克隆/下载
贡献代码
同步代码
取消
提示: 由于 Git 不支持空文件夾,创建文件夹后会生成空的 .keep 文件
Loading...
README
GPL-3.0

nps

Gitter Build Status

nps是一款轻量级、高性能、功能强大的内网穿透代理服务器。目前支持tcp、udp流量转发,可支持任何tcp、udp上层协议(访问内网网站、本地支付接口调试、ssh访问、远程桌面,内网dns解析等等……),此外还支持内网http代理、内网socks5代理p2p等,并带有功能强大的web管理端。

背景

image

  1. 做微信公众号开发、小程序开发等----> 域名代理模式

  2. 想在外网通过ssh连接内网的机器,做云服务器到内网服务器端口的映射,----> tcp代理模式

  3. 在非内网环境下使用内网dns,或者需要通过udp访问内网机器等----> udp代理模式

  4. 在外网使用HTTP代理访问内网站点----> http代理模式

  5. 搭建一个内网穿透ss,在外网如同使用内网vpn一样访问内网资源或者设备----> socks5代理模式

目录

安装

release安装

releases

下载对应的系统版本即可,服务端和客户端是单独的

源码安装

  • 安装源码

go get -u github.com/cnlh/nps...

  • 编译

go build cmd/nps/nps.go

go build cmd/npc/npc.go

docker安装

server client

使用示例

统一准备工作(必做)

  • 开启服务端,假设公网服务器ip为1.1.1.1,配置文件中bridge_port为8284,配置文件中web_port为8080
  • 访问1.1.1.1:8080
  • 在客户端管理中创建一个客户端,记录下验证密钥
  • 内网客户端运行(windows使用cmd运行加.exe)
./npc -server=1.1.1.1:8284 -vkey=客户端的密钥

注意:运行服务端后,请确保能从客户端设备上正常访问配置文件中所配置的bridge_port端口,telnet,netcat这类的来检查

域名解析

适用范围: 小程序开发、微信公众号开发、产品演示

假设场景:

  • 有一个域名proxy.com,有一台公网机器ip为1.1.1.1
  • 两个内网开发站点127.0.0.1:81,127.0.0.1:82
  • 想通过(http|https://)a.proxy.com访问127.0.0.1:81,通过(http|https://)b.proxy.com访问127.0.0.1:82

使用步骤

  • 将*.proxy.com解析到公网服务器1.1.1.1
  • 点击刚才创建的客户端的域名管理,添加两条规则规则:1、域名:a.proxy.com,内网目标:127.0.0.1:81,2、域名:b.proxy.com,内网目标:127.0.0.1:82

现在访问(http|https://)a.proxy.comb.proxy.com即可成功

https: 如需使用https请进行相关配置,详见 使用https

tcp隧道

适用范围: ssh、远程桌面等tcp连接场景

假设场景: 想通过访问公网服务器1.1.1.1的8001端口,连接内网机器10.1.50.101的22端口,实现ssh连接

使用步骤

  • 在刚才创建的客户端隧道管理中添加一条tcp隧道,填写监听的端口(8001)、内网目标ip和目标端口(10.1.50.101:22),保存。
  • 访问公网服务器ip(1.1.1.1),填写的监听端口(8001),相当于访问内网ip(10.1.50.101):目标端口(22),例如:ssh -p 8001 root@1.1.1.1

udp隧道

适用范围: 内网dns解析等udp连接场景

假设场景: 内网有一台dns(10.1.50.102:53),在非内网环境下想使用该dns,公网服务器为1.1.1.1

使用步骤

  • 在刚才创建的客户端的隧道管理中添加一条udp隧道,填写监听的端口(53)、内网目标ip和目标端口(10.1.50.102:53),保存。
  • 修改需要使用的dns地址为1.1.1.1,则相当于使用10.1.50.102作为dns服务器

socks5代理

适用范围: 在外网环境下如同使用vpn一样访问内网设备或者资源

假设场景: 想将公网服务器1.1.1.1的8003端口作为socks5代理,达到访问内网任意设备或者资源的效果

使用步骤

  • 在刚才创建的客户端隧道管理中添加一条socks5代理,填写监听的端口(8003),保存。
  • 在外网环境的本机配置socks5代理(例如使用proxifier进行全局代理),ip为公网服务器ip(1.1.1.1),端口为填写的监听端口(8003),即可畅享内网了

注意 经过socks5代理,当收到socks5数据包时socket已经是accept状态。表现是扫描端口全open,建立连接后短时间关闭。若想同内网表现一致,建议远程连接一台设备。

http正向代理

适用范围: 在外网环境下使用http正向代理访问内网站点

假设场景: 想将公网服务器1.1.1.1的8004端口作为http代理,访问内网网站

使用步骤

  • 在刚才创建的客户端隧道管理中添加一条http代理,填写监听的端口(8004),保存。
  • 在外网环境的本机配置http代理,ip为公网服务器ip(1.1.1.1),端口为填写的监听端口(8004),即可访问了

私密代理

适用范围: 无需占用多余的端口、安全性要求较高可以防止其他人连接的tcp服务,例如ssh。

假设场景: 无需新增多的端口实现访问内网服务器10.1.50.2的22端口

使用步骤

  • 在刚才创建的客户端中添加一条私密代理,并设置唯一密钥secrettest和内网目标10.1.50.2:22
  • 在需要连接ssh的机器上以执行命令
./npc -server=1.1.1.1:8284 -vkey=vkey -type=tcp -password=secrettest -local_type=secret

如需指定本地端口可加参数-local_port=xx,默认为2000

注意: password为web管理上添加的唯一密钥,具体命令可查看web管理上的命令提示

假设10.1.50.2用户名为root,现在执行ssh -p 2000 root@1.1.1.1即可访问ssh

p2p服务

适用范围: 大流量传输场景,流量不经过公网服务器,但是由于p2p穿透和nat类型关系较大,不保证100%成功,支持大部分nat类型。nat类型检测

假设场景:

