push.rocks/smartproxy
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

..

No commits in common. "c0002fee38feb36dd4d1454a82f766eb46dfef38" and "03b9227d78ffee0ea62da4e54ab7fc75c5ac460f" have entirely different histories.
c0002fee38 ... 03b9227d78

4 changed files with 70 additions and 73 deletions

7
changelog.md

@ -1,12 +1,5 @@
# Changelog
## 2025-03-25 - 6.0.1 - fix(readme)
Update README documentation: replace all outdated 'PortProxy' references with 'SmartProxy', adjust architecture diagrams, code examples, and configuration details (including correcting IPTables to NfTables) to reflect the new naming.
- Renamed 'PortProxy' to 'SmartProxy' in diagrams, flow sequences, and descriptive text
- Updated code examples and installation instructions accordingly
- Corrected references from IPTables to NfTables for modern system support
## 2025-03-18 - 5.1.0 - feat(docs)
docs: replace IPTablesProxy references with NfTablesProxy in README and examples, updating configuration options and diagrams for advanced nftables features

2
package.json

@ -1,6 +1,6 @@
{
"name": "@push.rocks/smartproxy",
"version": "6.0.1",
"version": "6.0.0",
"private": false,
"description": "A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, dynamic routing with authentication options, and automatic ACME certificate management.",
"main": "dist_ts/index.js",

