 或者用 `"insecure": true` 忽略所有 证书错误(不推荐)。 @@ -220,6 +212,14 @@ hysteria_traffic_uplink_bytes_total{auth="aGFja2VyISE="} 37452 "remote": "8.8.8.8:53", // UDP 转发目标地址 "timeout": 60 // UDP 超时秒数 }, + "tproxy_tcp": { + "listen": "127.0.0.1:9000", // TCP 透明代理监听地址 + "timeout": 300 // TCP 超时秒数 + }, + "tproxy_udp": { + "listen": "127.0.0.1:9000", // UDP 透明代理监听地址 + "timeout": 60 // UDP 超时秒数 + }, "acl": "my_list.acl", // 见下文 ACL "obfs": "AMOGUS", // 混淆密码 "auth": "[BASE64]", // Base64 验证密钥 @@ -231,6 +231,14 @@ hysteria_traffic_uplink_bytes_total{auth="aGFja2VyISE="} 37452 } ``` +#### 透明代理 + +TPROXY 模式 (`tproxy_tcp` 和 `tproxy_udp`) 只在 Linux 下可用。 + +参考阅读: +- https://www.kernel.org/doc/Documentation/networking/tproxy.txt +- https://powerdns.org/tproxydoc/tproxy.md.html + ## 关于 ACL [ACL 文件格式](ACL.zh.md)