Compare commits

..

No commits in common. "master" and "v2.3.0" have entirely different histories.

8 changed files with 133 additions and 307 deletions

View File

@ -2,52 +2,36 @@
_A round-robin load balancer for HTTP proxies._
This is a simple proxy load balancer that will route requests to a cluster of proxy backends in a round-robin fashion.
This makes it easy to connect your clients to a large number of proxy servers without worrying about implementing
anything special client-side.
This is a simple proxy load balancer that will route requests to a cluster of proxy backends in a round-robin fashion. This makes it easy to connect your clients to a large number of proxy servers without worrying about implementing anything special clientside.
This proxy server will transparently forward HTTPS requests without terminating them, meaning a self-signed certificate
is not required. Downstream HTTPS proxy servers are not supported.
This proxy server will transparently forward HTTPS requests without terminating them, meaning a self-signed certificate is not required. Downstream HTTPS proxy servers are not supported.
Memory usage sits at around 25M under load.
## Install
1. Download the latest release from [/releases](https://git.evulid.cc/cyberes/proxy-loadbalancer/releases) or
run `./build.sh` to build the program locally.
1. Download the latest release from [/releases](https://git.evulid.cc/cyberes/proxy-loadbalancer/releases) or run `./build.sh` to build the program locally.
2. `cp config.example.yml config.yml`
3. Edit the config.
4. Start the loadbalancer with `./proxy-loadbalancer --config [path to your config.yml]`
The load balancer has experimental support for using [curl-impersonate](https://github.com/lwthiker/curl-impersonate) to masquerade as the Chrome browser when
performing proxy checks.
1. Download `*.x86_64-linux-gnu.tar.gz ` from https://github.com/lwthiker/curl-impersonate/releases
2. Set `proxy_check_impersonate_chrome: true`
3. Enter the path to the `curl_chrome116` binary in `proxy_check_impersonate_chrome_binary`
## Use
You can run your own "public IP delivery server" `canihazip` <https://git.evulid.cc/cyberes/canihazip> or use the
default `api.ipify.org`
You can run your own "public IP delivery server" `canihazip` <https://git.evulid.cc/cyberes/canihazip> or use the default `api.ipify.org`
An example systemd service `loadbalancer.service` is provided.
The server displays health, stats, info at `/json`.
Use `--log-third-party-test-failures` along with `--debug` when you want extra info on the third-party proxy tests. This
can get very noisy if you have lots of third-party proxies so it's hidden behind an extra flag.
```
=== Proxy Load Balancer ===
Usage of /tmp/go-build1714785557/b001/exe/proxy-loadbalancer:
Usage of ./proxy-loadbalancer:
--config [string]
Path to the config file
-d, --debug
Enable debug mode
-l, --log-third-party-test-failures
Log third-party test debug info
-v Print version and exit
--v Print version and exit
-h, --help Print this help message
```
## Special Headers
@ -55,5 +39,4 @@ Usage of /tmp/go-build1714785557/b001/exe/proxy-loadbalancer:
The load balancer accepts special headers to control its behavior:
- `Thirdparty-Bypass`: don't use any third-party endpoints for this request.
- `Thirdparty-Include-Broken`: use all online endpoints for this request, including third-party ones that failed the
special test.
- `Thirdparty-Include-Broken`: use all online endpoints for this request, including third-party ones that failed the special test.

View File

@ -13,14 +13,6 @@ ip_checker_url: https://api.ipify.org
# Connection timeout for the proxies in seconds.
proxy_connect_timeout: 60
# How many times to retry a proxy connection.
# On each retry a new proxy will be chosen.
proxy_connect_retries: 3
# Use `curl-impersonate` to pretend to be Chrome when testing proxies.
proxy_check_impersonate_chrome: false
proxy_check_impersonate_chrome_binary: ./curl_chrome116
# Your proxies.
proxy_pool_ours:
- http://1.2.3.4:3128