132
readme.md

@ -15,7 +15,7 @@ flowchart TB
direction TB
HTTP80[HTTP Port 80\nSslRedirect]
HTTPS443[HTTPS Port 443\nNetworkProxy]
SmartProxy[SmartProxy\nwith SNI routing]
PortProxy[TCP Port Proxy\nwith SNI routing]
NfTables[NfTablesProxy]
Router[ProxyRouter]
ACME[Port80Handler\nACME/Let's Encrypt]
@ -31,16 +31,16 @@ flowchart TB
Client -->|HTTP Request| HTTP80
HTTP80 -->|Redirect| Client
Client -->|HTTPS Request| HTTPS443
Client -->|TLS/TCP| SmartProxy
Client -->|TLS/TCP| PortProxy
HTTPS443 -->|Route Request| Router
Router -->|Proxy Request| Service1
Router -->|Proxy Request| Service2
SmartProxy -->|Direct TCP| Service2
SmartProxy -->|Direct TCP| Service3
PortProxy -->|Direct TCP| Service2
PortProxy -->|Direct TCP| Service3
NfTables -.->|Low-level forwarding| SmartProxy
NfTables -.->|Low-level forwarding| PortProxy
HTTP80 -.->|Challenge Response| ACME
ACME -.->|Generate/Manage| Certs
@ -51,7 +51,7 @@ flowchart TB
classDef client fill:#dfd,stroke:#333,stroke-width:2px;
class Client client;
class HTTP80,HTTPS443,SmartProxy,NfTables,Router,ACME component;
class HTTP80,HTTPS443,PortProxy,IPTables,Router,ACME component;
class Service1,Service2,Service3 backend;
```
@ -98,49 +98,49 @@ sequenceDiagram
end
```
### SNI-based Connection Handling
### Port Proxy with SNI-based Routing
This diagram illustrates how TCP connections with SNI (Server Name Indication) are processed and forwarded:
```mermaid
sequenceDiagram
participant Client
participant SmartProxy
participant PortProxy
participant Backend
Client->>SmartProxy: TLS Connection
Client->>PortProxy: TLS Connection
alt SNI Enabled
SmartProxy->>Client: Accept Connection
Client->>SmartProxy: TLS ClientHello with SNI
SmartProxy->>SmartProxy: Extract SNI Hostname
SmartProxy->>SmartProxy: Match Domain Config
SmartProxy->>SmartProxy: Validate Client IP
PortProxy->>Client: Accept Connection
Client->>PortProxy: TLS ClientHello with SNI
PortProxy->>PortProxy: Extract SNI Hostname
PortProxy->>PortProxy: Match Domain Config
PortProxy->>PortProxy: Validate Client IP
alt IP Allowed
SmartProxy->>Backend: Forward Connection
Note over SmartProxy,Backend: Bidirectional Data Flow
PortProxy->>Backend: Forward Connection
Note over PortProxy,Backend: Bidirectional Data Flow
else IP Rejected
SmartProxy->>Client: Close Connection
PortProxy->>Client: Close Connection
end
else Port-based Routing
SmartProxy->>SmartProxy: Match Port Range
SmartProxy->>SmartProxy: Find Domain Config
SmartProxy->>SmartProxy: Validate Client IP
PortProxy->>PortProxy: Match Port Range
PortProxy->>PortProxy: Find Domain Config
PortProxy->>PortProxy: Validate Client IP
alt IP Allowed
SmartProxy->>Backend: Forward Connection
Note over SmartProxy,Backend: Bidirectional Data Flow
PortProxy->>Backend: Forward Connection
Note over PortProxy,Backend: Bidirectional Data Flow
else IP Rejected
SmartProxy->>Client: Close Connection
PortProxy->>Client: Close Connection
end
end
loop Connection Active
SmartProxy-->>SmartProxy: Monitor Activity
SmartProxy-->>SmartProxy: Check Max Lifetime
PortProxy-->>PortProxy: Monitor Activity
PortProxy-->>PortProxy: Check Max Lifetime
alt Inactivity or Max Lifetime Exceeded
SmartProxy->>Client: Close Connection
SmartProxy->>Backend: Close Connection
PortProxy->>Client: Close Connection
PortProxy->>Backend: Close Connection
end
end
```
@ -192,7 +192,7 @@ sequenceDiagram
- **HTTPS Reverse Proxy** - Route traffic to backend services based on hostname with TLS termination
- **WebSocket Support** - Full WebSocket proxying with heartbeat monitoring
- **TCP Connection Handling** - Advanced connection handling with SNI inspection and domain-based routing
- **TCP Port Forwarding** - Advanced port forwarding with SNI inspection and domain-based routing
- **Enhanced TLS Handling** - Robust TLS handshake processing with improved certificate error handling
- **HTTP to HTTPS Redirection** - Automatically redirect HTTP requests to HTTPS
- **Let's Encrypt Integration** - Automatic certificate management using ACME protocol
@ -224,16 +224,15 @@ const proxy = new NetworkProxy({
const proxyConfigs = [
{
hostName: 'example.com',
destinationIps: ['127.0.0.1'],
destinationPorts: [3000],
destinationIp: '127.0.0.1',
destinationPort: 3000,
publicKey: 'your-cert-content',
privateKey: 'your-key-content',
rewriteHostHeader: true
privateKey: 'your-key-content'
},
{
hostName: 'api.example.com',
destinationIps: ['127.0.0.1'],
destinationPorts: [4000],
destinationIp: '127.0.0.1',
destinationPort: 4000,
publicKey: 'your-cert-content',
privateKey: 'your-key-content',
// Optional basic auth
@ -267,13 +266,13 @@ const redirector = new SslRedirect(80);
redirector.start();
```
### TCP Connection Handling with Domain-based Routing
### TCP Port Forwarding with Domain-based Routing
```typescript
import { SmartProxy } from '@push.rocks/smartproxy';
import { PortProxy } from '@push.rocks/smartproxy';
// Configure SmartProxy with domain-based routing
const smartProxy = new SmartProxy({
// Configure port proxy with domain-based routing
const portProxy = new PortProxy({
fromPort: 443,
toPort: 8443,
targetIP: 'localhost', // Default target host
@ -313,7 +312,7 @@ const smartProxy = new SmartProxy({
preserveSourceIP: true
});
smartProxy.start();
portProxy.start();
```
### NfTables Port Forwarding
@ -377,13 +376,7 @@ await basicProxy.start();
import { Port80Handler } from '@push.rocks/smartproxy';
// Create an ACME handler for Let's Encrypt
const acmeHandler = new Port80Handler({
port: 80,
contactEmail: 'admin@example.com',
useProduction: true, // Use Let's Encrypt production servers (default is staging)
renewThresholdDays: 30, // Renew certificates 30 days before expiry
httpsRedirectPort: 443 // Redirect HTTP to HTTPS on this port
});
const acmeHandler = new Port80Handler();
// Add domains to manage certificates for
acmeHandler.addDomain({
