3.1 KiB
Proxy Protocols
Note
: dae currently supports the following proxy protocols
-
HTTP(S), naiveproxy
https://[[user:]pass@]hostname:port/
-
Socks
- Socks4
- Socks4a
- Socks5
socks4://[[user:]pass@]hostname:port/ socks5://[[user:]pass@]hostname:port/
-
VMess(AEAD, alterID=0) / VLESS
- TCP
- WS
- TLS
- Reality (Experimental, TCP Only)
- gRPC
- Meek
- HTTPUpgrade
-
Shadowsocks
- AEAD Ciphers
- Stream Ciphers
- simple-obfs
- v2ray-plugin
- Websocket (+TLS)
-
ShadowsocksR
-
Trojan
- Trojan-gfw
- Trojan-go
-
Tuic (v5)
-
Juicity
-
Hysteria2
-
Proxy chain (flexible protocol)
For other requirements, one way to expand protocol support is by using external proxy programs. Below is an example of using the external naiveproxy.
Although dae and other proxy programs support the HTTPS protocol, using them does not utilize the chromium networking stack, which weakens the camouflage effect of naiveproxy. Therefore, using an external naiveproxy program is recommended.
-
Start naiveproxy:
The example uses naiveproxy to open an HTTP listening port. Note that HTTP proxy does not support proxying UDP traffic, so if you are using an external proxy program, it is advisable to prioritize using the socks5 port.
naiveproxy --listen=http://127.0.0.1:1090 --proxy=https://yourlink
-
In the section of dae's configuration related to nodes, add the following line:
http://127.0.0.1:1090
, and remember to use this node in the group you are using. -
If you have bound the WAN interface, meaning you have filled in the
global.wan_interface
field, make sure to add the following line near the top in the routing section to prevent traffic from flowing back to dae after passing through naiveproxy, causing a loop:pname(naiveproxy) -> must_direct
Here,
pname
refers to the process name. You can determine the process name of naiveproxy by examining the command used to start it, running theps -ef
command at runtime, or observing the dae logs. The meaning ofmust_direct
is to allow all traffic, including DNS queries, to pass through directly without redirecting to dae.Users who only bind the LAN interface do not need to perform this step.