diff --git a/.gitignore b/.gitignore index f213c79b..b562c588 100644 --- a/.gitignore +++ b/.gitignore @@ -11,6 +11,16 @@ *.lib *.key *.pem +*.so +bin/3proxy +bin/proxy +bin/socks +bin/tcppm +bin/udppm +bin/pop3p +bin/smtpp +bin/ftppr +bin/mycrypt bin64/ dll/ tmp/ @@ -24,6 +34,8 @@ tmp/ res version.c version +version.sh +buildlinux.sh 3proxy.res src/3proxy @@ -44,7 +56,6 @@ doc/html/man8/ *.var verfile.sh Makefile -Changelog copytgz.sh *~.nib local.properties diff --git a/DEVEL b/DEVEL new file mode 100644 index 00000000..4be3a61d --- /dev/null +++ b/DEVEL @@ -0,0 +1 @@ +10-devel \ No newline at end of file diff --git a/Dockerfile.full b/Dockerfile.full new file mode 100644 index 00000000..e9f59a3b --- /dev/null +++ b/Dockerfile.full @@ -0,0 +1,55 @@ +# 3proxy.full is fully functional 3proxy build based on busibox:glibc +# +#to build: +# docker build -f Dockerfile.full -t 3proxy.full . +#to run: +# by default 3proxy uses safe chroot environment with chroot to /usr/local/3proxy with uid/gid 65535/65535 and expects +# configuration file to be placed in /usr/local/etc/3proxy. +# Paths in configuration file must be relative to /usr/local/3proxy, that is use /logs instead of +# /usr/local/3proxy/logs. nserver in chroot is required for DNS resolution. An example: +# +# echo nserver 8.8.8.8 >/path/to/local/config/directory/3proxy.cfg +# echo proxy -p3129 >>/path/to/local/config/directory/3proxy.cfg +# docker run -p 3129:3129 -v /path/to/local/config/directory:/usr/local/3proxy/conf -name 3proxy.full 3proxy.full +# +# /path/to/local/config/directory in this example must conrain 3proxy.cfg +# if you need 3proxy to be executed without chroot with root permissions, replace /etc/3proxy/3proxy.cfg by e.g. mounting config +# dir to /etc/3proxy ot by providing config file /etc/3proxy/3proxy.cfg +# docker run -p 3129:3129 -v /path/to/local/config/directory:/etc/3proxy -name 3proxy.full 3proxy.full +# +# use "log" without pathname in config to log to stdout. +# plugins are located in /usr/local/3proxy/libexec (/libexec for chroot config). + + +FROM gcc AS buildenv +COPY . 3proxy +RUN cd 3proxy &&\ + echo "">> Makefile.Linux &&\ + echo PLUGINS = StringsPlugin TrafficPlugin PCREPlugin TransparentPlugin SSLPlugin>>Makefile.Linux &&\ + echo LIBS = -l:libcrypto.a -l:libssl.a -ldl >>Makefile.Linux &&\ + make -f Makefile.Linux &&\ + strip bin/3proxy &&\ + strip bin/StringsPlugin.ld.so &&\ + strip bin/TrafficPlugin.ld.so &&\ + strip bin/PCREPlugin.ld.so &&\ + strip bin/TransparentPlugin.ld.so &&\ + strip bin/SSLPlugin.ld.so + +FROM busybox:glibc +COPY --from=buildenv /lib/x86_64-linux-gnu/libdl.so.* /lib/ +COPY --from=buildenv 3proxy/bin/3proxy /bin/ +COPY --from=buildenv 3proxy/bin/*.ld.so /usr/local/3proxy/libexec/ +RUN mkdir /usr/local/3proxy/logs &&\ + mkdir /usr/local/3proxy/conf &&\ + chown -R 65535:65535 /usr/local/3proxy &&\ + chmod -R 550 /usr/local/3proxy &&\ + chmod 750 /usr/local/3proxy/logs &&\ + chmod -R 555 /usr/local/3proxy/libexec &&\ + chown -R root /usr/local/3proxy/libexec &&\ + mkdir /etc/3proxy/ &&\ + echo chroot /usr/local/3proxy 65535 65535 >/etc/3proxy/3proxy.cfg &&\ + echo include /conf/3proxy.cfg >>/etc/3proxy/3proxy.cfg &&\ + chmod 440 /etc/3proxy/3proxy.cfg + + +CMD ["/bin/3proxy", "/etc/3proxy/3proxy.cfg"] diff --git a/Dockerfile.minimal b/Dockerfile.minimal new file mode 100644 index 00000000..4ea1d506 --- /dev/null +++ b/Dockerfile.minimal @@ -0,0 +1,42 @@ +# dockerfile for "interactive" minimal 3proxy execution, no configuration mounting is required, configuration +# is accepted from stdin. Use "end" command to indicate the end of configuration. Use "log" for stdout logging. +# +# This is busybox based docker with only 3proxy static executable and empty non-writable "run" directory. +# +# "plugin" is not supported +# +# Build: +# +# docker build -f Dockerfile.minimal -t 3proxy.minimal . +# +# Run example: +# +# docker run -i -p 3129:3129 --name 3proxy 3proxy.minimal +#or +# docker start -i 3proxy +#>Makefile.Linux&&\ + echo LDFLAGS = -fPIE -O2 -fno-strict-aliasing -pthread >>Makefile.Linux&&\ + echo PLUGINS = >>Makefile.Linux&&\ + echo LIBS = >>Makefile.Linux&&\ + echo CFLAGS = -g -fPIC -O2 -fno-strict-aliasing -c -pthread -DWITHSPLICE -D_GNU_SOURCE -DGETHOSTBYNAME_R -D_THREAD_SAFE -D_REENTRANT -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL -DWITH_NETFILTER -DNOPLUGINS >>Makefile.Linux&&\ + make -f Makefile.Linux&&\ + strip bin/3proxy + + +FROM busybox:glibc +COPY --from=buildenv /3proxy/bin/3proxy /bin/3proxy +RUN mkdir /run && chmod 555 /run +CMD ["/bin/3proxy"] diff --git a/Makefile.FreeBSD b/Makefile.FreeBSD index 0d004f42..5bab5a77 100644 --- a/Makefile.FreeBSD +++ b/Makefile.FreeBSD @@ -28,6 +28,7 @@ OBJSUFFICS = .o DEFINEOPTION = -D COMPFILES = *~ REMOVECOMMAND = rm -f +AFTERCLEAN = find src/ -type f -name "*.o" -delete && find src/ -type f -name "Makefile.var" -delete && find bin/ -type f -perm +111 -delete TYPECOMMAND = cat COMPATLIBS = MAKEFILE = Makefile.FreeBSD @@ -35,23 +36,105 @@ PLUGINS = StringsPlugin TrafficPlugin PCREPlugin PamAuth TransparentPlugin include Makefile.inc -install: all - if [ ! -d /usr/local/3proxy/bin ]; then mkdir -p /usr/local/3proxy/bin/; fi - install bin/3proxy /usr/local/3proxy/bin/3proxy - install bin/mycrypt /usr/local/3proxy/bin/mycrypt - install scripts/add3proxyuser.sh /usr/local/3proxy/bin/ - if [ -s /usr/local/etc/3proxy/3proxy.cfg ]; then - echo /usr/local/3proxy/3proxy.cfg already exists - else - install scripts/3proxy.cfg /usr/local/etc/3proxy/ - if [ ! -d /var/log/3proxy/ ]; then - mkdir /var/log/3proxy/ - fi - touch /usr/local/3proxy/passwd - touch /usr/local/3proxy/counters - touch /usr/local/3proxy/bandlimiters - echo Run /usr/local/3proxy/bin/add3proxyuser.sh to add \'admin\' user - fi allplugins: @list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ; cd ../.. ; done + +DESTDIR = +prefix = +exec_prefix = $(prefix) +man_prefix = /usr/share +chroot_prefix = /usr/local + +INSTALL = /usr/bin/install +INSTALL_BIN = $(INSTALL) -m 755 +INSTALL_DATA = $(INSTALL) -m 644 +INSTALL_OBJS = bin/3proxy \ + bin/ftppr \ + bin/mycrypt \ + bin/pop3p \ + bin/proxy \ + bin/socks \ + bin/tcppm \ + bin/udppm + + +INSTALL_CFG = scripts/3proxy.cfg.chroot +INSTALL_CFG_OBJS = scripts/3proxy.cfg \ + scripts/add3proxyuser.sh + +INSTALL_CFG_OBJS2 = counters bandlimiters + +INSTALL_INITD_SCRIPT = scripts/init.d/3proxy.sh +INSTALL_SYSTEMD_SCRIPT = scripts/3proxy.service + +CHROOTDIR = $(DESTDIR)$(chroot_prefix)/3proxy +CHROOTREL = ../..$(chroot_prefix)/3proxy +MANDIR1 = $(DESTDIR)$(man_prefix)/man/man1 +MANDIR3 = $(DESTDIR)$(man_prefix)/man/man3 +MANDIR8 = $(DESTDIR)$(man_prefix)/man/man8 +BINDIR = $(DESTDIR)$(exec_prefix)/bin +ETCDIR = $(DESTDIR)/etc/3proxy +INITDDIR = $(DESTDIR)/etc/init.d +RUNBASE = $(DESTDIR)/var/run +RUNDIR = $(RUNBASE)/3proxy +LOGBASE = $(DESTDIR)/var/log +LOGDIR = $(LOGBASE)/3proxy +INSTALL_CFG_DEST = $(ETCDIR)/conf +SYSTEMDDIR = $(DESTDIR)/usr/lib/systemd/system/ + +install-bin: + $(INSTALL_BIN) -d $(BINDIR) + $(INSTALL_BIN) -s $(INSTALL_OBJS) $(BINDIR) + $(INSTALL_BIN) -s bin/*.ld.so $(CHROOTDIR)/libexec + chmod -R a-w $(CHROOTDIR)/libexec + +install-etc-dir: + $(INSTALL_BIN) -d $(ETCDIR) + +install-chroot-dir: + $(INSTALL_BIN) -d $(CHROOTDIR) + $(INSTALL_BIN) -d $(CHROOTDIR)/conf + $(INSTALL_BIN) -d $(CHROOTDIR)/logs + $(INSTALL_BIN) -d $(CHROOTDIR)/count + $(INSTALL_BIN) -d $(CHROOTDIR)/libexec + chmod -R o-rwx $(CHROOTDIR) + +install-etc-default-config: + if [ ! -d $(INSTALL_CFG_DEST) ]; then \ + ln -s $(CHROOTREL)/conf $(INSTALL_CFG_DEST); \ + $(INSTALL_BIN) $(INSTALL_CFG) $(ETCDIR)/3proxy.cfg; \ + $(INSTALL_BIN) $(INSTALL_CFG_OBJS) $(INSTALL_CFG_DEST); \ + fi + +install-etc: install-etc-dir install-etc-default-config + for file in $(INSTALL_CFG_OBJS2); \ + do \ + touch $(INSTALL_CFG_DEST)/$$file; chmod 0600 $(INSTALL_CFG_DEST)/$$file; \ + done; + +install-man: + $(INSTALL_BIN) -d $(MANDIR3) + $(INSTALL_BIN) -d $(MANDIR8) + $(INSTALL_DATA) man/*.3 $(MANDIR3) + $(INSTALL_DATA) man/*.8 $(MANDIR8) + +install-init: + $(INSTALL_BIN) -d $(INITDDIR) + $(INSTALL_BIN) $(INSTALL_INITD_SCRIPT) $(INITDDIR)/3proxy + $(INSTALL_BIN) -d $(SYSTEMDDIR) + $(INSTALL_DATA) $(INSTALL_SYSTEMD_SCRIPT) $(SYSTEMDDIR) + +install-run: + $(INSTALL_BIN) -d $(RUNDIR) + +install-log: + $(INSTALL_BIN) -d $(LOGBASE) + @if [ ! -d $(LOGDIR) ]; then \ + ln -s $(CHROOTREL)/logs $(LOGDIR);\ + fi + +install: install-chroot-dir install-bin install-etc install-log install-man install-run install-init + @if [ "$(DESTDIR)" = "" ]; then \ + sh scripts/postinst; \ + fi diff --git a/Makefile.Linux b/Makefile.Linux index 45e4295f..ff763da4 100644 --- a/Makefile.Linux +++ b/Makefile.Linux @@ -12,7 +12,7 @@ CC = gcc CFLAGS = -g -fPIC -O2 -fno-strict-aliasing -c -pthread -DWITHSPLICE -D_GNU_SOURCE -DGETHOSTBYNAME_R -D_THREAD_SAFE -D_REENTRANT -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL -DWITH_NETFILTER COUT = -o -LN = gcc +LN = $(CC) DCFLAGS = LDFLAGS = -fPIE -O2 -fno-strict-aliasing -pthread DLFLAGS = -shared @@ -26,6 +26,7 @@ OBJSUFFICS = .o DEFINEOPTION = -D COMPFILES = *~ REMOVECOMMAND = rm -f +AFTERCLEAN = find src/ -type f -name "*.o" -delete && find src/ -type f -name "Makefile.var" -delete && find bin/ -type f -executable -delete TYPECOMMAND = cat COMPATLIBS = MAKEFILE = Makefile.Linux @@ -45,6 +46,7 @@ DESTDIR = prefix = exec_prefix = $(prefix) man_prefix = /usr/share +chroot_prefix = /usr/local INSTALL = /usr/bin/install INSTALL_BIN = $(INSTALL) -m 755 @@ -66,19 +68,22 @@ INSTALL_CFG_OBJS = scripts/3proxy.cfg \ INSTALL_CFG_OBJS2 = counters bandlimiters INSTALL_INITD_SCRIPT = scripts/init.d/3proxy.sh +INSTALL_SYSTEMD_SCRIPT = scripts/3proxy.service -CHROOTDIR = $(DESTDIR)/usr/local/3proxy +CHROOTDIR = $(DESTDIR)$(chroot_prefix)/3proxy +CHROOTREL = ../..$(chroot_prefix)/3proxy MANDIR1 = $(DESTDIR)$(man_prefix)/man/man1 MANDIR3 = $(DESTDIR)$(man_prefix)/man/man3 MANDIR8 = $(DESTDIR)$(man_prefix)/man/man8 BINDIR = $(DESTDIR)$(exec_prefix)/bin -ETCDIR = $(DESTDIR)$(prefix)/etc/3proxy -INITDDIR = $(DESTDIR)$(prefix)/etc/init.d -RUNBASE = $(DESTDIR)$(prefix)/var/run +ETCDIR = $(DESTDIR)/etc/3proxy +INITDDIR = $(DESTDIR)/etc/init.d +RUNBASE = $(DESTDIR)/var/run RUNDIR = $(RUNBASE)/3proxy -LOGBASE = $(DESTDIR)$(prefix)/var/log +LOGBASE = $(DESTDIR)/var/log LOGDIR = $(LOGBASE)/3proxy INSTALL_CFG_DEST = $(ETCDIR)/conf +SYSTEMDDIR = $(DESTDIR)/usr/lib/systemd/system/ install-bin: $(INSTALL_BIN) -d $(BINDIR) @@ -99,7 +104,7 @@ install-chroot-dir: install-etc-default-config: if [ ! -d $(INSTALL_CFG_DEST) ]; then \ - ln -s $(CHROOTDIR)/conf $(INSTALL_CFG_DEST); \ + ln -s $(CHROOTREL)/conf $(INSTALL_CFG_DEST); \ $(INSTALL_BIN) $(INSTALL_CFG) $(ETCDIR)/3proxy.cfg; \ $(INSTALL_BIN) $(INSTALL_CFG_OBJS) $(INSTALL_CFG_DEST); \ fi @@ -117,46 +122,22 @@ install-man: $(INSTALL_DATA) man/*.8 $(MANDIR8) install-init: - if [ -d $(INITDIR) ]; then \ - $(INSTALL_BIN) $(INSTALL_INITD_SCRIPT) $(INITDDIR)/3proxy; \ - fi - if [ -f /usr/sbin/update-rc.d ]; then \ - /usr/sbin/update-rc.d 3proxy defaults; \ - /usr/sbin/update-rc.d 3proxy enable; \ - fi + $(INSTALL_BIN) -d $(INITDDIR) + $(INSTALL_BIN) $(INSTALL_INITD_SCRIPT) $(INITDDIR)/3proxy + $(INSTALL_BIN) -d $(SYSTEMDDIR) + $(INSTALL_DATA) $(INSTALL_SYSTEMD_SCRIPT) $(SYSTEMDDIR) install-run: $(INSTALL_BIN) -d $(RUNDIR) install-log: - @if [ -d $(LOGBASE) ] && [ ! -d $(LOGDIR) ]; then \ - ln -s $(CHROOTDIR)/logs $(LOGDIR);\ + $(INSTALL_BIN) -d $(LOGBASE) + @if [ ! -d $(LOGDIR) ]; then \ + ln -s $(CHROOTREL)/logs $(LOGDIR);\ fi install: install-chroot-dir install-bin install-etc install-log install-man install-run install-init - @getent passwd proxy || useradd -UMr -s /bin/false -c 3proxy proxy - @if [ ! -f $(INSTALL_CFG_DEST)/passwd ]; then \ - touch $(INSTALL_CFG_DEST)/passwd;\ - fi - @chown -R proxy:proxy $(CHROOTDIR) - @chmod 550 $(CHROOTDIR)/ - @chmod 550 $(CHROOTDIR)/conf/ - @chmod 440 $(CHROOTDIR)/conf/* - @echo "" - @echo 3proxy installed. - @echo use - @echo " "service 3proxy start - @echo to start proxy - @echo " "service 3proxy stop - @echo to stop proxy - @echo " "$(INSTALL_CFG_DEST)/add3proxyuser.sh - @echo to add users - @echo "" - @echo Default config uses Google\'s DNS. - @echo It\'s recommended to use provider supplied DNS or install local recursor, e.g. pdns-recursor. - @echo Configure preferred DNS in $(INSTALL_CFG_DEST)/3proxy.cfg. - @echo run \'$(INSTALL_CFG_DEST)/add3proxyuser.sh admin password\' to configure \'admin\' user - @if [ -f /usr/sbin/service ]; then \ - /usr/sbin/service 3proxy stop ;\ - /usr/sbin/service 3proxy start ;\ + @if [ "$(DESTDIR)" = "" ]; then \ + sh scripts/debian/preinst; \ + sh scripts/debian/postinst; \ fi diff --git a/Makefile.Solaris b/Makefile.Solaris index 158ed7f1..8e84f20e 100644 --- a/Makefile.Solaris +++ b/Makefile.Solaris @@ -11,7 +11,7 @@ BUILDDIR = ../bin/ CC = cc CFLAGS = -xO3 -c -D_SOLARIS -D_THREAD_SAFE -DGETHOSTBYNAME_R -D_REENTRANT -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL COUT = -o ./ -LN = cc +LN = $(CC) LDFLAGS = -xO3 DCFLAGS = -fPIC DLFLAGS = -shared @@ -25,6 +25,7 @@ OBJSUFFICS = .o DEFINEOPTION = -D COMPFILES = *~ REMOVECOMMAND = rm -f +AFTERCLEAN = find src/ -type f -name "*.o" -delete && find src/ -type f -name "Makefile.var" -delete && find bin/ -type f -executable -delete TYPECOMMAND = cat COMPATLIBS = MAKEFILE = Makefile.Solaris @@ -34,3 +35,102 @@ include Makefile.inc allplugins: @list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ; cd ../.. ; done + +DESTDIR = +prefix = +exec_prefix = $(prefix) +man_prefix = /usr/share +chroot_prefix = /usr/local + +INSTALL = /usr/bin/install +INSTALL_BIN = $(INSTALL) -m 755 +INSTALL_DATA = $(INSTALL) -m 644 +INSTALL_OBJS = bin/3proxy \ + bin/ftppr \ + bin/mycrypt \ + bin/pop3p \ + bin/proxy \ + bin/socks \ + bin/tcppm \ + bin/udppm + + +INSTALL_CFG = scripts/3proxy.cfg.chroot +INSTALL_CFG_OBJS = scripts/3proxy.cfg \ + scripts/add3proxyuser.sh + +INSTALL_CFG_OBJS2 = counters bandlimiters + +INSTALL_INITD_SCRIPT = scripts/init.d/3proxy.sh +INSTALL_SYSTEMD_SCRIPT = scripts/3proxy.service + +CHROOTDIR = $(DESTDIR)$(chroot_prefix)/3proxy +CHROOTREL = ../..$(chroot_prefix)/3proxy +MANDIR1 = $(DESTDIR)$(man_prefix)/man/man1 +MANDIR3 = $(DESTDIR)$(man_prefix)/man/man3 +MANDIR8 = $(DESTDIR)$(man_prefix)/man/man8 +BINDIR = $(DESTDIR)$(exec_prefix)/bin +ETCDIR = $(DESTDIR)/etc/3proxy +INITDDIR = $(DESTDIR)/etc/init.d +RUNBASE = $(DESTDIR)/var/run +RUNDIR = $(RUNBASE)/3proxy +LOGBASE = $(DESTDIR)/var/log +LOGDIR = $(LOGBASE)/3proxy +INSTALL_CFG_DEST = $(ETCDIR)/conf +SYSTEMDDIR = $(DESTDIR)/usr/lib/systemd/system/ + +install-bin: + $(INSTALL_BIN) -d $(BINDIR) + $(INSTALL_BIN) -s $(INSTALL_OBJS) $(BINDIR) + $(INSTALL_BIN) -s bin/*.ld.so $(CHROOTDIR)/libexec + chmod -R a-w $(CHROOTDIR)/libexec + +install-etc-dir: + $(INSTALL_BIN) -d $(ETCDIR) + +install-chroot-dir: + $(INSTALL_BIN) -d $(CHROOTDIR) + $(INSTALL_BIN) -d $(CHROOTDIR)/conf + $(INSTALL_BIN) -d $(CHROOTDIR)/logs + $(INSTALL_BIN) -d $(CHROOTDIR)/count + $(INSTALL_BIN) -d $(CHROOTDIR)/libexec + chmod -R o-rwx $(CHROOTDIR) + +install-etc-default-config: + if [ ! -d $(INSTALL_CFG_DEST) ]; then \ + ln -s $(CHROOTREL)/conf $(INSTALL_CFG_DEST); \ + $(INSTALL_BIN) $(INSTALL_CFG) $(ETCDIR)/3proxy.cfg; \ + $(INSTALL_BIN) $(INSTALL_CFG_OBJS) $(INSTALL_CFG_DEST); \ + fi + +install-etc: install-etc-dir install-etc-default-config + for file in $(INSTALL_CFG_OBJS2); \ + do \ + touch $(INSTALL_CFG_DEST)/$$file; chmod 0600 $(INSTALL_CFG_DEST)/$$file; \ + done; + +install-man: + $(INSTALL_BIN) -d $(MANDIR3) + $(INSTALL_BIN) -d $(MANDIR8) + $(INSTALL_DATA) man/*.3 $(MANDIR3) + $(INSTALL_DATA) man/*.8 $(MANDIR8) + +install-init: + $(INSTALL_BIN) -d $(INITDDIR) + $(INSTALL_BIN) $(INSTALL_INITD_SCRIPT) $(INITDDIR)/3proxy + $(INSTALL_BIN) -d $(SYSTEMDDIR) + $(INSTALL_DATA) $(INSTALL_SYSTEMD_SCRIPT) $(SYSTEMDDIR) + +install-run: + $(INSTALL_BIN) -d $(RUNDIR) + +install-log: + $(INSTALL_BIN) -d $(LOGBASE) + @if [ ! -d $(LOGDIR) ]; then \ + ln -s $(CHROOTREL)/logs $(LOGDIR);\ + fi + +install: install-chroot-dir install-bin install-etc install-log install-man install-run install-init + @if [ "$(DESTDIR)" = "" ]; then \ + sh scripts/postinst; \ + fi diff --git a/Makefile.Solaris-gcc b/Makefile.Solaris-gcc index 65ded9bb..6d3bba3c 100644 --- a/Makefile.Solaris-gcc +++ b/Makefile.Solaris-gcc @@ -12,7 +12,7 @@ BUILDDIR = ../bin/ CC = gcc CFLAGS = -O2 -fno-strict-aliasing -c -D_SOLARIS -D_THREAD_SAFE -DGETHOSTBYNAME_R -D_REENTRANT -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL COUT = -o ./ -LN = gcc +LN = $(CC) LDFLAGS = -O3 DCFLAGS = -fPIC DLFLAGS = -shared @@ -26,6 +26,7 @@ OBJSUFFICS = .o DEFINEOPTION = -D COMPFILES = *~ REMOVECOMMAND = rm -f +AFTERCLEAN = find src/ -type f -name "*.o" -delete && find src/ -type f -name "Makefile.var" -delete && find bin/ -type f -executable -delete TYPECOMMAND = cat COMPATLIBS = MAKEFILE = Makefile.Solaris-gcc @@ -35,3 +36,102 @@ include Makefile.inc allplugins: @list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ; cd ../.. ; done + +DESTDIR = +prefix = +exec_prefix = $(prefix) +man_prefix = /usr/share +chroot_prefix = /usr/local + +INSTALL = /usr/bin/install +INSTALL_BIN = $(INSTALL) -m 755 +INSTALL_DATA = $(INSTALL) -m 644 +INSTALL_OBJS = bin/3proxy \ + bin/ftppr \ + bin/mycrypt \ + bin/pop3p \ + bin/proxy \ + bin/socks \ + bin/tcppm \ + bin/udppm + + +INSTALL_CFG = scripts/3proxy.cfg.chroot +INSTALL_CFG_OBJS = scripts/3proxy.cfg \ + scripts/add3proxyuser.sh + +INSTALL_CFG_OBJS2 = counters bandlimiters + +INSTALL_INITD_SCRIPT = scripts/init.d/3proxy.sh +INSTALL_SYSTEMD_SCRIPT = scripts/3proxy.service + +CHROOTDIR = $(DESTDIR)$(chroot_prefix)/3proxy +CHROOTREL = ../..$(chroot_prefix)/3proxy +MANDIR1 = $(DESTDIR)$(man_prefix)/man/man1 +MANDIR3 = $(DESTDIR)$(man_prefix)/man/man3 +MANDIR8 = $(DESTDIR)$(man_prefix)/man/man8 +BINDIR = $(DESTDIR)$(exec_prefix)/bin +ETCDIR = $(DESTDIR)/etc/3proxy +INITDDIR = $(DESTDIR)/etc/init.d +RUNBASE = $(DESTDIR)/var/run +RUNDIR = $(RUNBASE)/3proxy +LOGBASE = $(DESTDIR)/var/log +LOGDIR = $(LOGBASE)/3proxy +INSTALL_CFG_DEST = $(ETCDIR)/conf +SYSTEMDDIR = $(DESTDIR)/usr/lib/systemd/system/ + +install-bin: + $(INSTALL_BIN) -d $(BINDIR) + $(INSTALL_BIN) -s $(INSTALL_OBJS) $(BINDIR) + $(INSTALL_BIN) -s bin/*.ld.so $(CHROOTDIR)/libexec + chmod -R a-w $(CHROOTDIR)/libexec + +install-etc-dir: + $(INSTALL_BIN) -d $(ETCDIR) + +install-chroot-dir: + $(INSTALL_BIN) -d $(CHROOTDIR) + $(INSTALL_BIN) -d $(CHROOTDIR)/conf + $(INSTALL_BIN) -d $(CHROOTDIR)/logs + $(INSTALL_BIN) -d $(CHROOTDIR)/count + $(INSTALL_BIN) -d $(CHROOTDIR)/libexec + chmod -R o-rwx $(CHROOTDIR) + +install-etc-default-config: + if [ ! -d $(INSTALL_CFG_DEST) ]; then \ + ln -s $(CHROOTREL)/conf $(INSTALL_CFG_DEST); \ + $(INSTALL_BIN) $(INSTALL_CFG) $(ETCDIR)/3proxy.cfg; \ + $(INSTALL_BIN) $(INSTALL_CFG_OBJS) $(INSTALL_CFG_DEST); \ + fi + +install-etc: install-etc-dir install-etc-default-config + for file in $(INSTALL_CFG_OBJS2); \ + do \ + touch $(INSTALL_CFG_DEST)/$$file; chmod 0600 $(INSTALL_CFG_DEST)/$$file; \ + done; + +install-man: + $(INSTALL_BIN) -d $(MANDIR3) + $(INSTALL_BIN) -d $(MANDIR8) + $(INSTALL_DATA) man/*.3 $(MANDIR3) + $(INSTALL_DATA) man/*.8 $(MANDIR8) + +install-init: + $(INSTALL_BIN) -d $(INITDDIR) + $(INSTALL_BIN) $(INSTALL_INITD_SCRIPT) $(INITDDIR)/3proxy + $(INSTALL_BIN) -d $(SYSTEMDDIR) + $(INSTALL_DATA) $(INSTALL_SYSTEMD_SCRIPT) $(SYSTEMDDIR) + +install-run: + $(INSTALL_BIN) -d $(RUNDIR) + +install-log: + $(INSTALL_BIN) -d $(LOGBASE) + @if [ ! -d $(LOGDIR) ]; then \ + ln -s $(CHROOTREL)/logs $(LOGDIR);\ + fi + +install: install-chroot-dir install-bin install-etc install-log install-man install-run install-init + @if [ "$(DESTDIR)" = "" ]; then \ + sh scripts/postinst; \ + fi diff --git a/Makefile.inc b/Makefile.inc index 4e088ee3..928aecd7 100644 --- a/Makefile.inc +++ b/Makefile.inc @@ -3,10 +3,11 @@ # all: - $(TYPECOMMAND) $(MAKEFILE) > src/Makefile.var + @$(TYPECOMMAND) $(MAKEFILE) > src/Makefile.var @cd src && $(MAKE) clean: - @$(REMOVECOMMAND) *$(OBJSUFFICS) $(COMPFILES) - @cd src && $(MAKE) clean + @cd src && $(REMOVECOMMAND) *$(OBJSUFFICS) $(COMPFILES) && cd .. + @$(AFTERCLEAN) + diff --git a/Makefile.intl b/Makefile.intl deleted file mode 100644 index 56ab7d9c..00000000 --- a/Makefile.intl +++ /dev/null @@ -1,33 +0,0 @@ -# -# 3 proxy Makefile for Intel C compiler for Windows (for both make and nmake) -# -# You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc -# libraries -# -# Add /DSAFESQL to CFLAGS if you are using poorely written/tested ODBC driver - - -BUILDDIR = ../bin/ -CC = icl -CFLAGS = /nologo /MD /W3 /G6 /GX /O2 /D "WITH_STD_MALLOC" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /Fp"proxy.pch" /YX /FD /c -COUT = /Fo -LN = xilink -LDFLAGS = /nologo /subsystem:console /incremental:no /machine:I386 -LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib -DLFLAGS = /DLL -DLSUFFICS = .dll -LNOUT = /out: -EXESUFFICS = .exe -OBJSUFFICS = .obj -DEFINEOPTION = /D -COMPFILES = *.pch *.idb -REMOVECOMMAND = del 2>NUL -TYPECOMMAND = type -COMPATLIBS = -MAKEFILE = Makefile.intl -PLUGINS = WindowsAuthentication TrafficPlugin PCREPlugin - -include Makefile.inc - -allplugins: - for /D %%i in ($(PLUGINS)) do (copy Makefile Makefile.var plugins\%%i && cd plugins\%%i && nmake && del *.obj *.idb &&cd ..\..) diff --git a/Makefile.llvm b/Makefile.llvm index f3b892ed..a4d2115c 100644 --- a/Makefile.llvm +++ b/Makefile.llvm @@ -12,7 +12,7 @@ BUILDDIR = ../bin/ CC = clang CFLAGS = -O2 -fno-strict-aliasing -c -pthread -static -DWITH_STD_MALLOC -DNOIPV6 COUT = -o -LN = clang +LN = $(CC) LDFLAGS = -O2 -fno-strict-aliasing -static -s DLFLAGS = -shared DLSUFFICS = .dll @@ -25,6 +25,7 @@ OBJSUFFICS = .o DEFINEOPTION = -D COMPFILES = *.tmp REMOVECOMMAND = rm -f +AFTERCLEAN = find src/ -type f -name "*.o" -delete && find src/ -type f -name "Makefile.var" -delete && find bin/ -type f -executable -delete TYPECOMMAND = cat COMPATLIBS = MAKEFILE = Makefile.win @@ -34,3 +35,102 @@ include Makefile.inc allplugins: for /D %%i in ($(PLUGINS)) do (copy Makefile plugins\%%i && copy Makefile.var plugins\%%i && cd plugins\%%i && nmake && del *.o &&cd ..\..) + +DESTDIR = +prefix = +exec_prefix = $(prefix) +man_prefix = /usr/share +chroot_prefix = /usr/local + +INSTALL = /usr/bin/install +INSTALL_BIN = $(INSTALL) -m 755 +INSTALL_DATA = $(INSTALL) -m 644 +INSTALL_OBJS = bin/3proxy \ + bin/ftppr \ + bin/mycrypt \ + bin/pop3p \ + bin/proxy \ + bin/socks \ + bin/tcppm \ + bin/udppm + + +INSTALL_CFG = scripts/3proxy.cfg.chroot +INSTALL_CFG_OBJS = scripts/3proxy.cfg \ + scripts/add3proxyuser.sh + +INSTALL_CFG_OBJS2 = counters bandlimiters + +INSTALL_INITD_SCRIPT = scripts/init.d/3proxy.sh +INSTALL_SYSTEMD_SCRIPT = scripts/3proxy.service + +CHROOTDIR = $(DESTDIR)$(chroot_prefix)/3proxy +CHROOTREL = ../..