From d68c087bc38345b36b1daac2851c562b19d710e2 Mon Sep 17 00:00:00 2001 From: ginuerzh Date: Thu, 7 Nov 2024 11:11:13 +0800 Subject: [PATCH] update tutorial --- docs/concepts/hop.md | 12 ++++++++++- docs/tutorials/reverse-proxy.md | 32 ++++++++++++++++++++++++++++-- docs/tutorials/sniffing.md | 10 ++++++---- en/docs/concepts/hop.md | 11 +++++++++- en/docs/tutorials/reverse-proxy.md | 32 ++++++++++++++++++++++++++++-- en/docs/tutorials/sniffing.md | 5 +++-- 6 files changed, 90 insertions(+), 12 deletions(-) diff --git a/docs/concepts/hop.md b/docs/concepts/hop.md index acc3f20..00dec1b 100644 --- a/docs/concepts/hop.md +++ b/docs/concepts/hop.md @@ -312,7 +312,7 @@ hops: #### 请求示例 ```bash -curl -XPOST http://127.0.0.1:8000/hop -d '{"addr": "example.com:80", "client": "gost"}' +curl -XPOST http://127.0.0.1:8000/hop -d '{"network":"tcp","addr":"example.com:80","client":"gost","src":"192.168.1.1:1234"}' ``` ```json @@ -332,5 +332,15 @@ curl -XPOST http://127.0.0.1:8000/hop -d '{"addr": "example.com:80", "client": " } ``` +`network` (string) +: 网络类型: `tcp`, `udp` + +`addr` (string) +: 目标访问地址 + +`src` (string) +: 客户端地址 + `client` (string) : 用户身份标识,此信息由认证器生成。 + diff --git a/docs/tutorials/reverse-proxy.md b/docs/tutorials/reverse-proxy.md index 8bb330d..8069204 100644 --- a/docs/tutorials/reverse-proxy.md +++ b/docs/tutorials/reverse-proxy.md @@ -220,9 +220,9 @@ curl --resolve example.com:80:127.0.0.1 http://example.com 当请求http://example.com时,最终发送给example.com:80的HTTP请求头中Host为test.example.com。 -### 自定义头 +### 自定义请求头 -通过设置`http.header`选项可以自定义头部信息,如果所设置的头部字段已存在则会被覆盖。 +通过设置`http.header`选项可以自定义请求头部信息,如果所设置的头部字段已存在则会被覆盖。 ```yaml hl_lines="16-20" services: @@ -260,6 +260,34 @@ services: 当请求http://example.com时,最终发送给example.com:80的HTTP请求头中将会添加`User-Agent`,`Foo`和`Bar`三个字段。 +### 自定义响应头 + +通过设置`http.responseHeader`选项可以自定义响应头部信息,如果所设置的头部字段已存在则会被覆盖。 + +```yaml hl_lines="17-19" +services: +- name: http + addr: :80 + handler: + type: tcp + metadata: + sniffing: true + listener: + type: tcp + forwarder: + nodes: + - name: example-com + addr: example.com:80 + filter: + host: example.com + http: + responseHeader: + foo: bar + bar: 123 +``` + +当请求http://example.com时,最终来自example.com:80的HTTP响应头中将会添加`Foo`和`Bar`两个字段。 + ### Basic Authentication 通过设置`http.auth`选项为目标节点启用[HTTP基本认证](https://zh.wikipedia.org/zh-cn/HTTP%E5%9F%BA%E6%9C%AC%E8%AE%A4%E8%AF%81)功能。 diff --git a/docs/tutorials/sniffing.md b/docs/tutorials/sniffing.md index 1c748d6..d2f88b8 100644 --- a/docs/tutorials/sniffing.md +++ b/docs/tutorials/sniffing.md @@ -19,7 +19,7 @@ GOST中大部分代理和转发服务都支持流量嗅探。流量嗅探需要 例如以下是一个开启了流量嗅探的HTTP代理服务,当代理协商阶段结束后,会进一步检查流量,尝试嗅探出HTTP或TLS流量。 -```yaml hl_lines="8-11 15-18" +```yaml hl_lines="5-12 16-23" services: - name: service-0 addr: :8080 @@ -29,7 +29,8 @@ services: metadata: # 同时记录HTTP请求和响应体 http.body: true - # 记录的请求和响应体最大大小,默认最多记录64KB数据。 + # 记录的请求和响应体最大大小, + # 默认最多记录64KB数据。 http.maxBodySize: 65536 handler: type: http @@ -159,7 +160,7 @@ TLS流量劫持的关键是对私有CA根证书的信任,用我们提供的根 以下是开启了TLS流量劫持的HTTP代理,并仅对访问`example.com`及其子域名的TLS流量进行劫持。 -```yaml hl_lines="19-26" +```yaml hl_lines="20-27" services: - name: service-0 addr: :8080 @@ -169,7 +170,8 @@ services: metadata: # 同时记录HTTP请求和响应体 http.body: true - # 记录的请求和响应体最大大小,默认最多记录64KB数据。 + # 记录的请求和响应体最大大小, + # 默认最多记录64KB数据。 