Minor logging improvement / code cleanup

Allow to set prefix in cmake, 3proxy_ by default

.github/workflows/build-rpm-arm64.yml

@@ -0,0 +1,71 @@
+name: RPM/DEB build aarch64
+
+on:
+  push:
+    branches: [ "master", "test-ci" ]
+    paths: [ 'RELEASE', '.github/workflows/build-rpm-arm64.yml' ]
+
+jobs:
+  ci:
+    name: "${{ matrix.target }}"
+    strategy:
+      matrix:
+        target:
+          - ubuntu-24.04-arm
+    runs-on: ${{ matrix.target }}
+    steps:
+    - uses: actions/checkout@v5
+    - name: env
+      run: |
+       pwd
+       echo "RELEASE=$(cat RELEASE)" >> $GITHUB_ENV
+       echo "VERSION=$(date +%y%m%d%H%M%S)" >> $GITHUB_ENV
+       echo "MAJOR=$(cat RELEASE | cut -d "-" -f 1)" >> $GITHUB_ENV
+       echo "SUBMAJOR=$(cat RELEASE | cut -d "-" -f 2)" >> $GITHUB_ENV
+       echo "MINOR=$(cat RELEASE | cut -d "-" -f 3)" >> $GITHUB_ENV
+    - name: echo env
+      run: echo "release $RELEASE version $VERSION major $MAJOR submajor $SUBMAJOR minor $MINOR"
+    - name: Linux libraries
+      run: |
+       sudo apt update
+       sudo apt install libssl-dev libpam-dev libpcre2-dev rpm build-essential debhelper
+    - name: configure rpm env
+      run: |
+       mkdir ~/debian
+       mkdir -p ~/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
+       tar -czf ~/rpmbuild/SOURCES/3proxy-$RELEASE.tar.gz --transform "s,^,3proxy-$RELEASE/," .
+       ln -s ~/rpmbuild/SOURCES/3proxy-$RELEASE.tar.gz ~/rpmbuild/SOURCES/$RELEASE.tar.gz
+       cp scripts/rh/3proxy.spec ~/rpmbuild/SPECS/3proxy-$RELEASE.spec
+       cp ~/rpmbuild/SOURCES/3proxy-$RELEASE.tar.gz ~/debian/3proxy_$RELEASE.orig.tar.gz
+    - name: rpmbuild
+      run: |
+       ret=`pwd`
+       cd ~/rpmbuild/SPECS
+       rpmbuild -ba 3proxy-$RELEASE.spec
+       cd $ret
+       mv ~/rpmbuild/RPMS/aarch64/3proxy-$RELEASE-1.aarch64.rpm 3proxy-$RELEASE.arm64.rpm
+    - name: Get artifact arp
+      uses: actions/upload-artifact@v6
+      with:
+       name: "3proxy-${{ env.RELEASE }}-arm64.rpm"
+       path: "*.rpm"
+    - name: debbuild
+      run: |
+        ret=`pwd`
+        cd ~/debian/
+        tar xzf 3proxy_$RELEASE.orig.tar.gz
+        cd 3proxy-$RELEASE
+        echo "3proxy ($RELEASE-$VERSION) buster; urgency=medium" >debian/changelog
+        echo " " >>debian/changelog
+        echo "  *3proxy $RELEASE build" >>debian/changelog
+        echo " " >>debian/changelog
+        echo " -- z3APA3A <3apa3a@3proxy.org>  "`date "+%a, %d %b %Y %H:%M:%S %z"` >>debian/changelog
+        echo "">>debian/changelog
+        dpkg-buildpackage
+        cd $ret
+        cp ~/debian/3proxy_$RELEASE-"$VERSION"_arm64.deb ./3proxy-$RELEASE.arm64.deb
+    - name: Get artifact deb
+      uses: actions/upload-artifact@v6
+      with:
+       name: "3proxy-${{ env.RELEASE }}-arm64.deb"
+       path: "*.deb"

.github/workflows/build-rpm-armhf.yml

@@ -0,0 +1,104 @@
+name: RPM/DEB build armhf
+
+on:
+  push:
+    branches: [ "master", "test-ci" ]
+    paths: [ 'RELEASE', '.github/workflows/build-rpm-armhf.yml' ]
+
+jobs:
+  ci:
+    name: "${{ matrix.target }}"
+    strategy:
+      matrix:
+        target:
+          - ubuntu-latest
+    runs-on: ${{ matrix.target }}
+    steps:
+    - uses: actions/checkout@v5
+    - name: env
+      run: |
+       pwd
+       echo "RELEASE=$(cat RELEASE)" >> $GITHUB_ENV
+       echo "VERSION=$(date +%y%m%d%H%M%S)" >> $GITHUB_ENV
+       echo "MAJOR=$(cat RELEASE | cut -d "-" -f 1)" >> $GITHUB_ENV
+       echo "SUBMAJOR=$(cat RELEASE | cut -d "-" -f 2)" >> $GITHUB_ENV
+       echo "MINOR=$(cat RELEASE | cut -d "-" -f 3)" >> $GITHUB_ENV
+    - name: Linux libraries
+      run: |
+       sudo apt update
+       sudo dpkg --add-architecture armhf
+       echo "Types: deb" > ~/ubuntu.sources
+       echo "URIs: http://archive.ubuntu.com/ubuntu/" >> ~/ubuntu.sources 
+       echo "Suites: noble noble-updates noble-backports" >> ~/ubuntu.sources 
+       echo "Components: main restricted universe multiverse" >> ~/ubuntu.sources 
+       echo "Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg" >> ~/ubuntu.sources 
+       echo "Architectures: amd64" >> ~/ubuntu.sources 
+       echo "" >> ~/ubuntu.sources 
+       echo "Types: deb" >> ~/ubuntu.sources 
+       echo "URIs: http://security.ubuntu.com/ubuntu/" >> ~/ubuntu.sources 
+       echo "Suites: noble-security" >> ~/ubuntu.sources 
+       echo "Components: main restricted universe multiverse" >> ~/ubuntu.sources 
+       echo "Architectures: amd64" >> ~/ubuntu.sources 
+       echo "Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg" >> ~/ubuntu.sources 
+       echo "" >> ~/ubuntu.sources 
+       echo "Types: deb" >>~/ubuntu.sources 
+       echo "URIs: http://ports.ubuntu.com/ubuntu-ports/" >>~/ubuntu.sources
+       echo "Suites: noble noble-updates" >>~/ubuntu.sources
+       echo "Components: main restricted universe multiverse" >>~/ubuntu.sources
+       echo "Architectures: armhf" >>~/ubuntu.sources
+       echo "Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg" >>~/ubuntu.sources
+       sudo cp ~/ubuntu.sources /etc/apt/sources.list.d/ubuntu.sources
+       sudo apt update
+       sudo apt install libssl3t64:armhf openssl:armhf libssl-dev:armhf libpam0g:armhf libpam0g-dev:armhf libpcre2-dev:armhf rpm crossbuild-essential-armhf build-essential debhelper
+    - name: configure rpm env
+      run: |
+       mkdir ~/debian
+       mkdir -p ~/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
+       tar -czf ~/rpmbuild/SOURCES/3proxy-$RELEASE.tar.gz --transform "s,^,3proxy-$RELEASE/," .
+       ln -s ~/rpmbuild/SOURCES/3proxy-$RELEASE.tar.gz ~/rpmbuild/SOURCES/$RELEASE.tar.gz
+       cp scripts/rh/3proxy.spec ~/rpmbuild/SPECS/3proxy-$RELEASE.spec
+       cp ~/rpmbuild/SOURCES/3proxy-$RELEASE.tar.gz ~/debian/3proxy_$RELEASE.orig.tar.gz
+    - name: rpmbuild
+      run: |
+       ret=`pwd`
+       cd ~/rpmbuild/SPECS
+       PATH=/usr/arm-linux-gnueabihf/bin:$PATH
+       export PATH=$PATH
+       CC=arm-linux-gnueabihf-gcc
+       export CC=$CC
+       export RPATH=/usr/arm-linux-gnueabihf/lib:$RPATH
+       export LD_LIBRARY_PATH=/usr/arm-linux-gnueabihf/lib:$LD_LIBRARY_PATH
+       rpmbuild -ba --define "PAMLIB pam0g" --define "_arch arm" --define "cross yes" --target=arm-linux-gnueabi 3proxy-$RELEASE.spec
+       cd $ret
+       mv ~/rpmbuild/RPMS/arm/3proxy-$RELEASE-1.arm.rpm 3proxy-$RELEASE.arm.rpm
+    - name: Get artifact
+      uses: actions/upload-artifact@v6
+      with:
+       name: "3proxy-${{ env.RELEASE }}-arm.rpm"
+       path: "*.rpm"
+    - name: debbuild
+      run: |
+        ret=`pwd`
+        cd ~/debian/
+        tar xzf 3proxy_$RELEASE.orig.tar.gz
+        cd 3proxy-$RELEASE
+        echo "3proxy ($RELEASE-$VERSION) buster; urgency=medium" >debian/changelog
+        echo " " >>debian/changelog
+        echo "  *3proxy $RELEASE build" >>debian/changelog
+        echo " " >>debian/changelog
+        echo " -- z3APA3A <3apa3a@3proxy.org>  "`date "+%a, %d %b %Y %H:%M:%S %z"` >>debian/changelog
+        echo "">>debian/changelog
+        PATH=/usr/arm-linux-gnueabihf/bin:$PATH
+        export PATH=$PATH
+        CC=arm-linux-gnueabihf-gcc
+        export CC=$CC
+        export RPATH=/usr/arm-linux-gnueabihf/lib:$RPATH
+        export LD_LIBRARY_PATH=/usr/arm-linux-gnueabihf/lib:$LD_LIBRARY_PATH
+        dpkg-buildpackage
+        cd $ret
+        cp ~/debian/3proxy_$RELEASE-"$VERSION"_armhf.deb ./3proxy-$RELEASE.arm.deb
+    - name: Get artifact deb
+      uses: actions/upload-artifact@v6
+      with:
+       name: "3proxy-${{ env.RELEASE }}-arm.deb"
+       path: "*.deb"

.github/workflows/build-rpm-x86-64.yml

@@ -0,0 +1,72 @@
+name: RPM/DEB build x86-64
+
+on:
+  push:
+    branches: [ "master", "test-ci" ]
+    paths: [ 'RELEASE', '.github/workflows/build-rpm-x86-64.yml' ]
+
+jobs:
+  ci:
+    name: "${{ matrix.target }}"
+    strategy:
+      matrix:
+        target:
+          - ubuntu-latest
+    runs-on: ${{ matrix.target }}
+    steps:
+    - uses: actions/checkout@v5
+    - name: env
+      run: |
+       pwd
+       echo "RELEASE=$(cat RELEASE)" >> $GITHUB_ENV
+       echo "VERSION=$(date +%y%m%d%H%M%S)" >> $GITHUB_ENV
+       echo "MAJOR=$(cat RELEASE | cut -d "-" -f 1)" >> $GITHUB_ENV
+       echo "SUBMAJOR=$(cat RELEASE | cut -d "-" -f 2)" >> $GITHUB_ENV
+       echo "MINOR=$(cat RELEASE | cut -d "-" -f 3)" >> $GITHUB_ENV
+    - name: echo env
+      run: echo "release $RELEASE version $VERSION major $MAJOR submajor $SUBMAJOR minor $MINOR"
+    - name: Linux libraries
+      run: |
+       sudo apt update
+       sudo apt install libssl-dev libpam-dev libpcre2-dev rpm build-essential debhelper
+    - name: configure rpm/deb env
+      run: |
+       mkdir ~/debian
+       mkdir -p ~/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
+       tar -czf ~/rpmbuild/SOURCES/3proxy-$RELEASE.tar.gz --transform "s,^,3proxy-$RELEASE/," .
+       ln -s ~/rpmbuild/SOURCES/3proxy-$RELEASE.tar.gz ~/rpmbuild/SOURCES/$RELEASE.tar.gz
+       cp scripts/rh/3proxy.spec ~/rpmbuild/SPECS/3proxy-$RELEASE.spec
+       cp ~/rpmbuild/SOURCES/3proxy-$RELEASE.tar.gz ~/debian/3proxy_$RELEASE.orig.tar.gz
+    - name: rpmbuild
+      run: |
+       ret=`pwd`
+       cd ~/rpmbuild/SPECS
+       rpmbuild -ba 3proxy-$RELEASE.spec
+       cd $ret
+       mv ~/rpmbuild/RPMS/x86_64/3proxy-$RELEASE-1.x86_64.rpm 3proxy-$RELEASE.x86_64.rpm
+    - name: Get artifact rpm
+      uses: actions/upload-artifact@v6
+      with:
+       name: "3proxy-${{ env.RELEASE }}-x86_64.rpm"
+       path: "*.rpm"
+    - name: debbuild
+      run: |
+        ret=`pwd`
+        cd ~/debian/
+        tar xzf 3proxy_$RELEASE.orig.tar.gz
+        cd 3proxy-$RELEASE
+        echo "3proxy ($RELEASE-$VERSION) buster; urgency=medium" >debian/changelog
+        echo " " >>debian/changelog
+        echo "  *3proxy $RELEASE build" >>debian/changelog
+        echo " " >>debian/changelog
+        echo " -- z3APA3A <3apa3a@3proxy.org>  "`date "+%a, %d %b %Y %H:%M:%S %z"` >>debian/changelog
+        echo "">>debian/changelog
+        dpkg-buildpackage
+        cd $ret
+        cp ~/debian/3proxy_$RELEASE-"$VERSION"_amd64.deb ./3proxy-$RELEASE.x86_64.deb
+    - name: Get artifact deb
+      uses: actions/upload-artifact@v6
+      with:
+       name: "3proxy-${{ env.RELEASE }}-x86_64.deb"
+       path: "*.deb"
+

.github/workflows/build-watcom.yml

@@ -0,0 +1,70 @@
+name: Build Win32 3proxy-lite with Watcom
+
+on:
+  push:
+    branches: [ "master" ]
+    paths: [ 'RELEASE', '.github/workflows/build-watcom.yml' ]
+
+jobs:
+  ci:
+    name: "${{ matrix.target }}"
+    strategy:
+      matrix:
+        target:
+          - windows-2022
+    runs-on: ${{ matrix.target }}
+    steps:
+    - uses: actions/checkout@v5
+#    - name: configure
+#      run: ./configure
+    - name: Setup Open Watcom
+      uses: open-watcom/setup-watcom@v0
+    - name: set date
+      run: |
+       $NOW = Get-Date -Format "yyMMddHHmmss"
+       echo "now: $NOW"
+       $RELEASE = Get-Content -Path "RELEASE" -Raw
+       echo "release: $RELEASE"
+       echo "RELEASE=$RELEASE" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
+       echo "VERSION=/D `"VERSION=\`"3proxy-$RELEASE\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
+       echo "BUILDDATE=/D `"BUILDDATE=\`"$NOW\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
+    - name: make Watcom
+      shell: cmd
+      run: |
+       echo "volatile char VerSion[]=^"3APA3A-3proxy-Internal-Build: 3proxy-%RELEASE%-%NOW%\r\nCode certificate: https://3proxy.org/3proxy.cer\r\n^";" >>src/3proxy.c
+       nmake /F Makefile.watcom
+    - name: make dist dir
+      shell: cmd
+      run: |
+       mkdir dist
+       mkdir dist\3proxy
+       mkdir dist\3proxy\bin
+       mkdir dist\3proxy\cfg
+       mkdir dist\3proxy\cfg\sql
+       mkdir dist\3proxy\doc
+       mkdir dist\3proxy\doc\ru
+       mkdir dist\3proxy\doc\html
+       mkdir dist\3proxy\doc\html\plugins
+       mkdir dist\3proxy\doc\html\man5
+       mkdir dist\3proxy\doc\html\man8
+       mkdir dist\3proxy\doc\devel
+       copy bin\3proxy.exe dist\3proxy\bin\
+       copy bin\*.dll dist\3proxy\bin\
+       copy bin\mycrypt.exe  dist\3proxy\bin\
+       copy cfg\*.* dist\3proxy\cfg\
+       copy cfg\sql\*.*  dist\3proxy\cfg\sql\
+       copy doc\ru\*.*  dist\3proxy\doc\ru\
+       copy doc\html\*.* dist\3proxy\doc\html\
+       copy doc\html\plugins\*.* dist\3proxy\doc\html\plugins\
+       copy doc\html\man8\*.* dist\3proxy\doc\html\man8\
+       copy doc\html\man5\*.* dist\3proxy\doc\html\man5\
+       copy doc\devel\*.rtf dist\3proxy\doc\devel\
+       copy copying dist\3proxy\
+       copy authors dist\3proxy\
+       copy README dist\3proxy\
+       copy rus.3ps dist\3proxy\
+    - name: Get artifact
+      uses: actions/upload-artifact@v6
+      with:
+       name: "3proxy-${{ env.RELEASE }}-lite"
+       path: dist/

.github/workflows/build-win32.yml

@@ -0,0 +1,76 @@
+name: Build Win32 3proxy with MSVC
+
+on:
+  push:
+    branches: [ "master" ]
+    paths: [ 'RELEASE', '.github/workflows/build-win32.yml' ]
+
+jobs:
+  ci:
+    name: "${{ matrix.target }}"
+    strategy:
+      matrix:
+        target:
+          - windows-2022
+    runs-on: ${{ matrix.target }}
+    steps:
+    - uses: actions/checkout@v5
+#    - name: configure
+#      run: ./configure
+    - name: set date
+      run: |
+       $NOW = Get-Date -Format "yyMMddHHmmss"
+       $RELEASE = Get-Content -Path "RELEASE" -Raw
+       echo "RELEASE=$RELEASE" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
+       echo "VERSION=/D `"VERSION=\`"3proxy-$RELEASE\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
+       echo "BUILDDATE=/D `"BUILDDATE=\`"$NOW\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
+    - name: install packages
+      run: vcpkg install pcre2:x86-windows-static openssl:x86-windows-static
+    - name: Add msbuild to PATH
+      uses: microsoft/setup-msbuild@v3
+    - name: make Windows MSVC
+      if: ${{ startsWith(matrix.target, 'windows') }}
+      shell: cmd
+      run: |
+       call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars32.bat"
+       D:
+       cd "D:/a/3proxy/3proxy"
+       set "LIB=%LIB%;c:/vcpkg/installed/x86-windows-static/lib"
+       set "INCLUDE=%INCLUDE%;c:/vcpkg/installed/x86-windows-static/include"
+       echo "volatile char VerSion[]=^"3APA3A-3proxy-Internal-Build: 3proxy-%RELEASE%-%NOW%\r\nCode certificate: https://3proxy.org/3proxy.cer\r\n^";" >>src/3proxy.c
+       nmake /F Makefile.msvc
+    - name: make dist dir
+      shell: cmd
+      run: |
+       mkdir dist
+       mkdir dist\3proxy
+       mkdir dist\3proxy\bin
+       mkdir dist\3proxy\cfg
+       mkdir dist\3proxy\cfg\sql
+       mkdir dist\3proxy\doc
+       mkdir dist\3proxy\doc\ru
+       mkdir dist\3proxy\doc\html
+       mkdir dist\3proxy\doc\html\plugins
+       mkdir dist\3proxy\doc\html\man5
+       mkdir dist\3proxy\doc\html\man8
+       mkdir dist\3proxy\doc\devel
+       copy bin\3proxy.exe dist\3proxy\bin\
+       copy bin\*.dll dist\3proxy\bin\
+       copy bin\mycrypt.exe  dist\3proxy\bin\
+       copy cfg\*.* dist\3proxy\cfg\
+       copy cfg\sql\*.*  dist\3proxy\cfg\sql\
+       copy doc\ru\*.*  dist\3proxy\doc\ru\
+       copy doc\html\*.* dist\3proxy\doc\html\
+       copy doc\html\plugins\*.* dist\3proxy\doc\html\plugins\
+       copy doc\html\man8\*.* dist\3proxy\doc\html\man8\
+       copy doc\html\man5\*.* dist\3proxy\doc\html\man5\
+       copy doc\devel\*.rtf dist\3proxy\doc\devel\
+       copy copying dist\3proxy\
+       copy authors dist\3proxy\
+       copy README dist\3proxy\
+       copy rus.3ps dist\3proxy\
+    - name: Get artifact
+      uses: actions/upload-artifact@v6
+      with:
+       name: "3proxy-${{ env.RELEASE }}"
+       path: dist/