$(chroot_prefix)/3proxy +MANDIR1 = $(DESTDIR)$(man_prefix)/man/man1 +MANDIR3 = $(DESTDIR)$(man_prefix)/man/man3 +MANDIR8 = $(DESTDIR)$(man_prefix)/man/man8 +BINDIR = $(DESTDIR)$(exec_prefix)/bin +ETCDIR = $(DESTDIR)/etc/3proxy +INITDDIR = $(DESTDIR)/etc/init.d +RUNBASE = $(DESTDIR)/var/run +RUNDIR = $(RUNBASE)/3proxy +LOGBASE = $(DESTDIR)/var/log +LOGDIR = $(LOGBASE)/3proxy +INSTALL_CFG_DEST = $(ETCDIR)/conf +SYSTEMDDIR = $(DESTDIR)/usr/lib/systemd/system/ + +install-bin: + $(INSTALL_BIN) -d $(BINDIR) + $(INSTALL_BIN) -s $(INSTALL_OBJS) $(BINDIR) + $(INSTALL_BIN) -s bin/*.ld.so $(CHROOTDIR)/libexec + chmod -R a-w $(CHROOTDIR)/libexec + +install-etc-dir: + $(INSTALL_BIN) -d $(ETCDIR) + +install-chroot-dir: + $(INSTALL_BIN) -d $(CHROOTDIR) + $(INSTALL_BIN) -d $(CHROOTDIR)/conf + $(INSTALL_BIN) -d $(CHROOTDIR)/logs + $(INSTALL_BIN) -d $(CHROOTDIR)/count + $(INSTALL_BIN) -d $(CHROOTDIR)/libexec + chmod -R o-rwx $(CHROOTDIR) + +install-etc-default-config: + if [ ! -d $(INSTALL_CFG_DEST) ]; then \ + ln -s $(CHROOTREL)/conf $(INSTALL_CFG_DEST); \ + $(INSTALL_BIN) $(INSTALL_CFG) $(ETCDIR)/3proxy.cfg; \ + $(INSTALL_BIN) $(INSTALL_CFG_OBJS) $(INSTALL_CFG_DEST); \ + fi + +install-etc: install-etc-dir install-etc-default-config + for file in $(INSTALL_CFG_OBJS2); \ + do \ + touch $(INSTALL_CFG_DEST)/$$file; chmod 0600 $(INSTALL_CFG_DEST)/$$file; \ + done; + +install-man: + $(INSTALL_BIN) -d $(MANDIR3) + $(INSTALL_BIN) -d $(MANDIR8) + $(INSTALL_DATA) man/*.3 $(MANDIR3) + $(INSTALL_DATA) man/*.8 $(MANDIR8) + +install-init: + $(INSTALL_BIN) -d $(INITDDIR) + $(INSTALL_BIN) $(INSTALL_INITD_SCRIPT) $(INITDDIR)/3proxy + $(INSTALL_BIN) -d $(SYSTEMDDIR) + $(INSTALL_DATA) $(INSTALL_SYSTEMD_SCRIPT) $(SYSTEMDDIR) + +install-run: + $(INSTALL_BIN) -d $(RUNDIR) + +install-log: + $(INSTALL_BIN) -d $(LOGBASE) + @if [ ! -d $(LOGDIR) ]; then \ + ln -s $(CHROOTREL)/logs $(LOGDIR);\ + fi + +install: install-chroot-dir install-bin install-etc install-log install-man install-run install-init + @if [ "$(DESTDIR)" = "" ]; then \ + sh scripts/postinst; \ + fi diff --git a/Makefile.msvc b/Makefile.msvc index b33e3fb7..08db98fc 100644 --- a/Makefile.msvc +++ b/Makefile.msvc @@ -8,7 +8,7 @@ BUILDDIR = ../bin/ CC = cl -CFLAGS = /nologo /MT /W3 /Ox /GS /EHs- /GA /GF /D "MSVC" /D "WITH_STD_MALLOC" /D "WITH_WSAPOLL" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /D "PRINTF_INT64_MODIFIER=\"I64\"" /Fp"proxy.pch" /FD /c $(VERSION) $(BUILDDATE) +CFLAGS = /nologo /MT /W3 /Ox /GS /EHs- /GA /GF /D "MSVC" /D "WITH_STD_MALLOC" /D "WITH_WSAPOLL" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /Fp"proxy.pch" /FD /c $(VERSION) $(BUILDDATE) COUT = /Fo LN = link LDFLAGS = /nologo /subsystem:console /incremental:no /machine:I386 @@ -24,23 +24,21 @@ EXESUFFICS = .exe OBJSUFFICS = .obj DEFINEOPTION = /D COMPFILES = *.pch *.idb -REMOVECOMMAND = del 2>NUL >NUL +REMOVECOMMAND = del TYPECOMMAND = type COMPATLIBS = MAKEFILE = Makefile.msvc PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin FilePlugin SSLPlugin -VERFILE = $(VERFILE) +VERFILE = 3proxy.res $(VERFILE) VERSION = $(VERSION) +VERSIONDEP = 3proxy.res $(VERSIONDEP) BUILDDATE = $(BUILDDATE) - +AFTERCLEAN = if exist src\*.res (del src\*.res) && if exist src\*.err (del src\*.err) include Makefile.inc -../3proxy.res: - rc /fo../3proxy.res ../3proxy.rc $(VERSION) $(BUILDDATE) - -3proxyres.obj: ../3proxy.res - cvtres /out:3proxyres.obj /MACHINE:I386 ../3proxy.res +3proxy.res: + rc 3proxy.rc allplugins: for /D %%i in ($(PLUGINS)) do (copy Makefile plugins\%%i && copy Makefile.var plugins\%%i && cd plugins\%%i && nmake && del *.obj *.idb &&cd ..\..) diff --git a/Makefile.msvc64 b/Makefile.msvc64 index 92f9e6b7..b9e0f074 100644 --- a/Makefile.msvc64 +++ b/Makefile.msvc64 @@ -8,7 +8,7 @@ BUILDDIR = ../bin64/ CC = cl -CFLAGS = /nologo /MT /W3 /Ox /EHs- /GS /GA /GF /D "MSVC" /D "WITH_STD_MALLOC" /D "WITH_WSAPOLL" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /D "PRINTF_INT64_MODIFIER=\"I64\"" /Fp"proxy.pch" /FD /c $(VERSION) $(BUILDDATE) +CFLAGS = /nologo /MT /W3 /Ox /EHs- /GS /GA /GF /D "MSVC" /D "WITH_STD_MALLOC" /D "WITH_WSAPOLL" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /Fp"proxy.pch" /FD /c $(VERSION) $(BUILDDATE) COUT = /Fo LN = link LDFLAGS = /nologo /subsystem:console /incremental:no /machine:x64 @@ -27,20 +27,15 @@ COMPFILES = *.pch *.idb REMOVECOMMAND = del 2>NUL >NUL TYPECOMMAND = type COMPATLIBS = -MAKEFILE = Makefile.msvc64 +VERFILE = 3proxy.res $(VERFILE) +VERSIONDEP = 3proxy.res $(VERSIONDEP) PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin FilePlugin SSLPlugin -VERFILE = $(VERFILE) - -#../3proxy.res: -# rc /fo../3proxy.res ../3proxy.rc - -#3proxyres.obj: ../3proxy.res -# cvtres /out:3proxyres.obj /MACHINE:X64 ../3proxy.res +AFTERCLEAN = del src\*.res include Makefile.inc -../3proxy.res: - rc /fo../3proxy.res ../3proxy.rc $(VERSION) $(BUILDDATE) +3proxy.res: + rc 3proxy.rc 3proxyres.obj: ../3proxy.res cvtres /out:3proxyres.obj /machine:x64 ../3proxy.res diff --git a/Makefile.msvcARM64 b/Makefile.msvcARM64 index 9eb1e651..2897a351 100644 --- a/Makefile.msvcARM64 +++ b/Makefile.msvcARM64 @@ -8,7 +8,7 @@ BUILDDIR = ../bin64/ CC = cl -CFLAGS = /nologo /MT /W3 /Ox /EHs- /GS /GA /GF /D "MSVC" /D "WITH_STD_MALLOC" /D "WITH_WSAPOLL" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /D "PRINTF_INT64_MODIFIER=\"I64\"" /Fp"proxy.pch" /FD /c $(VERSION) $(BUILDDATE) +CFLAGS = /nologo /MT /W3 /Ox /EHs- /GS /GA /GF /D "MSVC" /D "WITH_STD_MALLOC" /D "WITH_WSAPOLL" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /Fp"proxy.pch" /FD /c $(VERSION) $(BUILDDATE) COUT = /Fo LN = link LDFLAGS = /nologo /subsystem:console /incremental:no /machine:arm64 @@ -29,18 +29,15 @@ TYPECOMMAND = type COMPATLIBS = MAKEFILE = Makefile.msvcARM64 PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin FilePlugin -VERFILE = $(VERFILE) +VERFILE = 3proxy.res $(VERFILE) +VERSIONDEP = 3proxy.res $(VERSIONDEP) +AFTERCLEAN = del src\*.res -#../3proxy.res: -# rc /fo../3proxy.res ../3proxy.rc - -#3proxyres.obj: ../3proxy.res -# cvtres /out:3proxyres.obj /MACHINE:X64 ../3proxy.res include Makefile.inc -../3proxy.res: - rc /fo../3proxy.res ../3proxy.rc $(VERSION) $(BUILDDATE) +3proxy.res: + rc 3proxy.rc 3proxyres.obj: ../3proxy.res cvtres /out:3proxyres.obj /machine:x64 ../3proxy.res diff --git a/Makefile.msvcCE b/Makefile.msvcCE deleted file mode 100644 index bbff3fae..00000000 --- a/Makefile.msvcCE +++ /dev/null @@ -1,35 +0,0 @@ -# -# 3 proxy Makefile for Microsoft Visual C compiler (for both make and nmake) -# -# You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc -# libraries -# -# Add /DSAFESQL to CFLAGS if you are using poorely written/tested ODBC driver - -BUILDDIR = ../bin/ -CC = cl -CFLAGS = /DARM /D "NOODBC" /nologo /MT /W3 /Wp64 /Ox /GS /EHs- /GA /GF /D "MSVC" /D "_WINCE" /D "WITH_STD_MALLOC" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /D "PRINTF_INT64_MODIFIER=\"I64\"" /Fp"proxy.pch" /FD /c -COUT = /Fo -LN = link -LDFLAGS = /nologo /subsystem:console /incremental:no -DLFLAGS = /DLL -DLSUFFICS = .dll -LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib -LIBEXT = .lib -LNOUT = /out: -EXESUFFICS = .exe -OBJSUFFICS = .obj -DEFINEOPTION = /D -COMPFILES = *.pch *.idb -REMOVECOMMAND = del 2>NUL >NUL -TYPECOMMAND = type -COMPATLIBS = -MAKEFILE = Makefile.msvc -PLUGINS = WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin - - -include Makefile.inc - -allplugins: - for /D %%i in ($(PLUGINS)) do (copy Makefile plugins\%%i && copy Makefile.var plugins\%%i && cd plugins\%%i && nmake && del *.obj *.idb &&cd ..\..) - \ No newline at end of file diff --git a/Makefile.openwrt-mips b/Makefile.openwrt-mips index 3445b440..e6eecc5f 100644 --- a/Makefile.openwrt-mips +++ b/Makefile.openwrt-mips @@ -12,7 +12,7 @@ CC = mips-openwrt-linux-gcc CFLAGS = -g -O2 -fno-strict-aliasing -c -pthread -DGETHOSTBYNAME_R -D_THREAD_SAFE -D_REENTRANT -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL -DWITH_NETFILTER COUT = -o -LN = mips-openwrt-linux-gcc +LN = $(CC) DCFLAGS = -fPIC LDFLAGS = -O2 -fno-strict-aliasing -pthread -s DLFLAGS = -shared @@ -26,6 +26,7 @@ OBJSUFFICS = .o DEFINEOPTION = -D COMPFILES = *~ REMOVECOMMAND = rm -f +AFTERCLEAN = find src/ -type f -name "*.o" -delete && find src/ -type f -name "Makefile.var" -delete && find bin/ -type f -executable -delete TYPECOMMAND = cat COMPATLIBS = MAKEFILE = Makefile.openwrt-mips @@ -42,53 +43,76 @@ allplugins: @list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ; cd ../.. ; done DESTDIR = -prefix = /usr/local +prefix = exec_prefix = $(prefix) -man_prefix = $(prefix)/share +man_prefix = /usr/share +chroot_prefix = /usr/local INSTALL = /usr/bin/install INSTALL_BIN = $(INSTALL) -m 755 INSTALL_DATA = $(INSTALL) -m 644 -INSTALL_OBJS = src/3proxy \ - src/ftppr \ - src/mycrypt \ - src/pop3p \ - src/proxy \ - src/socks \ - src/tcppm \ - src/udppm +INSTALL_OBJS = bin/3proxy \ + bin/ftppr \ + bin/mycrypt \ + bin/pop3p \ + bin/proxy \ + bin/socks \ + bin/tcppm \ + bin/udppm +INSTALL_CFG = scripts/3proxy.cfg.chroot INSTALL_CFG_OBJS = scripts/3proxy.cfg \ scripts/add3proxyuser.sh -INSTALL_CFG_DEST = config -INSTALL_CFG_OBJS2 = passwd counters bandlimiters +INSTALL_CFG_OBJS2 = counters bandlimiters +INSTALL_INITD_SCRIPT = scripts/init.d/3proxy.sh +INSTALL_SYSTEMD_SCRIPT = scripts/3proxy.service + +CHROOTDIR = $(DESTDIR)$(chroot_prefix)/3proxy +CHROOTREL = ../..