### Install 3proxy Service on Windows Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/howtoe.html Install 3proxy as a Windows service. Ensure the configuration file (3proxy.cfg) is in the installation directory. The service will be registered and started. ```batch cd C:\Program Files\3proxy 3proxy.exe --install ``` -------------------------------- ### Start Standalone SOCKS Proxy Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/howtoe.html Command-line example to start a standalone SOCKS proxy service. It specifies the log file location and the listening IP address. ```bash $/sbin/socks -l/var/log/socks.log -i127.0.0.1 ``` -------------------------------- ### Install 3proxy using Makefile on Unix/Linux Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/howtoe.html Install 3proxy after compilation using the Makefile. This command installs binaries, configuration, and sets up chroot directories. ```bash sudo make install ``` -------------------------------- ### Example of Updating Configuration Files Safely Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/highload.html This example demonstrates a strategy for safely updating configuration files by using a lock file and a version file to prevent race conditions during reloads. ```bash touch /some/path/3proxy/3proxy.lck ``` ```bash system "rm /some/path/3proxy/3proxy.lck" ``` ```bash monitor "/some/path/3proxy/3proxy.ver" ``` ```bash touch /some/path/3proxy/3proxy.ver ``` -------------------------------- ### Enable and Start 3proxy Service with systemd Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/howtoe.html Manage the 3proxy service using systemd on Linux. This command enables the service to start on boot and starts it immediately. ```bash sudo systemctl enable 3proxy sudo systemctl start 3proxy ``` -------------------------------- ### Install 3proxy using Makefile on macOS Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/howtoe.html Install 3proxy on macOS using the Makefile. This method installs binaries and configuration to different default locations compared to CMake. ```bash ln -sf Makefile.FreeBSD Makefile make sudo make install ``` -------------------------------- ### Install 3proxy with Custom Configuration Path Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/howtoe.html Install 3proxy as a service, specifying a custom path to the configuration file. This is useful when the configuration is not in the default location. ```bash 3proxy --install full_path_to_configuration_file ``` -------------------------------- ### Install 3proxy using CMake on Unix/Linux Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/howtoe.html Install 3proxy after compilation with CMake. This command performs the installation using the build artifacts generated by CMake. ```bash mkdir build && cd build cmake .. cmake --build . sudo cmake --install . ``` -------------------------------- ### Manage 3proxy Service with launchctl on macOS Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/howtoe.html Manage the 3proxy service on macOS using launchctl. This command loads and starts the service after installation via CMake. ```bash # Load and start the service launchctl load /Library/LaunchDaemons/org.3proxy.3proxy.plist launchctl start org.3proxy.3proxy ``` -------------------------------- ### Schedule Function Example in C Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/devel/devref.html Demonstrates how to define and schedule a function to be called periodically by 3proxy. Ensure time_t compatibility between plugin and 3proxy compilation. ```c int myschedfunc(void * data); struct schedule myschedule; myschedule.data = "somethinghere"; myschedule.function = myschedfunc; myschedule.type = MINUTELY; myschedule.starttime = 0; myschedule.next = *pluginlink->schedule; *pluginlink->schedule = myschedule; ``` -------------------------------- ### Plugin Loading Example Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/man3/3proxy.cfg.3.html Illustrates how to load a shared library plugin and call a specific function with arguments. The function should return 0 on success and a positive value on error. ```config plugin [ ...] ``` -------------------------------- ### Start TrafficPlugin Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/plugins/TrafficPlugin.html Starts the TrafficPlugin.dll. Ensure the DLL is in the same folder as the 3proxy executable. ```config plugin TrafficPlugin.dll start ``` -------------------------------- ### Manage 3proxy Service on macOS Source: https://github.com/3proxy/3proxy.github.io/blob/main/howtoe.html Commands to load, start, stop, and unload the 3proxy service using launchctl on macOS. ```bash sudo launchctl load /Library/LaunchDaemons/org.3proxy.3proxy.plist # Stop the service sudo launchctl stop org.3proxy.3proxy # Start the service sudo launchctl start org.3proxy.3proxy # Unload and disable the service sudo launchctl unload /Library/LaunchDaemons/org.3proxy.3proxy.plist ``` -------------------------------- ### Build Proxy Chains with Weights Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/howtoe.html This example demonstrates building proxy chains using the 'parent' command with different weights to control the probability of selecting a specific proxy hop. It shows mixing proxy types like SOCKS5 and CONNECT. ```config allow * parent 500 socks5 192.168.1.1 1080 parent 500 connect 192.168.10.1 3128 ``` -------------------------------- ### Start SOCKS Proxy with File Logging Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/howtoe.html Launches a SOCKS proxy service and directs its logs to a specified file. This is a command-line alternative to the 'log' configuration directive. ```bash /usr/local/sbin/socks -l/var/log/socks.log ``` -------------------------------- ### Install 3proxy using RPM Package Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/howtoe.html Install 3proxy on RPM-based systems (RHEL, CentOS, Fedora) using an .rpm package. This method is for installing pre-built packages from GitHub Releases. ```bash sudo rpm -i 3proxy-*.rpm ``` -------------------------------- ### Install 3proxy using Debian Package Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/howtoe.html Install 3proxy on Debian-based systems using a .deb package. This is a convenient way to install pre-built packages from GitHub Releases. ```bash sudo dpkg -i 3proxy_*.deb ``` -------------------------------- ### Manage 3proxy Service on macOS Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/howtoe.html Commands to load, start, stop, and unload the 3proxy service using launchctl on macOS. Ensure you have the correct plist file path. ```bash sudo launchctl load /Library/LaunchDaemons/org.3proxy.3proxy.plist ``` ```bash sudo launchctl stop org.3proxy.3proxy ``` ```bash sudo launchctl start org.3proxy.3proxy ``` ```bash sudo launchctl unload /Library/LaunchDaemons/org.3proxy.3proxy.plist ``` -------------------------------- ### Basic 3proxy Configuration Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/howtoe.html This configuration starts three services: HTTP PROXY, SOCKS, and POP3 PROXY. It sets up logging, rotation, and specifies internal and external interfaces. ```config log /var/log/3proxy.log D rotate 30 internal 127.0.0.1 external 192.168.1.1 proxy socks -p3129 pop3p ``` -------------------------------- ### Quick SSL Certificate Setup Script for Development Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/howtoe.html A shell script to quickly generate a self-signed Certificate Authority (CA), server certificate, and client certificate for development and testing purposes. It includes necessary extensions for both server and client authentication. ```bash #!/bin/sh # Creates CA, server, and client certificates for SSLPlugin testing # CA openssl genrsa -out ca.key 4096 openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 \ -subj "/CN=3proxy CA" -out ca.crt # Server openssl genrsa -out server.key 2048 openssl req -new -key server.key -subj "/CN=localhost" -out server.csr cat > server.ext << 'EOF' basicConstraints=CA:FALSE keyUsage = keyEncipherment extendedKeyUsage = serverAuth subjectAltName = DNS:localhost,DNS:proxy,IP:127.0.0.1 EOF openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key \ -CAcreateserial -out server.crt -days 365 -sha256 -extfile server.ext # Client openssl genrsa -out client.key 2048 openssl req -new -key client.key -subj "/CN=client" -out client.csr cat > client.ext << 'EOF' basicConstraints=CA:FALSE extendedKeyUsage = clientAuth EOF openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key \ -CAcreateserial -out client.crt -days 365 -sha256 -extfile client.ext openssl pkcs12 -export -out client.p12 -passout pass: \ -inkey client.key -in client.crt -certfile ca.crt ``` -------------------------------- ### Example Traffic Correction Rules Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/plugins/TrafficPlugin.html