Обновление конфигурации запуска
All checks were successful
Build / Build project (push) Successful in 6m54s
All checks were successful
Build / Build project (push) Successful in 6m54s
- Добавлены сервисы запуска сервера и клиента - Добавлены обертки для запуска сервера и клиента - Добавлена общая конфигурация для сервера и клиента - Возможность использования пользовательской конфигурации из под /etc/wstunnel/wstunnel.conf для запускаемых сервисов
This commit is contained in:
parent
717ba11294
commit
a164df6604
GPG key ID:
C8D8BE544A27C511
6 changed files with 628 additions and 1 deletions
159
files/wstunnel.conf
Normal file
159
files/wstunnel.conf
Normal file
|
|
@ -0,0 +1,159 @@
|
|||
[server]
|
||||
; Address to bind the wstunnel server (ws:// for non-TLS, wss:// for TLS)
|
||||
; Example: wss://0.0.0.0:8080 or ws://[::]:8080
|
||||
bind_address = wss://0.0.0.0:8080
|
||||
|
||||
; (Linux only) Mark network packets with SO_MARK sockoption
|
||||
; Requires root, sudo, or specific capabilities
|
||||
; socket_so_mark = 123
|
||||
|
||||
; Frequency of websocket ping to clients (set to 0 to disable)
|
||||
websocket_ping_frequency = 30s
|
||||
|
||||
; Disable color output in logs
|
||||
; no_color = true
|
||||
|
||||
; Enable masking of websocket frames (only for non-TLS ws://, adds overhead)
|
||||
; websocket_mask_frame = false
|
||||
|
||||
; DNS resolver(s) for domain name lookups
|
||||
; Can specify multiple resolvers (e.g., dns://1.1.1.1, dns+https://1.1.1.1?sni=cloudflare-dns.com)
|
||||
; Use system://0.0.0.0 for libc resolver
|
||||
; dns_resolver = dns://1.1.1.1
|
||||
|
||||
; Prefer IPv4 over IPv6 for DNS resolution (useful for broken IPv6 connections)
|
||||
; dns_resolver_prefer_ipv4 = false
|
||||
|
||||
; Log verbosity level (TRACE, DEBUG, INFO, WARN, ERROR, OFF)
|
||||
log_level = INFO
|
||||
|
||||
; Restrict connections to specific destination:port pairs
|
||||
; Can specify multiple restrictions
|
||||
; restrict_to = google.com:443, localhost:22
|
||||
|
||||
; Restrict websocket upgrade to specific path prefix (acts as a client authentication secret)
|
||||
; restrict_http_upgrade_path_prefix = /custom/path
|
||||
|
||||
; Path to YAML restriction config file (automatically reloaded on change)
|
||||
; restrict_config = /path/to/restrict.yaml
|
||||
|
||||
; Custom TLS certificate (PEM format, auto-reloaded on change)
|
||||
; tls_certificate = /path/to/certificate.pem
|
||||
|
||||
; Custom TLS private key (PEM, EC, or RSA, auto-reloaded on change)
|
||||
; tls_private_key = /path/to/private_key.pem
|
||||
|
||||
; Enable mTLS by specifying CA certificates for client authentication (PEM, auto-reloaded)
|
||||
; tls_client_ca_certs = /path/to/ca_certs.pem
|
||||
|
||||
; HTTP proxy to connect to clients (format: user:pass@host:port)
|
||||
; http_proxy = user:pass@proxy.example.com:8080
|
||||
|
||||
; Override HTTP proxy login
|
||||
; http_proxy_login = custom_login
|
||||
|
||||
; Override HTTP proxy password
|
||||
; http_proxy_password = custom_password
|
||||
|
||||
; Idle timeout for remote-to-local server before unbinding (default: 3 minutes)
|
||||
remote_to_local_server_idle_timeout = 3m
|
||||
|
||||
; Number of worker threads (set via environment variable TOKIO_WORKER_THREADS)
|
||||
; Note: This flag is ignored in the command line, use environment variable instead
|
||||
; nb_worker_threads = 4
|
||||
|
||||
[client]
|
||||
; Address of the wstunnel server (supports ws://, wss://, http://, https://)
|
||||
; Example: wss://wstunnel.example.com or https://wstunnel.example.com
|
||||
server_address = wss://wstunnel.example.com
|
||||
|
||||
; Local-to-remote forwarding rules (tcp, udp, socks5, stdio, unix)
|
||||
; Can specify multiple rules
|
||||
; Examples:
|
||||
; - tcp://1212:google.com:443 (listen locally on port 1212, forward to google.com:443)
|
||||