$(chroot_prefix)/3proxy MANDIR1 = $(DESTDIR)$(man_prefix)/man/man1 MANDIR3 = $(DESTDIR)$(man_prefix)/man/man3 MANDIR8 = $(DESTDIR)$(man_prefix)/man/man8 BINDIR = $(DESTDIR)$(exec_prefix)/bin -ETCDIR = $(DESTDIR)$(prefix)/etc/3proxy +ETCDIR = $(DESTDIR)/etc/3proxy +INITDDIR = $(DESTDIR)/etc/init.d +RUNBASE = $(DESTDIR)/var/run +RUNDIR = $(RUNBASE)/3proxy +LOGBASE = $(DESTDIR)/var/log +LOGDIR = $(LOGBASE)/3proxy +INSTALL_CFG_DEST = $(ETCDIR)/conf +SYSTEMDDIR = $(DESTDIR)/usr/lib/systemd/system/ install-bin: $(INSTALL_BIN) -d $(BINDIR) $(INSTALL_BIN) -s $(INSTALL_OBJS) $(BINDIR) + $(INSTALL_BIN) -s bin/*.ld.so $(CHROOTDIR)/libexec + chmod -R a-w $(CHROOTDIR)/libexec install-etc-dir: $(INSTALL_BIN) -d $(ETCDIR) +install-chroot-dir: + $(INSTALL_BIN) -d $(CHROOTDIR) + $(INSTALL_BIN) -d $(CHROOTDIR)/conf + $(INSTALL_BIN) -d $(CHROOTDIR)/logs + $(INSTALL_BIN) -d $(CHROOTDIR)/count + $(INSTALL_BIN) -d $(CHROOTDIR)/libexec + chmod -R o-rwx $(CHROOTDIR) + install-etc-default-config: - if [ -f $(ETCDIR)/$(INSTALL_CFG_DEST) ]; then \ - : ; \ - else \ - $(INSTALL_DATA) $(INSTALL_CFG_OBJS) $(ETCDIR)/$(INSTALL_CFG_DEST) \ + if [ ! -d $(INSTALL_CFG_DEST) ]; then \ + ln -s $(CHROOTREL)/conf $(INSTALL_CFG_DEST); \ + $(INSTALL_BIN) $(INSTALL_CFG) $(ETCDIR)/3proxy.cfg; \ + $(INSTALL_BIN) $(INSTALL_CFG_OBJS) $(INSTALL_CFG_DEST); \ fi -install-etc: install-etc-dir +install-etc: install-etc-dir install-etc-default-config for file in $(INSTALL_CFG_OBJS2); \ do \ - touch $(ETCDIR)/$$file; chmod 0600 $(ETCDIR)/$$file; \ + touch $(INSTALL_CFG_DEST)/$$file; chmod 0600 $(INSTALL_CFG_DEST)/$$file; \ done; install-man: @@ -97,5 +121,22 @@ install-man: $(INSTALL_DATA) man/*.3 $(MANDIR3) $(INSTALL_DATA) man/*.8 $(MANDIR8) -install: install-bin install-etc install-man +install-init: + $(INSTALL_BIN) -d $(INITDDIR) + $(INSTALL_BIN) $(INSTALL_INITD_SCRIPT) $(INITDDIR)/3proxy + $(INSTALL_BIN) -d $(SYSTEMDDIR) + $(INSTALL_DATA) $(INSTALL_SYSTEMD_SCRIPT) $(SYSTEMDDIR) + +install-run: + $(INSTALL_BIN) -d $(RUNDIR) +install-log: + $(INSTALL_BIN) -d $(LOGBASE) + @if [ ! -d $(LOGDIR) ]; then \ + ln -s $(CHROOTREL)/logs $(LOGDIR);\ + fi + +install: install-chroot-dir install-bin install-etc install-log install-man install-run install-init + @if [ "$(DESTDIR)" = "" ]; then \ + sh scripts/postinst; \ + fi diff --git a/Makefile.unix b/Makefile.unix index cb26a0c2..742c5aa9 100644 --- a/Makefile.unix +++ b/Makefile.unix @@ -13,7 +13,7 @@ CC = gcc # you may need -L/usr/pkg/lib for older NetBSD versions CFLAGS = -g -O2 -fno-strict-aliasing -c -pthread -D_THREAD_SAFE -D_REENTRANT -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL COUT = -o -LN = gcc +LN = $(CC) LDFLAGS = -O2 -fno-strict-aliasing -pthread # -lpthreads may be reuqired on some platforms instead of -pthreads # -ldl or -lld may be required for some platforms @@ -29,6 +29,7 @@ OBJSUFFICS = .o DEFINEOPTION = -D COMPFILES = *~ REMOVECOMMAND = rm -f +AFTERCLEAN = find src/ -type f -name "*.o" -delete && find src/ -type f -name "Makefile.var" -delete && find bin/ -type f -executable -delete TYPECOMMAND = cat COMPATLIBS = MAKEFILE = Makefile.unix @@ -36,24 +37,104 @@ PLUGINS = StringsPlugin TrafficPlugin PCREPlugin PamAuth TransparentPlugin include Makefile.inc -install: all - if [ ! -d /usr/local/etc/3proxy/bin ]; then mkdir -p /usr/local/etc/3proxy/bin/; fi - install bin/3proxy /usr/local/etc/3proxy/bin/3proxy - install bin/mycrypt /usr/local/etc/3proxy/bin/mycrypt - install scripts/rc.d/proxy.sh /usr/local/etc/rc.d/proxy.sh - install scripts/add3proxyuser.sh /usr/local/etc/3proxy/bin/ - if [ -s /usr/local/etc/3proxy/3proxy.cfg ]; then - echo /usr/local/etc/3proxy/3proxy.cfg already exists - else - install scripts/3proxy.cfg /usr/local/etc/3proxy/ - if [ ! -d /var/log/3proxy/ ]; then - mkdir /var/log/3proxy/ +allplugins: + @list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ; cd ../.. ; done + +DESTDIR = +prefix = +exec_prefix = $(prefix) +man_prefix = /usr/share +chroot_prefix = /usr/local + +INSTALL = /usr/bin/install +INSTALL_BIN = $(INSTALL) -m 755 +INSTALL_DATA = $(INSTALL) -m 644 +INSTALL_OBJS = bin/3proxy \ + bin/ftppr \ + bin/mycrypt \ + bin/pop3p \ + bin/proxy \ + bin/socks \ + bin/tcppm \ + bin/udppm + + +INSTALL_CFG = scripts/3proxy.cfg.chroot +INSTALL_CFG_OBJS = scripts/3proxy.cfg \ + scripts/add3proxyuser.sh + +INSTALL_CFG_OBJS2 = counters bandlimiters + +INSTALL_INITD_SCRIPT = scripts/init.d/3proxy.sh +INSTALL_SYSTEMD_SCRIPT = scripts/3proxy.service + +CHROOTDIR = $(DESTDIR)$(chroot_prefix)/3proxy +CHROOTREL = ../..$(chroot_prefix)/3proxy +MANDIR1 = $(DESTDIR)$(man_prefix)/man/man1 +MANDIR3 = $(DESTDIR)$(man_prefix)/man/man3 +MANDIR8 = $(DESTDIR)$(man_prefix)/man/man8 +BINDIR = $(DESTDIR)$(exec_prefix)/bin +ETCDIR = $(DESTDIR)/etc/3proxy +INITDDIR = $(DESTDIR)/etc/init.d +RUNBASE = $(DESTDIR)/var/run +RUNDIR = $(RUNBASE)/3proxy +LOGBASE = $(DESTDIR)/var/log +LOGDIR = $(LOGBASE)/3proxy +INSTALL_CFG_DEST = $(ETCDIR)/conf +SYSTEMDDIR = $(DESTDIR)/usr/lib/systemd/system/ + +install-bin: + $(INSTALL_BIN) -d $(BINDIR) + $(INSTALL_BIN) -s $(INSTALL_OBJS) $(BINDIR) + $(INSTALL_BIN) -s bin/*.ld.so $(CHROOTDIR)/libexec + chmod -R a-w $(CHROOTDIR)/libexec + +install-etc-dir: + $(INSTALL_BIN) -d $(ETCDIR) + +install-chroot-dir: + $(INSTALL_BIN) -d $(CHROOTDIR) + $(INSTALL_BIN) -d $(CHROOTDIR)/conf + $(INSTALL_BIN) -d $(CHROOTDIR)/logs + $(INSTALL_BIN) -d $(CHROOTDIR)/count + $(INSTALL_BIN) -d $(CHROOTDIR)/libexec + chmod -R o-rwx $(CHROOTDIR) + +install-etc-default-config: + if [ ! -d $(INSTALL_CFG_DEST) ]; then \ + ln -s $(CHROOTREL)/conf $(INSTALL_CFG_DEST); \ + $(INSTALL_BIN) $(INSTALL_CFG) $(ETCDIR)/3proxy.cfg; \ + $(INSTALL_BIN) $(INSTALL_CFG_OBJS) $(INSTALL_CFG_DEST); \ fi - touch /usr/local/etc/3proxy/passwd - touch /usr/local/etc/3proxy/counters - touch /usr/local/etc/3proxy/bandlimiters - echo Run /usr/local/etc/3proxy/bin/add3proxyuser.sh to add \'admin\' user + +install-etc: install-etc-dir install-etc-default-config + for file in $(INSTALL_CFG_OBJS2); \ + do \ + touch $(INSTALL_CFG_DEST)/$$file; chmod 0600 $(INSTALL_CFG_DEST)/$$file; \ + done; + +install-man: + $(INSTALL_BIN) -d $(MANDIR3) + $(INSTALL_BIN) -d $(MANDIR8) + $(INSTALL_DATA) man/*.3 $(MANDIR3) + $(INSTALL_DATA) man/*.8 $(MANDIR8) + +install-init: + $(INSTALL_BIN) -d $(INITDDIR) + $(INSTALL_BIN) $(INSTALL_INITD_SCRIPT) $(INITDDIR)/3proxy + $(INSTALL_BIN) -d $(SYSTEMDDIR) + $(INSTALL_DATA) $(INSTALL_SYSTEMD_SCRIPT) $(SYSTEMDDIR) + +install-run: + $(INSTALL_BIN) -d $(RUNDIR) + +install-log: + $(INSTALL_BIN) -d $(LOGBASE) + @if [ ! -d $(LOGDIR) ]; then \ + ln -s $(CHROOTREL)/logs $(LOGDIR);\ fi -allplugins: - @list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ; cd ../.. ; done +install: install-chroot-dir install-bin install-etc install-log install-man install-run install-init + @if [ "$(DESTDIR)" = "" ]; then \ + sh scripts/postinst; \ + fi diff --git a/Makefile.unix-install b/Makefile.unix-install deleted file mode 100644 index d9c8fe08..00000000 --- a/Makefile.unix-install +++ /dev/null @@ -1,59 +0,0 @@ -DESTDIR = -prefix = /usr/local -exec_prefix = $(prefix) -man_prefix = $(prefix)/share - -INSTALL = /usr/bin/install -INSTALL_BIN = $(INSTALL) -m 755 -INSTALL_DATA = $(INSTALL) -m 644 -INSTALL_OBJS = bin/3proxy \ - bin/ftppr \ - bin/mycrypt \ - bin/pop3p \ - bin/proxy \ - bin/socks \ - bin/tcppm \ - bin/udppm \ - scripts/add3proxyuser.sh - -INSTALL_CFG_OBJS = scripts/3proxy.cfg -INSTALL_CFG_DEST = config - -INSTALL_CFG_OBJS2 = passwd counters bandlimiters - -MANDIR1 = $(DESTDIR)$(man_prefix)/man/man1 -MANDIR3 = $(DESTDIR)$(man_prefix)/man/man3 -MANDIR8 = $(DESTDIR)$(man_prefix)/man/man8 -BINDIR = $(DESTDIR)$(exec_prefix)/bin -ETCDIR = $(DESTDIR)$(prefix)/etc/3proxy - -install-bin: - $(INSTALL_BIN) -d $(BINDIR) - $(INSTALL_BIN) -s $(INSTALL_OBJS) $(BINDIR) - -install-etc-dir: - $(INSTALL_BIN) -d $(ETCDIR) - -install-etc-default-config: - if [ -f $(ETCDIR)/$(INSTALL_CFG_DEST) ]; then \ - : ; \ - else \ - $(INSTALL_DATA) $(INSTALL_CFG_OBJS) $(ETCDIR)/$(INSTALL_CFG_DEST) \ - fi - -install-etc: install-etc-dir - for file in $(INSTALL_CFG_OBJS2); \ - do \ - touch $(ETCDIR)/$$file; chmod 0600 $(ETCDIR)/$$file; \ - done; - -install-man: - $(INSTALL_BIN) -d $(MANDIR1) - $(INSTALL_BIN) -d $(MANDIR3) - $(INSTALL_BIN) -d $(MANDIR8) - $(INSTALL_DATA) man/*.1 $(MANDIR1) - $(INSTALL_DATA) man/*.3 $(MANDIR3) - $(INSTALL_DATA) man/*.8 $(MANDIR8) - -install: install-bin install-etc install-man - diff --git a/Makefile.watcom b/Makefile.watcom index 18898832..f2b9dace 100644 --- a/Makefile.watcom +++ b/Makefile.watcom @@ -8,7 +8,7 @@ BUILDDIR = ../bin/ CC = cl -CFLAGS = /nologo /Ox /MT /D "NOIPV6" /D "NODEBUG" /D "NOODBC" /D "NORADIUS" /D"WATCOM" /D "MSVC" /D "WITH_STD_MALLOC" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /D "PRINTF_INT64_MODIFIER=\"I64\"" /c $(VERSION) $(BUILDDATE) +CFLAGS = /nologo /Ox /MT /D "NOIPV6" /D "NODEBUG" /D "NOODBC" /D "NORADIUS" /D"WATCOM" /D "MSVC" /D "WITH_STD_MALLOC" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /c $(VERSION) $(BUILDDATE) COUT = /Fo LN = link LDFLAGS = /nologo /subsystem:console /incremental:no @@ -30,14 +30,43 @@ COMPATLIBS = MAKEFILE = Makefile.watcom PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin VERFILE = $(VERFILE) +VERSION = $(VERSION) +VERSIONDEP = 3proxy.res $(VERSIONDEP) +BUILDDATE = $(BUILDDATE) include Makefile.inc -../3proxy.res: - rc /fo../3proxy.res ../3proxy.rc $(VERSION) $(BUILDDATE) - -3proxyres.obj: ../3proxy.res - cvtres /out:3proxyres.obj ../3proxy.res +3proxy.res: + rc 3proxy.rc allplugins: - call ../makeplugins.bat \ No newline at end of file + copy Makefile plugins\utf8tocp1251 + copy Makefile.var plugins\utf8tocp1251 + cd plugins\utf8tocp1251 + nmake + del *.obj *.idb + cd ../../ + copy Makefile plugins\WindowsAuthentication + copy Makefile.var plugins\WindowsAuthentication + cd plugins\WindowsAuthentication + nmake + del *.obj *.idb + cd ../../ + copy Makefile plugins\TrafficPlugin + copy Makefile.var plugins\TrafficPlugin + cd plugins\TrafficPlugin + nmake + del *.obj *.idb + cd ../../ + copy Makefile plugins\StringsPlugin + copy Makefile.var plugins\StringsPlugin + cd plugins\StringsPlugin + nmake + del *.obj *.idb + cd ../../ + copy Makefile plugins\PCREPlugin + copy Makefile.var plugins\PCREPlugin + cd plugins\PCREPlugin + nmake + del *.obj *.idb + cd ../../ diff --git a/README b/README index 0fc98be7..b8526d8c 100644 --- a/README +++ b/README @@ -1,5 +1,11 @@ # 3APA3A 3proxy tiny proxy server -(c) 2002-2019 by Vladimir '3APA3A' Dubrovin <3proxy@3proxy.ru> +(c) 2002-2020 by Vladimir '3APA3A' Dubrovin <3proxy@3proxy.ru> + + +Branches: +Master (stable) branch - 3proxy 0.9 +Devel branch - 3proxy 10 + Download: https://github.com/z3APA3A/3proxy/releases @@ -26,8 +32,22 @@ ln -s Makefile.Linux Makefile make sudo make install - use /etc/3proxy/add3proxyuser.sh script to add users. +Default configuration (for Linux/Unix): +3proxy uses 2 configuration files: +/etc/3proxy/3proxy.cfg (before-chroot). This configuration file is executed before chroot and should not be modified. +/usr/local/3proxy/conf/3proxy.cfg symlinked from /etc/3proxy/conf/3proxy.cfg (after-chroot) is a main configuration file. Modify this file, if required. +All paths in /usr/local/3proxy/conf/3proxy.cfg are relative to chroot directory (/usr/local/3proxy). For future versions it's planned to move +3proxy chroot direcory to /var. +Log files are created in /usr/local/3proxy/logs symlinked from /var/log/3proxy. +By default, socks is started on 0.0.0.0:1080 and proxy on 0.0.0.0:3128 with basic auth, no users are added by default. +use /etc/3proxy/conf/add3proxyuser.sh script to add users. + +usage: /etc/3proxy/conf/add3proxyuser.sh username password [day_limit] [bandwidth] + day_limit - traffic limit in MB per day + bandwidth - bandwith in bits per second 1048576 = 1Mbps + +or modify /etc/3proxy/conf/ files directly. Please read doc/html/index.html and man pages. @@ -58,7 +78,7 @@ Please read doc/html/index.html and man pages. + Threaded application (no child process). + Web administration and statistics + Plugins for functionality extension - + Native 64 bit application + + Native 32/64 bit application 2. Proxy chaining and network connections + Can be used as a bridge between client and different proxy type (e.g. convert incoming HTTP proxy request from client to SOCKSv5 @@ -78,9 +98,8 @@ Please read doc/html/index.html and man pages. + syslog logging (Unix) + ODBC logging + RADIUS accounting - + log file rotation (hourly, daily, weekly, monthly) - + automatic log file comperssion with external archiver (for files) - + automatic removal of older log files + + log file rotation + + automatic log file processing with external archiver (for files) + Character filtering for log files + different log files for different servces are supported 4. Access control @@ -89,12 +108,13 @@ Please read doc/html/index.html and man pages. (POST, PUT, GET, etc), weekday and daytime. + ACL-driven (user/source/destination/protocol/weekday/daytime or combined) bandwith limitation for incoming and (!)outgoing trafic. - + ACL-driven (user/source/destination/protocol/weekday/daytime or - combined) traffic limitation per day, week or month for incoming and + + ACL-driven traffic limitation per day, week or month for incoming and outgoing traffic + + Connection limitation and ratelimting + User authentication by username / password + RADIUS Authentication and Authorization + User authentication by DNS hostname + + Authentication cache with possibility to limit user to single IP address + Access control by username/password for SOCKSv5 and HTTP/HTTPS/FTP + Cleartext or encrypted (crypt/MD5 or NT) passwords. + Connection redirection @@ -183,7 +203,6 @@ mycrypt Program to obtain crypted password fro cleartext. Supports produces NT password mycrypt salt password produces MD5/crypt password with salt "salt". -dighosts Utility for building networks list from web page. Run utility with --help option for command line reference. diff --git a/copying b/copying index fbd81457..318c0fe9 100644 --- a/copying +++ b/copying @@ -1,12 +1,8 @@ -3proxy 0.9 Public License Agreement +3proxy 10 Public License Agreement -(c) 2000-2019 by 3APA3A (3APA3A@3proxy.ru) -(c) 2000-2019 by 3proxy.org (http://3proxy.org/) -(c) 2000-2019 by Vladimir Dubrovin (vlad@3proxy.ru) - -This software uses: - RSA Data Security, Inc. MD4 Message-Digest Algorithm - RSA Data Security, Inc. MD5 Message-Digest Algorithm +(c) 2000-2020 by 3APA3A (3APA3A@3proxy.ru) +(c) 2000-2020 by 3proxy.org (https://3proxy.org/) +(c) 2000-2020 by Vladimir Dubrovin (vlad@3proxy.ru) THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT diff --git a/doc/html/faqe.html b/doc/html/faqe.html index f966b0a6..a4600027 100644 --- a/doc/html/faqe.html +++ b/doc/html/faqe.html @@ -1,165 +1,2 @@ -

