proxy

📁 chaterm/terminal-skills 📅 Jan 24, 2026

总安装量

周安装量

#16893

全站排名

安装命令

npx skills add https://github.com/chaterm/terminal-skills --skill proxy

Agent 安装分布

claude-code 9

opencode 8

codex 6

gemini-cli 6

openclaw 5

antigravity 5

Skill 文档

ä»£çæå¡å¨éç½®

æ¦è¿°

SquidãNginx ä»£çãæ£å/ååä»£çéç½®æè½ã

Squid æ£åä»£ç

å®è£ä¸ç®¡ç

# å®è£
apt install squid                     # Debian/Ubuntu
yum install squid                     # CentOS/RHEL

# æå¡ç®¡ç
systemctl start squid
systemctl enable squid
systemctl reload squid

# æ£æ¥éç½®
squid -k parse
squid -k check

åºç¡éç½®

# /etc/squid/squid.conf
# ç«¯å£éç½®
http_port 3128

# ACL å®ä¹
acl localnet src 10.0.0.0/8
acl localnet src 172.16.0.0/12
acl localnet src 192.168.0.0/16

acl SSL_ports port 443
acl Safe_ports port 80 21 443 70 210 280 488 591 777 1025-65535

# è®¿é®æ§å¶
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access deny all

# ç¼åéç½®
cache_dir ufs /var/spool/squid 100 16 256
maximum_object_size 100 MB
cache_mem 256 MB

# æ¥å¿
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log

è®¤è¯éç½®

# åºç¡è®¤è¯
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid Proxy
auth_param basic credentialsttl 2 hours

acl authenticated proxy_auth REQUIRED
http_access allow authenticated

# åå»ºç¨æ·
htpasswd -c /etc/squid/passwd user1
htpasswd /etc/squid/passwd user2

éæä»£ç

# Squid éç½®
http_port 3128 transparent

# iptables éå®å
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 3128

è®¿é®æ§å¶

# æ¶é´æ§å¶
acl work_hours time MTWHF 09:00-18:00
http_access allow localnet work_hours

# ååé»åå
acl blocked_sites dstdomain .facebook.com .youtube.com
http_access deny blocked_sites

# URL æ£å
acl blocked_urls url_regex -i porn adult gambling
http_access deny blocked_urls

# å¸¦å®½éå¶
delay_pools 1
delay_class 1 2
delay_parameters 1 1000000/1000000 100000/100000
delay_access 1 allow localnet

Nginx ååä»£ç

åºç¡ååä»£ç

server {
    listen 80;
    server_name example.com;
    
    location / {
        proxy_pass http://backend:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

HTTPS ååä»£ç

server {
    listen 443 ssl http2;
    server_name example.com;
    
    ssl_certificate /etc/nginx/ssl/cert.pem;
    ssl_certificate_key /etc/nginx/ssl/key.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
    
    location / {
        proxy_pass http://backend:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

WebSocket ä»£ç

location /ws {
    proxy_pass http://websocket_backend;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
    proxy_read_timeout 86400;
}

ç¼åéç½®

proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=my_cache:10m max_size=1g inactive=60m;

server {
    location / {
        proxy_pass http://backend;
        proxy_cache my_cache;
        proxy_cache_valid 200 302 10m;
        proxy_cache_valid 404 1m;
        proxy_cache_use_stale error timeout updating;
        add_header X-Cache-Status $upstream_cache_status;
    }
}

Nginx æ£åä»£ç

HTTP æ£åä»£ç

server {
    listen 8080;
    resolver 8.8.8.8;
    
    location / {
        proxy_pass http://$http_host$request_uri;
        proxy_set_header Host $http_host;
        proxy_buffers 256 4k;
        proxy_max_temp_file_size 0;
        proxy_connect_timeout 30;
    }
}

HTTPS æ£åä»£çï¼ngx_http_proxy_connect_moduleï¼

server {
    listen 8080;
    resolver 8.8.8.8;
    
    proxy_connect;
    proxy_connect_allow 443 563;
    proxy_connect_connect_timeout 10s;
    proxy_connect_read_timeout 10s;
    proxy_connect_send_timeout 10s;
    
    location / {
        proxy_pass http://$host;
        proxy_set_header Host $host;
    }
}

HAProxy ä»£ç

TCP ä»£ç

frontend tcp_front
    bind *:3306
    mode tcp
    default_backend mysql_back

backend mysql_back
    mode tcp
    balance roundrobin
    server mysql1 192.168.1.10:3306 check
    server mysql2 192.168.1.11:3306 check

HTTP ä»£ç

frontend http_front
    bind *:80
    mode http
    default_backend web_back

backend web_back
    mode http
    balance roundrobin
    option httpchk GET /health
    server web1 192.168.1.10:8080 check
    server web2 192.168.1.11:8080 check

