Some questions and suggestions about trojan HOT 8 CLOSED

example.com/xxx/trojan - you are trying to suggest using some part of the http request as the authentication token. I think an http header is more suitable for this purpose. In the new mode (in development) of the Trojan protocol we will use proxy-authorization for this.

Websocket involves extra protocol round trips compared to HTTPS or raw TLS with no real benefits for tunneling. QUIC is a possible alternative transport to HTTP/2, but only after it is standardized, deployed in Chrome, and has server implementations.

from trojan.

@klzgrad My point is: example.com/xxx/trojan to hide trojan In a web site, https encrypted outside the path can not be obtained, GFW only know example.com do not know trojan.
The purpose is not authentication, is hidden trojan.

Websocket is my error.

from trojan.

example.com without auth header -> masquerade website

example.com with auth header -> proxy

This is all "content switching" or load balancing using part of the request as the key. Only difference is to use which part, the url or a header.

from trojan.

@klzgrad I understand.

About proxy-authorization
Will the proxy-authorization verification by whom?
What I'm worried about is：Unauthenticated request use proxy-authorization header, trojan return what?

from trojan.

Verified by a Trojan server.

If unauthenticated, the Trojan server returns the masquerade website.

from trojan.

@klzgrad

How to return to the masquerade website? If it is 301 or 302 that formed a feature

Seems to be back to my earliest question.

The correct URL to trojan check proxy-authorization
The wrong URL can never find trojan

The goal is to reduce trojan's connection to unknown requests

So I think custom URL is useful.

PS：Whether there is a telegraph group, English is not good, discuss some difficult.

from trojan.

In Nginx's language,

server {
    ...
    set $upstream "masquerade";
    if ($http_proxy_authorization ~ "Basic aGVsbG86d29ybGQ=") {
        set $upstream "proxy";                                   
    }

    location / {
        proxy_pass $upstream
    }
}

This makes the goal you defined too.

from trojan.

@klzgrad Got it, thanks for the answer. Look forward to the new version.

from trojan.