View File

@ -2,10 +2,7 @@ package config
import (
"errors"
"fmt"
"github.com/spf13/viper"
"os"
"os/exec"
"time"
)
@ -25,9 +22,6 @@ type Config struct {
BlockedDomains []string
ResolveThrough map[string]string
ProxyCheckInterval int
ProxyCheckImpersonateChrome bool
ProxyCheckImpersonateChromeBinary string
ProxyConnectRetries int
}
func SetConfig(configFile string) (*Config, error) {
@ -48,9 +42,6 @@ func SetConfig(configFile string) (*Config, error) {
viper.SetDefault("blocked_domains", make([]string, 0))
viper.SetDefault("resolve_through", make(map[string]string))
viper.SetDefault("proxy_check_interval", 60)
viper.SetDefault("proxy_check_impersonate_chrome", false)
viper.SetDefault("proxy_check_impersonate_chrome_binary", nil)
viper.SetDefault("proxy_connect_retries", 3)
err := viper.ReadInConfig()
if err != nil {
@ -69,9 +60,6 @@ func SetConfig(configFile string) (*Config, error) {
BlockedDomains: viper.GetStringSlice("blocked_domains"),
ResolveThrough: viper.GetStringMapString("resolve_through"),
ProxyCheckInterval: viper.GetInt("proxy_check_interval"),
ProxyCheckImpersonateChrome: viper.GetBool("proxy_check_impersonate_chrome"),
ProxyCheckImpersonateChromeBinary: viper.GetString("proxy_check_impersonate_chrome_binary"),
ProxyConnectRetries: viper.GetInt("proxy_connect_retries"),
}
if len(config.ProxyPoolOurs) == 0 && len(config.ProxyPoolThirdparty) == 0 {
@ -98,21 +86,6 @@ func SetConfig(configFile string) (*Config, error) {
return nil, proxyPoolThirdpartyErr
}
if config.ProxyCheckImpersonateChrome {
if _, err := os.Stat(config.ProxyCheckImpersonateChromeBinary); os.IsNotExist(err) {
return nil, errors.New(fmt.Sprintf(`curl-impersonate-chrome binary does not exist: "%s"`, config.ProxyCheckImpersonateChromeBinary))
}
cmd := exec.Command(config.ProxyCheckImpersonateChromeBinary, "--help")
err = cmd.Run()
if err != nil {
return nil, errors.New(fmt.Sprintf(`curl-impersonate-chrome binary failed to run: %s`, err))
}
}
if config.ProxyConnectRetries <= 0 {
return nil, errors.New("proxy_connect_retries must be greater than 0")
}
cfg = config
return config, nil
}

View File

@ -1,27 +0,0 @@
package config
import "flag"
var CliArgs *CliConfig
type CliConfig struct {
ConfigFile string
Debug bool
Help bool
Version bool
LogThirdPartyTest bool
}
func ParseArgs() {
if CliArgs != nil {
panic("already defined")
}
CliArgs = &CliConfig{}
flag.StringVar(&CliArgs.ConfigFile, "config", "", "Path to the config file")
flag.BoolVar(&CliArgs.Debug, "d", false, "Enable debug mode")
flag.BoolVar(&CliArgs.Debug, "debug", false, "Enable debug mode")
flag.BoolVar(&CliArgs.Debug, "l", false, "Log third-party test debug info")
flag.BoolVar(&CliArgs.Debug, "log-third-party-test-failures", false, "Log third-party test debug info")
flag.BoolVar(&CliArgs.Version, "v", false, "Print version and exit")
flag.Parse()
}