Demonstrates the application of traffic correction rules. The second rule for socks5 with any port has a lower coefficient and will be applied if the first rule doesn't match. ```config plugin "TrafficPlugin.dll" start trafcorrect m socks5 6112 4.5 trafcorrect m socks5 * 1.1 ``` -------------------------------- ### Access Control List Flushing Example Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/man3/3proxy.cfg.3.html Shows how to flush the active access list and then define new ACLs for specific services like pop3p and socks. ```config allow * pop3p flush allow * 192.168.1.0/24 socks ``` -------------------------------- ### User Authentication Examples Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/man3/3proxy.cfg.3.html Demonstrates different password types for user authentication: cleartext, crypt-style, and NT password (hex). Double quotes are required if the password contains a '$' sign. ```config users test1:CL:password1 "test2:CR:$1$lFDGlder$pLRb4cU2D7GAT58YQvY49." users test3:NT:BD7DFBF29A93F93C63CB84790DA00E63 ``` -------------------------------- ### Mutual TLS (mTLS) Example Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/plugins/SSLPlugin.html Creates an HTTPS proxy that requires client certificate authentication. Ensure the CA file is correctly specified for verification. ```plaintext ssl_server_cert /path/to/server.crt ssl_server_key /path/to/server.key ssl_server_ca_file /path/to/ca.crt ssl_server_verify ssl_serv proxy -p3128 ``` -------------------------------- ### Using Encrypted Password in 3proxy.cfg Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/man8/3proxy_crypt.8.html Example of how to use a generated BLAKE2b password hash (prefixed with CR:) in the 3proxy configuration file with the 'users' directive. ```bash users user1:CR:$3$MySalt$... ``` -------------------------------- ### Connect Back Proxy Configuration (External) Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/howtoe.html Configure the external 3proxy instance to accept connections from the internal proxy. This setup allows the internal proxy to establish a connection to the external network through this instance. ```config auth iponly allow * * 1.1.1.1 tcppm -R0.0.0.0:1234 3128 1.1.1.1 3128 ``` -------------------------------- ### TransparentPlugin Configuration Example Source: https://github.com/3proxy/3proxy.github.io/blob/main/plugins/TransparentPlugin/index.html This configuration enables the TransparentPlugin to act as a transparent proxy. It sets up logging, allows access on port 80, defines a parent HTTP proxy, and then configures a parent SOCKSv5 proxy for transparent traffic. Traffic redirected to LOCAL_IP:12345 will be routed through the SOCKSv5 proxy. ```plaintext plugin /path/to/TransparentPlugin.ld.so transparent_plugin log /path/to/log auth iponly allow * * * allow * 80 parent 1000 http 0.0.0.0 0 allow * parent 1000 socks5 SOCKS5_IP SOCKS5_PORT USER PASSWORD transparent tcppm -iLOCAL_IP 12345 127.0.0.1 11111 notransparent proxy ``` -------------------------------- ### Example Traffic Correction Rules Source: https://github.com/3proxy/3proxy.github.io/blob/main/plugins/TrafficPlugin/index.html Demonstrates the application of traffic correction rules. The first rule for socks5 with port 6112 uses a coefficient of 4.5, and a general rule for socks5 uses 1.1. ```config trafcorrect m socks5 6112 4.5 trafcorrect m socks5 * 1.1 ``` -------------------------------- ### Connect Back Proxy Configuration (Internal) Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/howtoe.html Configure the internal 3proxy instance to connect back to an external network. This setup is used when the proxy server is not directly accessible from the external network but can initiate outbound connections. ```config users user:CL:password auth strong allow user proxy -rhost.dyndns.example.org:1234 ``` -------------------------------- ### Compile 3proxy with CMake on Windows (Visual Studio) Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/howtoe.html Generate a Visual Studio solution file for Windows compilation. Specify the generator and architecture. Binaries are placed in the build/bin/ directory. ```bash cmake -G "Visual Studio 17 2022" -A x64 .. cmake --build . --config Release ``` -------------------------------- ### Build and Run Minimal 3proxy Docker Image Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/howtoe.html Build a minimal