.github/workflows/build-win64.yml

@@ -0,0 +1,78 @@
+name: Build Win64 3proxy with MSVC
+
+on:
+  push:
+    branches: [ "master" ]
+    paths: [ 'RELEASE', '.github/workflows/build-win64.yml' ]
+
+jobs:
+  ci:
+    name: "${{ matrix.target }}"
+    strategy:
+      matrix:
+        target:
+          - windows-2022
+    runs-on: ${{ matrix.target }}
+    steps:
+    - uses: actions/checkout@v5
+#    - name: configure
+#      run: ./configure
+    - name: set date
+      run: |
+       $NOW = Get-Date -Format "yyMMddHHmmss"
+       $RELEASE = Get-Content -Path "RELEASE" -Raw
+       echo "NOW=$NOW" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
+       echo "RELEASE=$RELEASE" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
+       echo "VERSION=/D `"VERSION=\`"3proxy-$RELEASE\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
+       echo "BUILDDATE=/D `"BUILDDATE=\`"$NOW\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
+    - name: install packages
+      run: vcpkg install pcre2:x64-windows-static openssl:x64-windows-static
+    - name: Add msbuild to PATH
+      uses: microsoft/setup-msbuild@v3
+    - name: make Windows MSVC
+      if: ${{ startsWith(matrix.target, 'windows') }}
+      shell: cmd
+      run: |
+       call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
+       D:
+       cd "D:/a/3proxy/3proxy"
+       set "LIB=%LIB%;c:/vcpkg/installed/x64-windows-static/lib"
+       set "INCLUDE=%INCLUDE%;c:/vcpkg/installed/x64-windows-static/include"
+       echo "volatile char VerSion[]=^"3APA3A-3proxy-Internal-Build: 3proxy-%RELEASE%-%NOW%\r\nCode certificate: https://3proxy.org/3proxy.cer\r\n^";" >>src/3proxy.c
+       echo %NOW% / %RELEASE% / %BUILDDATE% / %VERSION%
+       nmake /F Makefile.msvc
+    - name: make dist dir
+      shell: cmd
+      run: |
+       mkdir dist
+       mkdir dist\3proxy
+       mkdir dist\3proxy\bin64
+       mkdir dist\3proxy\cfg
+       mkdir dist\3proxy\cfg\sql
+       mkdir dist\3proxy\doc
+       mkdir dist\3proxy\doc\ru
+       mkdir dist\3proxy\doc\html
+       mkdir dist\3proxy\doc\html\plugins
+       mkdir dist\3proxy\doc\html\man5
+       mkdir dist\3proxy\doc\html\man8
+       mkdir dist\3proxy\doc\devel
+       copy bin\3proxy.exe dist\3proxy\bin64\
+       copy bin\*.dll dist\3proxy\bin64\
+       copy bin\mycrypt.exe  dist\3proxy\bin64\
+       copy cfg\*.* dist\3proxy\cfg\
+       copy cfg\sql\*.*  dist\3proxy\cfg\sql\
+       copy doc\ru\*.*  dist\3proxy\doc\ru\
+       copy doc\html\*.* dist\3proxy\doc\html\
+       copy doc\html\plugins\*.* dist\3proxy\doc\html\plugins\
+       copy doc\html\man8\*.* dist\3proxy\doc\html\man8\
+       copy doc\html\man5\*.* dist\3proxy\doc\html\man5\
+       copy doc\devel\*.rtf dist\3proxy\doc\devel\
+       copy copying dist\3proxy\
+       copy authors dist\3proxy\
+       copy README dist\3proxy\
+       copy rus.3ps dist\3proxy\
+    - name: Get artifact
+      uses: actions/upload-artifact@v6
+      with:
+       name: "3proxy-${{ env.RELEASE }}-x64"
+       path: dist/

.github/workflows/build-winarm64.yml

@@ -0,0 +1,76 @@
+name: Build Win-arm64 3proxy with MSVC
+
+on:
+  push:
+    branches: [ "master" ]
+    paths: [ 'RELEASE', '.github/workflows/build-winarm64.yml' ]
+
+jobs:
+  ci:
+    name: "${{ matrix.target }}"
+    strategy:
+      matrix:
+        target:
+          - windows-2022
+    runs-on: ${{ matrix.target }}
+    steps:
+    - uses: actions/checkout@v5
+#    - name: configure
+#      run: ./configure
+    - name: set date
+      run: |
+       $NOW = Get-Date -Format "yyMMddHHmmss"
+       $RELEASE = Get-Content -Path "RELEASE" -Raw
+       echo "RELEASE=$RELEASE" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
+       echo "VERSION=/D `"VERSION=\`"3proxy-$RELEASE\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
+       echo "BUILDDATE=/D `"BUILDDATE=\`"$NOW\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
+    - name: install packages
+      run: vcpkg install pcre2:arm64-windows-static openssl:arm64-windows-static
+    - name: Add msbuild to PATH
+      uses: microsoft/setup-msbuild@v3
+    - name: make Windows MSVC
+      if: ${{ startsWith(matrix.target, 'windows') }}
+      shell: cmd
+      run: |
+       call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvarsx86_arm64.bat"
+       D:
+       cd "D:/a/3proxy/3proxy"
+       set "LIB=%LIB%;c:/vcpkg/installed/arm64-windows-static/lib"
+       set "INCLUDE=%INCLUDE%;c:/vcpkg/installed/arm64-windows-static/include"
+       echo "volatile char VerSion[]=^"3APA3A-3proxy-Internal-Build: 3proxy-%RELEASE%-%NOW%\r\nCode certificate: https://3proxy.org/3proxy.cer\r\n^";" >>src/3proxy.c
+       nmake /F Makefile.msvc
+    - name: make dist dir
+      shell: cmd
+      run: |
+       mkdir dist
+       mkdir dist\3proxy
+       mkdir dist\3proxy\bin64
+       mkdir dist\3proxy\cfg
+       mkdir dist\3proxy\cfg\sql
+       mkdir dist\3proxy\doc
+       mkdir dist\3proxy\doc\ru
+       mkdir dist\3proxy\doc\html
+       mkdir dist\3proxy\doc\html\plugins
+       mkdir dist\3proxy\doc\html\man5
+       mkdir dist\3proxy\doc\html\man8
+       mkdir dist\3proxy\doc\devel
+       copy bin\3proxy.exe dist\3proxy\bin64\
+       copy bin\*.dll dist\3proxy\bin64\
+       copy bin\mycrypt.exe  dist\3proxy\bin64\
+       copy cfg\*.* dist\3proxy\cfg\
+       copy cfg\sql\*.*  dist\3proxy\cfg\sql\
+       copy doc\ru\*.*  dist\3proxy\doc\ru\
+       copy doc\html\*.* dist\3proxy\doc\html\
+       copy doc\html\plugins\*.* dist\3proxy\doc\html\plugins\
+       copy doc\html\man8\*.* dist\3proxy\doc\html\man8\
+       copy doc\html\man5\*.* dist\3proxy\doc\html\man5\
+       copy doc\devel\*.rtf dist\3proxy\doc\devel\
+       copy copying dist\3proxy\
+       copy authors dist\3proxy\
+       copy README dist\3proxy\
+       copy rus.3ps dist\3proxy\
+    - name: Get artifact
+      uses: actions/upload-artifact@v6
+      with:
+       name: "3proxy-${{ env.RELEASE }}-arm64"
+       path: dist/

.github/workflows/c-cpp-Linux.yml

@@ -0,0 +1,34 @@
+name: C/C++ CI Linux
+
+on:
+  push:
+    branches: [ "master" ]
+    paths: [ '**.c', '**.h', 'Makefile.Linux', '.github/configs', '.github/workflows/c-cpp-Linux.yml' ]
+  pull_request:
+    branches: [ "master" ]
+    paths: [ '**.c', '**.h', 'Makefile.Linux', '.github/configs', '.github/workflows/c-cpp-Linux.yml' ]
+
+jobs:
+  ci:
+    name: "${{ matrix.target }}"
+    strategy:
+      matrix:
+        target:
+          - ubuntu-latest
+          - ubuntu-24.04-arm
+    runs-on: ${{ matrix.target }}
+    steps:
+    - uses: actions/checkout@v5
+#    - name: configure
+#      run: ./configure
+    - name: Linux libraries
+      if: ${{ startsWith(matrix.target, 'ubuntu') }}
+      run: sudo apt install libssl-dev libpam-dev libpcre2-dev
+    - name: make
+      run: make -f Makefile.Linux
+    - name: mkdir
+      run: mkdir ~/3proxy
+    - name: make install
+      run: make -f Makefile.Linux DESTDIR=~/3proxy install
+    - name: make clean Linux
+      run: make -f Makefile.Linux clean

.github/workflows/c-cpp-MacOS.yml

@@ -0,0 +1,31 @@
+name: C/C++ CI MacOS
+
+on:
+  push:
+    branches: [ "master" ]
+    paths: [ '**.c', '**.h', 'Makefile.FreeBSD', '.github/configs', '.github/workflows/c-cpp-MacOS.yml' ]
+  pull_request:
+    branches: [ "master" ]
+    paths: [ '**.c', '**.h', 'Makefile.FreeBSD', '.github/configs', '.github/workflows/c-cpp-MacOS.yml' ]
+
+jobs:
+  ci:
+    name: "${{ matrix.target }}"
+    strategy:
+      matrix:
+        target:
+          - macos-15
+    runs-on: ${{ matrix.target }}
+    steps:
+    - uses: actions/checkout@v5
+#    - name: configure
+#      run: ./configure
+    - name: Mac libraries
+      run: brew install pcre2
+    - name: make MacOS
+      run: make -f Makefile.FreeBSD
+      env:
+       LDFLAGS: "-L/usr/local/lib -L/opt/homebrew/lib -L/opt/homebrew/opt/openssl/lib"
+       CFLAGS: "-I/usr/local/include -I/opt/homebrew/include -I/usr/local/opt/openssl/include -I/opt/homebrew/opt/openssl/include"
+    - name: make clean MacOS
+      run: make -f Makefile.FreeBSD clean

.github/workflows/c-cpp-Windows.yml

@@ -0,0 +1,41 @@
+name: C/C++ CI Windows
+
+on:
+  push:
+    branches: [ "master" ]
+    paths: [ '**.c', '**.h', 'Makefile.msvc', '.github/configs', '.github/workflows/c-cpp-Windows.yml' ]
+  pull_request:
+    branches: [ "master" ]
+    paths: [ '**.c', '**.h', 'Makefile.msvc', '.github/configs', '.github/workflows/c-cpp-Windows.yml' ]
+
+jobs:
+  ci:
+    name: "${{ matrix.target }}"
+    strategy:
+      matrix:
+        target:
+          - windows-2022
+    runs-on: ${{ matrix.target }}
+    steps:
+    - uses: actions/checkout@v5
+    - name: install Windows libraries
+      run: vcpkg install pcre2:x64-windows && c:\msys64\usr\bin\pacman.exe -S --noconfirm mingw-w64-x86_64-pcre2 mingw-w64-x86_64-openssl
+    - name: make Windows
+      run: make -f Makefile.win
+      env:
+       LDFLAGS: '-L "c:/msys64/mingw64/lib"'
+       CFLAGS: '-I "c:/msys64/mingw64/include"'
+    - name: make clean Windows
+      run: make -f Makefile.win clean
+    - name: Add msbuild to PATH
+      uses: microsoft/setup-msbuild@v3
+    - name: make Windows MSVC
+      shell: cmd
+      run: |
+       call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
+       D:
+       cd "D:/a/3proxy/3proxy"
+       set "LIB=%LIB%;c:/program files/openssl/lib/VC/x64/MT;c:/vcpkg/installed/x64-windows/lib"
+       set "INCLUDE=%INCLUDE%;c:/program files/openssl/include;c:/vcpkg/installed/x64-windows/include"
+       nmake /F Makefile.msvc
+       nmake /F Makefile.msvc clean

.github/workflows/c-cpp-cmake.yml

@@ -0,0 +1,57 @@
+name: C/C++ CI cmake
+
+on:
+  push:
+    branches: [ "master", "unix_socket" ]
+    paths: [ '**.c', '**.h', '**.cmake', 'CMakeLists.txt', '.github/configs', '.github/workflows/c-cpp-cmake.yml' ]
+  pull_request:
+    branches: [ "master" ]
+    paths: [ '**.c', '**.h', '**.cmake', 'CMakeLists.txt', '.github/configs', '.github/workflows/c-cpp-cmake.yml' ]
+
+jobs:
+  ci:
+    name: "${{ matrix.target }}"
+    strategy:
+      matrix:
+        target:
+          - ubuntu-latest
+          - ubuntu-24.04-arm
+          - macos-15
+          - windows-2022
+    runs-on: ${{ matrix.target }}
+    steps:
+    - uses: actions/checkout@v5
+#    - name: configure
+#      run: ./configure
+    - name: Linux libraries
+      if: ${{ startsWith(matrix.target, 'ubuntu') }}
+      run: sudo apt install libssl-dev libpam-dev libpcre2-dev
+    - name: Mac libraries
+      if: ${{ startsWith(matrix.target, 'macos') }}
+      run: brew install pcre2
+    - name: install Windows libraries
+      if: ${{ startsWith(matrix.target, 'windows') }}
+      run: vcpkg install pcre2:x64-windows 
+    - name: make with CMake POSIX
+      if: ${{ ! startsWith(matrix.target, 'windows') }}
+      run: |
+       mkdir build
+       cd build
+       cmake ..
+       cmake --build .
+       mkdir ~/3proxy
+       DESTDIR=~/3proxy cmake --install .
+       cd .. && rm -rf build/
+    - name: make with CMake Win
+      if: ${{ startsWith(matrix.target, 'windows') }}
+      shell: cmd
+      run: |
+       mkdir build
+       cd build
+       set "LIB=%LIB%;c:/program files/openssl/lib/VC/x64/MT;c:/vcpkg/installed/x64-windows/lib"
+       set "INCLUDE=%INCLUDE%;c:/program files/openssl/include;c:/vcpkg/installed/x64-windows/include"
+       cmake ..
+       dir
+       cmake --build .
+       cd ..
+       rmdir /s /q build

.gitignore

@@ -21,6 +21,7 @@ bin/pop3p
 bin/smtpp
 bin/ftppr
 bin/mycrypt
+bin/tlspr
 bin64/
 dll/
 tmp/
@@ -51,11 +52,9 @@ src/mycrypt
 src/dighosts
 *.ld.so
 *.dSYM
-doc/html/man3/
-doc/html/man8/
 *.var
 verfile.sh
-Makefile
+/Makefile
 copytgz.sh
 *~.nib
 local.properties
@@ -258,3 +257,14 @@ pip-log.txt
 
 #Mr Developer
 .mr.developer.cfg
+CLAUDE.md
+bin/3proxy_crypt
+bin/3proxy_ftppr
+bin/3proxy_pop3p
+bin/3proxy_proxy
+bin/3proxy_smtpp
+bin/3proxy_socks
+bin/3proxy_tcppm
+bin/3proxy_tlspr
+bin/3proxy_udppm
+build*/*

CHANGELOG

@@ -0,0 +1,11 @@
+3proxy-0.9.6 Released April, 11 2026
+
++ ssl_client and multiple configuration options added to SSLPlugin, SSLPlugin code significantly improved and bugfixed. See https://github.com/3proxy/3proxy/wiki/SSLPlugin. 3proxy can now be used as stunnel replacement for many scenarios.
++ HAProxy proxy protocol v1 support as client and server, add -H option for service to expect HA proxy v1 protocol header, use ha parent type: parent 1000 ha 0.0.0.0 0 to send v1 header.
++ tlspr is supported in auto
++ tlspr supports -s option, it breaks HELLO packet to prevent some DPIs from detecting SNI
++ maxseg configuration option and TCP_MAXSEG socket flag support added. It sets maximum size of TCP segment to fix PathMTU discovery problems
++ -Ne / -Ni options added to specify external / internal NAT address for SOCKSv5
++ cmake environment added
+! External pcre2 (pcre2-8) library is used for PCRE, pcre code is removed from 3proxy
+! Multiple minor bugfixes

CHANGELOG.rus

@@ -0,0 +1,11 @@
+3proxy-0.9.6 Вышел 11 Апреля 2026
+
++ В SSLPlugin добавлены ssl_client и множество опций конфигурации, код SSLPlugin значительно улучшен и исправлен. См. https://github.com/3proxy/3proxy/wiki/SSLPlugin. 3proxy теперь может использоваться как замена stunnel во многих сценариях.
++ Поддержка прокси-протокола HAProxy v1 на стороне клиента и сервера. Добавлена опция -H для сервиса, чтобы ожидать заголовок прокси-протокола HA v1. Используйте тип родителя ha: parent 1000 ha 0.0.0.0 0 для отправки заголовка v1.
++ tlspr поддерживается в режиме auto
++ tlspr поддерживает опцию -s, которая разбивает HELLO-пакет для предотвращения обнаружения SNI некоторыми DPI
++ Добавлена опция конфигурации maxseg и поддержка флага сокета TCP_MAXSEG. Устанавливает максимальный размер TCP-сегмента для решения проблем с обнаружением PathMTU
++ Добавлены опции -Ne / -Ni для указания внешнего/внутреннего NAT-адреса для SOCKSv5
++ Добавлено окружение cmake
+! Внешняя библиотека pcre2 (pcre2-8) используется для PCRE, код pcre удалён из 3proxy
+! Множество мелких исправлений ошибок

