add proxyhub

proxyhub/Dockerfile

@@ -0,0 +1,44 @@
+#
+# Dockerfile for ProxyHub
+#
+
+FROM ubuntu:14.04
+MAINTAINER kev <noreply@datageek.info>
+
+RUN apt-get update
+RUN apt-get install -y build-essential pdnsd haproxy nginx
+RUN apt-get clean
+
+RUN curl -sSL https://bootstrap.pypa.io/get-pip.py | python
+RUN pip install supervisor shadowsocks
+
+ADD ./supervisord.conf /etc/supervisor/
+ADD ./services.conf /etc/supervisor/conf.d/
+ADD ./pdnsd.conf /etc/
+ADD ./shadowsocks /etc/shadowsocks
+ADD ./haproxy.cfg /etc/haproxy/
+
+ADD https://download.libsodium.org/libsodium/releases/libsodium-1.0.2.tar.gz /tmp/pkgs/
+ADD http://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-proxy-1.4.3.tar.gz /tmp/pkgs/
+
+WORKDIR /tmp/pkgs/
+
+RUN tar xzf libsodium-1.0.2.tar.gz && \
+    cd libsodium-1.0.2 && \
+    ./configure && \
+    make && \
+    make install
+
+RUN echo /usr/local/lib > /etc/ld.so.conf.d/local.conf && ldconfig
+
+RUN tar xzf dnscrypt-proxy-1.4.3.tar.gz && \
+    cd dnscrypt-proxy-1.4.3 && \
+    ./configure && \
+    make && \
+    make install
+
+WORKDIR /
+RUN rm -r /tmp/pkgs/
+EXPOSE 80 1080
+
+CMD supervisord -n -c /etc/supervisor/supervisord.conf

proxyhub/README.md

@@ -0,0 +1,29 @@
+ProxyHub
+========
+
+## About
+
+- shadowsocks: A secure socks5 proxy, designed to protect your Internet traffic.
+- haproxy: A free, very fast and reliable solution offering high availability,
+  load balancing, and proxying for TCP and HTTP-based applications.
+- dnscrypt: A protocol for securing communications between a client and a DNS resolver.
+- pdnsd: A DNS server designed for local caching of DNS information.
+- nginx: an open source reverse proxy server for HTTP, HTTPS, SMTP, POP3,
+  and IMAP protocols, as well as a load balancer, caching and SSL offload.
+
+## Fig
+
+    proxyhub:
+      image: vimagick/proxyhub
+      ports:
+        - "1080:1080"
+      restart: always
+
+## Run
+
+    fig up -d
+
+## Test
+
+    curl -x socks5h://localhost:1080 https://www.youtube.com
+

proxyhub/fig.yml

@@ -0,0 +1,7 @@
+dnscrypt:
+  image: vimagick/dnscrypt
+  ports:
+    - "1080:1080"
+  dns:
+    - 127.0.0.1
+  restart: always

proxyhub/haproxy.cfg

@@ -0,0 +1,21 @@
+global
+        maxconn 4000
+
+defaults
+        mode    tcp
+        timeout connect 5000ms
+        timeout client 50000ms
+        timeout server 50000ms
+
+frontend front
+        bind *:1080
+        default_backend back
+
+backend back
+        balance roundrobin
+        server s1 127.0.0.1:1981 check
+        server s2 127.0.0.1:1982 check
+        server s3 127.0.0.1:1983 check
+        server s4 127.0.0.1:1984 check
+        server s5 127.0.0.1:1985 check
+

proxyhub/pdnsd.conf

@@ -0,0 +1,37 @@
+global {
+        perm_cache=16384;
+        cache_dir="/var/cache/pdnsd";
+        run_as="pdnsd";
+        server_ip = 0.0.0.0;
+        status_ctl = on;
+        query_method=udp_tcp;
+        min_ttl=15m;       # Retain cached entries at least 15 minutes.
+        max_ttl=1w;        # One week.
+        timeout=10;        # Global timeout option (10 seconds).
+        neg_domain_pol=on;
+        udpbufsize=1024;   # Upper limit on the size of UDP messages.
+}
+
+server {
+        label = "dnscrypt-proxy";
+        ip = 127.0.0.1;
+        port = 2053;
+        timeout = 4;
+        uptest = query;
+        interval = 15m;
+        proxy_only=on;
+}
+
+source {
+        owner=localhost;
+        file="/etc/hosts";
+}
+
+
+rr {
+        name=localhost;
+        reverse=on;
+        a=127.0.0.1;
+        owner=localhost;
+        soa=localhost,root.localhost,42,86400,900,86400,86400;
+}

proxyhub/services.conf

@@ -0,0 +1,23 @@
+[program:dnscrypt]
+priority = 100
+command = dnscrypt-proxy -a 127.0.0.1:2053 -R opendns
+
+[program:pdnsd]
+priority = 200
+command = pdnsd -c /etc/pdnsd.conf
+
+[program:shadowsocks]
+priority = 300
+command = /usr/bin/sslocal -c /etc/shadowsocks/%(process_num)d.json
+numprocs_start = 1981
+numprocs = 5
+process_name = %(process_num)d
+
+[program:haproxy]
+priority = 400
+command = /usr/bin/haproxy -f /etc/haproxy/haproxy.cfg
+
+[program:nginx]
+priority = 500
+command = /usr/bin/nginx -g "daemon off; pid /run/nginx.pid; error_log stderr;"
+