static 3proxy Docker image and run it, providing configuration via stdin. The port 3129 is exposed. ```docker docker build -f Dockerfile.minimal -t 3proxy.minimal . docker run -i -p 3129:3129 --name 3proxy 3proxy.minimal ``` -------------------------------- ### Parent Proxy with IP and Port Modification Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/man3/3proxy.cfg.3.html Example showing how to modify only the IP or port of the original request when redirecting to a parent proxy. ```3proxy parent 1000 http 1.2.3.4 0 ``` -------------------------------- ### Generate Client Private Key Source: https://github.com/3proxy/3proxy.github.io/blob/main/howtoe.html Generates a 2048-bit RSA private key for a client. This key is used for client authentication in mTLS setups. ```bash openssl genrsa -out client1.key 2048 ``` -------------------------------- ### Remove 3proxy Service from Windows Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/howtoe.html Remove the 3proxy service from Windows. Stop the service first, then run the remove command. The installation directory can then be safely deleted. ```batch cd C:\Program Files\3proxy net stop 3proxy 3proxy.exe --remove ``` -------------------------------- ### Control 3proxy Service on Windows Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/howtoe.html Manage the 3proxy service on Windows NT/2000/XP using the 'net' command. This allows starting, stopping, pausing, and resuming the service. ```bash net start 3proxy ``` ```bash net stop 3proxy ``` ```bash net pause 3proxy ``` ```bash net continue 3proxy ``` -------------------------------- ### Build and Run Full 3proxy Docker Image Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/howtoe.html Build a full 3proxy Docker image with plugins and run it, mounting a local configuration file to the container. The port 3129 is exposed. ```docker docker build -f Dockerfile.full -t 3proxy.full . docker run -p 3129:3129 -v /path/to/config:/usr/local/3proxy/conf 3proxy.full ``` -------------------------------- ### Configure Windows Authentication Plugin Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/plugins/WindowsAuthentication.html Configure the plugin with the 'plugin' command in 3proxy.cfg. Specify the DLL location and the allowed Windows group. ```config plugin "WindowsAuthentication.dll" WindowsAuthentication "3ProxyAllowedGroup" ``` -------------------------------- ### Compile 3proxy with Makefile on FreeBSD Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/howtoe.html Use the Makefile for compilation on FreeBSD. Ensure GNU make (gmake) is used if 'make' is not available. Binaries are placed in the bin/ directory. ```bash ln -sf Makefile.FreeBSD Makefile make ``` -------------------------------- ### Incorrect Rule Order Example Source: https://github.com/3proxy/3proxy.github.io/blob/main/plugins/TrafficPlugin/index.html Illustrates an incorrect rule order where a general rule precedes a specific one, preventing the specific rule from ever being applied. ```config trafcorrect m socks5 * 1.1 trafcorrect m socks5 6112 4.5 ``` -------------------------------- ### Configure External Archiver for Logs Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/howtoe.html Sets up an external command to archive log files. EXT is the file extension for archives, and COMMAND/PARAMETERS define the archiving process. ```config archiver EXT COMMAND PARAMETERS ``` -------------------------------- ### Proxy Chaining with Weights Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/man3/3proxy.cfg.3.html Demonstrates how to group proxies using weights for random selection. Proxies with a combined weight of 1000 form a group. ```3proxy allow * parent 500 socks5 192.168.10.1 1080 parent 500 connect 192.168.10.1 3128 ``` -------------------------------- ### Bypass Bandwidth Limit for Specific Traffic Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/howtoe.html Use 'nobandlimin' to exclude specific traffic from bandwidth limitations. This example bypasses the pipe for mail traffic from POP3 servers. ```bash nobandlimin * * * * 110 bandlimin 57600 * 192.168.10.16/32 ``` -------------------------------- ### Define Multiple Users with Cleartext Passwords Source: https://github.com/3proxy/3proxy.github.io/blob/main/howtoe.html Creates user accounts 'admin', 'test', and 'test1' with cleartext passwords. Note the use of ':' as a delimiter. ```bash users admin:CL:bigsecret test:CL:password