CMakeLists.txt

@@ -0,0 +1,864 @@
+#
+# 3proxy CMake build system
+#
+
+cmake_minimum_required(VERSION 3.16)
+
+# Read version from RELEASE file
+file(STRINGS "${CMAKE_CURRENT_SOURCE_DIR}/RELEASE" PROJECT_VERSION LIMIT_COUNT 1)
+
+project(3proxy
+    VERSION ${PROJECT_VERSION}
+    LANGUAGES C
+    DESCRIPTION "3proxy - tiny free proxy server"
+)
+
+# Include GNUInstallDirs for standard installation directories
+include(GNUInstallDirs)
+
+# Add cmake module path
+list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake")
+
+# Detect compiler
+if(CMAKE_C_COMPILER_ID STREQUAL "Clang" OR CMAKE_C_COMPILER_ID STREQUAL "AppleClang")
+    set(COMPILER_IS_CLANG TRUE)
+    if(WIN32 AND CMAKE_C_COMPILER_FRONTEND_VARIANT STREQUAL "MSVC")
+        set(COMPILER_IS_CLANG_CL TRUE)
+    else()
+        set(COMPILER_IS_CLANG_CL FALSE)
+    endif()
+else()
+    set(COMPILER_IS_CLANG FALSE)
+    set(COMPILER_IS_CLANG_CL FALSE)
+endif()
+
+if(CMAKE_C_COMPILER_ID STREQUAL "GNU")
+    set(COMPILER_IS_GCC TRUE)
+else()
+    set(COMPILER_IS_GCC FALSE)
+endif()
+
+if(MSVC AND NOT COMPILER_IS_CLANG_CL)
+    set(COMPILER_IS_MSVC TRUE)
+else()
+    set(COMPILER_IS_MSVC FALSE)
+endif()
+
+# Options
+option(3PROXY_BUILD_SHARED "Build shared libraries for plugins" ON)
+option(3PROXY_USE_OPENSSL "Enable TLS/SSL support (requires OpenSSL)" ON)
+option(3PROXY_USE_PCRE2 "Enable PCRE2 regex filtering" ON)
+option(3PROXY_USE_PAM "Enable PAM/PamAuth" ON)
+option(3PROXY_USE_ODBC "Enable ODBC support (Unix only, always ON on Windows)" OFF)
+option(3PROXY_USE_SPLICE "Use Linux splice() for zero-copy (Linux only)" ON)
+option(3PROXY_USE_POLL "Use poll() instead of select() (Unix only)" ON)
+option(3PROXY_USE_WSAPOLL "Use WSAPoll instead of select() (Windows only)" ON)
+option(3PROXY_USE_NETFILTER "Enable Linux netfilter support (Linux only)" ON)
+option(3PROXY_USE_UNIX_SOCKETS "Enable Unix domain socket support (Unix only)" ON)
+
+if(NOT WIN32 AND NOT APPLE)
+    option(3PROXY_STATIC_LINK "Statically link libraries using -Wl,-Bstatic (Linux/Unix only)" OFF)
+endif()
+
+# Binary name prefix for standalone modules and crypt (default: 3proxy_)
+# For crypt: if prefix is empty, "my" is used instead (→ mycrypt)
+set(3PROXY_BINARY_PREFIX "3proxy_" CACHE STRING "Prefix for standalone module and crypt binary names")
+
+# Standalone module build options (OFF by default)
+option(3PROXY_BUILD_ALL   "Build all standalone binaries"   OFF)
+option(3PROXY_BUILD_PROXY  "Build standalone proxy binary"  OFF)
+option(3PROXY_BUILD_SOCKS  "Build standalone socks binary"  OFF)
+option(3PROXY_BUILD_POP3P  "Build standalone pop3p binary"  OFF)
+option(3PROXY_BUILD_SMTPP  "Build standalone smtpp binary"  OFF)
+option(3PROXY_BUILD_FTPPR  "Build standalone ftppr binary"  OFF)
+option(3PROXY_BUILD_TCPPM  "Build standalone tcppm binary"  OFF)
+option(3PROXY_BUILD_UDPPM  "Build standalone udppm binary"  OFF)
+option(3PROXY_BUILD_TLSPR  "Build standalone tlspr binary"  OFF)
+
+if(3PROXY_BUILD_ALL)
+    foreach(_M PROXY SOCKS POP3P SMTPP FTPPR TCPPM UDPPM TLSPR)
+        set(3PROXY_BUILD_${_M} ON)
+    endforeach()
+endif()
+
+# Output directory
+set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/bin)
+
+# Find threads library (cross-platform pthread equivalent)
+find_package(Threads REQUIRED)
+
+# Set default build type if not specified
+if(NOT CMAKE_BUILD_TYPE)
+    set(CMAKE_BUILD_TYPE Release CACHE STRING "Build type" FORCE)
+endif()
+
+# Platform-independent position independent code for shared libraries
+set(CMAKE_POSITION_INDEPENDENT_CODE ON)
+
+# Platform detection and configuration
+if(WIN32)
+    # Windows-specific configuration
+    add_compile_definitions(
+        WIN32
+        _WIN32
+        _MBCS
+        _CONSOLE
+    )
+
+    if(COMPILER_IS_MSVC)
+        # MSVC-specific settings
+        add_compile_definitions(
+            MSVC
+        )
+        # Use static runtime library
+        set(CMAKE_MSVC_RUNTIME_LIBRARY "MultiThreaded$<$<CONFIG:Debug>:Debug>")
+        # MSVC compiler options
+        add_compile_options(
+            /W3           # Warning level 3
+            /GS           # Buffer security check
+            /GA           # Optimize for Windows applications
+            /GF           # Enable string pooling
+        )
+        # Optimization flags per build type
+        set(CMAKE_C_FLAGS_RELEASE "/O2")
+
+    elseif(COMPILER_IS_CLANG_CL)
+        # clang-cl (Clang with MSVC frontend)
+        add_compile_definitions(
+            MSVC
+        )
+        set(CMAKE_MSVC_RUNTIME_LIBRARY "MultiThreaded$<$<CONFIG:Debug>:Debug>")
+        add_compile_options(
+            -W3
+            -fno-strict-aliasing
+        )
+
+    elseif(COMPILER_IS_CLANG OR COMPILER_IS_GCC)
+        # Clang or GCC on Windows (MinGW-like)
+        add_compile_definitions(WITH_STD_MALLOC)
+        add_compile_options(-fno-strict-aliasing)
+
+    elseif(WATCOM)
+        # OpenWatcom-specific flags
+        add_compile_definitions(
+            WATCOM
+            MSVC
+            NOIPV6
+            NODEBUG
+            NORADIUS
+        )
+    endif()
+
+    # Windows libraries
+    set(WINDOWS_LIBS ws2_32 advapi32 user32 kernel32 gdi32 crypt32)
+
+    # Windows plugins (always built)
+    set(DEFAULT_PLUGINS
+        utf8tocp1251
+        WindowsAuthentication
+        TrafficPlugin
+        StringsPlugin
+        FilePlugin
+    )
+
+elseif(CMAKE_SYSTEM_NAME STREQUAL "Linux")
+    # Linux-specific configuration
+    add_compile_definitions(
+        _GNU_SOURCE
+        GETHOSTBYNAME_R
+        _THREAD_SAFE
+        _REENTRANT
+    )
+
+    if(COMPILER_IS_CLANG OR COMPILER_IS_GCC)
+        # Clang/GCC on Linux
+        add_compile_options(-fno-strict-aliasing)
+    endif()
+
+    if(3PROXY_USE_SPLICE)
+        add_compile_definitions(WITHSPLICE)
+    endif()
+
+    if(3PROXY_USE_NETFILTER)
+        add_compile_definitions(WITH_NETFILTER)
+    endif()
+
+    if(3PROXY_USE_UNIX_SOCKETS)
+        add_compile_definitions(WITH_UN)
+    endif()
+
+    set(DEFAULT_PLUGINS
+        StringsPlugin
+        TrafficPlugin
+        TransparentPlugin
+        FilePlugin
+    )
+
+elseif(CMAKE_SYSTEM_NAME MATCHES "FreeBSD|Darwin|OpenBSD|NetBSD")
+    # BSD/macOS-specific configuration
+    if(CMAKE_SYSTEM_NAME STREQUAL "Darwin")
+        # macOS-specific
+        add_compile_definitions(_DARWIN_UNLIMITED_SELECT)
+    endif()
+
+    if(COMPILER_IS_CLANG OR COMPILER_IS_GCC)
+        add_compile_options(-fno-strict-aliasing)
+    endif()
+
+    if(3PROXY_USE_UNIX_SOCKETS)
+        add_compile_definitions(WITH_UN)
+    endif()
+
+    set(DEFAULT_PLUGINS
+        StringsPlugin
+        TrafficPlugin
+        TransparentPlugin
+        FilePlugin
+    )
+
+else()
+    # Generic Unix configuration
+    if(COMPILER_IS_CLANG OR COMPILER_IS_GCC)
+        add_compile_options(-fno-strict-aliasing)
+    endif()
+
+    if(3PROXY_USE_UNIX_SOCKETS)
+        add_compile_definitions(WITH_UN)
+    endif()
+
+    set(DEFAULT_PLUGINS
+        StringsPlugin
+        TrafficPlugin
+        TransparentPlugin
+        FilePlugin
+    )
+endif()
+
+# Common definitions
+if(WIN32)
+    # Windows: use WSAPOLL
+    if(3PROXY_USE_WSAPOLL)
+        add_compile_definitions(WITH_WSAPOLL)
+    else()
+        add_compile_definitions(FD_SETSIZE=4096)
+    endif()
+else()
+    # Unix: use poll
+    if(3PROXY_USE_POLL)
+        add_compile_definitions(WITH_POLL)
+    else()
+        add_compile_definitions(FD_SETSIZE=4096)
+    endif()
+endif()
+
+# Find dependencies
+
+# OpenSSL
+set(OPENSSL_FOUND FALSE)
+if(3PROXY_USE_OPENSSL)
+    find_package(OpenSSL REQUIRED)
+    if(OpenSSL_FOUND)
+        set(OPENSSL_FOUND TRUE)
+        add_compile_definitions(WITH_SSL)
+        message(STATUS "OpenSSL found: ${OPENSSL_VERSION}")
+    endif()
+else()
+    message(STATUS "OpenSSL disabled by user request")
+endif()
+
+# PCRE2
+set(PCRE2_FOUND FALSE)
+if(3PROXY_USE_PCRE2)
+    find_package(PCRE2 QUIET)
+    if(PCRE2_FOUND)
+        add_compile_definitions(WITH_PCRE)
+        message(STATUS "PCRE2 found: ${PCRE2_VERSION}")
+    else()
+        message(STATUS "PCRE2 not found, PCRE support will not be built")
+    endif()
+endif()
+
+# PAM (Unix only)
+set(PAM_FOUND FALSE)
+if(3PROXY_USE_PAM AND NOT WIN32)
+    find_package(PAM QUIET)
+    if(PAM_FOUND)
+        message(STATUS "PAM found")
+    else()
+        message(STATUS "PAM not found, PamAuth will not be built")
+    endif()
+endif()
+
+# ODBC (always enabled on Windows)
+set(ODBC_FOUND FALSE)
+if(WIN32 OR 3PROXY_USE_ODBC)
+    find_package(ODBC QUIET)
+    if(ODBC_FOUND)
+        message(STATUS "ODBC found")
+    else()
+        message(STATUS "ODBC not found, building without ODBC support")
+    endif()
+endif()
+
+# Define WITH_ODBC when ODBC is available
+if(ODBC_FOUND)
+    add_compile_definitions(WITH_ODBC)
+endif()
+
+# Set NORADIUS if OpenSSL is not available (RADIUS requires MD5 from OpenSSL)
+if(NOT OPENSSL_FOUND)
+    add_compile_definitions(NORADIUS)
+endif()
+
+# Source files for 3proxy core
+set(3PROXY_CORE_SOURCES
+    src/3proxy.c
+    src/auth.c
+    src/acl.c
+    src/limiter.c
+    src/redirect.c
+    src/authradius.c
+    src/hash.c
+    src/hashtables.c
+    src/resolve.c
+    src/sql.c
+    src/conf.c
+    src/datatypes.c
+    src/plugins.c
+    src/stringtable.c
+)
+
+# BLAKE2 source for 3proxy_crypt
+set(MD_SOURCES
+    src/libs/blake2b-ref.c
+)
+
+# ============================================================================
+# Object libraries for common sources (shared between executables)
+# ============================================================================
+
+# Common object library (sockmap, sockgetchar, common, log)
+add_library(common_obj OBJECT
+    src/sockmap.c
+    src/sockgetchar.c
+    src/common.c
+    src/log.c
+)
+target_include_directories(common_obj PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src)
+
+# base64 object library
+add_library(base64_obj OBJECT src/base64.c)
+target_include_directories(base64_obj PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src)
+
+# ============================================================================
+# Object libraries for 3proxy (compiled WITHOUT WITHMAIN)
+# These are used by the main 3proxy executable
+# ============================================================================
+
+# Server modules object library (without WITHMAIN, without UDP)
+add_library(srv_modules OBJECT
+    src/proxy.c
+    src/pop3p.c
+    src/smtpp.c
+    src/ftppr.c
+    src/tcppm.c
+    src/tlspr.c
+    src/auto.c
+    src/socks.c
+    src/webadmin.c
+    src/dnspr.c
+)
+
+target_include_directories(srv_modules PRIVATE
+    ${CMAKE_CURRENT_SOURCE_DIR}/src
+)
+# UDP port mapper server module (without WITHMAIN)
+add_library(srvudppm_obj OBJECT src/udppm.c)
+target_include_directories(srvudppm_obj PRIVATE
+    ${CMAKE_CURRENT_SOURCE_DIR}/src
+)
+
+# UDP socket relay (used by 3proxy, socks, udppm)
+add_library(udpsockmap_obj OBJECT src/udpsockmap.c)
+target_include_directories(udpsockmap_obj PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src)
+
+# mainfunc object (proxymain.c compiled with MODULEMAINFUNC=mainfunc for 3proxy)
+add_library(mainfunc OBJECT src/proxymain.c)
+target_include_directories(mainfunc PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src)
+target_compile_definitions(mainfunc PRIVATE MODULEMAINFUNC=mainfunc)
+
+# ftp object (used only by 3proxy and ftppr)
+add_library(ftp_obj OBJECT src/ftp.c)
+target_include_directories(ftp_obj PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src)
+
+# 3proxy_crypt object for 3proxy (without WITHMAIN)
+add_library(3proxy_crypt_obj OBJECT src/3proxy_crypt.c)
+target_include_directories(3proxy_crypt_obj PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src)
+if(OpenSSL_FOUND)
+    target_include_directories(3proxy_crypt_obj PRIVATE ${OPENSSL_INCLUDE_DIR})
+endif()
+
+# ============================================================================
+# Main 3proxy executable
+# Uses srv_* object files (without WITHMAIN)
+# ============================================================================
+
+add_executable(3proxy
+    ${3PROXY_CORE_SOURCES}
+    $<TARGET_OBJECTS:srv_modules>
+    $<TARGET_OBJECTS:srvudppm_obj>
+    $<TARGET_OBJECTS:mainfunc>
+    $<TARGET_OBJECTS:common_obj>
+    $<TARGET_OBJECTS:udpsockmap_obj>
+    $<TARGET_OBJECTS:base64_obj>
+    $<TARGET_OBJECTS:ftp_obj>
+    $<TARGET_OBJECTS:3proxy_crypt_obj>
+)
+target_sources(3proxy PRIVATE ${MD_SOURCES})
+
+if(OpenSSL_FOUND)
+    target_sources(3proxy PRIVATE src/ssllib.c src/ssl.c)
+endif()
+
+if(PCRE2_FOUND)
+    target_sources(3proxy PRIVATE src/pcre.c)
+endif()
+
+target_include_directories(3proxy PRIVATE
+    ${CMAKE_CURRENT_SOURCE_DIR}/src
+    ${CMAKE_CURRENT_SOURCE_DIR}/src/libs
+)
+if(OpenSSL_FOUND)
+    target_include_directories(3proxy PRIVATE ${OPENSSL_INCLUDE_DIR})
+endif()
+if(PCRE2_FOUND)
+    target_include_directories(3proxy PRIVATE ${PCRE2_INCLUDE_DIRS})
+endif()
+
+target_link_libraries(3proxy PRIVATE Threads::Threads)
+
+if(ODBC_FOUND)
+    if(TARGET ODBC::ODBC)
+        target_link_libraries(3proxy PRIVATE ODBC::ODBC)
+    else()
+        target_link_libraries(3proxy PRIVATE ${ODBC_LIBRARIES})
+    endif()
+endif()
+
+# OpenSSL linking
+if(OpenSSL_FOUND)
+    if(3PROXY_STATIC_LINK)
+        # Will be linked statically below (if static libraries are found)
+    else()
+        target_link_libraries(3proxy PRIVATE OpenSSL::SSL OpenSSL::Crypto)
+    endif()
+endif()
+
+# PCRE2 linking
+if(PCRE2_FOUND)
+    if(3PROXY_STATIC_LINK)
+        # Will be linked statically below (if static libraries are found)
+    elseif(TARGET PCRE2::PCRE2)
+        target_link_libraries(3proxy PRIVATE PCRE2::PCRE2)
+    else()
+        target_link_libraries(3proxy PRIVATE ${PCRE2_LIBRARIES})
+    endif()
+endif()
+
+# Static linking of OpenSSL and PCRE2 (when option is enabled)
+if(3PROXY_STATIC_LINK AND (OpenSSL_FOUND OR PCRE2_FOUND))
+    set(_saved_cmake_find_library_suffixes ${CMAKE_FIND_LIBRARY_SUFFIXES})
+    set(CMAKE_FIND_LIBRARY_SUFFIXES ".a")
+
+    set(_static_libs "")
+
+    if(OpenSSL_FOUND)
+        find_library(_ssl_static_lib ssl)
+        find_library(_crypto_static_lib crypto)
+        if(_ssl_static_lib AND _crypto_static_lib)
+            list(APPEND _static_libs ${_ssl_static_lib} ${_crypto_static_lib})
+        endif()
+    endif()
+
+    if(PCRE2_FOUND)
+        find_library(_pcre2_static_lib NAMES pcre2-8)
+        if(_pcre2_static_lib)
+            list(APPEND _static_libs ${_pcre2_static_lib})
+        endif()
+    endif()
+
+    set(CMAKE_FIND_LIBRARY_SUFFIXES ${_saved_cmake_find_library_suffixes})
+
+    if(_static_libs)
+        target_link_libraries(3proxy PRIVATE -Wl,-Bstatic ${_static_libs} -Wl,-Bdynamic)
+        message(STATUS "Static linking enabled for OpenSSL/PCRE2")
+    else()
+        message(WARNING "3PROXY_STATIC_LINK is ON but static libraries not found, falling back to dynamic")
+        if(OpenSSL_FOUND)
+            target_link_libraries(3proxy PRIVATE OpenSSL::SSL OpenSSL::Crypto)
+        endif()
+        if(PCRE2_FOUND)
+            if(TARGET PCRE2::PCRE2)
+                target_link_libraries(3proxy PRIVATE PCRE2::PCRE2)
+            else()
+                target_link_libraries(3proxy PRIVATE ${PCRE2_LIBRARIES})
+            endif()
+        endif()
+    endif()
+endif()
+
+if(WIN32)
+    target_link_libraries(3proxy PRIVATE ${WINDOWS_LIBS})
+    if(COMPILER_IS_MSVC AND EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/3proxy.rc)
+        target_sources(3proxy PRIVATE 3proxy.rc)
+    endif()
+elseif(CMAKE_SYSTEM_NAME STREQUAL "Linux")
+    target_link_libraries(3proxy PRIVATE dl)
+endif()
+
+# Build 3proxy_crypt utility
+add_executable(3proxy_crypt
+    src/3proxy_crypt.c
+    $<TARGET_OBJECTS:base64_obj>
+)
+target_sources(3proxy_crypt PRIVATE ${MD_SOURCES})
+target_compile_definitions(3proxy_crypt PRIVATE WITHMAIN)
+target_include_directories(3proxy_crypt PRIVATE
+    ${CMAKE_CURRENT_SOURCE_DIR}/src
+    ${CMAKE_CURRENT_SOURCE_DIR}/src/libs
+)
+if(OpenSSL_FOUND)
+    target_include_directories(3proxy_crypt PRIVATE ${OPENSSL_INCLUDE_DIR})
+endif()
+target_link_libraries(3proxy_crypt PRIVATE Threads::Threads)
+if(OpenSSL_FOUND)
+    if(3PROXY_STATIC_LINK)
+        set(_saved_cmake_find_library_suffixes ${CMAKE_FIND_LIBRARY_SUFFIXES})
+        set(CMAKE_FIND_LIBRARY_SUFFIXES ".a")
+        find_library(_ssl_static_lib ssl)
+        find_library(_crypto_static_lib crypto)
+        set(CMAKE_FIND_LIBRARY_SUFFIXES ${_saved_cmake_find_library_suffixes})
+        if(_ssl_static_lib AND _crypto_static_lib)
+            target_link_libraries(3proxy_crypt PRIVATE -Wl,-Bstatic ${_ssl_static_lib} ${_crypto_static_lib} -Wl,-Bdynamic)
+            message(STATUS "3proxy_crypt: static OpenSSL")
+        else()
+            message(WARNING "3PROXY_STATIC_LINK is ON but static OpenSSL not found, using dynamic")
+            target_link_libraries(3proxy_crypt PRIVATE OpenSSL::SSL OpenSSL::Crypto)
+        endif()
+    else()
+        target_link_libraries(3proxy_crypt PRIVATE OpenSSL::SSL OpenSSL::Crypto)
+    endif()
+endif()
+if("${3PROXY_BINARY_PREFIX}" STREQUAL "")
+    set_target_properties(3proxy_crypt PROPERTIES OUTPUT_NAME "mycrypt")
+else()
+    set_target_properties(3proxy_crypt PROPERTIES OUTPUT_NAME "${3PROXY_BINARY_PREFIX}crypt")
+endif()
+
+# Build standalone proxy executables
+foreach(PROXY_NAME proxy socks pop3p smtpp ftppr tcppm udppm tlspr)
+    string(TOUPPER "${PROXY_NAME}" _MODULE_OPT)
+    if(NOT 3PROXY_BUILD_${_MODULE_OPT})
+        continue()
+    endif()
+
+    if(PROXY_NAME STREQUAL "ftppr" OR PROXY_NAME STREQUAL "proxy")
+        # ftppr and proxy use ftp_obj
+        add_executable(${PROXY_NAME}
+            src/${PROXY_NAME}.c
+            $<TARGET_OBJECTS:common_obj>
+            $<TARGET_OBJECTS:ftp_obj>
+        )
+    else()
+        add_executable(${PROXY_NAME}
+            src/${PROXY_NAME}.c
+            $<TARGET_OBJECTS:common_obj>
+        )
+    endif()
+
+    set_target_properties(${PROXY_NAME} PROPERTIES
+        OUTPUT_NAME "${3PROXY_BINARY_PREFIX}${PROXY_NAME}"
+    )
+
+    target_include_directories(${PROXY_NAME} PRIVATE
+        ${CMAKE_CURRENT_SOURCE_DIR}/src
+    )
+
+    target_compile_definitions(${PROXY_NAME} PRIVATE
+        WITHMAIN
+        NOPORTMAP
+    )
+
+    if(NOT PROXY_NAME STREQUAL "udppm")
+        target_compile_definitions(${PROXY_NAME} PRIVATE NOUDPMAIN)
+    endif()
+
+    target_link_libraries(${PROXY_NAME} PRIVATE Threads::Threads)
+
+    if(PROXY_NAME STREQUAL "proxy")
+        target_compile_definitions(${PROXY_NAME} PRIVATE ANONYMOUS)
+    endif()
+
+    if(PROXY_NAME STREQUAL "tcppm" OR PROXY_NAME STREQUAL "udppm" OR PROXY_NAME STREQUAL "tlspr")
+        target_compile_definitions(${PROXY_NAME} PRIVATE PORTMAP)
+    endif()
+
+    if(WIN32)
+        target_link_libraries(${PROXY_NAME} PRIVATE ${WINDOWS_LIBS})
+    endif()
+
+    if(PROXY_NAME STREQUAL "proxy" OR PROXY_NAME STREQUAL "smtpp")
+        target_sources(${PROXY_NAME} PRIVATE $<TARGET_OBJECTS:base64_obj>)
+    endif()
+
+    if(PROXY_NAME STREQUAL "udppm")
+        target_sources(${PROXY_NAME} PRIVATE src/hash.c)
+    endif()
+
+    if(PROXY_NAME STREQUAL "socks" OR PROXY_NAME STREQUAL "udppm")
+        target_sources(${PROXY_NAME} PRIVATE src/udpsockmap.c)
+    endif()
+endforeach()
+
+# Plugin output directory
+set(PLUGIN_OUTPUT_DIR ${CMAKE_RUNTIME_OUTPUT_DIRECTORY})
+if(WIN32)
+    set(PLUGIN_SUFFIX ".dll")
+else()
+    set(PLUGIN_SUFFIX ".ld.so")
+endif()
+
+# Include plugin definitions
+include(cmake/plugins.cmake)
+
+# Build plugins
+foreach(PLUGIN ${DEFAULT_PLUGINS})
+    add_subdirectory(src/plugins/${PLUGIN})
+endforeach()
+
+if(PAM_FOUND)
+    add_subdirectory(src/plugins/PamAuth)
+endif()
+
+# Build full list of plugins to be built
+set(ALL_PLUGINS ${DEFAULT_PLUGINS})
+if(PAM_FOUND)
+    list(APPEND ALL_PLUGINS PamAuth)
+endif()
+
+# Installation rules
+install(TARGETS 3proxy 3proxy_crypt
+    RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
+)
+
+foreach(PROXY_NAME proxy socks pop3p smtpp ftppr tcppm udppm tlspr)
+    string(TOUPPER "${PROXY_NAME}" _MODULE_OPT)
+    if(3PROXY_BUILD_${_MODULE_OPT})
+        install(TARGETS ${PROXY_NAME}
+            RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
+        )
+    endif()
+endforeach()
+
+# Install plugins
+file(GLOB PLUGINFILES "${PLUGIN_OUTPUT_DIR}/*${PLUGIN_SUFFIX}")
+if(WIN32)
+    install(FILES
+        ${PLUGINFILES}
+        DESTINATION ${CMAKE_INSTALL_BINDIR}
+    )
+else()
+    install(FILES
+        ${PLUGINFILES}
+        DESTINATION ${CMAKE_INSTALL_LIBDIR}/3proxy
+    )
+endif()
+
+# Install configuration files
+if(NOT WIN32)
+    install(FILES scripts/3proxy.cfg DESTINATION /etc/3proxy)
+    install(FILES scripts/add3proxyuser.sh DESTINATION ${CMAKE_INSTALL_BINDIR})
+endif()
+
+# Install service files (systemd, launchd, init.d, or rc.d)
+if(NOT WIN32)
+    if(CMAKE_SYSTEM_NAME STREQUAL "Darwin")
+        # macOS - install launchd plist
+        configure_file(
+            ${CMAKE_CURRENT_SOURCE_DIR}/scripts/org.3proxy.3proxy.plist.in
+            ${CMAKE_CURRENT_BINARY_DIR}/org.3proxy.3proxy.plist
+            @ONLY
+        )
+        install(FILES ${CMAKE_CURRENT_BINARY_DIR}/org.3proxy.3proxy.plist
+            DESTINATION /Library/LaunchDaemons
+        )
+
+        message(STATUS "  launchd: YES (/Library/LaunchDaemons)")
+    elseif(CMAKE_SYSTEM_NAME MATCHES "FreeBSD|OpenBSD|NetBSD")
+        # BSD - install rc.d script
+        set(RCD_DIR "/usr/local/etc/rc.d")
+
+        configure_file(
+            ${CMAKE_CURRENT_SOURCE_DIR}/scripts/rc.d/3proxy.in
+            ${CMAKE_CURRENT_BINARY_DIR}/3proxy.rc
+            @ONLY
+        )
+        install(FILES ${CMAKE_CURRENT_BINARY_DIR}/3proxy.rc
+            DESTINATION ${RCD_DIR}
+            RENAME 3proxy
+            PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE
+        )
+
+        message(STATUS "  rc.d: YES (${RCD_DIR})")
+    elseif(CMAKE_SYSTEM_NAME STREQUAL "Linux")
+        # Linux - check for systemd
+        find_package(PkgConfig QUIET)
+        if(PkgConfig_FOUND)
+            pkg_check_modules(SYSTEMD QUIET systemd)
+        endif()
+
+        if(SYSTEMD_FOUND)
+            # systemd is available - install systemd service
+            # Get systemd unit directory
+            pkg_get_variable(SYSTEMD_UNIT_DIR systemd systemdsystemunitdir)
+            if(NOT SYSTEMD_UNIT_DIR)
+                # Fallback to common location
+                set(SYSTEMD_UNIT_DIR "/lib/systemd/system")
+            endif()
+
+            # Configure and install systemd service file
+            configure_file(
+                ${CMAKE_CURRENT_SOURCE_DIR}/scripts/3proxy.service.in
+                ${CMAKE_CURRENT_BINARY_DIR}/3proxy.service
+                @ONLY
+            )
+            install(FILES ${CMAKE_CURRENT_BINARY_DIR}/3proxy.service
+                DESTINATION ${SYSTEMD_UNIT_DIR}
+            )
+
+            # Install tmpfiles.d configuration for runtime directory
+            configure_file(
+                ${CMAKE_CURRENT_SOURCE_DIR}/scripts/3proxy.tmpfiles.in
+                ${CMAKE_CURRENT_BINARY_DIR}/3proxy.conf
+                @ONLY
+            )
+            install(FILES ${CMAKE_CURRENT_BINARY_DIR}/3proxy.conf
+                DESTINATION /usr/lib/tmpfiles.d
+            )
+
+            message(STATUS "  systemd: YES (${SYSTEMD_UNIT_DIR})")
+        else()
+            # No systemd - install init.d script
+            configure_file(
+                ${CMAKE_CURRENT_SOURCE_DIR}/scripts/init.d/3proxy.in
+                ${CMAKE_CURRENT_BINARY_DIR}/3proxy.init
+                @ONLY
+            )
+            install(FILES ${CMAKE_CURRENT_BINARY_DIR}/3proxy.init
+                DESTINATION /etc/init.d
+                RENAME 3proxy
+                PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE
+            )
+
+            message(STATUS "  systemd: NO (using init.d)")
+        endif()
+    else()
+        # Other Unix - install init.d script
+        configure_file(
+            ${CMAKE_CURRENT_SOURCE_DIR}/scripts/init.d/3proxy.in
+            ${CMAKE_CURRENT_BINARY_DIR}/3proxy.init
+            @ONLY
+        )
+        install(FILES ${CMAKE_CURRENT_BINARY_DIR}/3proxy.init
+            DESTINATION /etc/init.d
+            RENAME 3proxy
+            PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE
+        )
+
+        message(STATUS "  init.d: YES (/etc/init.d)")
+    endif()
+
+    # Create proxy user and group during installation
+    install(FILES scripts/postinstall.sh
+        DESTINATION ${CMAKE_INSTALL_BINDIR}
+        PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE
+    )
+    install(CODE "
+        execute_process(
+            COMMAND ${CMAKE_INSTALL_FULL_BINDIR}/postinstall.sh
+            RESULT_VARIABLE POSTINSTALL_RESULT
+        )
+    ")
+endif()
+
+# Install man pages
+if(NOT WIN32)
+    # Config man page (section 5) — no prefix
+    file(GLOB MAN5_FILES "${CMAKE_CURRENT_SOURCE_DIR}/man/*.5")
+    install(FILES ${MAN5_FILES} DESTINATION ${CMAKE_INSTALL_MANDIR}/man5)
+    # Main 3proxy man page — no prefix
+    install(FILES "${CMAKE_CURRENT_SOURCE_DIR}/man/3proxy.8"
+        DESTINATION ${CMAKE_INSTALL_MANDIR}/man8
+    )
+    # 3proxy_crypt man page — no prefix (already has 3proxy_)
+    if(EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/man/3proxy_crypt.8")
+        install(FILES "${CMAKE_CURRENT_SOURCE_DIR}/man/3proxy_crypt.8"
+            DESTINATION ${CMAKE_INSTALL_MANDIR}/man8
+        )
+    endif()
+    # Module man pages — installed with binary prefix only if module is built
+    foreach(_MAN proxy socks pop3p smtpp ftppr tcppm udppm tlspr)
+        string(TOUPPER "${_MAN}" _MODULE_OPT)
+        if(3PROXY_BUILD_${_MODULE_OPT})
+            set(_MAN_SRC "${CMAKE_CURRENT_SOURCE_DIR}/man/${_MAN}.8")
+            if(EXISTS "${_MAN_SRC}")
+                install(FILES "${_MAN_SRC}"
+                    DESTINATION ${CMAKE_INSTALL_MANDIR}/man8
+                    RENAME "${3PROXY_BINARY_PREFIX}${_MAN}.8"
+                )
+            endif()
+        endif()
+    endforeach()
+endif()
+
+# Summary
+message(STATUS "")
+message(STATUS "3proxy configuration summary:")
+message(STATUS "  Version: ${PROJECT_VERSION}")
+message(STATUS "  Platform: ${CMAKE_SYSTEM_NAME}")
+message(STATUS "  Compiler: ${CMAKE_C_COMPILER_ID} ${CMAKE_C_COMPILER_VERSION}")
+message(STATUS "  Build type: ${CMAKE_BUILD_TYPE}")
+message(STATUS "")
+message(STATUS "  Options:")
+message(STATUS "    BUILD_SHARED:    ${3PROXY_BUILD_SHARED}")
+message(STATUS "    USE_OPENSSL:     ${3PROXY_USE_OPENSSL}")
+message(STATUS "    USE_PCRE2:       ${3PROXY_USE_PCRE2}")
+message(STATUS "    USE_PAM:         ${3PROXY_USE_PAM}")
+message(STATUS "    USE_ODBC:        ${3PROXY_USE_ODBC}")
+message(STATUS "    USE_POLL:        ${3PROXY_USE_POLL}")
+if(CMAKE_SYSTEM_NAME STREQUAL "Linux")
+    message(STATUS "    USE_SPLICE:      ${3PROXY_USE_SPLICE}")
+    message(STATUS "    USE_NETFILTER:   ${3PROXY_USE_NETFILTER}")
+endif()
+if(NOT WIN32 AND NOT APPLE)
+    message(STATUS "    STATIC_LINK:     ${3PROXY_STATIC_LINK}")
+endif()
+if(WIN32)
+    message(STATUS "    USE_WSAPOLL:     ${3PROXY_USE_WSAPOLL}")
+endif()
+message(STATUS "")
+message(STATUS "  Libraries found:")
+message(STATUS "    OpenSSL: ${OPENSSL_FOUND}")
+message(STATUS "    PCRE2:   ${PCRE2_FOUND}")
+message(STATUS "    PAM:     ${PAM_FOUND}")
+message(STATUS "    ODBC:    ${ODBC_FOUND}")
+message(STATUS "")
+message(STATUS "  Plugins to build: ${ALL_PLUGINS}")
+message(STATUS "")
+message(STATUS "  Standalone modules:")
+message(STATUS "    Binary prefix:   \"${3PROXY_BINARY_PREFIX}\"")
+foreach(_M proxy socks pop3p smtpp ftppr tcppm udppm tlspr)
+    string(TOUPPER "${_M}" _MO)
+    message(STATUS "    BUILD_${_MO}: ${3PROXY_BUILD_${_MO}}")
+endforeach()
+message(STATUS "")