想通过访问使用端机器(访问端,也就是本机)的2000端口---->访问到内网机器 10.2.50.2的22端口

使用步骤

  • nps.conf中设置p2p_ip(nps服务器ip)和p2p_port(nps服务器udp端口)
  • 在刚才刚才创建的客户端中添加一条p2p代理,并设置唯一密钥p2pssh
  • 在使用端机器(本机)执行命令
./npc -server=1.1.1.1:8284 -vkey=123 -password=p2pssh -target=10.2.50.2:22

如需指定本地端口可加参数-local_port=xx,默认为2000

注意: password为web管理上添加的唯一密钥,具体命令可查看web管理上的命令提示

假设内网机器为10.2.50.2的ssh用户名为root,现在在本机上执行ssh -p 2000 root@127.0.0.1即可访问机器2的ssh,如果是网站在浏览器访问127.0.0.1:2000端口即可。

web管理

image

介绍

可在网页上配置和管理各个tcp、udp隧道、内网站点代理,http、https解析等,功能强大,操作方便。

提示:使用web模式时,服务端执行文件必须在项目根目录,否则无法正确加载配置文件

启动

服务端测试

 ./nps test

如有错误请及时修改配置文件,无错误可继续进行下去

服务端启动

 ./nps start

如果无需daemon运行或者打开后无法正常访问web管理,去掉start查看日志运行即可

web管理

进入web界面,公网ip:web界面端口(默认8080),密码默认为123

进入web管理界面,有详细的说明

服务端配置文件重载

如果是daemon启动

 ./nps reload

说明: 仅支持部分配置重载,例如allow_user_login auth_crypt_key auth_key web_username web_password 等,未来将支持更多

服务端停止或重启

如果是daemon启动

 ./nps stop|restart

服务端配置文件

  • /conf/nps.conf
名称 含义
web_port web管理端口
web_password web界面管理密码
web_username web界面管理账号
web_base_url web管理主路径,用于将web管理置于代理子路径后面
bridge_port 服务端客户端通信端口
https_proxy_port 域名代理https代理监听端口
http_proxy_port 域名代理http代理监听端口
auth_key web api密钥
bridge_type 客户端与服务端连接方式kcp或tcp
public_vkey 客户端以配置文件模式启动时的密钥,设置为空表示关闭客户端配置文件连接模式
ip_limit 是否限制ip访问,true或false或忽略
flow_store_interval 服务端流量数据持久化间隔,单位分钟,忽略表示不持久化
log_level 日志输出级别
auth_crypt_key 获取服务端authKey时的aes加密密钥,16位
p2p_ip 服务端Ip,使用p2p模式必填
p2p_port p2p模式开启的udp端口

使用https

方式一: 类似于nginx实现https的处理

在配置文件中将https_proxy_port设置为443或者其他你想配置的端口,和在web中对应域名编辑中设置对应的证书路径,将https_just_proxy设置为false,然后就和http代理一样了

此外: 可以在nps.conf中设置一个默认的https配置,当遇到未在web中设置https证书的域名解析时,将自动使用默认证书,另还有一种情况就是对于某些请求的clienthello不携带sni扩展信息,nps也将自动使用默认证书

方式二: 在内网对应服务器上设置https

nps.conf中将https_just_proxy设置为true,并且打开https_proxy_port端口,然后nps将直接转发https请求到内网服务器上,由内网服务器进行https处理

与nginx配合

有时候我们还需要在云服务器上运行nginx来保证静态文件缓存等,本代理可和nginx配合使用,在配置文件中将httpProxyPort设置为非80端口,并在nginx中配置代理,例如httpProxyPort为8024时

server {
    listen 80;
    server_name *.proxy.com;
    location / {
        proxy_set_header Host  $http_host;
        proxy_pass http://127.0.0.1:8024;
    }
}

如需使用https也可在nginx监听443端口并配置ssl,并将本代理的httpsProxyPort设置为空关闭https即可,例如httpProxyPort为8024时

server {
    listen 443;
    server_name *.proxy.com;
    ssl on;
    ssl_certificate  certificate.crt;
    ssl_certificate_key private.key;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    location / {
        proxy_set_header Host  $http_host;
        proxy_pass http://127.0.0.1:8024;
    }
}

web使用Caddy代理

如果将web配置到Caddy代理,实现子路径访问nps,可以这样配置.

假设我们想通过 http://caddy_ip:caddy_port/nps 来访问后台, Caddyfile 这样配置:

caddy_ip:caddy_port/nps {
  #server_ip 为 nps 服务器IP
  #web_port 为 nps 后台端口
  proxy / http://server_ip:web_port/nps {
	transparent
  }
}

nps.conf 修改 web_base_url/nps 即可

web_base_url=/nps

关闭代理

如需关闭http代理可在配置文件中将http_proxy_port设置为空,如需关闭https代理可在配置文件中将https_proxy_port设置为空。

将nps安装到系统

如果需要长期并且方便的运行nps服务端,可将nps安装到操作系统中,可执行命令

(./nps|nps.exe) install

安装成功后,对于linux,darwin,将会把配置文件和静态文件放置于/etc/nps/,并将可执行文件nps复制到/usr/bin/nps或者/usr/local/bin/nps,安装成功后可在任何位置执行,同时也会添加systemd配置。

sudo systemctl enable|disable|start|stop|restart|status nps

systemd,带有开机自启,自动重启配置,当进程结束后15秒会启动,日志输出至/var/log/nps/nps.log。 建议采用此方式启动,能够捕获panic信息,便于排查问题。

nps test|start|stop|restart|status

对于windows系统,将会把配置文件和静态文件放置于C:\Program Files\nps,安装成功后可将可执行文件nps.exe复制到任何位置执行

nps.exe test|start|stop|restart|status

流量数据持久化

服务端支持将流量数据持久化,默认情况下是关闭的,如果有需求可以设置nps.conf中的flow_store_interval参数,单位为分钟

注意: nps不会持久化通过公钥连接的客户端

系统信息显示

nps服务端支持在web上显示和统计服务器的相关信息,但默认一些统计图表是关闭的,如需开启请在nps.conf中设置system_info_display=true

自定义客户端连接密钥

web上可以自定义客户端连接的密钥,但是必须具有唯一性

关闭公钥访问

可以将nps.conf中的public_vkey设置为空或者删除

关闭web管理

可以将nps.conf中的web_port设置为空或者删除

服务端多用户登陆

如果将nps.conf中的allow_user_login设置为true,服务端web将支持多用户登陆,登陆用户名为user,默认密码为每个客户端的验证密钥,登陆后可以进入客户端编辑修改web登陆的用户名和密码,默认该功能是关闭的。