; - udp://1212:1.1.1.1:53?timeout_sec=10 (listen on UDP port 1212, forward to 1.1.1.1:53, timeout after 10s)
|
||||
; - socks5://[::1]:1212?login=admin&password=admin (SOCKS5 proxy with authentication)
|
||||
; - stdio://google.com:443 (forward stdio to google.com:443)
|
||||
; - unix:///tmp/wstunnel.sock:google.com:443 (listen on Unix socket, forward to google.com:443)
|
||||
; local_to_remote = tcp://1212:google.com:443
|
||||
|
||||
; Remote-to-local forwarding rules (tcp, udp, socks5, unix)
|
||||
; Can specify multiple rules
|
||||
; Examples:
|
||||
; - tcp://1212:google.com:443 (server listens on port 1212, forwards to local google.com:443)
|
||||
; - socks5://[::1]:1212 (server listens for SOCKS5, forwards dynamically to local)
|
||||
; remote_to_local = tcp://1212:google.com:443
|
||||
|
||||
; Disable color output in logs
|
||||
; no_color = true
|
||||
|
||||
; (Linux only) Mark network packets with SO_MARK sockoption
|
||||
; Requires root, sudo, or specific capabilities
|
||||
; socket_so_mark = 123
|
||||
|
||||
; Maximum number of idle connections to keep open to the server
|
||||
connection_min_idle = 0
|
||||
|
||||
; Number of worker threads (set via environment variable TOKIO_WORKER_THREADS)
|
||||
; Note: This flag is ignored in the command line, use environment variable instead
|
||||
; nb_worker_threads = 4
|
||||
|
||||
; Maximum backoff time for retrying server connections
|
||||
connection_retry_max_backoff = 5m
|
||||
|
||||
; Log verbosity level (TRACE, DEBUG, INFO, WARN, ERROR, OFF)
|
||||
log_level = INFO
|
||||
|
||||
; Domain name for SNI during TLS handshake
|
||||
; Required if behind a CDN like Cloudflare to match HTTP HOST header
|
||||
; tls_sni_override = example.com
|
||||
|
||||
; Disable sending SNI during TLS handshake
|
||||
; tls_sni_disable = false
|
||||
|
||||
; Enable TLS certificate verification (disabled by default, allows self-signed certs)
|
||||
; tls_verify_certificate = false
|
||||
|
||||
; HTTP proxy to connect to the server (format: user:pass@host:port)
|
||||
; http_proxy = user:pass@proxy.example.com:8080
|
||||
|
||||
; Override HTTP proxy login
|
||||
; http_proxy_login = custom_login
|
||||
|
||||
; Override HTTP proxy password
|
||||
; http_proxy_password = custom_password
|
||||
|
||||
; HTTP upgrade path prefix for websocket upgrade request
|
||||
http_upgrade_path_prefix = v1
|
||||
|
||||
; Basic auth credentials for HTTP upgrade request (format: user:pass)
|
||||
; http_upgrade_credentials = user:pass
|
||||
|
||||
; Frequency of websocket pings to the server (set to 0 to disable)
|
||||
websocket_ping_frequency = 30s
|
||||
|
||||
; Enable masking of websocket frames (only for non-TLS ws://, adds overhead)
|
||||
; websocket_mask_frame = false
|
||||
|
||||
; Custom headers for HTTP upgrade request (format: HEADER_NAME: HEADER_VALUE)
|
||||
; Can specify multiple headers
|
||||
; http_headers = X-Custom-Header: Value
|
||||
|
||||
; File containing custom headers for HTTP upgrade request (format: HEADER_NAME: HEADER_VALUE per line)
|
||||
; http_headers_file = /path/to/headers.txt
|
||||
|
||||
; TLS certificate (PEM) for mTLS client authentication
|
||||
; Automatically reloaded on change
|
||||
; tls_certificate = /path/to/certificate.pem
|
||||
|
||||
; TLS private key (PEM) for mTLS client authentication
|
||||
; Automatically reloaded on change
|
||||
; tls_private_key = /path/to/private_key.pem
|
||||
|
||||
; DNS resolver(s) for domain name lookups
|
||||
; Can specify multiple resolvers (e.g., dns://1.1.1.1, dns+https://1.1.1.1?sni=cloudflare-dns.com)
|
||||
; Use system://0.0.0.0 for libc resolver
|
||||
; dns_resolver = dns://1.1.1.1
|
||||
|
||||
; Prefer IPv4 over IPv6 for DNS resolution (useful for broken IPv6 connections)
|
||||
; dns_resolver_prefer_ipv4 = false
|
||||
Loading…
Add table
Add a link
Reference in a new issue