Dockerfile.busybox

@@ -0,0 +1,57 @@
+# 3proxy.full is fully functional 3proxy build based on busybox:glibc
+#
+# Examples are for podman, for docker change 'podman' to 'docker'
+#
+#to build:
+# podman build -f Dockerfile.busybox -t 3proxy.busybox .
+#to run:
+#
+# echo nserver 8.8.8.8 >/path/to/local/config/directory/3proxy.cfg
+# echo proxy -p3129 >>/path/to/local/config/directory/3proxy.cfg
+# podman run --read-only -p 3129:3129 -v /path/to/local/config/directory:/etc/3proxy --name 3proxy.busybox 3proxy.busybox
+#
+# use "log" without pathname in config to log to stdout.
+# plugins are located in /usr/local/3proxy/libexec (/libexec for chroot config)
+# symlinked as /lib and /lib64 in both root and chroot configurations, so no need
+# to specify full path to plugin. SSLPlugin is supported.
+#
+# Since 0.9.6 image is distroless, no reason to use chroot, chroot
+# configuration is supported for compatibility only.
+
+
+FROM docker.io/gcc AS buildenv
+COPY . 3proxy
+RUN cd 3proxy &&\
+ apt --assume-yes update && apt --assume-yes install libssl-dev libpcre2-dev &&\
+ make -f Makefile.Linux &&\
+ strip bin/3proxy &&\
+ strip bin/*so &&\
+ mkdir /dist &&\
+ mkdir /dist/etc &&\
+ mkdir /dist/etc/3proxy &&\
+ mkdir /dist/bin &&\
+ mkdir /dist/usr &&\
+ mkdir /dist/usr/local &&\
+ mkdir /dist/usr/local/3proxy &&\
+ mkdir /dist/usr/local/3proxy/conf &&\
+ mkdir /dist/usr/local/3proxy/libexec &&\
+ cp bin/3proxy /dist/bin &&\
+ cp bin/*.so /dist/usr/local/3proxy/libexec &&\
+ cp scripts/3proxy.cfg.inchroot /dist/etc/3proxy/3proxy.cfg
+RUN cd /dist &&\
+ ln -s /lib lib64 &&\
+ ln -s /lib usr/lib &&\
+ ln -s /lib usr/lib64 &&\
+ cp /lib64/ld-*.so.* /dist/usr/local/3proxy/libexec &&\
+ cp "/lib/`gcc -dumpmachine`"/libdl.so.* /dist/usr/local/3proxy/libexec &&\
+ cp "/lib/`gcc -dumpmachine`"/libcrypto.so.* /dist/usr/local/3proxy/libexec &&\
+ cp "/lib/`gcc -dumpmachine`"/libssl.so.* /dist/usr/local/3proxy/libexec &&\
+ cp "/lib/`gcc -dumpmachine`"/libpcre2-8.so.* /dist/usr/local/3proxy/libexec &&\
+ cp "/lib/`gcc -dumpmachine`"/libz.so.* /dist/usr/local/3proxy/libexec &&\
+ cp "/lib/`gcc -dumpmachine`"/libzstd.so.* /dist/usr/local/3proxy/libexec &&\
+ ls -lR /dist
+
+FROM docker.io/busybox:glibc
+COPY --from=buildenv /dist /
+RUN ln -sf /usr/local/3proxy/libexec/* /lib/ && cd /usr/local/3proxy/ && ln -s libexec lib && ln -s libexec lib64 && mkdir usr && ln -s libexec usr/lib && ln -s libexec usr//lib64
+CMD ["/bin/3proxy", "/etc/3proxy/3proxy.cfg"]

Dockerfile.full

@@ -1,55 +1,66 @@
-# 3proxy.full is fully functional 3proxy build based on busibox:glibc
+# 3proxy.full is fully functional distroless 3proxy build
 #
-#to  build:
-# docker build -f Dockerfile.full -t 3proxy.full .
+# Examples are for podman, for docker change 'podman' to 'docker'
+#
+#to build:
+# podman build -f Dockerfile.full -t 3proxy.full .
 #to run:
-# by default 3proxy uses safe chroot environment with chroot to /usr/local/3proxy with uid/gid 65535/65535 and expects
-# configuration file to be placed in /usr/local/etc/3proxy.
-# Paths in configuration file must be relative to /usr/local/3proxy, that is use /logs instead of 
-# /usr/local/3proxy/logs. nserver in chroot is required for DNS resolution. An example:
 #
 # echo nserver 8.8.8.8 >/path/to/local/config/directory/3proxy.cfg
 # echo proxy -p3129 >>/path/to/local/config/directory/3proxy.cfg
-# docker run -p 3129:3129 -v /path/to/local/config/directory:/usr/local/3proxy/conf -name 3proxy.full 3proxy.full
-#
-# /path/to/local/config/directory in this example must conrain 3proxy.cfg
-# if you need 3proxy to be executed without chroot with root permissions, replace /etc/3proxy/3proxy.cfg by e.g. mounting config
-# dir to /etc/3proxy ot by providing config file /etc/3proxy/3proxy.cfg
-# docker run -p 3129:3129 -v /path/to/local/config/directory:/etc/3proxy -name 3proxy.full 3proxy.full
+# podman run --read-only -p 3129:3129 -v /path/to/local/config/directory:/etc/3proxy --name 3proxy.full 3proxy.full
 #
 # use "log" without pathname in config to log to stdout.
-# plugins are located in /usr/local/3proxy/libexec (/libexec for chroot config).
+# plugins are located in /usr/local/3proxy/libexec (/libexec for chroot config)
+# symlinked as /lib and /lib64 in both root and chroot configurations, so no need
+# to specify full path to plugin. SSLPlugin is supported.
+#
+# Since 0.9.6 image is distroless, no reason to use chroot, chroot
+# configuration is supported for compatibility only.
 