用户注册功能

nps服务端支持用户注册功能,可将nps.conf中的allow_user_register设置为true,开启后登陆页将会有有注册功能,

监听指定ip

nps支持每个隧道监听不同的服务端端口,在nps.conf中设置allow_multi_ip=true后,可在web中控制,或者npc配置文件中(可忽略,默认为0.0.0.0)

server_ip=xxx

代理到服务端本地

在使用nps监听80或者443端口时,默认是将所有的请求都会转发到内网上,但有时候我们的nps服务器的上一些服务也需要使用这两个端口,nps提供类似于nginx proxy_pass 的功能,支持将代理到服务器本地,该功能支持域名解析,tcp、udp隧道,默认关闭。

即: 假设在nps的vps服务器上有一个服务使用5000端口,这时候nps占用了80端口和443,我们想能使用一个域名通过http(s)访问到5000的服务。

使用方式:nps.conf中设置allow_local_proxy=true,然后在web上设置想转发的隧道或者域名然后选择转发到本地选项即可成功。

客户端

客户端启动

无配置文件模式

此模式的各种配置在服务端web管理中完成,客户端除运行一条命令外无需任何其他设置

 ./npc -server=ip:port -vkey=web界面中显示的密钥

配置文件模式

此模式使用nps的公钥或者客户端私钥验证,各种配置在客户端完成,同时服务端web也可以进行管理

 ./npc -config=npc配置文件路径

可自行添加systemd service,例如:npc.service

[Unit]
Description=npc - convenient proxy server client
Documentation=https://github.com/cnlh/nps/
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target

[Service]
Type=simple
KillMode=process
Restart=always
RestartSec=15s
StandardOutput=append:/var/log/nps/npc.log
ExecStartPre=/bin/echo 'Starting npc'
ExecStopPost=/bin/echo 'Stopping npc'
ExecStart=/absolutely path to/npc -server=ip:port -vkey=web界面中显示的密钥

[Install]
WantedBy=multi-user.target

配置文件说明

示例配置文件

全局配置
[common]
server_addr=1.1.1.1:8284
conn_type=tcp
vkey=123
username=111
password=222
compress=true
crypt=true
rate_limit=10000
flow_limit=100
remark=test
max_conn=10
含义
server_addr 服务端ip:port
conn_type 与服务端通信模式(tcp或kcp)
vkey 服务端配置文件中的密钥(非web)
username socks5或http(s)密码保护用户名(可忽略)
password socks5或http(s)密码保护密码(可忽略)
compress 是否压缩传输(true或false或忽略)
crypt 是否加密传输(true或false或忽略)
rate_limit 速度限制,可忽略
flow_limit 流量限制,可忽略
remark 客户端备注,可忽略
max_conn 最大连接数,可忽略
域名代理
[common]
server_addr=1.1.1.1:8284
vkey=123
[web1]
host=a.proxy.com
target_addr=127.0.0.1:8080,127.0.0.1:8082
host_change=www.proxy.com
header_set_proxy=nps
含义
web1 备注
host 域名(http
target_addr 内网目标,负载均衡时多个目标,逗号隔开
host_change 请求host修改
header_xxx 请求header修改或添加,header_proxy表示添加header proxy:nps
tcp隧道模式
[common]
server_addr=1.1.1.1:8284
vkey=123
[tcp]
mode=tcp
target_addr=127.0.0.1:8080
server_port=9001
含义
mode tcp
server_port 在服务端的代理端口
tartget_addr 内网目标
udp隧道模式
[common]
server_addr=1.1.1.1:8284
vkey=123
[udp]
mode=udp
target_addr=127.0.0.1:8080
server_port=9002
含义
mode udp
server_port 在服务端的代理端口
target_addr 内网目标
http代理模式
[common]
server_addr=1.1.1.1:8284
vkey=123
[http]
mode=httpProxy
server_port=9003
含义
mode httpProxy
server_port 在服务端的代理端口
socks5代理模式
[common]
server_addr=1.1.1.1:8284
vkey=123
[socks5]
mode=socks5
server_port=9004
multi_account=multi_account.conf
含义
mode socks5
server_port 在服务端的代理端口
multi_account socks5多账号配置文件(可选),配置后使用basic_username和basic_password无法通过认证
私密代理模式
[common]
server_addr=1.1.1.1:8284
vkey=123
[secret_ssh]
mode=secret
password=ssh2
target_addr=10.1.50.2:22
含义
mode secret
password 唯一密钥
target_addr 内网目标
p2p代理模式
[common]
server_addr=1.1.1.1:8284
vkey=123
[p2p_ssh]
mode=p2p
password=ssh2
target_addr=10.1.50.2:22
含义
mode p2p
password 唯一密钥
target_addr 内网目标
文件访问模式

利用nps提供一个公网可访问的本地文件服务,此模式仅客户端使用配置文件模式方可启动

[common]
server_addr=1.1.1.1:8284
vkey=123
[file]
mode=file
server_port=9100
local_path=/tmp/
strip_pre=/web/
含义
mode file
server_port 服务端开启的端口
local_path 本地文件目录
strip_pre 前缀

对于strip_pre,访问公网ip:9100/web/相当于访问/tmp/目录

断线重连

[common]
auto_reconnection=true

nat类型检测

 ./npc nat

如果p2p双方都是Symmetric Nat,肯定不能成功,其他组合都有较大成功率。

状态检查

 ./npc status -config=npc配置文件路径

重载配置文件

 ./npc restart -config=npc配置文件路径

通过代理连接nps

有时候运行npc的内网机器无法直接访问外网,此时可以可以通过socks5代理连接nps

对于配置文件方式启动,设置

[common]
proxy_url=socks5://111:222@127.0.0.1:8024

对于无配置文件模式,加上参数

-proxy=socks5://111:222@127.0.0.1:8024

支持socks5和http两种模式

即socks5://username:password@ip:port

http://username:password@ip:port

群晖支持

可在releases中下载spk群晖套件,例如npc_x64-6.1_0.19.0-1.spk

相关功能

缓存支持

对于web站点来说,一些静态文件往往消耗更大的流量,且在内网穿透中,静态文件还需到客户端获取一次,这将导致更大的流量消耗。nps在域名解析代理中支持对静态文件进行缓存。