@ -414,14 +407,8 @@ acmeHandler.addDomain({
| Option | Description | Default |
|----------------|---------------------------------------------------|---------|
| `port` | Port to listen on for HTTPS connections | - |
| `maxConnections` | Maximum concurrent connections | 10000 |
| `keepAliveTimeout` | Keep-alive timeout in milliseconds | 60000 |
| `headersTimeout` | Headers timeout in milliseconds | 60000 |
| `logLevel` | Logging level ('error', 'warn', 'info', 'debug') | 'info' |
| `cors` | CORS configuration object | - |
| `rewriteHostHeader` | Whether to rewrite the Host header | false |
### SmartProxy Settings
### PortProxy Settings
| Option | Description | Default |
|---------------------------|--------------------------------------------------------|-------------|
@ -473,11 +460,28 @@ acmeHandler.addDomain({
| `qos` | Quality of Service options (object) | - |
| `netProxyIntegration` | NetworkProxy integration options (object) | - |
#### NfTablesProxy QoS Options
| Option | Description | Default |
|----------------------|---------------------------------------------------|---------|
| `enabled` | Enable Quality of Service features | false |
| `maxRate` | Maximum bandwidth rate (e.g. "10mbps") | - |
| `priority` | Traffic priority (1-10, 1 is highest) | - |
| `markConnections` | Mark connections for easier management | false |
#### NfTablesProxy NetworkProxy Integration Options
| Option | Description | Default |
|----------------------|---------------------------------------------------|---------|
| `enabled` | Enable NetworkProxy integration | false |
| `redirectLocalhost` | Redirect localhost traffic to NetworkProxy | false |
| `sslTerminationPort` | Port where NetworkProxy handles SSL termination | - |
## Advanced Features
### TLS Handshake Optimization
The enhanced `SmartProxy` implementation includes significant improvements for TLS handshake handling:
The enhanced `PortProxy` implementation includes significant improvements for TLS handshake handling:
- Robust SNI extraction with improved error handling
- Increased buffer size for complex TLS handshakes (10MB)
@ -488,7 +492,7 @@ The enhanced `SmartProxy` implementation includes significant improvements for T
```typescript
// Example configuration to solve Chrome certificate errors
const portProxy = new SmartProxy({
const portProxy = new PortProxy({
// ... other settings
initialDataTimeout: 60000, // Give browser more time for handshake
maxPendingDataSize: 10 * 1024 * 1024, // Larger buffer for complex handshakes
@ -498,7 +502,7 @@ const portProxy = new SmartProxy({
### Connection Management and Monitoring
The `SmartProxy` class includes built-in connection tracking and monitoring:
The `PortProxy` class includes built-in connection tracking and monitoring:
- Automatic cleanup of idle connections with configurable timeouts
- Timeouts for connections that exceed maximum lifetime
@ -517,7 +521,7 @@ The `NetworkProxy` class provides WebSocket support with:
### SNI-based Routing
The `SmartProxy` class can inspect the SNI (Server Name Indication) field in TLS handshakes to route connections based on the requested domain:
The `PortProxy` class can inspect the SNI (Server Name Indication) field in TLS handshakes to route connections based on the requested domain:
- Multiple backend targets per domain
- Round-robin load balancing
@ -526,7 +530,7 @@ The `SmartProxy` class can inspect the SNI (Server Name Indication) field in TLS
### Enhanced NfTables Management
The `NfTablesProxy` class offers advanced capabilities:
The `NfTablesProxy` class offers advanced capabilities compared to the previous IPTablesProxy:
- Support for multiple port ranges and individual ports
- More efficient IP filtering using nftables sets
@ -540,7 +544,7 @@ The `NfTablesProxy` class offers advanced capabilities:
### Port80Handler with Glob Pattern Support
The `Port80Handler` class includes support for glob pattern domain matching:
The `Port80Handler` class now includes support for glob pattern domain matching:
- Supports wildcard domains like `*.example.com` for HTTP request routing
- Detects glob patterns and skips certificate issuance for them
@ -562,7 +566,7 @@ If you experience certificate errors in browsers, especially in Chrome, try thes
```typescript
// Configuration to fix Chrome certificate errors
const smartProxy = new SmartProxy({
const portProxy = new PortProxy({
// ... other settings
initialDataTimeout: 60000,
maxPendingDataSize: 10 * 1024 * 1024,
@ -581,14 +585,14 @@ For improved connection stability in high-traffic environments:
4. **Monitor Connection Statistics**: Enable detailed logging to track termination reasons
5. **Fine-tune Inactivity Checks**: Adjust `inactivityCheckInterval` based on your traffic patterns
### NfTables Troubleshooting
### IPTables Troubleshooting
If you're experiencing issues with NfTablesProxy:
If you're experiencing issues with IPTablesProxy:
1. **Enable Detailed Logging**: Set `enableLogging: true` to see all rule operations
2. **Force Clean Slate**: Use `forceCleanSlate: true` to remove any lingering rules
3. **Use IP Sets**: Enable `useIPSets: true` for cleaner rule management
4. **Check Permissions**: Ensure your process has sufficient permissions to modify nftables
3. **Use Custom Chains**: Enable `addJumpRule: true` for cleaner rule management
4. **Check Permissions**: Ensure your process has sufficient permissions to modify iptables
5. **Verify IPv6 Support**: If using `ipv6Support: true`, ensure ip6tables is available
## License and Legal Information

2
ts/00_commitinfo_data.ts

@ -3,6 +3,6 @@
*/
export const commitinfo = {
name: '@push.rocks/smartproxy',
version: '6.0.1',
version: '5.1.0',
description: 'A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, dynamic routing with authentication options, and automatic ACME certificate management.'
}