 
-FROM gcc AS buildenv
+FROM docker.io/gcc AS buildenv
 COPY . 3proxy
 RUN cd 3proxy &&\
- echo "">> Makefile.Linux &&\
- echo PLUGINS = StringsPlugin TrafficPlugin PCREPlugin TransparentPlugin SSLPlugin>>Makefile.Linux &&\
- echo LIBS = -l:libcrypto.a -l:libssl.a -ldl >>Makefile.Linux &&\
+ apt --assume-yes update && apt --assume-yes install libssl-dev libpcre2-dev &&\
  make -f Makefile.Linux &&\
  strip bin/3proxy &&\
- strip bin/StringsPlugin.ld.so &&\
- strip bin/TrafficPlugin.ld.so &&\
- strip bin/PCREPlugin.ld.so &&\
- strip bin/TransparentPlugin.ld.so &&\
- strip bin/SSLPlugin.ld.so
-
-FROM busybox:glibc
-COPY --from=buildenv /lib/x86_64-linux-gnu/libdl.so.* /lib/
-COPY --from=buildenv 3proxy/bin/3proxy /bin/
-COPY --from=buildenv 3proxy/bin/*.ld.so /usr/local/3proxy/libexec/
-RUN mkdir /usr/local/3proxy/logs &&\
- mkdir /usr/local/3proxy/conf &&\
- chown -R 65535:65535 /usr/local/3proxy &&\
- chmod -R 550  /usr/local/3proxy &&\
- chmod 750  /usr/local/3proxy/logs &&\
- chmod -R 555 /usr/local/3proxy/libexec &&\
- chown -R root /usr/local/3proxy/libexec &&\
- mkdir /etc/3proxy/ &&\
- echo chroot /usr/local/3proxy 65535 65535 >/etc/3proxy/3proxy.cfg &&\
- echo include /conf/3proxy.cfg >>/etc/3proxy/3proxy.cfg &&\
- chmod 440  /etc/3proxy/3proxy.cfg
-
+ mkdir /dist &&\
+ mkdir /dist/etc &&\
+ mkdir /dist/etc/3proxy &&\
+ mkdir /dist/bin &&\
+ mkdir /dist/usr &&\
+ mkdir /dist/usr/local &&\
+ mkdir /dist/usr/local/3proxy &&\
+ mkdir /dist/usr/local/3proxy/libexec &&\
+ mkdir /dist/usr/local/3proxy/conf &&\
+ cp bin/3proxy /dist/bin &&\
+ cp bin/*.so /dist/usr/local/3proxy/libexec &&\
+ cp scripts/3proxy.cfg.inchroot /dist/etc/3proxy/3proxy.cfg
+RUN cd /dist &&\
+ ln -s /usr/local/3proxy/libexec lib64 &&\
+ ln -s /usr/local/3proxy/libexec lib &&\
+ ln -s /usr/local/3proxy/libexec usr/lib &&\
+ ln -s /usr/local/3proxy/libexec usr/lib64 &&\
+ ln -s /usr/local/3proxy/libexec /dist/usr/local/3proxy/libexec/`gcc -dumpmachine` &&\
+ cp /lib64/ld-*.so.* /dist/usr/local/3proxy/libexec &&\
+ cp "/lib/`gcc -dumpmachine`"/libc.so.* /dist/usr/local/3proxy/libexec &&\
+ cp "/lib/`gcc -dumpmachine`"/libdl.so.* /dist/usr/local/3proxy/libexec &&\
+ cp "/lib/`gcc -dumpmachine`"/libcrypto.so.* /dist/usr/local/3proxy/libexec &&\
+ cp "/lib/`gcc -dumpmachine`"/libssl.so.* /dist/usr/local/3proxy/libexec &&\
+ cp "/lib/`gcc -dumpmachine`"/libpcre2-8.so.* /dist/usr/local/3proxy/libexec &&\
+ cp "/lib/`gcc -dumpmachine`"/libz.so.* /dist/usr/local/3proxy/libexec &&\
+ cp "/lib/`gcc -dumpmachine`"/libzstd.so.* /dist/usr/local/3proxy/libexec
+RUN cd /dist/usr/local/3proxy/ &&\
+ ln -s libexec lib &&\
+ ln -s libexec lib64 &&\
+ mkdir usr
+RUN cd /dist/usr/local/3proxy/usr &&\
+ ln -s ../libexec lib &&\
+ ln -s ../libexec lib64 &&\
+ strip /dist/usr/local/3proxy/libexec/*.so &&\
+ ls -lR /dist
 
+FROM scratch
+COPY --from=buildenv /dist /
 CMD ["/bin/3proxy", "/etc/3proxy/3proxy.cfg"]

Dockerfile.minimal

@@ -1,42 +1,38 @@
 # dockerfile for "interactive" minimal 3proxy execution, no configuration mounting is required, configuration
 # is accepted from stdin. Use "end" command to indicate the end of configuration. Use "log" for stdout logging.
 #
-# This is busybox based docker with only 3proxy static executable and empty non-writable "run" directory.
+# Examples are for podman. For docker change 'podman' to 'docker'.
 #
-# "plugin" is not supported
+# This is busybox based docker with only 3proxy static executable.
+#
+# Limitations for minimal version:
+# no support for plugins, IPv6, RADIUS, system resolver.
+# 'nserver' or 'fakeresolve' are mandatory in configuration.
 #
 # Build:
 #
-# docker build -f Dockerfile.minimal -t 3proxy.minimal .
+# podman build -f Dockerfile.minimal -t 3proxy.minimal .
 #
 # Run example:
 #
-# docker run -i -p 3129:3129 --name 3proxy 3proxy.minimal  
+# podman run --read-only -i -p 3129:3129 --name 3proxy 3proxy.minimal  
 #or
-# docker start -i 3proxy
-#<chroot run 65535 65535
+# podman start -ai 3proxy
 #<nserver 8.8.8.8
 #<nscache 65535
 #<log
 #<proxy -p3129
 #<end
 #
-# use "chroot run 65536 65536" in config for safe chroot environment. nserver is required for DNS resolutions in chroot.
 
-
-FROM gcc AS buildenv
-COPY . /3proxy
-RUN cd /3proxy &&\
- echo "">>Makefile.Linux&&\
- echo LDFLAGS = -fPIE -O2 -fno-strict-aliasing -pthread >>Makefile.Linux&&\
- echo PLUGINS = >>Makefile.Linux&&\
- echo LIBS = >>Makefile.Linux&&\
- echo CFLAGS = -g  -fPIC -O2 -fno-strict-aliasing -c -pthread -DWITHSPLICE -D_GNU_SOURCE -DGETHOSTBYNAME_R -D_THREAD_SAFE -D_REENTRANT -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL -DWITH_NETFILTER -DNOPLUGINS >>Makefile.Linux&&\
- make -f Makefile.Linux&&\
+FROM docker.io/gcc AS buildenv
+COPY . 3proxy
+RUN cd 3proxy &&\
+ export "LDFLAGS=-static" &&\
+ export "CFLAGS=-DNOPLUGINS -DNORADIUS -DNOIPV6 -DNOODBC -DNOCRYPT -DNOSTDRESOLVE" &&\
+ make -f Makefile.Linux PLUGINS= LIBS= &&\
  strip bin/3proxy
  
-
-FROM busybox:glibc
-COPY --from=buildenv /3proxy/bin/3proxy /bin/3proxy
-RUN mkdir /run && chmod 555 /run
+FROM scratch
+COPY --from=buildenv 3proxy/bin/3proxy /bin/3proxy
 CMD ["/bin/3proxy"]

Makefile.FreeBSD

@@ -1,25 +1,27 @@
 #
 # 3 proxy Makefile for GCC/Unix
 #
-# You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
-# libraries
-#
-# remove -DNOODBC from CFLAGS and add -lodbc to LDFLAGS to compile with ODBC
+# add -DWITH_ODBC to CFLAGS and -lodbc to LDFLAGS to compile with ODBC
 # library support. Add -DSAFESQL for poorely written ODBC library / drivers.
 
 BUILDDIR = ../bin/
-CC ?= gcc
+PREFIX ?= 3proxy_
+CRYPT_PREFIX ?= $(PREFIX)
+MANDIR ?= /usr/share/man
+CC ?= cc
 
-CFLAGS = -c -O -fno-strict-aliasing -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL
+CFLAGS ?= -O3 -flto
+CFLAGS += -c -fno-strict-aliasing -DFD_SETSIZE=4096 -DWITH_POLL -DWITH_UN
 COUT = -o 
 LN ?= ${CC}
-LDFLAGS = -pthread -O -fno-strict-aliasing 
-# -lpthreads may be reuqired on some platforms instead of -pthreads
+LDFLAGS ?= -flto
+LDFLAGS += -pthread -fno-strict-aliasing 
+# -lpthreads may be reuiured on some platforms instead of -pthreads
 # -ldl or -lld may be required for some platforms
-DCFLAGS = -fPIC
-DLFLAGS = -shared
+DCFLAGS ?= -fPIC
+DLFLAGS ?= -shared
 DLSUFFICS = .so
-LIBS =
+LIBS ?=
 LIBSPREFIX = -l
 LIBSSUFFIX = 
 LNOUT = -o 
@@ -32,27 +34,54 @@ AFTERCLEAN = (find . -type f -name "*.o" -delete && find src/ -type f -name "Mak
 TYPECOMMAND = cat
 COMPATLIBS =
 MAKEFILE = Makefile.FreeBSD
-PLUGINS = StringsPlugin TrafficPlugin PCREPlugin PamAuth TransparentPlugin
+PLUGINS ?= StringsPlugin TrafficPlugin TransparentPlugin FilePlugin
+ifeq ($(STATIC), true)
+    STATIC_PREFIX = -Wl,-Bstatic
+    STATIC_SUFFIX = -Wl,-Bdynamic
+    ZLIB = -lz
+endif
+OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -otestssl testssl.o $(STATIC_PREFIX) -lcrypto -lssl $(ZLIB) $(STATIC_SUFFIX) 2>/dev/null && rm testssl testssl.o && echo true||echo false)
+ifeq ($(OPENSSL_CHECK), true)
+    LIBS += $(STATIC_PREFIX) -l crypto -l ssl $(ZLIB) $(STATIC_SUFFIX)
+    CFLAGS += -DWITH_SSL
+    SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS)
+endif
+PCRE_CHECK = $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpcre.o - 2>/dev/null && $(CC) -o testpcre testpcre.o $(LDFLAGS) -lpcre2-8 2>/dev/null && rm testpcre testpcre.o && echo true||echo false)
+ifeq ($(PCRE_CHECK), true)
+    CFLAGS += -DWITH_PCRE
+    PCRE_OBJS = pcre$(OBJSUFFICS)
+    PCRE_LIBS = $(STATIC_PREFIX) -lpcre2-8 $(STATIC_SUFFIX)
+endif
+PAM_CHECK = $(shell echo "\#include <security/pam_appl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpam.o - 2>/dev/null && $(CC) $(LDFLAGS) -o testpam testpam.o -lpam 2>/dev/null && rm testpam testpam.o && echo true||echo false)
+ifeq ($(PAM_CHECK), true)
+    PLUGINS += PamAuth
+endif
 
 include Makefile.inc
 
 install: all
-	if [ ! -d /usr/local/3proxy/bin ]; then mkdir -p /usr/local/3proxy/bin/; fi
+	if [ ! -d "/usr/local/3proxy/bin" ]; then mkdir -p /usr/local/3proxy/bin/; fi
 	install bin/3proxy /usr/local/3proxy/bin/3proxy
-	install bin/mycrypt /usr/local/3proxy/bin/mycrypt
+	install bin/$(CRYPT_PREFIX)crypt /usr/local/3proxy/bin/$(CRYPT_PREFIX)crypt
+	for f in proxy socks pop3p smtpp ftppr tcppm udppm tlspr; do \
+	  if [ -f bin/$(PREFIX)$$f ]; then install bin/$(PREFIX)$$f /usr/local/3proxy/bin/$(PREFIX)$$f; fi; \
+	done
+	install scripts/rc.d/3proxy /usr/local/etc/rc.d/3proxy
 	install scripts/add3proxyuser.sh /usr/local/3proxy/bin/
-	if [ -s /usr/local/etc/3proxy/3proxy.cfg ]; then
-	echo /usr/local/3proxy/3proxy.cfg already exists
-	else
-	install scripts/3proxy.cfg /usr/local/etc/3proxy/
-	if [ ! -d /var/log/3proxy/ ]; then
-	mkdir /var/log/3proxy/
-	fi
+	if [ -s /usr/local/etc/3proxy/3proxy.cfg ]; then echo /usr/local/3proxy/3proxy.cfg already exists; else install scripts/3proxy.cfg /usr/local/etc/3proxy/; fi
+	if [ ! -d /var/log/3proxy/ ]; then mkdir /var/log/3proxy/; fi
 	touch /usr/local/3proxy/passwd
 	touch /usr/local/3proxy/counters
 	touch /usr/local/3proxy/bandlimiters
+	install -d $(MANDIR)/man8
+	install -m 644 man/3proxy.8 $(MANDIR)/man8/3proxy.8
+	for f in proxy socks pop3p smtpp ftppr tcppm udppm tlspr; do \
+	  if [ -f man/$$f.8 ]; then install -m 644 man/$$f.8 $(MANDIR)/man8/$(PREFIX)$$f.8; fi; \
+	done
+	install -m 644 man/3proxy_crypt.8 $(MANDIR)/man8
+	install -d $(MANDIR)/man5
+	install -m 644 man/3proxy.cfg.5 $(MANDIR)/man5/3proxy.cfg.5
 	echo Run /usr/local/3proxy/bin/add3proxyuser.sh to add \'admin\' user
-	fi
 
 allplugins:
 	@list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ;	cd ../.. ; done

Makefile.Linux

@@ -1,21 +1,22 @@
 #
 # 3 proxy Makefile for GCC/Linux/Cygwin
 #
-# You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
-# libraries
-#
-# remove -DNOODBC from CFLAGS and add -lodbc to LIBS to compile with ODBC
+# add -DWITH_ODBC to CFLAGS and -lodbc to LIBS to compile with ODBC
 # library support. Add -DSAFESQL for poorely written ODBC library / drivers.
 
 BUILDDIR = ../bin/
-CC = gcc
+PREFIX ?= 3proxy_
+CRYPT_PREFIX ?= $(PREFIX)
+CC ?= gcc
 
-CFLAGS = -g  -fPIC -O2 -fno-strict-aliasing -c -pthread -DWITHSPLICE -D_GNU_SOURCE -DGETHOSTBYNAME_R -D_THREAD_SAFE -D_REENTRANT -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL -DWITH_NETFILTER
+CFLAGS ?= -O3 -flto
+CFLAGS += -fPIC -fno-strict-aliasing -c -pthread -DWITHSPLICE -D_GNU_SOURCE -DGETHOSTBYNAME_R -D_THREAD_SAFE -D_REENTRANT -DFD_SETSIZE=4096 -DWITH_POLL -DWITH_NETFILTER -D WITH_UN
 COUT = -o 
-LN = $(CC)
-DCFLAGS = 
-LDFLAGS = -fPIE -O2 -fno-strict-aliasing -pthread
-DLFLAGS = -shared
+LN ?= ${CC}
+DCFLAGS ?= 
+LDFLAGS ?= -flto
+LDFLAGS += -fPIC -O3 -fno-strict-aliasing -pthread
+DLFLAGS ?= -shared
 DLSUFFICS = .ld.so
 # -lpthreads may be reuqired on some platforms instead of -pthreads
 LIBSPREFIX = -l
@@ -33,10 +34,31 @@ MAKEFILE = Makefile.Linux
 # PamAuth requires libpam, you may require pam-devel package to be installed
 # SSLPlugin requires  -lcrypto -lssl
 #LIBS = -lcrypto -lssl -ldl 
-LIBS = -ldl 
+LIBS ?= -ldl 
 #PLUGINS = SSLPlugin StringsPlugin TrafficPlugin PCREPlugin TransparentPlugin PamAuth
-PLUGINS = StringsPlugin TrafficPlugin PCREPlugin TransparentPlugin
+PLUGINS ?= StringsPlugin TrafficPlugin TransparentPlugin FilePlugin
+ifeq ($(STATIC), true)
+    STATIC_PREFIX = -Wl,-Bstatic
+    STATIC_SUFFIX = -Wl,-Bdynamic
+    ZLIB = -lz
+endif
 
+OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -otestssl testssl.o $(STATIC_PREFIX) -lcrypto -lssl $(ZLIB) $(STATIC_SUFFIX) 2>/dev/null && rm testssl testssl.o && echo true||echo false)
+ifeq ($(OPENSSL_CHECK), true)
+    LIBS += $(STATIC_PREFIX) -lcrypto -lssl $(ZLIB) $(STATIC_SUFFIX)
+    CFLAGS += -DWITH_SSL
+    SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS)
+endif
+PCRE_CHECK = $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpcre.o - 2>/dev/null && $(CC) -o testpcre testpcre.o $(LDFLAGS) $(STATIC_PREFIX) -lpcre2-8 $(STATIC_SUFFIX) 2>/dev/null && rm testpcre testpcre.o && echo true||echo false)
+ifeq ($(PCRE_CHECK), true)
+    CFLAGS += -DWITH_PCRE
+    PCRE_OBJS = pcre$(OBJSUFFICS)
+    PCRE_LIBS = $(STATIC_PREFIX) -lpcre2-8 $(STATIC_SUFFIX)
+endif
+PAM_CHECK = $(shell echo "\#include <security/pam_appl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpam.o - 2>/dev/null && $(CC) $(LDFLAGS) -o testpam testpam.o -lpam 2>/dev/null && rm testpam testpam.o && echo true||echo false)
+ifeq ($(PAM_CHECK), true)
+    PLUGINS += PamAuth
+endif
 include Makefile.inc
 
 allplugins:
@@ -52,18 +74,20 @@ INSTALL		= /usr/bin/install
 INSTALL_BIN	= $(INSTALL) -m 755
 INSTALL_DATA	= $(INSTALL) -m 644
 INSTALL_OBJS	= bin/3proxy \
-		  bin/ftppr \
-		  bin/mycrypt \
-		  bin/pop3p \
-		  bin/proxy \
-		  bin/socks \
-		  bin/tcppm \
-		  bin/udppm
+		  bin/$(CRYPT_PREFIX)crypt \
+		  bin/$(PREFIX)ftppr \
+		  bin/$(PREFIX)pop3p \
+		  bin/$(PREFIX)proxy \
+		  bin/$(PREFIX)smtpp \
+		  bin/$(PREFIX)socks \
+		  bin/$(PREFIX)tcppm \
+		  bin/$(PREFIX)tlspr \
+		  bin/$(PREFIX)udppm
 		  
 
 INSTALL_CFG	 = scripts/3proxy.cfg.chroot
-INSTALL_CFG_OBJS = scripts/3proxy.cfg \
-		   scripts/add3proxyuser.sh
+INSTALL_CFG_INCHROOT = scripts/3proxy.cfg.inchroot
+INSTALL_CFG_OBJS = scripts/add3proxyuser.sh
 
 INSTALL_CFG_OBJS2 = counters bandlimiters
 
@@ -72,8 +96,7 @@ INSTALL_SYSTEMD_SCRIPT = scripts/3proxy.service
 
 CHROOTDIR	= $(DESTDIR)$(chroot_prefix)/3proxy
 CHROOTREL	= ../..$(chroot_prefix)/3proxy
-MANDIR1		= $(DESTDIR)$(man_prefix)/man/man1
-MANDIR3		= $(DESTDIR)$(man_prefix)/man/man3
+MANDIR5		= $(DESTDIR)$(man_prefix)/man/man5
 MANDIR8		= $(DESTDIR)$(man_prefix)/man/man8
 BINDIR		= $(DESTDIR)$(exec_prefix)/bin
 ETCDIR		= $(DESTDIR)/etc/3proxy
@@ -89,7 +112,6 @@ install-bin:
 	$(INSTALL_BIN) -d $(BINDIR)
 	$(INSTALL_BIN) -s $(INSTALL_OBJS) $(BINDIR)
 	$(INSTALL_BIN) -s bin/*.ld.so $(CHROOTDIR)/libexec
-	chmod -R a-w $(CHROOTDIR)/libexec
 
 install-etc-dir:
 	$(INSTALL_BIN) -d $(ETCDIR)
@@ -102,11 +124,12 @@ install-chroot-dir:
 	$(INSTALL_BIN) -d $(CHROOTDIR)/libexec
 	chmod -R o-rwx $(CHROOTDIR)
 
-install-etc-default-config:
+install-etc-default-config: install-chroot-dir
 	if [ ! -d $(INSTALL_CFG_DEST) ]; then \
 	   ln -s $(CHROOTREL)/conf $(INSTALL_CFG_DEST); \
 	   $(INSTALL_BIN) $(INSTALL_CFG) $(ETCDIR)/3proxy.cfg; \
 	   $(INSTALL_BIN) $(INSTALL_CFG_OBJS) $(INSTALL_CFG_DEST); \
+	   $(INSTALL_BIN) $(INSTALL_CFG_INCHROOT) $(INSTALL_CFG_DEST)/3proxy.cfg; \
 	fi
 
 install-etc: install-etc-dir install-etc-default-config
@@ -116,10 +139,14 @@ install-etc: install-etc-dir install-etc-default-config
 	done;
 
 install-man:
-	$(INSTALL_BIN) -d $(MANDIR3)
+	$(INSTALL_BIN) -d $(MANDIR5)
 	$(INSTALL_BIN) -d $(MANDIR8)
-	$(INSTALL_DATA) man/*.3 $(MANDIR3)
-	$(INSTALL_DATA) man/*.8 $(MANDIR8)
+	$(INSTALL_DATA) man/3proxy.cfg.5 $(MANDIR5)
+	$(INSTALL_DATA) man/3proxy.8 $(MANDIR8)
+	for f in proxy socks pop3p smtpp ftppr tcppm udppm tlspr; do \
+	  if [ -f man/$$f.8 ]; then $(INSTALL_DATA) man/$$f.8 $(MANDIR8)/$(PREFIX)$$f.8; fi; \
+	done
+	$(INSTALL_DATA) man/3proxy_crypt.8 $(MANDIR8)
 
 install-init:
 	$(INSTALL_BIN) -d $(INITDDIR)
@@ -138,6 +165,6 @@ install-log:
 
 install: install-chroot-dir install-bin install-etc install-log install-man install-run install-init
 	@if [ "$(DESTDIR)" = "" ]; then \
-	 sh scripts/debian/preinst; \
-	 sh scripts/debian/postinst; \
+	 sh debian/preinst; \
+	 sh debian/postinst; \
 	fi

Makefile.Solaris

@@ -1,15 +1,13 @@
 #
 # 3 proxy Makefile for Solaris/SunCC
 #
-# You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
-# libraries
 #
-# remove -DNOODBC from CFLAGS and add -lodbc to LDFLAGS to compile with ODBC
+# add -DWITH_ODBC to CFLAGS and -lodbc to LDFLAGS to compile with ODBC
 # library support. Add -DSAFESQL for poorely written ODBC library / drivers.
 