proxyhub/shadowsocks/1981.json

@@ -0,0 +1,9 @@
+{
+  "server": "free1.5z3.pw",
+  "server_port": 443,
+  "local_address": "127.0.0.1",
+  "local_port": 1981,
+  "password": "fogss.com",
+  "method": "rc4-md5",
+  "timeout": 600
+}

proxyhub/shadowsocks/1982.json

@@ -0,0 +1,9 @@
+{
+  "server": "192.243.118.108",
+  "server_port": 8989,
+  "local_address": "127.0.0.1",
+  "local_port": 1982,
+  "password": "dht.me",
+  "method": "aes-256-cfb",
+  "timeout": 600
+}

proxyhub/shadowsocks/1983.json

@@ -0,0 +1,9 @@
+{
+  "server": "ova.pw",
+  "server_port": 8388,
+  "local_address": "127.0.0.1",
+  "local_port": 1983,
+  "password": "goagent",
+  "method": "aes-256-cfb",
+  "timeout": 600
+}

proxyhub/shadowsocks/1984.json

@@ -0,0 +1,8 @@
+{
+  "server": "107.191.53.58",
+  "server_port": 1789,
+  "local_address": "127.0.0.1",
+  "local_port": 1984,
+  "password": "123_FUCK_gfw",
+  "method": "aes-192-cfb"
+}

proxyhub/shadowsocks/1985.json

@@ -0,0 +1,8 @@
+{
+  "server": "104.238.180.87",
+  "server_port": 1789,
+  "local_address": "127.0.0.1",
+  "local_port": 1985,
+  "password": "123_FUCK_gfw",
+  "method": "aes-192-cfb"
+}