test1:CL:password1 ``` -------------------------------- ### Compile 3proxy with GCC under Unix/Linux Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/howtoe.html Use the Makefile for compilation on Unix-like systems. This method is common for Linux and FreeBSD. Binaries are placed in the bin/ directory. ```bash ln -sf Makefile.Linux Makefile make ``` -------------------------------- ### HAProxy PROXY Protocol v1 Header Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/man3/3proxy.cfg.3.html Example of using the 'ha' parent type to send HAProxy PROXY protocol v1 header to the parent proxy. This must be the last in the chain. ```3proxy parent 1000 ha ``` -------------------------------- ### Compile 3proxy with Visual C++ Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/howtoe.html Use this command to compile 3proxy on Windows using Visual C++. Ensure you have extracted the source code first. Binaries are placed in the 'bin/' directory. ```bash nmake /f Makefile.msvc ``` -------------------------------- ### Flush Existing ACLs and Start New Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/howtoe.html Resets all current Access Control Lists (ACLs) and prepares for a new set of rules. This command is essential when defining ACLs for different services. ```bash flush ``` -------------------------------- ### Enabling Fakeresolve for Name Resolution Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/howtoe.html The 'fakeresolve' command forces 3proxy to resolve any name to the 127.0.0.2 address. This is useful when you do not want 3proxy to perform name resolution itself, for example, when using it with ACLs. ```config fakeresolve ``` -------------------------------- ### Create PKCS#12 Bundle for Browser Import Source: https://github.com/3proxy/3proxy.github.io/blob/main/howtoe.html Creates a PKCS#12 bundle containing the client's private key, certificate, and CA certificate. This bundle is easily importable into browsers and OS certificate stores. ```bash openssl pkcs12 -export -out client1.p12 \ -inkey client1.key -in client1.crt -certfile ca.crt ``` -------------------------------- ### Enable strong username/password authentication Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/howtoe.html Configure 'auth strong' for authentication using usernames and passwords. Access is denied if the user is not registered. ```3proxy configuration auth strong ``` -------------------------------- ### Scheduling API Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/devel/devref.html This section describes the API for scheduling functions to be called at regular intervals or specific times. It outlines the structure for defining schedules and provides an example of how to add a function to the schedule list. ```APIDOC ## Scheduling API This API allows for the scheduling of functions within 3proxy. ### Data Structures - `struct schedule`: - `void *data`: Pointer passed to scheduled functions. - `ROTATION type`: Defines the frequency of function calls (e.g., MINUTELY). - `start_time`: The time at which the scheduled function should begin execution. ### Function Behavior - Scheduled functions are invoked at intervals defined by `type` after `start_time`. - They are also called upon configuration reload and when the system enters a termination state. - A return value of `1` from a scheduled function indicates it should be removed from the schedule. 3proxy does not free the `struct schedule`. - The schedule list can be empty. The pointer to the schedule list is accessed via `struct schedule ** schedule;` in `pluginlink`. ### Example ```c int myschedfunc(void * data); struct schedule myschedule; myschedule.data = "somethinghere"; myschedule.function = myschedfunc; myschedule.type = MINUTELY; myschedule.starttime = 0; myschedule.next = *pluginlink->schedule; *pluginlink->schedule = myschedule; ``` **Note:** Ensure that the plugin and 3proxy are compiled with the same compiler due to potential differences in `time_t`. ``` -------------------------------- ### Create Client Certificate Extensions File Source: https://github.com/3proxy/3proxy.github.io/blob/main/howtoe.html Defines extensions for the client certificate, specifying key usage for client authentication. This file is used during the certificate signing process. ```bash cat > client.ext << 'EOF' basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment extendedKeyUsage = clientAuth EOF ``` -------------------------------- ### Configure Maximum Connections per Service Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/highload.html Set the 'maxconn' option to define the maximum number of simultaneous connections allowed for each service. The example shows setting maxconn to 1000 for three services. ```plaintext maxconn 1000 proxy -p3129 proxy -p3128 socks ``` -------------------------------- ### Configure Authentication Caching Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/plugins/WindowsAuthentication.html It is recommended to configure authentication caching to prevent excessive workload on the domain controller. This example sets up a 900-second cache for user/pass authentication and enables caching for Windows authentication. ```config authcache user,pass 900 auth cache windows ``` -------------------------------- ### Create HTTPS Proxy Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/howtoe.html Sets up an HTTPS proxy on port 3129 and an HTTP proxy on port 3128. Requires a server certificate and key. The certificate should include Subject Alternative Names. ```bash ssl_server_cert /etc/3proxy/certs/server.crt ssl_server_key /etc/3proxy/certs/server.key ssl_serv proxy -p3129 ssl_noserv proxy -p3128 ``` -------------------------------- ### Configure 3proxy with Parent Extip Rotation (Wildcard) Source: https://github.com/3proxy/3proxy.github.io/blob/main/highload.html This configuration uses 'parent extip' with a wildcard to rotate outgoing IP addresses for all users. ```bash allow * parent 250 extip 1.1.1.1 0 parent 250 extip 2.2.2.2 0 parent 250 extip 3.3.3.3 0 parent 250 extip 4.4.4.4 0 socks ``` -------------------------------- ### Compile 3proxy with CMake on Unix/Linux Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/howtoe.html Use CMake for a cross-platform build. This method is suitable for Linux, macOS, and BSD systems. Binaries are placed in the build/bin/ directory. ```bash mkdir build cd build cmake .. cmake --build . ``` -------------------------------- ### Allow Connections with Specific Criteria Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/howtoe.html Allows connections from any user ('*') originating from any source network ('*') to any target ('*') on any port ('*') at any time. This is a broad rule, typically used as a base or for testing. ```bash allow * * * * * ``` -------------------------------- ### Adjusting Thread Stack Size Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/man5/3proxy.cfg.5.html Modifies the default stack size for threads. This may be necessary for certain plugins or platforms, such as specific FreeBSD versions or Linux with ODBC/PAM support. Start with a positive value like 65536 and adjust as needed. Negative values can be used to reduce memory usage. ```plaintext stacksize ``` -------------------------------- ### Using SNI Proxy with SOCKS for Hostname Detection Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/howtoe.html This setup uses tlspr as a parent in a SOCKS proxy to detect the destination hostname from TLS traffic, even when the client connects via IP. It allows HTTP on port 80 and CONNECT requests, then uses tlspr for other traffic, denying access to specific hosts. ```config allow * * * 80 parent 1000 http 0.0.0.0 0 allow * * * CONNECT parent 1000 tls 0.0.0.0 0 deny * * some.not.allowed.host allow * socks ``` -------------------------------- ### Include User List from External File (Windows) Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/howtoe.html Includes user definitions from a Windows path. Ensure the path is correctly quoted if it contains spaces. ```bash users $"c:\\Program Files\\3proxy\\passwords" ``` -------------------------------- ### Configure File Logging with Rotation Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/howtoe.html Sets up logging to a specified file with daily rotation. The filename can include date-based format specifiers. ```config log c:\\3proxy\\logs\\%y%m%d.log ``` -------------------------------- ### Configure Grace Delay for Reduced System Calls Source: https://github.com/3proxy/3proxy.github.io/blob/main/doc/highload.html Add a grace delay to reduce system calls, especially useful with splice. The example adds a 10ms delay before reading data if the average polling size is below 8000 bytes and 3 read operations have been made in the same direction. Adjust the delay to avoid filling the read pipe/buffer. ```bash proxy -g8000,3,10 ```