Glider
glider is a forward proxy with multiple protocols support, and also a dns/dhcp server with ipset management features(like dnsmasq).
Install / Use
/learn @nadoo/GliderREADME
glider
glider is a forward proxy with multiple protocols support, and also a dns/dhcp server with ipset management features(like dnsmasq).
we can set up local listeners as proxy servers, and forward requests to internet via forwarders.
|Forwarder ----------------->|
Listener --> | | Internet
|Forwarder --> Forwarder->...|
Features
- Act as both proxy client and proxy server(protocol converter)
- Flexible proxy & protocol chains
- Load balancing with the following scheduling algorithm:
- rr: round robin
- ha: high availability
- lha: latency based high availability
- dh: destination hashing
- Rule & priority based forwarder choosing: Config Examples
- DNS forwarding server:
- dns over proxy
- force upstream querying by tcp
- association rules between dns and forwarder choosing
- association rules between dns and ipset
- dns cache support
- custom dns record
- IPSet management (linux kernel version >= 2.6.32):
- add ip/cidrs from rule files on startup
- add resolved ips for domains from rule files by dns forwarding server
- Serve http and socks5 on the same port
- Periodical availability checking for forwarders
- Send requests from specific local ip/interface
- Services:
- dhcpd: a simple dhcp server that can run in failover mode
Protocols
<details> <summary>click to see details</summary>|Protocol | Listen/TCP | Listen/UDP | Forward/TCP | Forward/UDP | Description |:-: |:-:|:-:|:-:|:-:|:- |Mixed |√|√| | |http+socks5 server |HTTP |√| |√| |client & server |SOCKS5 |√|√|√|√|client & server |SS |√|√|√|√|client & server |Trojan |√|√|√|√|client & server |Trojanc |√|√|√|√|trojan cleartext(without tls) |VLESS |√|√|√|√|client & server |VMess | | |√|√|client only |SSR | | |√| |client only |SSH | | |√| |client only |SOCKS4 | | |√| |client only |SOCKS4A | | |√| |client only |TCP |√| |√| |tcp tunnel client & server |UDP | |√| |√|udp tunnel client & server |TLS |√| |√| |transport client & server |KCP | |√|√| |transport client & server |Unix |√|√|√|√|transport client & server |VSOCK |√| |√| |transport client & server |Smux |√| |√| |transport client & server |Websocket(WS) |√| |√| |transport client & server |WS Secure |√| |√| |websocket secure (wss) |Proxy Protocol |√| | | |version 1 server only |Simple-Obfs | | |√| |transport client only |Redir |√| | | |linux redirect proxy |Redir6 |√| | | |linux redirect proxy(ipv6) |TProxy | |√| | |linux tproxy(udp only) |Reject | | |√|√|reject all requests
</details>Install
- Binary: https://github.com/nadoo/glider/releases
- Docker:
docker pull nadoo/glider - Manjaro:
pamac install glider - ArchLinux:
sudo pacman -S glider - Homebrew:
brew install glider - MacPorts:
sudo port install glider - Source:
go install github.com/nadoo/glider@latest
Usage
Run
glider -verbose -listen :8443
# docker run --rm -it nadoo/glider -verbose -listen :8443
Help
<details> <summary><code>glider -help</code></summary>Usage: glider [-listen URL]... [-forward URL]... [OPTION]...
e.g. glider -config /etc/glider/glider.conf
glider -listen :8443 -forward socks5://serverA:1080 -forward socks5://serverB:1080 -verbose
OPTION:
-check string
check=tcp[://HOST:PORT]: tcp port connect check
check=http://HOST[:PORT][/URI][#expect=REGEX_MATCH_IN_RESP_LINE]
check=https://HOST[:PORT][/URI][#expect=REGEX_MATCH_IN_RESP_LINE]
check=file://SCRIPT_PATH: run a check script, healthy when exitcode=0, env vars: FORWARDER_ADDR,FORWARDER_URL
check=disable: disable health check (default "http://www.msftconnecttest.com/connecttest.txt#expect=200")
-checkdisabledonly
check disabled fowarders only
-checkinterval int
fowarder check interval(seconds) (default 30)
-checklatencysamples int
use the average latency of the latest N checks (default 10)
-checktimeout int
fowarder check timeout(seconds) (default 10)
-checktolerance int
fowarder check tolerance(ms), switch only when new_latency < old_latency - tolerance, only used in lha mode
-config string
config file path
-dialtimeout int
dial timeout(seconds) (default 3)
-dns string
local dns server listen address
-dnsalwaystcp
always use tcp to query upstream dns servers no matter there is a forwarder or not
-dnscachelog
show query log of dns cache
-dnscachesize int
max number of dns response in CACHE (default 4096)
-dnsmaxttl int
maximum TTL value for entries in the CACHE(seconds) (default 1800)
-dnsminttl int
minimum TTL value for entries in the CACHE(seconds)
-dnsnoaaaa
disable AAAA query
-dnsrecord value
custom dns record, format: domain/ip
-dnsserver value
remote dns server address
-dnstimeout int
timeout value used in multiple dnsservers switch(seconds) (default 3)
-example
show usage examples
-forward value
forward url, see the URL section below
-include value
include file
-interface string
source ip or source interface
-listen value
listen url, see the URL section below
-logflags int
do not change it if you do not know what it is, ref: https://pkg.go.dev/log#pkg-constants (default 19)
-maxfailures int
max failures to change forwarder status to disabled (default 3)
-relaytimeout int
relay timeout(seconds)
-rulefile value
rule file path
-rules-dir string
rule file folder
-scheme string
show help message of proxy scheme, use 'all' to see all schemes
-service value
run specified services, format: SERVICE_NAME[,SERVICE_CONFIG]
-strategy string
rr: Round Robin mode
ha: High Availability mode
lha: Latency based High Availability mode
dh: Destination Hashing mode (default "rr")
-tcpbufsize int
tcp buffer size in Bytes (default 32768)
-udpbufsize int
udp buffer size in Bytes (default 2048)
-verbose
verbose mode
URL:
proxy: SCHEME://[USER:PASS@][HOST]:PORT
chain: proxy,proxy[,proxy]...