即假设一个站点有a.css,nps将只需从npc客户端读取一次该文件,然后把该文件的内容放在内存中,下一次将不再对npc客户端进行请求而直接返回内存中的对应内容。该功能默认是关闭的,如需开启请在nps.conf中设置http_cache=true,并设置http_cache_length(缓存文件的个数,消耗内存,不宜过大,0表示不限制个数)

数据压缩支持

由于是内网穿透,内网客户端与服务端之间的隧道存在大量的数据交换,为节省流量,加快传输速度,由此本程序支持SNNAPY形式的压缩。

  • 所有模式均支持数据压缩
  • 在web管理或客户端配置文件中设置

加密传输

如果公司内网防火墙对外网访问进行了流量识别与屏蔽,例如禁止了ssh协议等,通过设置 配置文件,将服务端与客户端之间的通信内容加密传输,将会有效防止流量被拦截。

  • nps使用tls加密,所以一定要保留conf目录下的密钥文件,同时也可以自行生成
  • 在web管理或客户端配置文件中设置

站点保护

域名代理模式所有客户端共用一个http服务端口,在知道域名后任何人都可访问,一些开发或者测试环境需要保密,所以可以设置用户名和密码,nps将通过 Http Basic Auth 来保护,访问时需要输入正确的用户名和密码。

  • 在web管理或客户端配置文件中设置

host修改

由于内网站点需要的host可能与公网域名不一致,域名代理支持host修改功能,即修改request的header中的host字段。

使用方法:在web管理中设置

自定义header

支持对header进行新增或者修改,以配合服务的需要

404页面配置

支持域名解析模式的自定义404页面,修改/web/static/page/error.html中内容即可,暂不支持静态文件等内容

流量限制

支持客户端级流量限制,当该客户端入口流量与出口流量达到设定的总量后会拒绝服务 ,域名代理会返回404页面,其他代理会拒绝连接,使用该功能需要在nps.conf中设置allow_flow_limit,默认是关闭的。

带宽限制

支持客户端级带宽限制,带宽计算方式为入口和出口总和,权重均衡,使用该功能需要在nps.conf中设置allow_rate_limit,默认是关闭的。

负载均衡

本代理支持域名解析模式和tcp代理的负载均衡,在web域名添加或者编辑中内网目标分行填写多个目标即可实现轮训级别的负载均衡

端口白名单

为了防止服务端上的端口被滥用,可在nps.conf中配置allow_ports限制可开启的端口,忽略或者不填表示端口不受限制,格式:

allow_ports=9001-9009,10001,11000-12000

端口范围映射

当客户端以配置文件的方式启动时,可以将本地的端口进行范围映射,仅支持tcp和udp模式,例如:

[tcp]
mode=tcp
server_port=9001-9009,10001,11000-12000
target_port=8001-8009,10002,13000-14000

逗号分隔,可单个或者范围,注意上下端口的对应关系,无法一一对应将不能成功

端口范围映射到其他机器

[tcp]
mode=tcp
server_port=9001-9009,10001,11000-12000
target_port=8001-8009,10002,13000-14000
target_ip=10.1.50.2

填写target_ip后则表示映射的该地址机器的端口,忽略则便是映射本地127.0.0.1,仅范围映射时有效

守护进程

本代理支持守护进程,使用示例如下,服务端客户端所有模式通用,支持linux,darwin,windows。

./(nps|npc) start|stop|restart|status 若有其他参数可加其他参数
(nps|npc).exe start|stop|restart|status 若有其他参数可加其他参数

KCP协议支持

KCP 是一个快速可靠协议,能以比 TCP浪费10%-20%的带宽的代价,换取平均延迟降低 30%-40%,在弱网环境下对性能能有一定的提升。可在nps.conf中修改bridge_type为kcp ,设置后本代理将开启udp端口(bridge_port

注意:当服务端为kcp时,客户端连接时也需要使用相同配置,无配置文件模式加上参数type=kcp,配置文件模式在配置文件中设置tp=kcp

域名泛解析

支持域名泛解析,例如将host设置为*.proxy.com,a.proxy.com、b.proxy.com等都将解析到同一目标,在web管理中或客户端配置文件中将host设置为此格式即可。

URL路由

本代理支持根据URL将同一域名转发到不同的内网服务器,可在web中或客户端配置文件中设置,此参数也可忽略,例如在客户端配置文件中

[web1]
host=a.proxy.com
target_addr=127.0.0.1:7001
location=/test
[web2]
host=a.proxy.com
target_addr=127.0.0.1:7002
location=/static

对于a.proxy.com/test将转发到web1,对于a.proxy.com/static将转发到web2

限制ip访问

如果将一些危险性高的端口例如ssh端口暴露在公网上,可能会带来一些风险,本代理支持限制ip访问。

使用方法: 在配置文件nps.conf中设置ip_limit=true,设置后仅通过注册的ip方可访问。

ip注册

方式一: 在需要访问的机器上,运行客户端

./npc register -server=ip:port -vkey=公钥或客户端密钥 time=2

time为有效小时数,例如time=2,在当前时间后的两小时内,本机公网ip都可以访问nps代理.