 BUILDDIR = ../bin/
-CC = cc
-CFLAGS = -xO3 -c -D_SOLARIS -D_THREAD_SAFE -DGETHOSTBYNAME_R -D_REENTRANT -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL
+CC ?= cc
+CFLAGS = -xO3 -c -D_SOLARIS -D_THREAD_SAFE -DGETHOSTBYNAME_R -D_REENTRANT -DFD_SETSIZE=4096 -DWITH_POLL
 COUT = -o ./
 LN = $(CC)
 LDFLAGS = -xO3
@@ -29,7 +27,20 @@ AFTERCLEAN = (find . -type f -name "*.o" -delete && find src/ -type f -name "Mak
 TYPECOMMAND = cat
 COMPATLIBS =
 MAKEFILE = Makefile.Solaris
-PLUGINS = StringsPlugin TrafficPlugin PCREPlugin TransparentPlugin
+PLUGINS = StringsPlugin TrafficPlugin TransparentPlugin FilePlugin
+
+OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -o testssl testssl.o -lcrypto -lssl 2>/dev/null && rm testssl testssl.o && echo true||echo false)
+ifeq ($(OPENSSL_CHECK), true)
+    LIBS += -l crypto -l ssl
+    CFLAGS += -DWITH_SSL
+    SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS)
+endif
+PCRE_CHECK = $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpcre.o - 2>/dev/null && $(CC) -o testpcre testpcre.o $(LDFLAGS) -Wl,-Bstatic -lpcre2-8 -Wl,-Bdynamic 2>/dev/null && rm testpcre testpcre.o && echo true||echo false)
+ifeq ($(PCRE_CHECK), true)
+    CFLAGS += -DWITH_PCRE
+    PCRE_OBJS = pcre$(OBJSUFFICS)
+    PCRE_LIBS = -Wl,-Bstatic -lpcre2-8 -Wl,-Bdynamic
+endif
 
 include Makefile.inc
 

Makefile.Solaris-gcc

@@ -1,38 +0,0 @@
-#
-# 3 proxy Makefile for Solaris/gcc
-#
-# You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
-# libraries
-#
-# remove -DNOODBC from CFLAGS and add -lodbc to LDFLAGS to compile with ODBC
-# library support. Add -DSAFESQL for poorely written ODBC library / drivers.
-
-
-BUILDDIR = ../bin/
-CC = gcc
-CFLAGS = -O2 -fno-strict-aliasing -c -D_SOLARIS -D_THREAD_SAFE -DGETHOSTBYNAME_R -D_REENTRANT -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL
-COUT = -o ./
-LN = $(CC)
-LDFLAGS = -O3
-DCFLAGS = -fPIC
-DLFLAGS = -shared
-DLSUFFICS = .ld.so
-LIBS = -lpthread -lsocket -lnsl -lresolv -ldl
-LIBSPREFIX = -l
-LIBSSUFFIX = 
-LNOUT = -o ./
-EXESUFFICS =
-OBJSUFFICS = .o
-DEFINEOPTION = -D
-COMPFILES = *~
-REMOVECOMMAND = rm -f
-AFTERCLEAN = (find . -type f -name "*.o" -delete && find src/ -type f -name "Makefile.var" -delete && find bin/ -type f -executable -delete) || true
-TYPECOMMAND = cat
-COMPATLIBS =
-MAKEFILE = Makefile.Solaris-gcc
-PLUGINS = StringsPlugin TrafficPlugin PCREPlugin
-
-include Makefile.inc
-
-allplugins:
-	@list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ;	cd ../.. ; done

Makefile.am

@@ -1,2 +0,0 @@
-SUBDIRS = src man
-EXTRA_DIST = doc cfg

Makefile.debug

@@ -1,26 +0,0 @@
-#
-# 3 proxy Makefile for Microsoft Visual C compiler (for both make and nmake)
-#
-# You can try to add /D "WITH_STD_MALLOC" to CFLAGS to use standard malloc
-# libraries
-
-BUILDDIR = ../bin/
-CC = cl
-CFLAGS = /FD /MDd /nologo /W3 /ZI /Wp64 /GS /Gs /RTCsu /EHs- /GA /GF /DEBUG /D "WITH_STD_MALLOC" /D "_DEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32"  /c
-COUT = /Fo
-LN = link
-LDFLAGS = /nologo /subsystem:console /machine:I386 /DEBUG
-LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib
-LNOUT = /out:
-EXESUFFICS = .exe
-OBJSUFFICS = .obj
-DEFINEOPTION = /D 
-COMPFILES = *.pch *.idb
-REMOVECOMMAND = del 2>NUL >NUL
-TYPECOMMAND = type
-COMPATLIBS =
-MAKEFILE = Makefile.debug
-
-include Makefile.inc
-
-allplugins:

Makefile.intl

@@ -1,33 +0,0 @@
-#
-# 3 proxy Makefile for Intel C compiler for Windows (for both make and nmake)
-#
-# You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
-# libraries
-#
-# Add /DSAFESQL to CFLAGS if you are using poorely written/tested ODBC driver
-
-
-BUILDDIR = ../bin/
-CC = icl
-CFLAGS = /nologo /MD /W3 /G6 /GX /O2 /D "WITH_STD_MALLOC" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /Fp"proxy.pch" /YX /FD /c
-COUT = /Fo
-LN = xilink
-LDFLAGS = /nologo /subsystem:console /incremental:no /machine:I386
-LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib
-DLFLAGS = /DLL
-DLSUFFICS = .dll
-LNOUT = /out:
-EXESUFFICS = .exe
-OBJSUFFICS = .obj
-DEFINEOPTION = /D 
-COMPFILES = *.pch *.idb
-REMOVECOMMAND = del 2>NUL
-TYPECOMMAND = type
-COMPATLIBS =
-MAKEFILE = Makefile.intl
-PLUGINS = WindowsAuthentication TrafficPlugin PCREPlugin
-
-include Makefile.inc
-
-allplugins:
-	for /D %%i in ($(PLUGINS)) do (copy Makefile Makefile.var plugins\%%i && cd plugins\%%i && nmake && del *.obj *.idb &&cd ..\..)

Makefile.llvm

@@ -1,37 +0,0 @@
-#
-# 3 proxy Makefile for GCC/windows
-#
-# You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
-# libraries
-#
-# remove -DNOODBC from CFLAGS and add -lodbc to LDFLAGS to compile with ODBC
-# library support
-
-
-BUILDDIR = ../bin/
-CC = clang
-CFLAGS = -O2 -fno-strict-aliasing -c -pthread -static -DWITH_STD_MALLOC -DNOIPV6
-COUT = -o 
-LN = $(CC)
-LDFLAGS = -O2 -fno-strict-aliasing -static -s
-DLFLAGS = -shared
-DLSUFFICS = .dll
-LIBS = -lws2_32 -lodbc32 -ladvapi32
-LIBSPREFIX = -l
-LIBSSUFFIX = 
-LNOUT = -o 
-EXESUFFICS = .exe
-OBJSUFFICS = .o
-DEFINEOPTION = -D
-COMPFILES = *.tmp
-REMOVECOMMAND = rm -f
-AFTERCLEAN = find src/ -type f -name "*.o" -delete && find src/ -type f -name "Makefile.var" -delete && find bin/ -type f -executable -delete
-TYPECOMMAND = cat
-COMPATLIBS =
-MAKEFILE = Makefile.win
-PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin
-
-include Makefile.inc
-
-allplugins:
-	for /D %%i in ($(PLUGINS)) do (copy Makefile plugins\%%i && copy Makefile.var plugins\%%i && cd plugins\%%i && nmake && del *.o &&cd ..\..)

Makefile.msvc

@@ -1,38 +1,38 @@
 #
 # 3 proxy Makefile for Microsoft Visual C compiler (for both make and nmake)
 #
-# You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
-# libraries
 #
+# ODBC support is enabled by default on Windows (/D WITH_ODBC, odbc32.lib)
 # Add /DSAFESQL to CFLAGS if you are using poorely written/tested ODBC driver
 
 BUILDDIR = ../bin/
 CC = cl
-CFLAGS = /nologo /MT /W3 /Ox /GS /EHs- /GA /GF /D "MSVC" /D "WITH_STD_MALLOC" /D "WITH_WSAPOLL" /D "NDEBUG" /D "WIN32" /D "WITH_SSL" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /D "PRINTF_INT64_MODIFIER=\"I64\"" /Fp"proxy.pch" /FD /c $(VERSION) $(BUILDDATE)
+VERSION = $(VERSION)
+BUILDDATE = $(BUILDDATE)
+CFLAGS = /nologo /MT /W3 /Ox /GS /EHs- /GA /GF /D "MSVC"  /D "WITH_WSAPOLL" /D "NDEBUG" /D "WIN32" /D "WITH_SSL" /D "WITH_PCRE" /D "WITH_ODBC" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /Fp"proxy.pch" /FD /c $(BUILDDATE) $(VERSION)
 COUT = /Fo
 LN = link
-LDFLAGS =  /nologo /subsystem:console /incremental:no /machine:I386
+LDFLAGS =  /nologo /subsystem:console /incremental:no
 DLFLAGS = /DLL
 DLSUFFICS = .dll
-LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib libcrypto_static.lib libssl_static.lib
-LIBSOLD = libeay32MT.lib ssleay32MT.lib
-LIBSPREFIX = 
+LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib Crypt32.lib  libcrypto.lib libssl.lib pcre2-8.lib
+LIBSPREFIX =
 LIBSSUFFIX = .lib
-LIBEXT = .lib                                                                                               
+LIBEXT = .lib
 LNOUT = /out:
 EXESUFFICS = .exe
 OBJSUFFICS = .obj
-DEFINEOPTION = /D 
+DEFINEOPTION = /D
 COMPFILES = *.pch *.idb
 REMOVECOMMAND = del
 TYPECOMMAND = type
 COMPATLIBS =
 MAKEFILE = Makefile.msvc
-PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin FilePlugin SSLPlugin
+PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin FilePlugin
+SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS)
+PCRE_OBJS = pcre$(OBJSUFFICS)
 VERFILE = 3proxy.res $(VERFILE)
-VERSION = $(VERSION)
 VERSIONDEP = 3proxy.res $(VERSIONDEP)
-BUILDDATE = $(BUILDDATE)
 AFTERCLEAN = if exist src\*.res (del src\*.res) && if exist src\*.err (del src\*.err)
 
 include Makefile.inc

Makefile.msvc64

@@ -1,46 +0,0 @@
-#
-# 3 proxy Makefile for Microsoft Visual C compiler (for both make and nmake)
-#
-# You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
-# libraries
-#
-# Add /DSAFESQL to CFLAGS if you are using poorely written/tested ODBC driver
-
-BUILDDIR = ../bin64/
-CC = cl
-CFLAGS = /nologo /MT /W3 /Ox /EHs- /GS /GA /GF /D "MSVC" /D "WITH_STD_MALLOC" /D "WITH_SSL" /D "WITH_WSAPOLL" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /D "PRINTF_INT64_MODIFIER=\"I64\"" /Fp"proxy.pch" /FD /c $(VERSION) $(BUILDDATE)
-COUT = /Fo
-LN = link
-LDFLAGS = /nologo /subsystem:console /incremental:no /machine:x64
-DLFLAGS = /DLL
-DLSUFFICS = .dll
-LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib libcrypto_static.lib libssl_static.lib
-LIBSOLD = libeay32.lib ssleay32.lib
-LIBSPREFIX = 
-LIBSSUFFIX = .lib
-LIBEXT = .lib
-LNOUT = /out:
-EXESUFFICS = .exe
-OBJSUFFICS = .obj
-DEFINEOPTION = /D 
-COMPFILES = *.pch *.idb
-REMOVECOMMAND = del 2>NUL >NUL
-TYPECOMMAND = type
-COMPATLIBS =
-VERFILE = 3proxy.res $(VERFILE)
-VERSIONDEP = 3proxy.res $(VERSIONDEP)
-PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin FilePlugin SSLPlugin
-AFTERCLEAN = del src\*.res
-
-include Makefile.inc
-
-3proxy.res:
-	rc 3proxy.rc
-
-3proxyres.obj: ../3proxy.res
-	cvtres /out:3proxyres.obj /machine:x64 ../3proxy.res
-
-
-allplugins:
-	for /D %%i in ($(PLUGINS)) do (copy Makefile plugins\%%i && copy Makefile.var plugins\%%i && cd plugins\%%i && nmake && del *.obj *.idb &&cd ..\..)
-

Makefile.msvcARM64

@@ -1,48 +0,0 @@
-#
-# 3 proxy Makefile for Microsoft Visual C compiler (for both make and nmake)
-#
-# You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
-# libraries
-#
-# Add /DSAFESQL to CFLAGS if you are using poorely written/tested ODBC driver
-
-BUILDDIR = ../bin64/
-CC = cl
-CFLAGS = /nologo /MT /W3 /Ox /EHs- /GS /GA /GF /D "MSVC" /D "WITH_STD_MALLOC" /D "WITH_WSAPOLL" /D "WITH_SSL" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /D "PRINTF_INT64_MODIFIER=\"I64\"" /Fp"proxy.pch" /FD /c $(VERSION) $(BUILDDATE)
-COUT = /Fo
-LN = link
-LDFLAGS = /nologo /subsystem:console /incremental:no /machine:arm64
-DLFLAGS = /DLL
-DLSUFFICS = .dll
-LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib libcrypto_static.lib libssl_static.lib
-LIBSOLD =
-LIBSPREFIX = 
-LIBSSUFFIX = .lib
-LIBEXT = .lib
-LNOUT = /out:
-EXESUFFICS = .exe
-OBJSUFFICS = .obj
-DEFINEOPTION = /D 
-COMPFILES = *.pch *.idb
-REMOVECOMMAND = del 2>NUL >NUL
-TYPECOMMAND = type
-COMPATLIBS =
-MAKEFILE = Makefile.msvcARM64
-PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin FilePlugin SSLPlugin
-VERFILE = 3proxy.res $(VERFILE)
-VERSIONDEP = 3proxy.res $(VERSIONDEP)
-AFTERCLEAN = del src\*.res
-
-
-include Makefile.inc
-
-3proxy.res:
-	rc 3proxy.rc
-
-3proxyres.obj: ../3proxy.res
-	cvtres /out:3proxyres.obj /machine:x64 ../3proxy.res
-
-
-allplugins:
-	for /D %%i in ($(PLUGINS)) do (copy Makefile plugins\%%i && copy Makefile.var plugins\%%i && cd plugins\%%i && nmake && del *.obj *.idb &&cd ..\..)
-

Makefile.msvcCE

@@ -1,35 +0,0 @@
-#
-# 3 proxy Makefile for Microsoft Visual C compiler (for both make and nmake)
-#
-# You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
-# libraries
-#
-# Add /DSAFESQL to CFLAGS if you are using poorely written/tested ODBC driver
-
-BUILDDIR = ../bin/
-CC = cl
-CFLAGS = /DARM /D "NOODBC" /nologo /MT /W3 /Wp64 /Ox /GS /EHs- /GA /GF /D "MSVC" /D "_WINCE" /D "WITH_STD_MALLOC" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /D "PRINTF_INT64_MODIFIER=\"I64\"" /Fp"proxy.pch" /FD /c
-COUT = /Fo
-LN = link
-LDFLAGS = /nologo /subsystem:console /incremental:no
-DLFLAGS = /DLL
-DLSUFFICS = .dll
-LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib
-LIBEXT = .lib
-LNOUT = /out:
-EXESUFFICS = .exe
-OBJSUFFICS = .obj
-DEFINEOPTION = /D 
-COMPFILES = *.pch *.idb
-REMOVECOMMAND = del 2>NUL >NUL
-TYPECOMMAND = type
-COMPATLIBS =
-MAKEFILE = Makefile.msvc
-PLUGINS = WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin
-
-
-include Makefile.inc
-
-allplugins:
-	for /D %%i in ($(PLUGINS)) do (copy Makefile plugins\%%i && copy Makefile.var plugins\%%i && cd plugins\%%i && nmake && del *.obj *.idb &&cd ..\..)
-	

Makefile.openwrt-mips

@@ -1,102 +0,0 @@
-#
-# 3 proxy Makefile for GCC/Linux/Cygwin
-#
-# You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
-# libraries
-#
-# remove -DNOODBC from CFLAGS and add -lodbc to LIBS to compile with ODBC
-# library support. Add -DSAFESQL for poorely written ODBC library / drivers.
-
-BUILDDIR = ../bin/
-CC = mips-openwrt-linux-gcc
-
-CFLAGS = -g -O2 -fno-strict-aliasing -c -pthread -DGETHOSTBYNAME_R -D_THREAD_SAFE -D_REENTRANT -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL -DWITH_NETFILTER
-COUT = -o 
-LN = $(CC)
-DCFLAGS = -fPIC
-LDFLAGS = -O2 -fno-strict-aliasing -pthread -s
-DLFLAGS = -shared
-DLSUFFICS = .ld.so
-# -lpthreads may be reuqired on some platforms instead of -pthreads
-LIBSPREFIX = -l
-LIBSSUFFIX = 
-LNOUT = -o 
-EXESUFFICS =
-OBJSUFFICS = .o
-DEFINEOPTION = -D
-COMPFILES = *~
-REMOVECOMMAND = rm -f
-AFTERCLEAN = (find . -type f -name "*.o" -delete && find src/ -type f -name "Makefile.var" -delete && find bin/ -type f -executable -delete) || true
-TYPECOMMAND = cat
-COMPATLIBS =
-MAKEFILE = Makefile.openwrt-mips
-# PamAuth requires libpam, you may require pam-devel package to be installed
-# SSLPlugin requires  -lcrypto -lssl
-#LIBS = -lcrypto -lssl -ldl 
-LIBS = -ldl 
-#PLUGINS = SSLPlugin StringsPlugin TrafficPlugin PCREPlugin TransparentPlugin PamAuth
-PLUGINS = StringsPlugin TrafficPlugin PCREPlugin TransparentPlugin
-
-include Makefile.inc
-
-allplugins:
-	@list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ;	cd ../.. ; done
-
-DESTDIR		=
-prefix		= /usr/local
-exec_prefix	= $(prefix)
-man_prefix	= $(prefix)/share
-
-INSTALL		= /usr/bin/install
-INSTALL_BIN	= $(INSTALL) -m 755
-INSTALL_DATA	= $(INSTALL) -m 644
-INSTALL_OBJS	= src/3proxy \
-		  src/ftppr \
-		  src/mycrypt \
-		  src/pop3p \
-		  src/proxy \
-		  src/socks \
-		  src/tcppm \
-		  src/udppm
-		  
-
-INSTALL_CFG_OBJS = scripts/3proxy.cfg \
-		   scripts/add3proxyuser.sh
-INSTALL_CFG_DEST = config
-
-INSTALL_CFG_OBJS2 = passwd counters bandlimiters
-
-MANDIR1		= $(DESTDIR)$(man_prefix)/man/man1
-MANDIR3		= $(DESTDIR)$(man_prefix)/man/man3
-MANDIR8		= $(DESTDIR)$(man_prefix)/man/man8
-BINDIR		= $(DESTDIR)$(exec_prefix)/bin
-ETCDIR		= $(DESTDIR)$(prefix)/etc/3proxy
-
-install-bin:
-	$(INSTALL_BIN) -d $(BINDIR)
-	$(INSTALL_BIN) -s $(INSTALL_OBJS) $(BINDIR)
-
-install-etc-dir:
-	$(INSTALL_BIN) -d $(ETCDIR)
-
-install-etc-default-config:
-	if [ -f $(ETCDIR)/$(INSTALL_CFG_DEST) ]; then \
-	   : ; \
-	else \
-	   $(INSTALL_DATA) $(INSTALL_CFG_OBJS) $(ETCDIR)/$(INSTALL_CFG_DEST) \
-	fi
-
-install-etc: install-etc-dir
-	for file in $(INSTALL_CFG_OBJS2); \
-	do \
-	  touch $(ETCDIR)/$$file; chmod 0600 $(ETCDIR)/$$file; \
-	done;
-
-install-man:
-	$(INSTALL_BIN) -d $(MANDIR3)
-	$(INSTALL_BIN) -d $(MANDIR8)
-	$(INSTALL_DATA) man/*.3 $(MANDIR3)
-	$(INSTALL_DATA) man/*.8 $(MANDIR8)
-
-install: install-bin install-etc install-man
-

Makefile.unix

@@ -1,28 +1,31 @@
 #
 # 3 proxy Makefile for GCC/Unix
 #
-# You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
-# libraries
 #
-# remove -DNOODBC from CFLAGS and add -lodbc to LDFLAGS to compile with ODBC
+# add -DWITH_ODBC to CFLAGS and -lodbc to LDFLAGS to compile with ODBC
 # library support. Add -DSAFESQL for poorely written ODBC library / drivers.
 