SOCKS ä»£ç

SSH SOCKS ä»£ç

# åå»º SOCKS5 ä»£ç
ssh -D 1080 -f -C -q -N user@remote_server

# åå°è¿è¡
ssh -D 1080 -fNq user@remote_server

# æå®ç»å®å°å
ssh -D 0.0.0.0:1080 -fNq user@remote_server

Dante SOCKS æå¡å¨

# å®è£
apt install dante-server

# /etc/danted.conf
logoutput: syslog
internal: eth0 port = 1080
external: eth0

socksmethod: username
user.privileged: root
user.unprivileged: nobody

client pass {
    from: 192.168.0.0/16 to: 0.0.0.0/0
    log: connect disconnect error
}

socks pass {
    from: 192.168.0.0/16 to: 0.0.0.0/0
    log: connect disconnect error
}

å¸¸è§åºæ¯

åºæ¯ 1ï¼ä¼ä¸ä¸ç½ä»£ç

# Squid éç½®
http_port 3128
acl company_network src 10.0.0.0/8
acl blocked dstdomain "/etc/squid/blocked_sites.txt"
acl work_hours time MTWHF 09:00-18:00

http_access deny blocked
http_access allow company_network work_hours
http_access deny all

# æ¥å¿åæ
cat /var/log/squid/access.log | awk '{print $7}' | sort | uniq -c | sort -rn | head -20

åºæ¯ 2ï¼API ç½å³

upstream api_v1 {
    server 192.168.1.10:8080;
    server 192.168.1.11:8080;
}

upstream api_v2 {
    server 192.168.1.20:8080;
    server 192.168.1.21:8080;
}

server {
    listen 80;
    
    location /api/v1 {
        proxy_pass http://api_v1;
        proxy_set_header X-API-Version "v1";
    }
    
    location /api/v2 {
        proxy_pass http://api_v2;
        proxy_set_header X-API-Version "v2";
    }
}

åºæ¯ 3ï¼è·¨åä»£ç

server {
    listen 80;
    
    location /api/ {
        proxy_pass http://api.external.com/;
        
        # CORS å¤´
        add_header Access-Control-Allow-Origin *;
        add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
        add_header Access-Control-Allow-Headers "Authorization, Content-Type";
        
        if ($request_method = OPTIONS) {
            return 204;
        }
    }
}

åºæ¯ 4ï¼ä»£çé¾

# ä½¿ç¨ proxychains
# /etc/proxychains.conf
strict_chain
proxy_dns
[ProxyList]
socks5 127.0.0.1 1080
http 192.168.1.100 8080

# ä½¿ç¨
proxychains curl http://example.com

æéææ¥

é®é¢	ææ¥æ¹æ³
è¿æ¥è¶æ¶	æ£æ¥åç«¯æå¡ãè¶æ¶éç½®
502 éè¯¯	æ£æ¥åç«¯å¥åº·ãä»£çéç½®
ç¼åä¸çæ	æ£æ¥ç¼åå¤´ãç¼åéç½®
è®¤è¯å¤±è´¥	æ£æ¥è®¤è¯éç½®ãç¨æ·å¯ç

# Squid è°è¯
squid -k parse
tail -f /var/log/squid/access.log
tail -f /var/log/squid/cache.log

# Nginx è°è¯
nginx -t
tail -f /var/log/nginx/error.log

# æµè¯ä»£ç
curl -x http://proxy:3128 http://example.com
curl -x socks5://127.0.0.1:1080 http://example.com

# æ¥çä»£çè¿æ¥
ss -tnp | grep squid
netstat -tnp | grep nginx

GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台

proxy

Agent 安装分布

Skill 文档

ä»£çæå¡å¨é ç½®

æ¦è¿°

Squid æ­£åä»£ç

å®è£ ä¸ç®¡ç

åºç¡é ç½®

è®¤è¯é ç½®

éæä»£ç

è®¿é®æ§å¶

Nginx ååä»£ç

åºç¡ååä»£ç

HTTPS ååä»£ç

WebSocket ä»£ç

ç¼å­é ç½®

Nginx æ­£åä»£ç

HTTP æ­£åä»£ç

HTTPS æ­£åä»£çï¼ngx_http_proxy_connect_moduleï¼

HAProxy ä»£ç

TCP ä»£ç

HTTP ä»£ç

SOCKS ä»£ç

SSH SOCKS ä»£ç

Dante SOCKS æå¡å¨

å¸¸è§åºæ¯

åºæ¯ 1ï¼ä¼ä¸ä¸ç½ä»£ç

åºæ¯ 2ï¼API ç½å ³

åºæ¯ 3ï¼è·¨åä»£ç

åºæ¯ 4ï¼ä»£çé¾

æ éææ¥