方式二: 此外nps的web登陆也可提供验证的功能,成功登陆nps web admin后将自动为登陆的ip注册两小时的允许访问权限。

注意: 本机公网ip并不是一成不变的,请自行注意有效期的设置,同时同一网络下,多人也可能是在公用同一个公网ip。

客户端最大连接数

为防止恶意大量长连接,影响服务端程序的稳定性,可以在web或客户端配置文件中为每个客户端设置最大连接数。该功能针对socks5http正向代理域名代理tcp代理udp代理私密代理生效,使用该功能需要在nps.conf中设置allow_connection_num_limit=true,默认是关闭的。

客户端最大隧道数限制

nps支持对客户端的隧道数量进行限制,该功能默认是关闭的,如需开启,请在nps.conf中设置allow_tunnel_num_limit=true

端口复用

在一些严格的网络环境中,对端口的个数等限制较大,nps支持强大端口复用功能。将bridge_porthttp_proxy_porthttps_proxy_portweb_port都设置为同一端口,也能正常使用。

  • 使用时将需要复用的端口设置为与bridge_port一致即可,将自动识别。
  • 如需将web管理的端口也复用,需要配置web_host也就是一个二级域名以便区分

多路复用

nps主要通信默认基于多路复用,无需开启。

多路复用基于TCP滑动窗口原理设计,动态计算延迟以及带宽来算出应该往网络管道中打入的流量。 由于主要通信大多采用TCP协议,并无法探测其实时丢包情况,对于产生丢包重传的情况,采用较大的宽容度, 5分钟的等待时间,超时将会关闭当前隧道连接并重新建立,这将会抛弃当前所有的连接。 在Linux上,可以通过调节内核参数来适应不同应用场景。

对于需求大带宽又有一定的丢包的场景,可以保持默认参数不变,尽可能少抛弃连接 高并发下可根据Linux系统限制 调整

对于延迟敏感而又有一定丢包的场景,可以适当调整TCP重传次数 tcp_syn_retries, tcp_retries1, tcp_retries2 高并发同上 nps会在系统主动关闭连接的时候拿到报错,进而重新建立隧道连接

环境变量渲染

npc支持环境变量渲染以适应在某些特殊场景下的要求。

在无配置文件启动模式下: 设置环境变量

export NPC_SERVER_ADDR=1.1.1.1:8284
export NPC_SERVER_VKEY=xxxxx

直接执行./npc即可运行

在配置文件启动模式下:

[common]
server_addr={{.NPC_SERVER_ADDR}}
conn_type=tcp
vkey={{.NPC_SERVER_VKEY}}
auto_reconnection=true
[web]
host={{.NPC_WEB_HOST}}
target_addr={{.NPC_WEB_TARGET}}

在配置文件中填入相应的环境变量名称,npc将自动进行渲染配置文件替换环境变量

健康检查

当客户端以配置文件模式启动时,支持多节点的健康检查。配置示例如下

[health_check_test1]
health_check_timeout=1
health_check_max_failed=3
health_check_interval=1
health_http_url=/
health_check_type=http
health_check_target=127.0.0.1:8083,127.0.0.1:8082

[health_check_test2]
health_check_timeout=1
health_check_max_failed=3
health_check_interval=1
health_check_type=tcp
health_check_target=127.0.0.1:8083,127.0.0.1:8082

health关键词必须在开头存在

第一种是http模式,也就是以get的方式请求目标+url,返回状态码为200表示成功

第一种是tcp模式,也就是以tcp的方式与目标建立连接,能成功建立连接表示成功

如果失败次数超过health_check_max_failed,nps则会移除该npc下的所有该目标,如果失败后目标重新上线,nps将自动将目标重新加入。

含义
health_check_timeout 健康检查超时时间
health_check_max_failed 健康检查允许失败次数
health_check_interval 健康检查间隔
health_check_type 健康检查类型
health_check_target 健康检查目标,多个以逗号(,)分隔
health_check_type 健康检查类型
health_http_url 健康检查url,仅http模式适用

日志输出

日志输出级别

对于npc:

-log_level=0~7 -log_path=npc.log
LevelEmergency->0  LevelAlert->1

LevelCritical->2 LevelError->3

LevelWarning->4 LevelNotice->5

LevelInformational->6 LevelDebug->7

默认为全输出,级别为0到7

对于nps:

nps.conf中设置相关配置即可

相关说明

获取用户真实ip

在域名代理模式中,可以通过request请求 header 中的 X-Forwarded-For 和 X-Real-IP 来获取用户真实 IP。

本代理前会在每一个http(s)请求中添加了这两个 header。

热更新支持

对于绝大多数配置,在web管理中的修改将实时使用,无需重启客户端或者服务端

客户端地址显示

在web管理中将显示客户端的连接地址

流量统计

可统计显示每个代理使用的流量,由于压缩和加密等原因,会和实际环境中的略有差异

当前客户端带宽

可统计每个客户端当前的带宽,可能和实际有一定差异,仅供参考。

客户端与服务端版本对比

为了程序正常运行,客户端与服务端的核心版本必须一致,否则将导致客户端无法成功连接致服务端。

Linux系统限制

默认情况下linux对连接数量有限制,对于性能好的机器完全可以调整内核参数以处理更多的连接。 tcp_max_syn_backlog somaxconn 酌情调整参数,增强网络性能

webAPI

webAPI验证说明

  • 采用auth_key的验证方式
  • 在提交的每个请求后面附带两个参数,auth_keytimestamp
auth_key的生成方式为:md5(配置文件中的auth_key+当前时间戳)
timestamp为当前时间戳
curl --request POST \
  --url http://127.0.0.1:8080/client/list \
  --data 'auth_key=2a0000d9229e7dbcf79dd0f5e04bb084&timestamp=1553045344&start=0&limit=10'

注意: 为保证安全,时间戳的有效范围为20秒内,所以每次提交请求必须重新生成。

获取服务端时间

由于服务端与api请求的客户端时间差异不能太大,所以提供了一个可以获取服务端时间的接口

POST /auth/gettime

获取服务端authKey

如果想获取authKey,服务端提供获取authKey的接口

POST /auth/getauthkey

将返回加密后的authKey,采用aes cbc加密,请使用与服务端配置文件中cryptKey相同的密钥进行解密

注意: nps配置文件中auth_crypt_key需为16位

  • 解密密钥长度128
  • 偏移量与密钥相同
  • 补码方式pkcs5padding
  • 解密串编码方式 十六进制

详细文档

  • 此文档近期可能更新较慢,建议自行抓包

为方便第三方扩展,在web模式下可利用webAPI进行相关操作,详情见 webAPI文档

贡献

欢迎参与到制作docker、图标、文档翻译等工作

  • 如果遇到bug可以直接提交至dev分支
  • 使用遇到问题可以通过issues反馈
  • 项目处于开发阶段,还有很多待完善的地方,如果可以贡献代码,请提交 PR 至 dev 分支
  • 如果有新的功能特性反馈,可以通过issues或者qq群反馈