 BUILDDIR = ../bin/
-CC = gcc
+PREFIX ?= 3proxy_
+CRYPT_PREFIX ?= $(PREFIX)
+MANDIR ?= /usr/share/man
+CC ?= gcc
 
 # you may need -L/usr/pkg/lib for older NetBSD versions
-CFLAGS = -g -O2 -fno-strict-aliasing -c -pthread -D_THREAD_SAFE -D_REENTRANT -DNOODBC -DWITH_STD_MALLOC -DFD_SETSIZE=4096 -DWITH_POLL
+CFLAGS ?= -O3 -flto
+CFLAGS += -fno-strict-aliasing -c -pthread -D_THREAD_SAFE -D_REENTRANT -DFD_SETSIZE=4096 -DWITH_POLL -DWITH_UN
 COUT = -o 
-LN = $(CC)
-LDFLAGS = -O2 -fno-strict-aliasing -pthread
+LN ?= $(CC)
+LDFLAGS ?= -flto
+LDFLAGS += -pthread -fno-strict-aliasing
 # -lpthreads may be reuqired on some platforms instead of -pthreads
 # -ldl or -lld may be required for some platforms
-DCFLAGS = -fPIC
-DLFLAGS = -shared
-DLSUFFICS = .ld.so
-LIBS =
-LIBSPREFIX = -l
-LIBSSUFFIX = 
+DCFLAGS ?= -fPIC
+DLFLAGS ?= -shared
+DLSUFFICS ?= .ld.so
+LIBS ?=
+LIBSPREFIX ?= -l
+LIBSSUFFIX ?= 
 LNOUT = -o 
 EXESUFFICS =
 OBJSUFFICS = .o
@@ -33,28 +36,54 @@ AFTERCLEAN = (find . -type f -name "*.o" -delete && find src/ -type f -name "Mak
 TYPECOMMAND = cat
 COMPATLIBS =
 MAKEFILE = Makefile.unix
-PLUGINS = StringsPlugin TrafficPlugin PCREPlugin PamAuth TransparentPlugin
+PLUGINS ?= StringsPlugin TrafficPlugin TransparentPlugin FilePlugin
+ifeq ($(STATIC), true)
+    STATIC_PREFIX = -Wl,-Bstatic
+    STATIC_SUFFIX = -Wl,-Bdynamic
+    ZLIB = -lz
+endif
+OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -otestssl testssl.o $(STATIC_PREFIX) -lcrypto -lssl $(ZLIB) $(STATIC_SUFFIX) 2>/dev/null && rm testssl testssl.o && echo true||echo false)
+ifeq ($(OPENSSL_CHECK), true)
+    LIBS += $(STATIC_PREFIX) -lcrypto -lssl $(ZLIB) $(STATIC_SUFFIX)
+    CFLAGS += -DWITH_SSL
+    SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS)
+endif
+PCRE_CHECK = $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpcre.o - 2>/dev/null && $(CC) -o testpcre testpcre.o $(LDFLAGS) $(STATIC_PREFIX) -lpcre2-8 $(STATIC_SUFFIX) 2>/dev/null && rm testpcre testpcre.o && echo true||echo false)
+ifeq ($(PCRE_CHECK), true)
+    CFLAGS += -DWITH_PCRE
+    PCRE_OBJS = pcre$(OBJSUFFICS)
+    PCRE_LIBS = $(STATIC_PREFIX) -lpcre2-8 $(STATIC_SUFFIX)
+endif
+PAM_CHECK = $(shell echo "\#include <security/pam_appl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpam.o - 2>/dev/null && $(CC) $(LDFLAGS) -o testpam testpam.o -lpam 2>/dev/null && rm testpam testpam.o && echo true||echo false)
+ifeq ($(PAM_CHECK), true)
+    PLUGINS += PamAuth
+endif
 
 include Makefile.inc
 
 install: all
-	if [ ! -d /usr/local/etc/3proxy/bin ]; then mkdir -p /usr/local/etc/3proxy/bin/; fi
-	install bin/3proxy /usr/local/etc/3proxy/bin/3proxy
-	install bin/mycrypt /usr/local/etc/3proxy/bin/mycrypt
-	install scripts/rc.d/proxy.sh /usr/local/etc/rc.d/proxy.sh
-	install scripts/add3proxyuser.sh /usr/local/etc/3proxy/bin/
-	if [ -s /usr/local/etc/3proxy/3proxy.cfg ]; then
-	echo /usr/local/etc/3proxy/3proxy.cfg already exists
-	else
-	install scripts/3proxy.cfg /usr/local/etc/3proxy/
-	if [ ! -d /var/log/3proxy/ ]; then
-	mkdir /var/log/3proxy/
-	fi
-	touch /usr/local/etc/3proxy/passwd
-	touch /usr/local/etc/3proxy/counters
-	touch /usr/local/etc/3proxy/bandlimiters
-	echo Run /usr/local/etc/3proxy/bin/add3proxyuser.sh to add \'admin\' user
-	fi
+	if [ ! -d "/usr/local/3proxy/bin" ]; then mkdir -p /usr/local/3proxy/bin/; fi
+	install bin/3proxy /usr/local/3proxy/bin/3proxy
+	install bin/$(CRYPT_PREFIX)crypt /usr/local/3proxy/bin/$(CRYPT_PREFIX)crypt
+	for f in proxy socks pop3p smtpp ftppr tcppm udppm tlspr; do \
+	  if [ -f bin/$(PREFIX)$$f ]; then install bin/$(PREFIX)$$f /usr/local/3proxy/bin/$(PREFIX)$$f; fi; \
+	done
+	install scripts/rc.d/3proxy /usr/local/etc/rc.d/3proxy
+	install scripts/add3proxyuser.sh /usr/local/3proxy/bin/
+	if [ -s /usr/local/etc/3proxy/3proxy.cfg ]; then echo /usr/local/3proxy/3proxy.cfg already exists; else install scripts/3proxy.cfg /usr/local/etc/3proxy/; fi
+	if [ ! -d /var/log/3proxy/ ]; then mkdir /var/log/3proxy/; fi
+	touch /usr/local/3proxy/passwd
+	touch /usr/local/3proxy/counters
+	touch /usr/local/3proxy/bandlimiters
+	install -d $(MANDIR)/man8
+	install -m 644 man/3proxy.8 $(MANDIR)/man8/3proxy.8
+	for f in proxy socks pop3p smtpp ftppr tcppm udppm tlspr; do \
+	  if [ -f man/$$f.8 ]; then install -m 644 man/$$f.8 $(MANDIR)/man8/$(PREFIX)$$f.8; fi; \
+	done
+	install -m 644 man/3proxy_crypt.8 $(MANDIR)/man8
+	install -d $(MANDIR)/man5
+	install -m 644 man/3proxy.cfg.5 $(MANDIR)/man5/3proxy.cfg.5
+	echo Run /usr/local/3proxy/bin/add3proxyuser.sh to add \'admin\' user
 
 allplugins:
 	@list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ;	cd ../.. ; done

Makefile.unix-install

@@ -1,59 +0,0 @@
-DESTDIR		=
-prefix		= /usr/local
-exec_prefix	= $(prefix)
-man_prefix	= $(prefix)/share
-
-INSTALL		= /usr/bin/install
-INSTALL_BIN	= $(INSTALL) -m 755
-INSTALL_DATA	= $(INSTALL) -m 644
-INSTALL_OBJS	= bin/3proxy \
-		  bin/ftppr \
-		  bin/mycrypt \
-		  bin/pop3p \
-		  bin/proxy \
-		  bin/socks \
-		  bin/tcppm \
-		  bin/udppm \
-		  scripts/add3proxyuser.sh
-
-INSTALL_CFG_OBJS = scripts/3proxy.cfg
-INSTALL_CFG_DEST = config
-
-INSTALL_CFG_OBJS2 = passwd counters bandlimiters
-
-MANDIR1		= $(DESTDIR)$(man_prefix)/man/man1
-MANDIR3		= $(DESTDIR)$(man_prefix)/man/man3
-MANDIR8		= $(DESTDIR)$(man_prefix)/man/man8
-BINDIR		= $(DESTDIR)$(exec_prefix)/bin
-ETCDIR		= $(DESTDIR)$(prefix)/etc/3proxy
-
-install-bin:
-	$(INSTALL_BIN) -d $(BINDIR)
-	$(INSTALL_BIN) -s $(INSTALL_OBJS) $(BINDIR)
-
-install-etc-dir:
-	$(INSTALL_BIN) -d $(ETCDIR)
-
-install-etc-default-config:
-	if [ -f $(ETCDIR)/$(INSTALL_CFG_DEST) ]; then \
-	   : ; \
-	else \
-	   $(INSTALL_DATA) $(INSTALL_CFG_OBJS) $(ETCDIR)/$(INSTALL_CFG_DEST) \
-	fi
-
-install-etc: install-etc-dir
-	for file in $(INSTALL_CFG_OBJS2); \
-	do \
-	  touch $(ETCDIR)/$$file; chmod 0600 $(ETCDIR)/$$file; \
-	done;
-
-install-man:
-	$(INSTALL_BIN) -d $(MANDIR1)
-	$(INSTALL_BIN) -d $(MANDIR3)
-	$(INSTALL_BIN) -d $(MANDIR8)
-	$(INSTALL_DATA) man/*.1 $(MANDIR1)
-	$(INSTALL_DATA) man/*.3 $(MANDIR3)
-	$(INSTALL_DATA) man/*.8 $(MANDIR8)
-
-install: install-bin install-etc install-man
-

Makefile.watcom

@@ -1,14 +1,12 @@
 #
 # 3 proxy Makefile for Open Watcom 2
 #
-# You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
-# libraries
 #
 # Add /DSAFESQL to CFLAGS if you are using poorely written/tested ODBC driver
 
 BUILDDIR = ../bin/
 CC = cl
-CFLAGS = /nologo /Ox /MT /D "NOIPV6" /D "NODEBUG" /D "NOODBC" /D "NORADIUS" /D"WATCOM" /D "MSVC" /D "WITH_STD_MALLOC" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /D "PRINTF_INT64_MODIFIER=\"I64\"" /c $(VERSION) $(BUILDDATE)
+CFLAGS = /nologo /Ox /MT /D "NOIPV6" /D "NODEBUG" /D "NORADIUS" /D"WATCOM" /D "MSVC"  /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /D "PRId64=\"I64d\"" /D "PRIu64=\"I64u\"" /D "SCNu64=\"I64u\"" /D "SCNx64=\"I64x\"" /D "SCNd64=\"I64d\"" /D "PRIx64=\"I64x\"" /c $(VERSION) $(BUILDDATE)
 COUT = /Fo
 LN = link
 LDFLAGS = /nologo /subsystem:console /incremental:no 
@@ -28,7 +26,9 @@ REMOVECOMMAND = del 2>NUL >NUL
 TYPECOMMAND = type
 COMPATLIBS =
 MAKEFILE = Makefile.watcom
-PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin
+PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin
+SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS)
+PCRE_OBJS = pcre$(OBJSUFFICS)
 VERFILE = $(VERFILE)
 VERSION = $(VERSION)
 VERSIONDEP = 3proxy.res $(VERSIONDEP)
@@ -64,9 +64,3 @@ allplugins:
 	nmake
 	del *.obj *.idb
 	cd ../../
-	copy Makefile plugins\PCREPlugin
-	copy Makefile.var plugins\PCREPlugin
-	cd plugins\PCREPlugin
-	nmake
-	del *.obj *.idb
-	cd ../../

Makefile.win

@@ -1,24 +1,23 @@
 #
 # 3 proxy Makefile for GCC/windows
 #
-# You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
-# libraries
 #
-# remove -DNOODBC from CFLAGS and add -lodbc to LDFLAGS to compile with ODBC
-# library support
+# ODBC support is enabled by default on Windows (-DWITH_ODBC, -lodbc32)
 
 
 BUILDDIR = ../bin/
-CC = gcc
-CFLAGS = -O2 -s -c -mthreads -DWITH_STD_MALLOC -DNOIPV6 -DNORADIUS
+CC ?= gcc
+CFLAGS ?= -O3 -flto -fno-strict-aliasing
+CFLAGS += -c -mthreads  -DWITH_WSAPOLL -DWITH_ODBC
 COUT = -o 
-LN = gcc
-LDFLAGS = -O2 -s -mthreads
-DLFLAGS = -shared
+LN ?= $(CC)
+LDFLAGS ?= -flto -fno-strict-aliasing
+LDFLAGS += -mthreads
+DLFLAGS ?= -shared
 DLSUFFICS = .dll
-LIBS = -lws2_32 -lodbc32 -ladvapi32
+LIBS += -lws2_32 -lodbc32 -ladvapi32 -luser32
 LIBSPREFIX = -l
-LIBSSUFFIX = 
+LIBSSUFFIX =
 LNOUT = -o 
 EXESUFFICS = .exe
 OBJSUFFICS = .o
@@ -28,9 +27,37 @@ REMOVECOMMAND = rm -f
 TYPECOMMAND = cat
 COMPATLIBS =
 MAKEFILE = Makefile.win
-PLUGINS = utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin PCREPlugin
+PLUGINS := utf8tocp1251 WindowsAuthentication TrafficPlugin StringsPlugin FilePlugin
+VERFILE := 3proxyres.o $(VERFILE)
+VERSION := $(VERSION)
+VERSIONDEP := 3proxyres.o $(VERSIONDEP)
+BUILDDATE := $(BUILDDATE)
+AFTERCLEAN = (find . -type f -name "*.o" -delete && find . -type f -name "*.res" -delete && find src/ -type f -name "Makefile.var" -delete && find bin/ -type f -executable -delete) || true
+
+ifndef OPENSSL_CHECK
+OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d '\\\\' | cc -x c $(CFLAGS) $(LDFLAGS) -l crypto -l ssl -o testssl - 2>/dev/null && rm testssl && echo true||echo false)
+ifeq ($(OPENSSL_CHECK), true)
+    LIBS += -l crypto -l ssl
+    CFLAGS += -DWITH_SSL
+    SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS)
+endif
+PAM_CHECK = $(shell echo "\#include <security/pam_appl.h>\\n int main(){return 0;}" | tr -d '\\\\' | cc -x c $(CFLAGS) $(LDFLAGS) -l pam -o testpam - 2>/dev/null && rm testpam && echo true||echo false)
+ifeq ($(PAM_CHECK), true)
+    PLUGINS += PamAuth
+endif
+PCRE_CHECK = $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n#include <pcre2.h>\\n int main(){return 0;}" | tr -d '\\\\' | cc -x c $(CFLAGS) $(LDFLAGS) -lpcre2-8 -o testpcre - 2>/dev/null && rm testpcre && echo true||echo false)
+ifeq ($(PCRE_CHECK), true)
+    CFLAGS += -DWITH_PCRE
+    PCRE_OBJS = pcre$(OBJSUFFICS)
+    PCRE_LIBS = -lpcre2-8
+endif
+endif
 
 include Makefile.inc
 
+3proxyres.o:
+	windres 3proxy.rc -o 3proxyres.o
+
 allplugins:
-	@list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ;  rm *.o ; cd ../.. ; done
+	@list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ;	cd ../.. ; done
+

Makefile.winCE

@@ -1,34 +0,0 @@
-#
-# 3 proxy Makefile for GCC/windows
-#
-# You can try to remove -DWITH_STD_MALLOC to CFLAGS to use optimized malloc
-# libraries
-#
-# remove -DNOODBC from CFLAGS and add -lodbc to LDFLAGS to compile with ODBC
-# library support
-
-
-BUILDDIR = ../bin/
-CC = /opt/cegcc/arm-wince-cegcc/bin/gcc
-CFLAGS = -O2 -s -c -mthreads -DWITH_STD_MALLOC -DNOODBC -D_WINCE -D_WIN32 -DNORADIUS -D__USE_W32_SOCKETS
-COUT = -o 
-LN = /opt/cegcc/arm-wince-cegcc/bin/gcc
-LDFLAGS = -O2 -s -mthreads
-DLFLAGS = -shared
-DLSUFFICS = .dll
-LIBS = -lws2
-LNOUT = -o 
-EXESUFFICS = .exe
-OBJSUFFICS = .o
-DEFINEOPTION = -D
-COMPFILES = *.tmp
-REMOVECOMMAND = rm -f
-TYPECOMMAND = more
-COMPATLIBS =
-MAKEFILE = Makefile.winCE
-PLUGINS = TrafficPlugin StringsPlugin PCREPlugin
-
-include Makefile.inc
-
-allplugins:
-	@list='$(PLUGINS)'; for p in $$list; do cp Makefile Makefile.var plugins/$$p; cd plugins/$$p ; make ;  rm *.o ; cd ../.. ; done