proxyhub/supervisord.conf

@@ -0,0 +1,141 @@
+; Sample supervisor config file.
+;
+; For more information on the config file, please see:
+; http://supervisord.org/configuration.html
+;
+; Notes:
+;  - Shell expansion ("~" or "$HOME") is not supported.  Environment
+;    variables can be expanded using this syntax: "%(ENV_HOME)s".
+;  - Comments must have a leading space: "a=b ;comment" not "a=b;comment".
+
+[unix_http_server]
+file=/tmp/supervisor.sock   ; (the path to the socket file)
+;chmod=0700                 ; socket file mode (default 0700)
+;chown=nobody:nogroup       ; socket file uid:gid owner
+;username=user              ; (default is no username (open server))
+;password=123               ; (default is no password (open server))
+
+[inet_http_server]         ; inet (TCP) server disabled by default
+port=0.0.0.0:9001        ; (ip_address:port specifier, *:port for all iface)
+;username=user              ; (default is no username (open server))
+;password=123               ; (default is no password (open server))
+
+[supervisord]
+logfile=/tmp/supervisord.log ; (main log file;default $CWD/supervisord.log)
+logfile_maxbytes=50MB        ; (max main logfile bytes b4 rotation;default 50MB)
+logfile_backups=10           ; (num of main logfile rotation backups;default 10)
+loglevel=info                ; (log level;default info; others: debug,warn,trace)
+pidfile=/tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
+nodaemon=false               ; (start in foreground if true;default false)
+minfds=1024                  ; (min. avail startup file descriptors;default 1024)
+minprocs=200                 ; (min. avail process descriptors;default 200)
+;umask=022                   ; (process file creation umask;default 022)
+;user=chrism                 ; (default is current user, required if root)
+;identifier=supervisor       ; (supervisord identifier, default is 'supervisor')
+;directory=/tmp              ; (default is not to cd during start)
+;nocleanup=true              ; (don't clean up tempfiles at start;default false)
+;childlogdir=/tmp            ; ('AUTO' child log dir, default $TEMP)
+;environment=KEY="value"     ; (key value pairs to add to environment)
+;strip_ansi=false            ; (strip ansi escape codes in logs; def. false)
+
+; the below section must remain in the config file for RPC
+; (supervisorctl/web interface) to work, additional interfaces may be
+; added by defining them in separate rpcinterface: sections
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=unix:///tmp/supervisor.sock ; use a unix:// URL  for a unix socket
+;serverurl=http://127.0.0.1:9001 ; use an http:// url to specify an inet socket
+;username=chris              ; should be same as http_username if set
+;password=123                ; should be same as http_password if set
+;prompt=mysupervisor         ; cmd line prompt (default "supervisor")
+;history_file=~/.sc_history  ; use readline history if available
+
+; The below sample program section shows all possible program subsection values,
+; create one or more 'real' program: sections to be able to control them under
+; supervisor.
+
+;[program:theprogramname]
+;command=/bin/cat              ; the program (relative uses PATH, can take args)
+;process_name=%(program_name)s ; process_name expr (default %(program_name)s)
+;numprocs=1                    ; number of processes copies to start (def 1)
+;directory=/tmp                ; directory to cwd to before exec (def no cwd)
+;umask=022                     ; umask for process (default None)
+;priority=999                  ; the relative start priority (default 999)
+;autostart=true                ; start at supervisord start (default: true)
+;autorestart=unexpected        ; whether/when to restart (default: unexpected)
+;startsecs=1                   ; number of secs prog must stay running (def. 1)
+;startretries=3                ; max # of serial start failures (default 3)
+;exitcodes=0,2                 ; 'expected' exit codes for process (default 0,2)
+;stopsignal=QUIT               ; signal used to kill process (default TERM)
+;stopwaitsecs=10               ; max num secs to wait b4 SIGKILL (default 10)
+;stopasgroup=false             ; send stop signal to the UNIX process group (default false)
+;killasgroup=false             ; SIGKILL the UNIX process group (def false)
+;user=chrism                   ; setuid to this UNIX account to run the program
+;redirect_stderr=true          ; redirect proc stderr to stdout (default false)
+;stdout_logfile=/a/path        ; stdout log path, NONE for none; default AUTO
+;stdout_logfile_maxbytes=1MB   ; max # logfile bytes b4 rotation (default 50MB)
+;stdout_logfile_backups=10     ; # of stdout logfile backups (default 10)
+;stdout_capture_maxbytes=1MB   ; number of bytes in 'capturemode' (default 0)
+;stdout_events_enabled=false   ; emit events on stdout writes (default false)
+;stderr_logfile=/a/path        ; stderr log path, NONE for none; default AUTO
+;stderr_logfile_maxbytes=1MB   ; max # logfile bytes b4 rotation (default 50MB)
+;stderr_logfile_backups=10     ; # of stderr logfile backups (default 10)
+;stderr_capture_maxbytes=1MB   ; number of bytes in 'capturemode' (default 0)
+;stderr_events_enabled=false   ; emit events on stderr writes (default false)
+;environment=A="1",B="2"       ; process environment additions (def no adds)
+;serverurl=AUTO                ; override serverurl computation (childutils)
+
+; The below sample eventlistener section shows all possible
+; eventlistener subsection values, create one or more 'real'
+; eventlistener: sections to be able to handle event notifications
+; sent by supervisor.
+
+;[eventlistener:theeventlistenername]
+;command=/bin/eventlistener    ; the program (relative uses PATH, can take args)
+;process_name=%(program_name)s ; process_name expr (default %(program_name)s)
+;numprocs=1                    ; number of processes copies to start (def 1)
+;events=EVENT                  ; event notif. types to subscribe to (req'd)
+;buffer_size=10                ; event buffer queue size (default 10)
+;directory=/tmp                ; directory to cwd to before exec (def no cwd)
+;umask=022                     ; umask for process (default None)
+;priority=-1                   ; the relative start priority (default -1)
+;autostart=true                ; start at supervisord start (default: true)
+;autorestart=unexpected        ; whether/when to restart (default: unexpected)
+;startsecs=1                   ; number of secs prog must stay running (def. 1)
+;startretries=3                ; max # of serial start failures (default 3)
+;exitcodes=0,2                 ; 'expected' exit codes for process (default 0,2)
+;stopsignal=QUIT               ; signal used to kill process (default TERM)
+;stopwaitsecs=10               ; max num secs to wait b4 SIGKILL (default 10)
+;stopasgroup=false             ; send stop signal to the UNIX process group (default false)
+;killasgroup=false             ; SIGKILL the UNIX process group (def false)
+;user=chrism                   ; setuid to this UNIX account to run the program
+;redirect_stderr=true          ; redirect proc stderr to stdout (default false)
+;stdout_logfile=/a/path        ; stdout log path, NONE for none; default AUTO
+;stdout_logfile_maxbytes=1MB   ; max # logfile bytes b4 rotation (default 50MB)
+;stdout_logfile_backups=10     ; # of stdout logfile backups (default 10)
+;stdout_events_enabled=false   ; emit events on stdout writes (default false)
+;stderr_logfile=/a/path        ; stderr log path, NONE for none; default AUTO
+;stderr_logfile_maxbytes=1MB   ; max # logfile bytes b4 rotation (default 50MB)
+;stderr_logfile_backups        ; # of stderr logfile backups (default 10)
+;stderr_events_enabled=false   ; emit events on stderr writes (default false)
+;environment=A="1",B="2"       ; process environment additions
+;serverurl=AUTO                ; override serverurl computation (childutils)
+
+; The below sample group section shows all possible group values,
+; create one or more 'real' group: sections to create "heterogeneous"
+; process groups.
+
+;[group:thegroupname]
+;programs=progname1,progname2  ; each refers to 'x' in [program:x] definitions
+;priority=999                  ; the relative start priority (default 999)
+
+; The [include] section can just contain the "files" setting.  This
+; setting can list multiple files (separated by whitespace or
+; newlines).  It can also contain wildcards.  The filenames are
+; interpreted as relative to this file.  Included files *cannot*
+; include files themselves.
+
+[include]
+files = conf.d/*.ini