捐助

如果您觉得nps对你有帮助,欢迎给予我们一定捐助,也是帮助nps更好的发展。

致谢

Thanks jetbrains for providing development tools for nps

支付宝

image

微信

image

交流群

二维码.jpeg

GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007 Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/> Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The GNU General Public License is a free, copyleft license for software and other kinds of works. The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users. We, the Free Software Foundation, use the GNU General Public License for most of our software; it applies also to any other work released this way by its authors. You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things. To protect your rights, we need to prevent others from denying you these rights or asking you to surrender the rights. Therefore, you have certain responsibilities if you distribute copies of the software, or if you modify it: responsibilities to respect the freedom of others. For example, if you distribute copies of such a program, whether gratis or for a fee, you must pass on to the recipients the same freedoms that you received. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. Developers that use the GNU GPL protect your rights with two steps: (1) assert copyright on the software, and (2) offer you this License giving you legal permission to copy, distribute and/or modify it. For the developers' and authors' protection, the GPL clearly explains that there is no warranty for this free software. For both users' and authors' sake, the GPL requires that modified versions be marked as changed, so that their problems will not be attributed erroneously to authors of previous versions. Some devices are designed to deny users access to install or run modified versions of the software inside them, although the manufacturer can do so. This is fundamentally incompatible with the aim of protecting users' freedom to change the software. The systematic pattern of such abuse occurs in the area of products for individuals to use, which is precisely where it is most unacceptable. Therefore, we have designed this version of the GPL to prohibit the practice for those products. If such problems arise substantially in other domains, we stand ready to extend this provision to those domains in future versions of the GPL, as needed to protect the freedom of users. Finally, every program is threatened constantly by software patents. States should not allow patents to restrict development and use of software on general-purpose computers, but in those that do, we wish to avoid the special danger that patents applied to a free program could make it effectively proprietary. To prevent this, the GPL assures that patents cannot be used to render the program non-free. The precise terms and conditions for copying, distribution and modification follow. TERMS AND CONDITIONS 0. Definitions. "This License" refers to version 3 of the GNU General Public License. "Copyright" also means copyright-like laws that apply to other kinds of works, such as semiconductor masks. "The Program" refers to any copyrightable work licensed under this License. Each licensee is addressed as "you". "Licensees" and "recipients" may be individuals or organizations. To "modify" a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission, other than the making of an exact copy. The resulting work is called a "modified version" of the earlier work or a work "based on" the earlier work. A "covered work" means either the unmodified Program or a work based on the Program. To "propagate" a work means to do anything with it that, without permission, would make you directly or secondarily liable for infringement under applicable copyright law, except executing it on a computer or modifying a private copy. Propagation includes copying, distribution (with or without modification), making available to the public, and in some countries other activities as well. To "convey" a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying. An interactive user interface displays "Appropriate Legal Notices" to the extent that it includes a convenient and prominently visible feature that (1) displays an appropriate copyright notice, and (2) tells the user that there is no warranty for the work (except to the extent that warranties are provided), that licensees may convey the work under this License, and how to view a copy of this License. If the interface presents a list of user commands or options, such as a menu, a prominent item in the list meets this criterion. 1. Source Code. The "source code" for a work means the preferred form of the work for making modifications to it. "Object code" means any non-source form of a work. A "Standard Interface" means an interface that either is an official standard defined by a recognized standards body, or, in the case of interfaces specified for a particular programming language, one that is widely used among developers working in that language. The "System Libraries" of an executable work include anything, other than the work as a whole, that (a) is included in the normal form of packaging a Major Component, but which is not part of that Major Component, and (b) serves only to enable use of the work with that Major Component, or to implement a Standard Interface for which an implementation is available to the public in source code form. A "Major Component", in this context, means a major essential component (kernel, window system, and so on) of the specific operating system (if any) on which the executable work runs, or a compiler used to produce the work, or an object code interpreter used to run it. The "Corresponding Source" for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. However, it does not include the work's System Libraries, or general-purpose tools or generally available free programs which are used unmodified in performing those activities but which are not part of the work. For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those subprograms and other parts of the work. The Corresponding Source need not include anything that users can regenerate automatically from other parts of the Corresponding Source. The Corresponding Source for a work in source code form is that same work. 2. Basic Permissions. All rights granted under this License are granted for the term of copyright on the Program, and are irrevocable provided the stated conditions are met. This License explicitly affirms your unlimited permission to run the unmodified Program. The output from running a covered work is covered by this License only if the output, given its content, constitutes a covered work. This License acknowledges your rights of fair use or other equivalent, as provided by copyright law. You may make, run and propagate covered works that you do not convey, without conditions so long as your license otherwise remains in force. You may convey covered works to others for the sole purpose of having them make modifications exclusively for you, or provide you with facilities for running those works, provided that you comply with the terms of this License in conveying all material for which you do not control copyright. Those thus making or running the covered works for you must do so exclusively on your behalf, under your direction and control, on terms that prohibit them from making any copies of your copyrighted material outside their relationship with you. Conveying under any other circumstances is permitted solely under the conditions stated below. Sublicensing is not allowed; section 10 makes it unnecessary. 3. Protecting Users' Legal Rights From Anti-Circumvention Law. No covered work shall be deemed part of an effective technological measure under any applicable law fulfilling obligations under article 11 of the WIPO copyright treaty adopted on 20 December 1996, or similar laws prohibiting or restricting circumvention of such measures. When you convey a covered work, you waive any legal power to forbid circumvention of technological measures to the extent such circumvention is effected by exercising rights under this License with respect to the covered work, and you disclaim any intention to limit operation or modification of the work as a means of enforcing, against the work's users, your or third parties' legal rights to forbid circumvention of technological measures. 