http.maxBodySize: 65536 handler: type: http diff --git a/en/docs/concepts/hop.md b/en/docs/concepts/hop.md index c5a0a35..7824be8 100644 --- a/en/docs/concepts/hop.md +++ b/en/docs/concepts/hop.md @@ -313,7 +313,7 @@ hops: #### Example ```bash -curl -XPOST http://127.0.0.1:8000/hop -d '{"addr": "example.com:80", "client": "gost"}' +curl -XPOST http://127.0.0.1:8000/hop -d '{"network":"tcp","addr":"example.com:80","client":"gost","src":"192.168.1.1:1234"}' ``` ```json @@ -333,5 +333,14 @@ curl -XPOST http://127.0.0.1:8000/hop -d '{"addr": "example.com:80", "client": " } ``` +`network` (string) +: network type: `tcp`, `udp` + +`addr` (string) +: target address + +`src` (string) +: client address + `client` (string) : user ID, generated by Authenticator. diff --git a/en/docs/tutorials/reverse-proxy.md b/en/docs/tutorials/reverse-proxy.md index df816ca..f0aafac 100644 --- a/en/docs/tutorials/reverse-proxy.md +++ b/en/docs/tutorials/reverse-proxy.md @@ -218,9 +218,9 @@ curl --resolve example.com:80:127.0.0.1 http://example.com When requesting http://example.com, the Host in the HTTP request header sent to example.com:80 is test.example.com. -### Custom Header +### Custom Request Header -The header information can be customized by setting the `http.header` option, if the header field already exists, it will be overwritten. +The request header can be customized by setting the `http.header` option, if the header field already exists, it will be overwritten. ```yaml hl_lines="16-20" services: @@ -258,6 +258,34 @@ services: When requesting http://example.com, three fields `User-Agent`, `Foo` and `Bar` will be added to the HTTP request header sent to example.com:80. +### Custom Response Header + +The response header can be customized by setting the `http.responseHeader` option, if the header field already exists, it will be overwritten. + +```yaml hl_lines="17-19" +services: +- name: http + addr: :80 + handler: + type: tcp + metadata: + sniffing: true + listener: + type: tcp + forwarder: + nodes: + - name: example-com + addr: example.com:80 + filter: + host: example.com + http: + responseHeader: + foo: bar + bar: 123 +``` + +When requesting http://example.com, `Foo` and `Bar` fields will be added to the HTTP response header received from example.com:80. + ### HTTP Basic Authentication You can enable [HTTP Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) for target node by setting the `http.auth` option. diff --git a/en/docs/tutorials/sniffing.md b/en/docs/tutorials/sniffing.md index ead163b..08eb6dd 100644 --- a/en/docs/tutorials/sniffing.md +++ b/en/docs/tutorials/sniffing.md @@ -21,7 +21,7 @@ Most proxy and forwarding services in GOST support traffic sniffing. Traffic sni For example, the following is an HTTP proxy service with traffic sniffing enabled. After the proxy negotiation phase is over, it will further check the traffic and try to sniff out HTTP or TLS traffic. -```yaml hl_lines="8-11 15-18" +```yaml hl_lines="5-12 16-23" services: - name: service-0 addr: :8080 @@ -163,7 +163,7 @@ The key to TLS traffic hijacking is to trust the private CA root certificate, an The following is an HTTP proxy with TLS traffic hijacking enabled, which only hijacks TLS traffic to `example.com` and its subdomains. -```yaml hl_lines="19-26" +```yaml hl_lines="20-27" services: - name: service-0 addr: :8080 @@ -189,6 +189,7 @@ services: mitm.keyFile: ca.key # Customize ALPN negotiation result mitm.alpn: h2 + # mitm bypass mitm.bypass: mitm listener: type: tcp