View File

@ -13,17 +13,26 @@ import (
"runtime/debug"
)
type cliConfig struct {
configFile string
initialCrawl bool
debug bool
disableElasticSync bool
help bool
version bool
}
var Version = "development"
var VersionDate = "not set"
func main() {
fmt.Println("=== Proxy Load Balancer ===")
config.ParseArgs()
if config.CliArgs.Help {
cliArgs := parseArgs()
if cliArgs.help {
flag.Usage()
os.Exit(0)
}
if config.CliArgs.Version {
if cliArgs.version {
buildInfo, ok := debug.ReadBuildInfo()
if ok {
@ -42,7 +51,7 @@ func main() {
os.Exit(0)
}
if config.CliArgs.Debug {
if cliArgs.debug {
logging.InitLogger(logrus.DebugLevel)
} else {
logging.InitLogger(logrus.InfoLevel)
@ -50,7 +59,7 @@ func main() {
log := logging.GetLogger()
log.Debugln("Initializing...")
if config.CliArgs.ConfigFile == "" {
if cliArgs.configFile == "" {
exePath, err := os.Executable()
if err != nil {
panic(err)
@ -61,24 +70,20 @@ func main() {
if _, err := os.Stat(filepath.Join(exeDir, "config.yaml")); err == nil {
log.Fatalln("Both config.yml and config.yaml exist in the executable directory. Please specify one with the --config flag.")
}
config.CliArgs.ConfigFile = filepath.Join(exeDir, "config.yml")
cliArgs.configFile = filepath.Join(exeDir, "config.yml")
} else if _, err := os.Stat(filepath.Join(exeDir, "config.yaml")); err == nil {
config.CliArgs.ConfigFile = filepath.Join(exeDir, "config.yaml")
cliArgs.configFile = filepath.Join(exeDir, "config.yaml")
} else {
log.Fatalln("No config file found in the executable directory. Please provide one with the --config flag.")
}
}
configData, err := config.SetConfig(config.CliArgs.ConfigFile)
configData, err := config.SetConfig(cliArgs.configFile)
if err != nil {
log.Fatalf(`Failed to load config: %s`, err)
}
log.Debugf(`Proxy check interval: %d sec`, config.GetConfig().ProxyCheckInterval)
if config.GetConfig().ProxyCheckImpersonateChrome {
log.Debugf(`Using curl-impersonate binary: %s`, config.GetConfig().ProxyCheckImpersonateChromeBinary)
}
proxyCluster := proxy.NewForwardProxyCluster()
go func() {
log.Fatal(http.ListenAndServe(":"+configData.HTTPPort, proxyCluster))
@ -91,3 +96,13 @@ func main() {
select {}
}
func parseArgs() cliConfig {
var cliArgs cliConfig
flag.StringVar(&cliArgs.configFile, "config", "", "Path to the config file")
flag.BoolVar(&cliArgs.debug, "d", false, "Enable debug mode")
flag.BoolVar(&cliArgs.debug, "debug", false, "Enable debug mode")
flag.BoolVar(&cliArgs.version, "v", false, "Print version and exit")
flag.Parse()
return cliArgs
}

