Recommend using VP.S server for deployment, and recommend purchasing Japan Tokyo (BBTEC) or Germany Frankfurt (CU Premium AS9929/10099).
Introduction#
Juicity is an emerging proxy protocol based on QUIC, released under the AGPL license at the end of July 2023.
Dae is a high-performance transparent proxy software based on eBPF for Linux platforms, released under the AGPL license in January 2023.
Server Configuration#
Juicity provides builds for nearly 40 platforms, supporting Windows, macOS, and Linux systems, as well as x86, ARM, MIPS, and Risc-V platforms. The environment for setting up the server in this article is Debian 11, and the Juicity-Server version is v0.1.2.
- Download the release.
wget https://github.com/juicity/juicity/releases/download/v0.1.2/juicity-linux-x86_64_v3_avx2.zip
- Unzip the compressed file.
unzip juicity-linux-x86_64_v3_avx2.zip
- Generate a UUID using an online UUID generator and keep it for later use.
- Edit server.json.
cp example-server.json server.json
nano server.json
Example:
{
"listen": ":<port>",
"users": {
"<generated UUID>": "<password>"
},
"certificate": "<certificate chain file>",
"private_key": "<private key>",
"congestion_control": "bbr",
"fwmark": "0x1000",
"send_through": "<server IP>",
"log_level": "info"
}
- Run the server.
./juicity-server run -c server.json
Consider using daemon software or Systemd Service.
Client Configuration#
Dae only supports Linux. Windows and MacOS users should refer to Juicity-Client.
This section is for configuration under NixOS.
- Install dae.
environment.systemPackages = with pkgs; [
...
dae
...
];
- Create
/etc/dae
and edit the configuration file/etc/dae/config.dae
.
mkdir -p /etc/dae
nano /etc/dae/client.json
Example:
global {
wan_interface: auto
log_level: info
allow_insecure: false
auto_config_kernel_parameter: true
}
node {
fra: 'juicity://<UUID>:<password>@<domain>:<port>?congestion_control=bbr'
}
dns {
upstream {
googledns: 'tcp+udp://dns.google.com:53'
alidns: 'udp://dns.alidns.com:53'
}
routing {
request {
fallback: alidns
}
response {
upstream(googledns) -> accept
!qname(geosite:cn) && ip(geoip:private) -> googledns
fallback: accept
}
}
}
group {
proxy {
policy: min_moving_avg
}
}
routing {
pname(NetworkManager, systemd-resolved, dnsmasq) -> must_direct
dip(224.0.0.0/3, 'ff00::/8') -> direct
dip(geoip:private) -> direct
dip(geoip:cn) -> direct
domain(geosite:cn) -> direct
fallback: proxy
}
- Create Systemd Service
systemd.services.dae = {
enable = true;
description = "Dae Client Service (config.dae)";
after = [ "network.target" ];
serviceConfig = {
Type = "notify";
User = "root";
LimitNPROC = 512;
LimitNOFILE = 1048576;
ExecStartPre = "/run/current-system/sw/bin/dae validate -c /etc/dae/config.dae";
ExecStart = "/run/current-system/sw/bin/dae run --disable-timestamp -c /etc/dae/config.dae";
ExecReload = "/run/current-system/sw/bin/dae reload $MAINPID";
Restart = "on-abnormal";
WorkingDirectory = "/etc/dae";
};
};
Save and compile the NixOS configuration.
Credit#
Thanks to @bradfordzhang for letting me know about this.