4. Conveying Verbatim Copies. You may convey verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice; keep intact all notices stating that this License and any non-permissive terms added in accord with section 7 apply to the code; keep intact all notices of the absence of any warranty; and give all recipients a copy of this License along with the Program. You may charge any price or no price for each copy that you convey, and you may offer support or warranty protection for a fee. 5. Conveying Modified Source Versions. You may convey a work based on the Program, or the modifications to produce it from the Program, in the form of source code under the terms of section 4, provided that you also meet all of these conditions: a) The work must carry prominent notices stating that you modified it, and giving a relevant date. b) The work must carry prominent notices stating that it is released under this License and any conditions added under section 7. This requirement modifies the requirement in section 4 to "keep intact all notices". c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it. d) If the work has interactive user interfaces, each must display Appropriate Legal Notices; however, if the Program has interactive interfaces that do not display Appropriate Legal Notices, your work need not make them do so. A compilation of a covered work with other separate and independent works, which are not by their nature extensions of the covered work, and which are not combined with it such as to form a larger program, in or on a volume of a storage or distribution medium, is called an "aggregate" if the compilation and its resulting copyright are not used to limit the access or legal rights of the compilation's users beyond what the individual works permit. Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate. 6. Conveying Non-Source Forms. You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways: a) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by the Corresponding Source fixed on a durable physical medium customarily used for software interchange. b) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by a written offer, valid for at least three years and valid for as long as you offer spare parts or customer support for that product model, to give anyone who possesses the object code either (1) a copy of the Corresponding Source for all the software in the product that is covered by this License, on a durable physical medium customarily used for software interchange, for a price no more than your reasonable cost of physically performing this conveying of source, or (2) access to copy the Corresponding Source from a network server at no charge. c) Convey individual copies of the object code with a copy of the written offer to provide the Corresponding Source. This alternative is allowed only occasionally and noncommercially, and only if you received the object code with such an offer, in accord with subsection 6b. d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party) that supports equivalent copying facilities, provided you maintain clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements. e) Convey the object code using peer-to-peer transmission, provided you inform other peers where the object code and Corresponding Source of the work are being offered to the general public at no charge under subsection 6d. A separable portion of the object code, whose source code is excluded from the Corresponding Source as a System Library, need not be included in conveying the object code work. A "User Product" is either (1) a "consumer product", which means any tangible personal property which is normally used for personal, family, or household purposes, or (2) anything designed or sold for incorporation into a dwelling. In determining whether a product is a consumer product, doubtful cases shall be resolved in favor of coverage. For a particular product received by a particular user, "normally used" refers to a typical or common use of that class of product, regardless of the status of the particular user or of the way in which the particular user actually uses, or expects or is expected to use, the product. A product is a consumer product regardless of whether the product has substantial commercial, industrial or non-consumer uses, unless such uses represent the only significant mode of use of the product. "Installation Information" for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product from a modified version of its Corresponding Source. The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made. If you convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a fixed term (regardless of how the transaction is characterized), the Corresponding Source conveyed under this section must be accompanied by the Installation Information. But this requirement does not apply if neither you nor any third party retains the ability to install modified object code on the User Product (for example, the work has been installed in ROM). The requirement to provide Installation Information does not include a requirement to continue to provide support service, warranty, or updates for a work that has been modified or installed by the recipient, or for the User Product in which it has been modified or installed. Access to a network may be denied when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network. Corresponding Source conveyed, and Installation Information provided, in accord with this section must be in a format that is publicly documented (and with an implementation available to the public in source code form), and must require no special password or key for unpacking, reading or copying. 7. Additional Terms. "Additional permissions" are terms that supplement the terms of this License by making exceptions from one or more of its conditions. Additional permissions that are applicable to the entire Program shall be treated as though they were included in this License, to the extent that they are valid under applicable law. If additional permissions apply only to part of the Program, that part may be used separately under those permissions, but the entire Program remains governed by this License without regard to the additional permissions. When you convey a copy of a covered work, you may at your option remove any additional permissions from that copy, or from any part of it. (Additional permissions may be written to require their own removal in certain cases when you modify the work.) You may place additional permissions on material, added by you to a covered work, for which you have or can give appropriate copyright permission. Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms: a) Disclaiming warranty or limiting liability differently from the terms of sections 15 and 16 of this License; or b) Requiring preservation of specified reasonable legal notices or author attributions in that material or in the Appropriate Legal Notices displayed by works containing it; or c) Prohibiting misrepresentation of the origin of that material, or requiring that modified versions of such material be marked in reasonable ways as different from the original version; or d) Limiting the use for publicity purposes of names of licensors or authors of the material; or e) Declining to grant rights under trademark law for use of some trade names, trademarks, or service marks; or f) Requiring indemnification of licensors and authors of that material by anyone who conveys the material (or modified versions of it) with contractual assumptions of liability to the recipient, for any liability that these contractual assumptions directly impose on those licensors and authors. All other non-permissive additional terms are considered "further restrictions" within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term. If a license document contains a further restriction but permits relicensing or conveying under this License, you may add to a covered work material governed by the terms of that license document, provided that the further restriction does not survive such relicensing or conveying. If you add terms to a covered work in accord with this section, you must place, in the relevant source files, a statement of the additional terms that apply to those files, or a notice indicating where to find the applicable terms. Additional terms, permissive or non-permissive, may be stated in the form of a separately written license, or stated as exceptions; the above requirements apply either way. 8. Termination. You may not propagate or modify a covered work except as expressly provided under this License. Any attempt otherwise to propagate or modify it is void, and will automatically terminate your rights under this License (including any patent licenses granted under the third paragraph of section 11). However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation. Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice. Termination of your rights under this section does not terminate the licenses of parties who have received copies or rights from you under this License. If your rights have been terminated and not permanently reinstated, you do not qualify to receive new licenses for the same material under section 10. 