Why ... doesn't work?

-

Q: Why does nothing work?

-A: Valid configuration file is required. - -

Q: Why restrictions (redirections, limits, etc) do not work?

-A: Most probable reasons: 'auth none' or no auth is used. For any ACL based feature one of 'iponly', 'nbname' or 'strong' auths required. Sequence of commands may be invalid. Commands are executed one-by-one and 'proxy', 'tcppm', 'socks' or another service commands must follow valid configuration. Invalid sequence of ACLs. First matching ACL is used (except of internal redirections, see below). If ACL contains at least one records last record is assumed to be 'deny *'. - -

Q: Why doesn't 3proxy work as service under Windows?

-Possible reasons: - - -

Q: Why doesn't internal and external commands work as expected

-A: Check your expectations first. -Both internal and external IPs are IPs of the host running 3proxy itself. -This configuration option is usefull in situation 3proxy is running on the -border host with 2 (or more) connections: e.g. LAN and WAN with different IPs -
-     LAN connection +-------------+ Internet connection
-LAN <-------------->| 3proxy host |<-------------------> INTERNET
-                   ^+-------------+^
-	           |               |
-              Internal IP       External IP
-
-If 3proxy is used on the host with single connection, both internal and -external are usually same IP. -
Internal should exist and be UP on the moment 3proxy is started and -should never be disconnected/DOWN. If this interface is periodically -disconnected (e.g. direct link between 2 hosts), do not specify internal -address or use 0.0.0.0 instead. In this case, if you have 2 or more -interfaces you must use firewall (preferably) or 3proxy ACLs to avoid open -proxy situation. -
-External IP (if specified) must exist in the momet 3proxy -serves client request. If external interface is no specified (or 0.0.0.0), -system select external IP. It may be possible to access resources of internal -network, to prevent this use ACLs. In addition, SOCKSv5 will not support BIND -operation, required for incoming connections (this operation is quite rarely -implemented in SOCKSv5 clients and usually is not required). In case of -dynamic address, do not specify external or use external 0.0.0.0 or, if -external address is required, create a script to determine current external -IP and save it to file, and use external "$path_to_file" with "monitor" command -to automatically reload configuration on address change. - -

Q: Why doesn't ODBC loggind work?

-A: Check you use system DSN. -Check SQL request is valid. -The best way to check is to make file or stdout logging, get SQL request from log file or console and execute this request manually. -Under Unix, you may also want to adjust 'stacksize' parameter. - -

Q: Why doesn't IPv6 work?

-A: Proxy can not access destination directly over IPv6 if client requests IPv4 address. -To access IPv6 destination, either IPv6 address or hostname must be used in request. -Best solution is to enable option to resolve hostnames via proxy on client side. -

Q: Why proxy crash on request processing?

-A: default stacksize may be insufficient, if some non-default plugins - are used (e.g. PAM and ODBC on Linux) or if compiled on some platforms with - invalid system defined values (few versionds of FreeBSD on amd64). - Problem can be resolved with 'stacksize' command or '-S' option starting 3proxy 0.8.4. - - -

Q: Why doesn't APOP/CRAM-MD5 authentication work with POP3 proxy?

-A: Any Challenge-response authentication require challenge to be transmitted from server. Pop3p doesn't know which server to use before authentication, it makes it impossible to obtain challenge. You can encrypt your POP3 communications with TLS (i.e. stunnel) or IPSec. - -

Redirection to local proxy

- -

Q: What is it for?

-A: To have control based on request and to have URLs and another protocol specific parameters to be logged. - -

Q: What are restrictions?

-A: It's hard to redirect services for non-default ports; Internet Explorer supports only SOCKSv4 with no password authentication (Internet Explorer sends username, but not password), for SOCKSv5 only cleartext password authentication is supported. - -

Q: What are advantages?

-A: You need only to setup SOCKS proxy in browser settings. You can use socksifier, i.e. FreeCAP or SocksCAP with application which is not proxy aware. - -

Q: How to setup?

-A: You should specify parent proxy with IP of 0.0.0.0 and port 0. Examples: -
-auth iponly
-allow * * * 80,8080-8088
-parent 1000 http 0.0.0.0 0
-allow * * * 80,8080-8088
-#redirect ports 80 and 8080-8088 to local HTTP proxy
-#Second allow is required, because ACLs are checked
-#twice: first time by socks and second by http proxy.
-
-allow * * * 21,2121
-parent 1000 ftp 0.0.0.0 0
-allow * * * 21,2121
-#redirect ports 21 and 2121 to local 
-#ftp proxy
-
-
-allow *
-#allow rest of connections directly
-
-socks
-#now let socks server to start
-
- -

Q: How it affects different ACL rules?

-A: After local redirections rules are applied again to protocol-level request. Redirection rule itself is skipped. It makes it possible to redirect request again on the external proxy depending on request itself. -
-allow * * * 80,8080-8088
-parent 1000 http 0.0.0.0 0
-#redirect http traffic to internal proxy
-
-allow * * $c:\3proxy\local.nets 80,8080-8088
-#allow direct access to local.nets networks
-allow * * * 80,8080-8088
-parent 1000 http proxy.3proxy.org 3128
-#use parent caching proxy for rest of the networks
-
-allow *
-#allow direct connections for rest of socks
-#requests
-
- -

Can I ...?

- -

Q: Is it possible to resolve names through parent proxy?

-A: Yes, use 'proxy', 'connect+', 'socks4+' or 'socks5+' as parent proxy type. -3proxy itself requires name resolutions for ACL checks, so, if it's impossible -to resolve names from 3proxy host, use -
-fakeresolve
-
-command. Fakeresolve resolves any name to 127.0.0.2. - - -

Q: Can I use 3proxy as FTP proxy?

-A: There are two kinds of FTP proxy supported: FTP over HTTP support (known as FTP proxy inside Internet Explorer, Mozilla and another browsers) and real FTP proxy (usable in Far and different FTP clients). Both are supported in 3proxy: first one as a part of HTTP 'proxy' and second one as 'ftppr'. - -

Q: Can I bind any 3proxy service to non-default port?

-A: proxy -p8080 - -

Why so ...?

- -

Q: Why traffic accounting is incomplete? It differs for what my provider (or another accounting application) shows to me?

-A: 3proxy accounts protocol level traffic. Provider counts channel or IP-level traffic with network and transport headers. In additions, 3proxy doesn't counts DNS resolutions, pings, floods, scans, etc. It makes approx. 10% of difference. That's why you should have 15% reserve if you use 3proxy to limit your traffic. If difference with your provider is significantly above 10% you should look for traffic avoiding proxy server, for example connections through NAT, traffic originated from the host with proxy installed, traffic from server applications, etc. - -

Q: Why configuration is so difficult and non-intuitive?

-A: Configuration format is created in a way it's easy to parse and matches to internal 3proxy structures. In addition, there are some older things left for compatibility to be cleaned in 3proxy release. And last, I think it's easy and intuitive. - -

Q: Why the code is so difficult and non-intuitive?

-A: First, I'm not programmer. Second, 3proxy was 'proof of concept' in reply for some conference post. Request was to write proxy server in 100 lines of code. First version of 3proxy had less, with HTTP and SOCKS support and portmappers. Third, there are peoples who want to use 3proxy code in trojans. I don't want to help them. Fourth, the aim is to support different platforms. It's well known - the worse code is, the better it compiles. - -

Q: Why do you use insecure strcpy, sprintf, etc?

-A: Why not? I try to use insecure function in secure manner. You're welcome to look for vulnerabilities. +

See HowTo:

\ No newline at end of file diff --git a/doc/html/faqr.html b/doc/html/faqr.html index f1a2e2fe..e9546af6 100644 --- a/doc/html/faqr.html +++ b/doc/html/faqr.html @@ -1,295 +1,2 @@ - -3APA3A 3proxy tiny proxy server Frequently Asked Questions (FAQ) - -
-
  • Почему не работает...
    • - -
    -
  • Перенаправление socks соединений в локальный прокси
    • - -
    -
  • А есть ли...
    • - -
    -
  • Почему так криво...
    • - + +

    См. HowTo

    \ No newline at end of file diff --git a/doc/html/highload.html b/doc/html/highload.html index a3693cfd..a2dbb906 100644 --- a/doc/html/highload.html +++ b/doc/html/highload.html @@ -5,7 +5,7 @@

    Optimizing 3proxy for high load

    Configuring 'maxconn'

    A number of simulatineous connections per service is limited by 'maxconn' option. -Default maxconn value since 3proxy 0.8 is 500. You may want to set 'maxconn' +Default maxconn value since 3proxy 0.9.3/10 is 250. You may want to set 'maxconn' to higher value. Under this configuration: 
     maxconn 1000
diff --git a/doc/html/howtoe.html b/doc/html/howtoe.html
index 88151299..3263769e 100644
--- a/doc/html/howtoe.html
+++ b/doc/html/howtoe.html
@@ -8,7 +8,6 @@
 		
  • How to compile 3proxy with Intel C Compiler under Windows
 		
  • How to compile 3proxy with GCC under Windows
 		
  • How to compile 3proxy with GCC under Unix/Linux
-		
  • How to compile 3proxy with Compaq C Compiler under Unix/Linux
 	
 	
  • Proxy server installation and removal
 	
      
@@ -18,20 +17,31 @@
 	
    
 	
  • Server configuration
 	
-
    
-		
  • How to compile 3proxy with Compaq C Compiler under Unix/Linux
    • 
-
    
-See How to compile 3proxy with GCC under Unix/Linux, use Makefile.ccc instead of Makefile.unix.
 