e.g. -listen socks5://:1080
-listen tls://:443?cert=crtFilePath&key=keyFilePath,http:// (protocol chain)
e.g. -forward socks5://server:1080
-forward tls://server.com:443,http:// (protocol chain)
-forward socks5://serverA:1080,socks5://serverB:1080 (proxy chain)
SCHEME:
listen : http kcp mixed pxyproto redir redir6 smux sni socks5 ss tcp tls tproxy trojan trojanc udp unix vless vsock ws wss
forward: direct http kcp reject simple-obfs smux socks4 socks4a socks5 ss ssh ssr tcp tls trojan trojanc udp unix vless vmess vsock ws wss
Note: use 'glider -scheme all' or 'glider -scheme SCHEME' to see help info for the scheme.
--
Forwarder Options: FORWARD_URL#OPTIONS
priority : the priority of that forwarder, the larger the higher, default: 0
interface: the local interface or ip address used to connect remote server.
e.g. -forward socks5://server:1080#priority=100
-forward socks5://server:1080#interface=eth0
-forward socks5://server:1080#priority=100&interface=192.168.1.99
Services:
dhcpd: service=dhcpd,INTERFACE,START_IP,END_IP,LEASE_MINUTES[,MAC=IP,MAC=IP...]
service=dhcpd-failover,INTERFACE,START_IP,END_IP,LEASE_MINUTES[,MAC=IP,MAC=IP...]
e.g. service=dhcpd,eth1,192.168.1.100,192.168.1.199,720
--
Help:
glider -help
glider -scheme all
glider -example
see README.md and glider.conf.example for more details.
--
glider 0.16.4, https://github.com/nadoo/glider (glider.proxy@gmail.com)
Schemes
<details> <summary><code>glider -scheme all</code></summary>Direct scheme:
direct://
Only needed when you want to specify the outgoing interface:
glider -verbose -listen :8443 -forward direct://#interface=eth0
Or load balance multiple interfaces directly:
glider -verbose -listen :8443 -forward direct://#interface=eth0 -forward direct://#interface=eth1 -strategy rr
Or you can use the high availability mode:
glider -verbose -listen :8443 -forward direct://#interface=eth0&priority=100 -forward direct://#interface=eth1&priority=200 -strategy ha
--
Http scheme:
http://[user:pass@]host:port
--
KCP scheme:
kcp://CRYPT:KEY@host:port[?dataShards=NUM&parityShards=NUM&mode=MODE]
Available crypt types for KCP:
none, sm4, tea, xor, aes, aes-128, aes-192, blowfish, twofish, cast5, 3des, xtea, salsa20
Available modes for KCP:
fast, fast2, fast3, normal, default: fast
--
Simple-Obfs scheme:
simple-obfs://host:port[?type=TYPE&host=HOST&uri=URI&ua=UA]
Available types for simple-obfs:
http, tls
--
Reject scheme:
reject://
--
Smux scheme:
smux://host:port
--
Socks4 scheme:
socks4://host:port
--
Socks5 sch
Related Skills
canvas
337.3kCanvas Skill Display HTML content on connected OpenClaw nodes (Mac app, iOS, Android). Overview The canvas tool lets you present web content on any connected node's canvas view. Great for: -
xurl
337.3kA CLI tool for making authenticated requests to the X (Twitter) API. Use this skill when you need to post tweets, reply, quote, search, read posts, manage followers, send DMs, upload media, or interact with any X API v2 endpoint.
openhue
337.3kControl Philips Hue lights and scenes via the OpenHue CLI.
sag
337.3kElevenLabs text-to-speech with mac-style say UX.