9. Acceptance Not Required for Having Copies. You are not required to accept this License in order to receive or run a copy of the Program. Ancillary propagation of a covered work occurring solely as a consequence of using peer-to-peer transmission to receive a copy likewise does not require acceptance. However, nothing other than this License grants you permission to propagate or modify any covered work. These actions infringe copyright if you do not accept this License. Therefore, by modifying or propagating a covered work, you indicate your acceptance of this License to do so. 10. Automatic Licensing of Downstream Recipients. Each time you convey a covered work, the recipient automatically receives a license from the original licensors, to run, modify and propagate that work, subject to this License. You are not responsible for enforcing compliance by third parties with this License. An "entity transaction" is a transaction transferring control of an organization, or substantially all assets of one, or subdividing an organization, or merging organizations. If propagation of a covered work results from an entity transaction, each party to that transaction who receives a copy of the work also receives whatever licenses to the work the party's predecessor in interest had or could give under the previous paragraph, plus a right to possession of the Corresponding Source of the work from the predecessor in interest, if the predecessor has it or can get it with reasonable efforts. You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License. For example, you may not impose a license fee, royalty, or other charge for exercise of rights granted under this License, and you may not initiate litigation (including a cross-claim or counterclaim in a lawsuit) alleging that any patent claim is infringed by making, using, selling, offering for sale, or importing the Program or any portion of it. 11. Patents. A "contributor" is a copyright holder who authorizes use under this License of the Program or a work on which the Program is based. The work thus licensed is called the contributor's "contributor version". A contributor's "essential patent claims" are all patent claims owned or controlled by the contributor, whether already acquired or hereafter acquired, that would be infringed by some manner, permitted by this License, of making, using, or selling its contributor version, but do not include claims that would be infringed only as a consequence of further modification of the contributor version. For purposes of this definition, "control" includes the right to grant patent sublicenses in a manner consistent with the requirements of this License. Each contributor grants you a non-exclusive, worldwide, royalty-free patent license under the contributor's essential patent claims, to make, use, sell, offer for sale, import and otherwise run, modify and propagate the contents of its contributor version. In the following three paragraphs, a "patent license" is any express agreement or commitment, however denominated, not to enforce a patent (such as an express permission to practice a patent or covenant not to sue for patent infringement). To "grant" such a patent license to a party means to make such an agreement or commitment not to enforce a patent against the party. If you convey a covered work, knowingly relying on a patent license, and the Corresponding Source of the work is not available for anyone to copy, free of charge and under the terms of this License, through a publicly available network server or other readily accessible means, then you must either (1) cause the Corresponding Source to be so available, or (2) arrange to deprive yourself of the benefit of the patent license for this particular work, or (3) arrange, in a manner consistent with the requirements of this License, to extend the patent license to downstream recipients. "Knowingly relying" means you have actual knowledge that, but for the patent license, your conveying the covered work in a country, or your recipient's use of the covered work in a country, would infringe one or more identifiable patents in that country that you have reason to believe are valid. If, pursuant to or in connection with a single transaction or arrangement, you convey, or propagate by procuring conveyance of, a covered work, and grant a patent license to some of the parties receiving the covered work authorizing them to use, propagate, modify or convey a specific copy of the covered work, then the patent license you grant is automatically extended to all recipients of the covered work and works based on it. A patent license is "discriminatory" if it does not include within the scope of its coverage, prohibits the exercise of, or is conditioned on the non-exercise of one or more of the rights that are specifically granted under this License. You may not convey a covered work if you are a party to an arrangement with a third party that is in the business of distributing software, under which you make payment to the third party based on the extent of your activity of conveying the work, and under which the third party grants, to any of the parties who would receive the covered work from you, a discriminatory patent license (a) in connection with copies of the covered work conveyed by you (or copies made from those copies), or (b) primarily for and in connection with specific products or compilations that contain the covered work, unless you entered into that arrangement, or that patent license was granted, prior to 28 March 2007. Nothing in this License shall be construed as excluding or limiting any implied license or other defenses to infringement that may otherwise be available to you under applicable patent law. 12. No Surrender of Others' Freedom. If conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot convey a covered work so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not convey it at all. For example, if you agree to terms that obligate you to collect a royalty for further conveying from those to whom you convey the Program, the only way you could satisfy both those terms and this License would be to refrain entirely from conveying the Program. 13. Use with the GNU Affero General Public License. Notwithstanding any other provision of this License, you have permission to link or combine any covered work with a work licensed under version 3 of the GNU Affero General Public License into a single combined work, and to convey the resulting work. The terms of this License will continue to apply to the part which is the covered work, but the special requirements of the GNU Affero General Public License, section 13, concerning interaction through a network will apply to the combination as such. 14. Revised Versions of this License. The Free Software Foundation may publish revised and/or new versions of the GNU General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies that a certain numbered version of the GNU General Public License "or any later version" applies to it, you have the option of following the terms and conditions either of that numbered version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the GNU General Public License, you may choose any version ever published by the Free Software Foundation. If the Program specifies that a proxy can decide which future versions of the GNU General Public License can be used, that proxy's public statement of acceptance of a version permanently authorizes you to choose that version for the Program. Later license versions may give you additional or different permissions. However, no additional obligations are imposed on any author or copyright holder as a result of your choosing to follow a later version. 15. Disclaimer of Warranty. THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 16. Limitation of Liability. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 17. Interpretation of Sections 15 and 16. If the disclaimer of warranty and limitation of liability provided above cannot be given local legal effect according to their terms, reviewing courts shall apply local law that most closely approximates an absolute waiver of all civil liability in connection with the Program, unless a warranty or assumption of liability accompanies a copy of the Program in return for a fee. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. {one line to give the program's name and a brief idea of what it does.} Copyright (C) {year} {name of author} This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. Also add information on how to contact you by electronic and paper mail. If the program does terminal interaction, make it output a short notice like this when it starts in an interactive mode: {project} Copyright (C) {year} {fullname} This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, your program's commands might be different; for a GUI interface, you would use an "about box". You should also get your employer (if you work as a programmer) or school, if any, to sign a "copyright disclaimer" for the program, if necessary. For more information on this, and how to apply and follow the GNU GPL, see <http://www.gnu.org/licenses/>. The GNU General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. But first, please read <http://www.gnu.org/philosophy/why-not-lgpl.html>.

简介

nps是一款轻量级、高性能、功能强大的内网穿透代理服务器。目前支持tcp、udp流量转发,可支持任何tcp、udp上层协议(访问内网网站、本地支付接口调试、ssh访问、远程桌面,内网dns解析等等……),此外还支持内网http代理、内网socks5代理、p2p等,并带有功能强大的web管理端。 展开 收起
Go 等 3 种语言
GPL-3.0
取消

发行版 (1)

全部
2个月前

近期动态

2个月前推送了新的提交到 master 分支,ab648d6...0024b3b
2个月前创建了仓库
不能加载更多了
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化