aheh/MasterHttpRelayVPN
1
0
Fork 0
mirror of https://github.com/masterking32/MasterHttpRelayVPN.git synced 2026-05-17 21:24:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

Add cross-platform CA auto-installer and production hardening

Browse Source 
- Add cert_installer.py: cross-platform trusted CA installer
  (Windows certutil/PowerShell, macOS security, Linux update-ca-certificates,
  Firefox NSS via certutil/certutil)
- main.py: add --install-cert and --no-cert-check CLI flags; auto-detect and
  auto-install MITM CA on startup when not yet trusted
- mitm.py: rename CA CN/O from 'DomainFront Tunnel' to 'MasterHttpRelayVPN'
- proxy_server.py: downgrade TLS handshake errors to DEBUG to reduce log noise
  for non-HTTPS traffic (MTProto, plain HTTP on non-443 ports)
- README.md / README_FA.md: document new CLI flags, auto-install behaviour,
  and cert_installer.py in project files table
This commit is contained in:
Abolfazl
2026-04-21 04:56:49 +03:30
parent b1b625045a
commit fd22de27ca
6 changed files with 429 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+7
View File
@@ -152,6 +152,8 @@ Firefox uses its own certificate store, so even after OS-level install you need
3. Select `ca/ca.crt` from the project folder.
4. Check **Trust this CA to identify websites** → click **OK**.
> **Auto-install on startup:** When running in `apps_script` mode the proxy will automatically detect if the CA is not yet trusted and attempt to install it for you. If it succeeds you'll see a confirmation in the log; if it fails (e.g. needs administrator rights) it will print instructions. You can also run `python main.py --install-cert` at any time to (re-)install the certificate.
> ⚠️ **Security note:** This certificate only works locally on your machine. Don't share the `ca/` folder with anyone. If you want to start fresh, delete the `ca/` folder and the tool will generate a new one.
---
@@ -222,8 +224,12 @@ python main.py # Normal start
python main.py -p 9090 # Use port 9090 instead
python main.py --log-level DEBUG # Show detailed logs
python main.py -c /path/to/config.json # Use a different config file
python main.py --install-cert # Install MITM CA certificate and exit
python main.py --no-cert-check # Skip automatic CA install check on startup
```
> **Auto-install:** On startup (MITM mode), the proxy automatically checks if the CA certificate is trusted and attempts to install it. Use `--no-cert-check` to skip this. If auto-install fails (e.g. needs elevation), run `python main.py --install-cert` manually or follow Step 6 above.
---
## Architecture
@@ -248,6 +254,7 @@ python main.py -c /path/to/config.json # Use a different config file
| `domain_fronter.py` | Disguises traffic through CDN/Google |
| `h2_transport.py` | Faster connections using HTTP/2 (optional) |
| `mitm.py` | Handles HTTPS certificate generation |
| `cert_installer.py` | Cross-platform CA certificate installer (Windows/macOS/Linux + Firefox) |
| `ws.py` | WebSocket support |
| `Code.gs` | The relay script you deploy to Google Apps Script |
| `config.example.json` | Example config — copy to `config.json` |