    
 	
 
    
@@ -164,6 +168,83 @@
 	
  • Server configuration
 
    
 	
      
+  
    • How to make 3proxy start
+
      Valid configuration file is required.
+
+    
    • How to make limitation (access, bandwidth, traffic, connections) work
+
       Most probable reasons for non-working limitations: 'auth none' or no auth is used. For any ACL based feature one of 'iponly', 'nbname' or 'strong' auths required. Sequence of commands may be invalid. Commands are executed one-by-one and 'proxy', 'tcppm', 'socks' or another service commands must follow valid configuration. Invalid sequence of ACLs. First matching ACL is used (except of internal redirections, see below). If ACL contains at least one records last record is assumed to be 'deny *'.
+
+    
    • How to make 3proxy to run as a service
+
      Possible reasons for 3proxy starts manually but fails to start as a service:
+
        
+
      • there are relative paths in configuration file for included files,
+log files, etc. Always use absolute paths. For example
+$"c:\3proxy\networks.local" instead of  $networks.local. For debugging remove
+'service' and 'daemon', log to stdout an try to execute 3proxy from command
+line from some different directory (for example from disk root).
+
      • SYSTEM account doesn't have access to executable file, configuration files,
+log files, etc.
+
      • configuration files is not located in default path (3proxy.cfg in same
+location with 3proxy.exe). For alternative configuration file location use
+
        +3proxy --install full_path_to_configuration_file
+
        
+
      • user has no rights to install or start service
+
      • service is already installed and/or started
+
+
      
+
+
      How to understant internal and external
+
      
+Both internal and external IPs are IPs of the host running 3proxy itself.
+This configuration option is usefull in situation 3proxy is running on the
+border host with 2 (or more) connections: e.g. LAN and WAN with different IPs
+
      +     LAN connection +-------------+ Internet connection
+LAN <-------------->| 3proxy host |<-------------------> INTERNET
+                   ^+-------------+^
+	           |               |
+              Internal IP       External IP
+
      
+If 3proxy is used on the host with single connection, both internal and
+external are usually same IP.
+
      Internal should exist and be UP on the moment 3proxy is started and
+should never be disconnected/DOWN. If this interface is periodically
+disconnected (e.g. direct link between 2 hosts), do not specify internal
+address or use 0.0.0.0 instead. In this case, if you have 2 or more
+interfaces you must use firewall (preferably) or 3proxy ACLs to avoid open
+proxy situation. 
+
      
+External IP (if specified) must exist in the momet 3proxy
+serves client request. If external interface is no specified (or 0.0.0.0),
+system select external IP. It may be possible to access resources of internal
+network, to prevent this use ACLs. In addition, SOCKSv5 will not support BIND
+operation, required for incoming connections (this operation is quite rarely
+implemented in SOCKSv5 clients and usually is not required). In case of
+dynamic address, do not specify external or use external 0.0.0.0 or, if
+external address is required, create a script to determine current external
+IP and save it to file, and use external "$path_to_file" with "monitor" command
+to automatically reload configuration on address change.
+
+    
    • How to make ODBC logging work?
+
      
+Check you use system DSN. 
+Check SQL request is valid. 
+The best way to check is to make file or stdout logging, get SQL request from log file or console and execute this request manually.
+Under Unix, you may also want to adjust 'stacksize' parameter.
+
+    
    • How to make IPv6 work
+
       Proxy can not access destination directly over IPv6 if client requests IPv4 address.
+To access IPv6 destination, either IPv6 address or hostname  must be used in request.
+Best solution is to enable option to resolve hostnames via proxy on client side.
+
+    
    • How to fix 3proxy crashes
+
       default stacksize may be insufficient, if some non-default plugins
+  are used (e.g. PAM and ODBC on Linux) or if compiled on some platforms with
+  invalid system defined values (few versionds of FreeBSD on amd64).
+  Problem can be resolved with 'stacksize' command or '-S' option starting 3proxy 0.8.4.
+
+
 		
    • Where to find configuration example
 
      
 Server configuration example 3proxy.cfg.sample is in any 3proxy distribution.
@@ -382,6 +463,22 @@
 proxy -p8080 -i192.168.2.1

    • +
  • How to resolve names through a parent proxy
    • +

    + A: Use one of http, connect+, socks4+ or socks5+ as a parent type. 3proxy + itself still performs a name resolution, it's required e.g. to ACLs matching. + So, if no name resolution must be performed by 3proxy itself add a command + 

    +  fakeresolve
    + this command resolves any name to 127.0.0.2 address. +

    +
  • How to setup FTP proxy
    • +

    + There is FTP over HTTP (what is called FTP proxy in browsers) and FTP over FTP ப + (what is called FTP proxy in file managers and FTP clients). For browsers, there is no need to start additional + proxy service, 'proxy' supports FTP over HTTP, configure 'proxy' port as an FTP proxy. For ftp clients and file + managers use ftppr. FTP proxy supports both active and passive mode with client, but always use passive mode with FTP servers. +

  • How to limit service access

    First, always specify internal interface to accept incoming connection with @@ -518,7 +615,7 @@ 'flush' command is used to finish with existing ACL and to start new one. It's required to have different ACLs for different services. 'allow' is used to allow connection and 'deny' to deny connection. 'allow' -command can be extended by 'parent' command to manage redirections (see How to manage redirections)). If ACL +command can be extended by 'parent' command to manage redirections (see How to manage redirections)). If ACL is empty it allow everything. If ACL is not empty, first matching ACL entry is searched for user request and ACL action (allow or deny) performed. If no matching record found, connection is denied and user will be asked to @@ -607,6 +704,60 @@ you want to see and control via ACLs protocol specific parameters, e.g. filenames requests thorugh FTP while clients are using SOCKS.

    +
  • ࠢ 묨 ७ࠢﬨ +

    +

    Q: What is it for?

    +A: To have control based on request and to have URLs and another protocol specific parameters to be logged. + +

    Q: What are restrictions?

    +A: It's hard to redirect services for non-default ports; Internet Explorer supports only SOCKSv4 with no password authentication (Internet Explorer sends username, but not password), for SOCKSv5 only cleartext password authentication is supported. + +

    Q: What are advantages?

    +A: You need only to setup SOCKS proxy in browser settings. You can use socksifier, i.e. FreeCAP or SocksCAP with application which is not proxy aware. + +

    Q: How to setup?

    +A: You should specify parent proxy with IP of 0.0.0.0 and port 0. Examples: +
    +auth iponly
+allow * * * 80,8080-8088
+parent 1000 http 0.0.0.0 0
+allow * * * 80,8080-8088
+#redirect ports 80 and 8080-8088 to local HTTP proxy
+#Second allow is required, because ACLs are checked
+#twice: first time by socks and second by http proxy.
+
+allow * * * 21,2121
+parent 1000 ftp 0.0.0.0 0
+allow * * * 21,2121
+#redirect ports 21 and 2121 to local 
+#ftp proxy
+
+
+allow *
+#allow rest of connections directly
+
+socks
+#now let socks server to start
+
    + +

    Q: How it affects different ACL rules

    +A: After local redirections rules are applied again to protocol-level request. Redirection rule itself is skipped. It makes it possible to redirect request again on the external proxy depending on request itself. +
    +allow * * * 80,8080-8088
+parent 1000 http 0.0.0.0 0
+#redirect http traffic to internal proxy
+
+allow * * $c:\3proxy\local.nets 80,8080-8088
+#allow direct access to local.nets networks
+allow * * * 80,8080-8088
+parent 1000 http proxy.3proxy.org 3128
+#use parent caching proxy for rest of the networks
+
+allow *
+#allow direct connections for rest of socks
+#requests
+
    +
  • How to balance traffic between few external channgels?

    Proxy itself doesn't manage network level routing. The only way to control @@ -722,30 +873,9 @@ command controls how often text reports are created. amount is amount of allowed traffic in Megabytes (MB). nocountin allows you to set exclusions.

    -
  • How to build network lists -

    Networks or users lists are often very huge. 3proxy doesn't currently -supports user groups, but ones can be created by the means of include files. -You can store comma-delimited lists of networks or users in the separate -file and use $ macro to insert this list into 3proxy.cfg. -3proxy comes with 'dighosts' -utility. This utility helps to grab the list of the network from HTTP page. -It may be usefull to e.g. obtain a regullary updated list of local networks -from ISP's server. A network list can be either in form of NETWORK MASK, -e.g. 192.168.1.0 255.255.255.0 or NETWORK/LENGTH, e.g. 192.168.1.0/24. You can -launch dighosts from 3proxy.cfg to be executed on every 3proxy startup or -configuration reload: -

    -system "dighosts http://provider/network.html local.networks"
-allow * * $local.networks
-allow *
-parent 1000 proxy.provider 3128 *
-proxy
-flush
-
    -In this example we obtain list of local networks from provider's page to -local.networks file, allow direct access to these networks and redirect all -connection to external networks to provider's proxy. -

    +
  • How to fix incorrect traffic accounting + +

    3proxy accounts protocol level traffic. Provider counts channel or IP-level traffic with network and transport headers. In additions, 3proxy doesn't counts DNS resolutions, pings, floods, scans, etc. It makes approx. 10% of difference. That's why you should have 15% reserve if you use 3proxy to limit your traffic. If difference with your provider is significantly above 10% you should look for traffic avoiding proxy server, for example connections through NAT, traffic originated from the host with proxy installed, traffic from server applications, etc.

  • How to configure name resolution and DNS caching

    For name resolution and caching use commands nserver, nscache / nscache6 and nsrecord. @@ -874,7 +1004,7 @@

  • 90 - unexpected system error (should not happen)
  • 91 - unexpected poll error (should not happen)
  • 92 - connection terminated by timeout (see timeouts) -
  • 93 - connection terminated by ratelimit-related timeout +
  • 93 - connection terminated by ratelimit-related timeout or due to errors limit
  • 94 - connection termination by server or client with unsent data
  • 95 - dirty connection termination by client (or networking issue)
  • 96 - dirty connection termination by server (or networking issue) diff --git a/doc/html/howtor.html b/doc/html/howtor.html index 6a37fcf2..708f3bd5 100644 --- a/doc/html/howtor.html +++ b/doc/html/howtor.html @@ -18,25 +18,34 @@
  • Конфигурация сервера
  • Конфигурация и настройка клиентов