View File

@ -1,17 +1,11 @@
package proxy
import (
"errors"
"fmt"
"io"
"main/config"
"net/http"
"net/url"
"os"
"os/exec"
"regexp"
"strconv"
"strings"
)
func sendRequestThroughProxy(pxy string, targetURL string) (string, error) {
@ -23,8 +17,6 @@ func sendRequestThroughProxy(pxy string, targetURL string) (string, error) {
if proxyUser != "" && proxyPass != "" {
parsedProxyUrl.User = url.UserPassword(proxyUser, proxyPass)
}
if !config.GetConfig().ProxyCheckImpersonateChrome {
transport := &http.Transport{
Proxy: http.ProxyURL(parsedProxyUrl),
}
@ -41,15 +33,15 @@ func sendRequestThroughProxy(pxy string, targetURL string) (string, error) {
req.Header.Set("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7")
req.Header.Set("Accept-Language", "en-US,en;q=0.9")
req.Header.Set("Priority", "u=0, i")
req.Header.Set("Sec-Ch-Ua", `Chromium";v="116", "Not)A;Brand";v="24", "Google Chrome";v="116"`)
req.Header.Set("Sec-Ch-Ua", `"Chromium";v="124", "Google Chrome";v="124", "Not-A.Brand";v="99"`)
req.Header.Set("Sec-Ch-Ua-Mobile", "?0")
req.Header.Set("Sec-Ch-Ua-Platform", `"Windows"`)
req.Header.Set("Sec-Fetch-Dest", "document")
req.Header.Set("Sec-Fetch-Mode", "navigate")
req.Header.Set("Sec-Fetch-Site", "none")
req.Header.Set("Sec-Fetch-Site", "cross-site")
req.Header.Set("Sec-Fetch-User", "?1")
req.Header.Set("Upgrade-Insecure-Requests", "1")
req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36")
req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36")
resp, err := client.Do(req)
if err != nil {
@ -64,87 +56,4 @@ func sendRequestThroughProxy(pxy string, targetURL string) (string, error) {
return string(bodyBytes), nil
}
return "", fmt.Errorf("bad response code %d", resp.StatusCode)
} else {
tmpfile, err := os.CreateTemp("", "response")
if err != nil {
log.Fatal(err)
}
defer os.Remove(tmpfile.Name()) // clean up
cmd := exec.Command(
config.GetConfig().ProxyCheckImpersonateChromeBinary,
"--proxy",
parsedProxyUrl.String(),
"-o",
tmpfile.Name(),
"-w",
"%{http_code}",
"--ciphers",
"TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-CHACHA20-POLY1305,ECDHE-RSA-CHACHA20-POLY1305,ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES256-SHA,AES128-GCM-SHA256,AES256-GCM-SHA384,AES128-SHA,AES256-SHA",
"-H",
`sec-ch-ua: "Chromium";v="116", "Not)A;Brand";v="24", "Google Chrome";v="116"`,
"-H",
`sec-ch-ua-mobile: ?0`,
"-H",
`sec-ch-ua-platform: "Windows"`,
"-H",
`Upgrade-Insecure-Requests: 1`,
"-H",
`User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36`,
"-H",
`Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7`,
"-H",
`Sec-Fetch-Site: none`,
"-H",
`Sec-Fetch-Mode: navigate`,
"-H",
`Sec-Fetch-User: ?1`,
"-H",
`Sec-Fetch-Dest: document`,
"-H",
`Accept-Encoding: gzip, deflate, br`,
"-H",
`Accept-Language: en-US,en;q=0.9`,
"--http2",
"--http2-no-server-push",
"--compressed",
"--tlsv1.2",
"--alps",
"--tls-permute-extensions",
"--cert-compression",
"brotli",
targetURL,
)
output, err := cmd.Output()
if err != nil {
var exitError *exec.ExitError
if errors.As(err, &exitError) {
return "", fmt.Errorf("command exited with code %d: %s", exitError.ExitCode(), exitError.Stderr)
}
return "", err
}
outputStr := strings.TrimSpace(string(output))
match, _ := regexp.MatchString(`^\d{3}$`, outputStr)
if !match {
return "", fmt.Errorf("unexpected output from curl command: %s", outputStr)
}
statusCode, err := strconv.Atoi(outputStr)
if err != nil {
return "", err
}
if statusCode != http.StatusOK {
return "", fmt.Errorf("bad response code %d", statusCode)
}
body, err := os.ReadFile(tmpfile.Name())
if err != nil {
return "", err
}
return string(body), nil
}
}

View File

@ -90,6 +90,7 @@ func (p *ForwardProxyCluster) validateRequestAndGetProxy(w http.ResponseWriter,
}
return selectedProxy, proxyUser, proxyPass, proxyHost, parsedProxyUrl, nil
}
func (p *ForwardProxyCluster) proxyHttpConnect(w http.ResponseWriter, req *http.Request) {
@ -97,6 +98,7 @@ func (p *ForwardProxyCluster) proxyHttpConnect(w http.ResponseWriter, req *http.
remoteAddr, _, _ := net.SplitHostPort(req.RemoteAddr)
_, proxyUser, proxyPass, proxyHost, parsedProxyUrl, err := p.validateRequestAndGetProxy(w, req)
if err != nil {
// Error has already been handled, just log and return.
if proxyHost == "" {
proxyHost = "none"
}
@ -104,6 +106,7 @@ func (p *ForwardProxyCluster) proxyHttpConnect(w http.ResponseWriter, req *http.
return
}
// Variables for later
var returnCode *int
returnCode = new(int)
*returnCode = -1
@ -133,25 +136,18 @@ func (p *ForwardProxyCluster) proxyHttpConnect(w http.ResponseWriter, req *http.
copyHeader(proxyReq.Header, req.Header)
proxyReq.Header.Set("X-Forwarded-For", req.RemoteAddr)
for i := 0; i < config.GetConfig().ProxyConnectRetries; i++ { // Retry mechanic
resp, err := client.Do(proxyReq)
if err != nil {
*errorMsg = fmt.Sprintf(`Failed to execute %s request to "%s" - attempt %d/%d - %s`, req.Method, req.URL.String(), i+1, config.GetConfig().ProxyConnectRetries, err)
if i < config.GetConfig().ProxyConnectRetries-1 {
continue
} else {
*errorMsg = fmt.Sprintf(`Failed to execute %s request to "%s": %s`, req.Method, req.URL.String(), err)
http.Error(w, "failed to execute request to downstream", http.StatusServiceUnavailable)
return
}
} else {
defer resp.Body.Close()
*returnCode = resp.StatusCode
copyHeader(w.Header(), resp.Header)
w.WriteHeader(resp.StatusCode)
io.Copy(w, resp.Body)
break
}
}
}
func (p *ForwardProxyCluster) proxyHttpsConnect(w http.ResponseWriter, req *http.Request) {
@ -160,6 +156,7 @@ func (p *ForwardProxyCluster) proxyHttpsConnect(w http.ResponseWriter, req *http
targetHost, _, _ := net.SplitHostPort(req.Host)
_, proxyUser, proxyPass, proxyHost, _, err := p.validateRequestAndGetProxy(w, req)
if err != nil {
// Error has already been handled, just log and return.
if proxyHost == "" {
proxyHost = "none"
}
@ -174,22 +171,13 @@ func (p *ForwardProxyCluster) proxyHttpsConnect(w http.ResponseWriter, req *http
*errorMsg = ""
defer logProxyRequest(remoteAddr, proxyHost, targetHost, returnCode, "CONNECT", requestStartTime, errorMsg)
var proxyConn net.Conn
for i := 0; i < config.GetConfig().ProxyConnectRetries; i++ {
// Start a connection to the downstream proxy server.
proxyConn, err = net.DialTimeout("tcp", proxyHost, config.GetConfig().ProxyConnectTimeout)
proxyConn, err := net.DialTimeout("tcp", proxyHost, config.GetConfig().ProxyConnectTimeout)
if err != nil {
*errorMsg = fmt.Sprintf(`Failed to dial proxy %s - attempt %d/%d - %s`, proxyHost, i+1, config.GetConfig().ProxyConnectRetries, err)
if i < config.GetConfig().ProxyConnectRetries-1 {
continue
} else {
*errorMsg = fmt.Sprintf(`Failed to dial proxy %s - %s`, proxyHost, err)
http.Error(w, "failed to make request to downstream", http.StatusServiceUnavailable)
return
}
} else {
break
}
}
// Proxy authentication
auth := fmt.Sprintf("%s:%s", proxyUser, proxyPass)

View File

@ -10,8 +10,6 @@ import (
"time"
)
// TODO: fix 503 errors returned during proxy checking process
func (p *ForwardProxyCluster) ValidateProxiesThread() {
log.Infoln("Doing initial backend check, please wait...")
started := false
@ -60,13 +58,10 @@ func (p *ForwardProxyCluster) ValidateProxiesThread() {
// Test the proxy.
ipAddr, testErr := sendRequestThroughProxy(pxy, config.GetConfig().IpCheckerURL)
if testErr != nil {
if isThirdparty(pxy) {
if config.CliArgs.LogThirdPartyTest {
log.Debugf("Validate - %s failed: %s", proxyHost, testErr)
}
if isThirdparty(pxy) {
newThirdpartyOfflineProxies = append(newThirdpartyOfflineProxies, pxy)
} else {
log.Debugf("Validate - %s failed: %s", proxyHost, testErr)
newOurOfflineProxies = append(newOurOfflineProxies, pxy)
}
return
@ -90,9 +85,7 @@ func (p *ForwardProxyCluster) ValidateProxiesThread() {
if bv3hiErr != nil {
okToAdd = false
newThirdpartyBrokenProxies = append(newThirdpartyBrokenProxies, pxy)
if config.CliArgs.LogThirdPartyTest {
log.Debugf(`%s failed third-party test for URL "%s" -- %s`, proxyHost, d, bv3hiErr)
}
log.Debugf("Validate - %s failed third-party test: %s", proxyHost, bv3hiErr)
break
}
}