README

@@ -1,217 +0,0 @@
-# 3APA3A 3proxy tiny proxy server
-(c) 2002-2020 by Vladimir '3APA3A' Dubrovin <3proxy@3proxy.ru>
-
-
-Branches:
-Master (stable) branch - 3proxy 0.9 
-Devel branch - 3proxy 10
-
-
-Download: 
-	Binaries for released (master) versions (Windows, Linux):
-	https://github.com/z3APA3A/3proxy/releases
-	Binaries for devel version (Windows, Linux):
-	https://3proxy.org/download/devel/
-	Docker images:
-	https://hub.docker.com/repository/docker/3proxy/3proxy
-Archive of old versions: https://github.com/z3APA3A/3proxy-archive
-
-
-Windows installation:
-
-3proxy --install 
-	
-	installs and starts proxy as Windows service
-	(config file should be located in the same directory)
-
-3proxy --remove 
-
-	removes the service (should be stopped before via
-	'net stop 3proxy').
-
-To build in Linux install git and build-essential packages, use
-
-git clone https://github.com/z3apa3a/3proxy
-cd 3proxy
-ln -s Makefile.Linux Makefile
-make
-sudo make install
-
-Default configuration (for Linux/Unix):
-3proxy uses 2 configuration files:
-/etc/3proxy/3proxy.cfg (before-chroot). This configuration file is executed before chroot and should not be modified.
-/usr/local/3proxy/conf/3proxy.cfg symlinked from /etc/3proxy/conf/3proxy.cfg (after-chroot) is a main configuration file. Modify this file, if required.
-All paths in /usr/local/3proxy/conf/3proxy.cfg are relative to chroot directory (/usr/local/3proxy). For future versions it's planned to move
-3proxy chroot direcory to /var.
-Log files are created in /usr/local/3proxy/logs symlinked from /var/log/3proxy.
-By default, socks is started on 0.0.0.0:1080 and proxy on 0.0.0.0:3128 with basic auth, no users are added by default.
-
-use /etc/3proxy/conf/add3proxyuser.sh script to add users.
-
-usage: /etc/3proxy/conf/add3proxyuser.sh username password [day_limit] [bandwidth]
-        day_limit - traffic limit in MB per day
-        bandwidth - bandwith in bits per second 1048576 = 1Mbps
-
-or modify /etc/3proxy/conf/ files directly.
-
-Please read doc/html/index.html and man pages.
-
- Features:
-  1. General
-	+ IPv6 support for incoming and outgoing connection,
-	  can be used as a proxy between IPv4 and IPv6 networks
-	  in either direction.
-	+ HTTP/1.1 Proxy with keep-alive client and server support,
-          transparent proxy support.
-	+ HTTPS (CONNECT) proxy (compatible with HTTP/2 / SPDY)
-	+ Anonymous and random client IP emulation for HTTP proxy mode
-	+ FTP over HTTP support.
-	+ DNS caching with built-in resolver
-	+ DNS proxy
-	+ DNS over TCP support, redirecting DNS traffic via parent
-	  proxy
-	+ SOCKSv4/4.5 Proxy
-	+ SOCKSv5 Proxy
-	+ SOCKSv5 UDP and BIND support (fully compatible with
-	  SocksCAP/FreeCAP for UDP)
-	+ Transparent SOCKS redirection for HTTP, POP3, FTP, SMTP
-	+ POP3 Proxy
-	+ FTP proxy
-	+ TCP port mapper (port forwarding)
-	+ UDP port mapper (port forwarding)
-	+ SMTP proxy
-	+ Threaded application (no child process).
-	+ Web administration and statistics
-	+ Plugins for functionality extension
-	+ Native 32/64 bit application
-  2. Proxy chaining and network connections
-	+ Can be used as a bridge between client and different proxy type
-	  (e.g. convert incoming HTTP proxy request from client to SOCKSv5
-	  request to parent server).
-	+ Connect back proxy support to bypass firewalls
-	+ Parent proxy support for any type of incoming connection
-	+ Username/password authentication for parent proxy(s).
-	+ HTTPS/SOCKS4/SOCKS5 and ip/port redirection parent support
-	+ Random parent selection
-	+ Chain building (multihop proxing)
-	+ Load balancing between few network connections by choosing network
-	  interface
-  3. Logging
-	+ tuneable log format compatible with any log parser
-	+ stdout logging
-	+ file logging
-	+ syslog logging (Unix)
-	+ ODBC logging
-	+ RADIUS accounting
-	+ log file rotation
-	+ automatic log file processing with external archiver (for files)
-	+ Character filtering for log files
-	+ different log files for different servces are supported
-  4. Access control
-	+ ACL-driven Access control by username, source IP,
-	destination IP/hostname, destination port and destination action
-	(POST, PUT, GET, etc), weekday and daytime.
-	+ ACL-driven (user/source/destination/protocol/weekday/daytime or
-	combined) bandwith limitation for incoming and (!)outgoing trafic.
-	+ ACL-driven traffic limitation per day, week or month for incoming and
-	outgoing traffic
-	+ Connection limitation and ratelimting
-	+ User authentication by username / password
-	+ RADIUS Authentication and Authorization
-	+ User authentication by DNS hostname
-	+ Authentication cache with possibility to limit user to single IP address
-	+ Access control by username/password for SOCKSv5 and HTTP/HTTPS/FTP
-	+ Cleartext or encrypted (crypt/MD5 or NT) passwords.
-	+ Connection redirection
-	+ Access control by requested action (CONNECT/BIND, 
-	  HTTP GET/POST/PUT/HEAD/OTHER).
-	+ All access control entries now support weekday and time limitations
-	+ Hostnames and * templates are supported instead of IP address
-  5. Extensions
-	+ Regular expression filtering (with PCRE) via PCREPlugin
-	+ Authentication with Windows username/password (cleartext only)
-	+ SSL/TLS decryptions with certificate spoofing
-	+ Transparent redirection support for Linux and *BSD
-  6. Configuration
-	+ support for configuration files
-	+ support for includes in configuration files
-	+ interface binding
-	+ socket options
-	+ running as daemon process
-	+ utility for automated networks list building
-	+ configuration reload on any file change
-     Unix
-	+ support for chroot
-	+ support for setgid
-	+ support for setuid
-	+ support for signals (SIGUSR1 to reload configuration)
-     Windows
-	+ support --install as service
-	+ support --remove as service
-	+ support for service START, STOP, PAUSE and CONTINUE commands (on
-	PAUSE no new connection accepted, but active connections still in
-	progress, on CONTINUE configuration is reloaded)
-     Windows 95/98/ME
-	+ support --install as service
-	+ support --remove as service
-  6. Compilation
-	+ MSVC (static)
-	+ OpenWatcom (static)
-	+ Intel Windows Compiler (msvcrt.dll)
-	+ Windows/gcc (msvcrt.dll)
-	+ Cygwin/gcc (cygwin.dll)
-	+ Unix/gcc
-	+ Unix/ccc
-	+ Solaris
-	+ Mac OS X, iPhone OS
-	+ Linux and derivered systems
-	+ Lite version for Windows 95/98/NT/2000/XP/2003
-	+ 32 bit and 64 bit versions for Windows Vista and above, Windows 2008 server and above 
-
-3proxy    	Combined proxy server may be used as
-		executable or service (supports installation and removal).
-		It uses config file to read it's configuration (see
-		3proxy.cfg.sample for details).
-		3proxy.exe is all-in-one, it doesn't require all others .exe
-		to work.
-		See 3proxy.cfg.sample for examples, see man 3proxy.cfg
-
-proxy    	HTTP proxy server, binds to port 3128
-ftppr    	FTP proxy server, binds to port 21
-socks    	SOCKS 4/5 proxy server, binds to port 1080
-ftppr		FTP proxy server, please do not mess it with FTP over HTTP
-		proxy used in browsers
-pop3p    	POP3 proxy server, binds to port 110. You must specify
-		POP3 username as username@target.host.ip[:port]
-		port is 110 by default.
-		Exmple: in Username configuration for you e-mail reader
-		set someuser@pop.example.org, to obtains mail for someuser
-		from pop.somehost.ru via proxy.
-smtpp    	SMTP proxy server, binds to port 25. You must specify
-		SMTP username as username@target.host.ip[:port]
-		port is 25 by default.
-		Exmple: in Username configuration for you e-mail reader
-		set someuser@mail.example.org, to send mail as someuser
-		via mail.somehost.ru via proxy.
-tcppm    	TCP port mapping. Maps some TCP port on local machine to
-		TCP port on remote host.
-udppm    	UDP port mapping. Maps some UDP port on local machine to
-		UDP port on remote machine. Only one user simulationeously
-		can use UDP mapping, so it cann't be used for public service
-		in large networks. It's OK to use it to map to DNS server
-		in small network or to map Counter-Strike server for single
-		client (you can use few mappings on different ports for
-		different clients in last case).
-mycrypt    	Program to obtain crypted password fro cleartext. Supports
-		both MD5/crypt and NT password.
-			mycrypt password
-		produces NT password
-			mycrypt salt password
-		produces MD5/crypt password with salt "salt".
-
-
-Run utility with --help option for command line reference.
-
-Latest version is available from https://3proxy.org/
-
-Want to donate the project? https://3proxy.org/donations/

README.md

@@ -0,0 +1,303 @@
+# 3APA3A 3proxy tiny proxy server
+
+(c) 2002-2026 by Vladimir '3APA3A' Dubrovin <vlad@3proxy.org>
+
+## Branches
+
+- **Master** (stable) branch - 3proxy 0.9
+- **Devel** branch - 3proxy 10 (don't use it)
+
+## Download
+
+Binaries and sources for released (master) versions (Windows, Linux):
+https://github.com/z3APA3A/3proxy/releases
+
+Docker images:
+https://hub.docker.com/r/3proxy/3proxy
+
+Archive of old versions:
+https://github.com/z3APA3A/3proxy-archive
+
+## Documentation
+
+Documentation (man pages and HTML) available with download, on https://3proxy.org/ and in github wiki https://github.com/3proxy/3proxy/wiki
+
+## Windows Installation
+
+Install and start proxy as Windows service:
+
+```bash
+3proxy [path_to_config_file] --install
+```
+
+Config file should be located in the same directory or may be optionally specified.
+
+Remove the service (should be stopped before via `net stop 3proxy`):
+
+```bash
+3proxy --remove
+```
+
+## Building on Linux
+
+### With Makefile
+
+```bash
+git clone https://github.com/z3apa3a/3proxy
+cd 3proxy
+ln -s Makefile.Linux Makefile
+make
+sudo make install
+```
+
+### Default Configuration (Linux/Unix)
+
+3proxy uses 2 configuration files:
+- `/etc/3proxy/3proxy.cfg` (before-chroot) - This configuration file is executed before chroot and should not be modified.
+- `/usr/local/3proxy/conf/3proxy.cfg` symlinked from `/etc/3proxy/conf/3proxy.cfg` (after-chroot) - Main configuration file. Modify this file if required.
+
+All paths in `/usr/local/3proxy/conf/3proxy.cfg` are relative to chroot directory (`/usr/local/3proxy`). For future versions it's planned to move 3proxy chroot directory to `/var`.
+
+Log files are created in `/usr/local/3proxy/logs` symlinked from `/var/log/3proxy`.
+
+By default, socks is started on 0.0.0.0:1080 and proxy on 0.0.0.0:3128 with basic auth, no users are added by default.
+
+### Adding Users
+
+Use `/etc/3proxy/conf/add3proxyuser.sh` script to add users:
+
+```bash
+/etc/3proxy/conf/add3proxyuser.sh username password [day_limit] [bandwidth]
+```
+
+Parameters:
+- `day_limit` - traffic limit in MB per day
+- `bandwidth` - bandwidth in bits per second (1048576 = 1Mbps)
+
+Or modify `/etc/3proxy/conf/` files directly.
+
+### With CMake
+
+```bash
+git clone https://github.com/z3apa3a/3proxy
+cd 3proxy
+mkdir build && cd build
+cmake ..
+cmake --build .
+sudo cmake --install .
+```
+
+CMake does not use chroot configuration, config file is `/etc/3proxy/3proxy.cfg`
+
+## MacOS X / FreeBSD / *BSD
+
+### With Makefile
+
+```bash
+git clone https://github.com/z3apa3a/3proxy
+cd 3proxy
+ln -s Makefile.FreeBSD Makefile
+make
+```
+
+Binaries are in `bin/` directory.
+
+### With CMake (recommended)
+
+```bash
+git clone https://github.com/z3apa3a/3proxy
+cd 3proxy
+mkdir build && cd build
+cmake ..
+cmake --build .
+sudo cmake --install .
+```
+
+This installs:
+- Binaries to `/usr/local/bin/`
+- Configuration to `/etc/3proxy/`
+- Plugins to `/usr/local/lib/3proxy/`
+- rc scripts to `rc.d` for BSD
+- launchd plist to `/Library/LaunchDaemons/` for MacOS
+
+### Service Management on macOS
+
+```bash
+# Load and start service
+sudo launchctl load /Library/LaunchDaemons/org.3proxy.3proxy.plist
+
+# Stop service
+sudo launchctl stop org.3proxy.3proxy
+
+# Start service
+sudo launchctl start org.3proxy.3proxy
+
+# Unload and disable service
+sudo launchctl unload /Library/LaunchDaemons/org.3proxy.3proxy.plist
+```
+
+## Features
+
+### 1. General
+
+- IPv4 / IPv6 support for incoming and outgoing connection, can be used as a proxy between IPv4 and IPv6 networks in either direction
+- Unix domain sockets support
+- HTTP/1.1 Proxy with keep-alive client and server support, transparent proxy support
+- HTTPS (CONNECT) proxy (compatible with HTTP/2 / SPDY)
+- Anonymous and random client IP emulation for HTTP proxy mode
+- FTP over HTTP support
+- DNS caching with built-in resolver
+- DNS proxy
+- DNS over TCP support, redirecting DNS traffic via parent proxy
+- SOCKSv4/4.5 Proxy
+- SOCKSv5 Proxy
+- SOCKSv5 UDP and BIND support (fully compatible with SocksCAP/FreeCAP for UDP)
+- Transparent SOCKS redirection for HTTP, POP3, FTP, SMTP
+- SNI proxy (based on TLS hostname)
+- TLS (SSL) server and client, 3proxy may be used as https:// type proxy or stunnel replacement
+- POP3 Proxy
+- FTP proxy
+- TCP port mapper (port forwarding)
+- UDP port mapper (port forwarding)
+- SMTP proxy
+- Threaded application (no child process)
+- Web administration and statistics
+- Plugins for functionality extension
+- Native 32/64 bit application
+
+### 2. Proxy Chaining and Network Connections
+
+- Can be used as a bridge between client and different proxy type (e.g. convert incoming HTTP proxy request from client to SOCKSv5 request to parent server)
+- Connect back proxy support to bypass firewalls
+- Parent proxy support for any type of incoming connection
+- Username/password authentication for parent proxy(s)
+- HTTPS/SOCKS4/SOCKS5 and ip/port redirection parent support
+- Random parent selection
+- Chain building (multihop proxing)
+- Load balancing between few network connections by choosing network interface
+
+### 3. Logging
+
+- Tuneable log format compatible with any log parser
+- stdout logging
+- File logging
+- Syslog logging (Unix)
+- ODBC logging
+- RADIUS accounting
+- Log file rotation
+- Automatic log file processing with external archiver (for files)
+- Character filtering for log files
+- Different log files for different services are supported
+
+### 4. Access Control
+
+- ACL-driven Access control by username, source IP, destination IP/hostname, destination port and destination action (POST, PUT, GET, etc), weekday and daytime
+- ACL-driven (user/source/destination/protocol/weekday/daytime or combined) bandwidth limitation for incoming and (!)outgoing traffic
+- ACL-driven traffic limitation per day, week or month for incoming and outgoing traffic
+- Connection limitation and ratelimiting
+- User authentication by username / password
+- RADIUS Authentication and Authorization
+- User authentication by DNS hostname
+- Authentication cache with possibility to limit user to single IP address
+- Access control by username/password for SOCKSv5 and HTTP/HTTPS/FTP
+- Cleartext or encrypted passwords
+- Connection redirection
+- Access control by requested action (CONNECT/BIND, HTTP GET/POST/PUT/HEAD/OTHER)
+- All access control entries now support weekday and time limitations
+- Hostnames and * templates are supported instead of IP address
+
+### 5. Extensions
+
+- Regular expression filtering (with PCRE2) via PCREPlugin
+- Authentication with Windows username/password (cleartext only)
+- SSL/TLS decryptions with certificate spoofing
+- Transparent redirection support for Linux and *BSD
+
+### 6. Configuration
+
+- Support for configuration files
+- Support for includes in configuration files
+- Interface binding
+- Socket options
+- Running as daemon process
+- Utility for automated networks list building
+- Configuration reload on any file change
+
+**Unix:**
+- Support for chroot
+- Support for setgid
+- Support for setuid
+- Support for signals (SIGUSR1 to reload configuration)
+
+**Windows:**
+- Support `--install` as service
+- Support `--remove` as service
+- Support for service START, STOP, PAUSE and CONTINUE commands (on PAUSE no new connection accepted, but active connections still in progress, on CONTINUE configuration is reloaded)
+
+**Windows 95/98/ME:**
+- Support `--install` as service
+- Support `--remove` as service
+
+### 7. Compilation
+
+- MSVC (static)
+- OpenWatcom (static)
+- Intel Windows Compiler (msvcrt.dll)
+- Windows/gcc (msvcrt.dll)
+- Cygwin/gcc (cygwin.dll)
+- Unix/gcc
+- Unix/ccc
+- Solaris
+- Mac OS X, iPhone OS
+- Linux and derived systems
+- Lite version for Windows 95/98/NT/2000/XP/2003
+- 32 bit and 64 bit versions for Windows Vista and above, Windows 2008 server and above
+
+## Executables
+
+### 3proxy
+Combined proxy server may be used as executable or service (supports installation and removal). It uses config file to read its configuration (see `3proxy.cfg.sample` for details). `3proxy.exe` is all-in-one, it doesn't require all others .exe to work. See `3proxy.cfg.sample` for examples, see `man 3proxy.cfg`
+
+### proxy
+HTTP proxy server, binds to port 3128
+
+### ftppr
+FTP proxy server, binds to port 21. Please do not mess it with FTP over HTTP proxy used in browsers
+
+### socks
+SOCKS 4/5 proxy server, binds to port 1080
+
+### pop3p
+POP3 proxy server, binds to port 110. You must specify POP3 username as `username@popserver[:port]` (port is 110 by default).
+
+Example: in Username configuration for your e-mail reader set `someuser@pop.somehost.ru`, to obtain mail for someuser from pop.somehost.ru via proxy.
+
+### smtpp
+SMTP proxy server, binds to port 25. You must specify SMTP username as `username@smtpserver[:port]` (port is 25 by default).
+
+Example: in Username configuration for your e-mail reader set `someuser@mail.somehost.ru`, to send mail as someuser via mail.somehost.ru via proxy.
+
+### tcppm
+TCP port mapping. Maps some TCP port on local machine to TCP port on remote host.
+
+### tlspr
+TLS proxy (SNI proxy) - sniffs hostname from TLS handshake
+
+### udppm
+UDP port mapping. Maps some UDP port on local machine to UDP port on remote machine. Only one user simultaneously can use UDP mapping, so it can't be used for public service in large networks. It's OK to use it to map to DNS server in small network or to map Counter-Strike server for single client (you can use few mappings on different ports for different clients in last case).
+
+### 3proxy_crypt
+Program to obtain crypted password for cleartext. Supports both salted and NT password.
+
+```bash
+3proxy_crypt password          # produces NT password
+3proxy_crypt salt password     # produces password hash with salt "salt"
+```
+
+---
+
+Run utility with `--help` option for command line reference.
+
+Latest version is available from https://3proxy.org/
+
+Want to donate the project? https://3proxy.org/donations/

RELEASE

@@ -1 +1 @@
-0.9.3
+0.9.6

authors

@@ -1 +1 @@
-(c) 2002-2019 by Vladimir '3APA3A' Dubrovin <vlad@3proxy.ru>
+(c) 2002-2025 by Vladimir '3APA3A' Dubrovin <vlad@3proxy.org>

cfg/3proxy.cfg.sample

@@ -2,7 +2,7 @@
 # Yes, 3proxy.cfg can be executable, in this case you should place
 # something like
 #config /usr/local/3proxy/3proxy.cfg
-# to show which configuration 3proxy should re-read on realod.
+# to show which configuration 3proxy should re-read on reload.
 
 #system "echo Hello world!"
 # you may use system to execute some external command if proxy starts
@@ -24,7 +24,7 @@ timeouts 1 5 30 60 180 1800 15 60
 # Here we can change timeout values
 
 users 3APA3A:CL:3apa3a "test:CR:$1$qwer$CHFTUFGqkjue9HyhcMHEe1"
-# note that "" required, overvise $... is treated as include file name.
+# note that "" required, otherwise $... is treated as include file name.
 # $1$qwer$CHFTUFGqkjue9HyhcMHEe1 is 'test' in MD5 crypt format.
 #users $/usr/local/etc/3proxy/passwd
 # this example shows you how to include passwd file. For included files
@@ -39,7 +39,7 @@ service
 
 #log /var/log/3proxy/log D
 log c:\3proxy\logs\3proxy.log D
-# log allows to specify log file location and rotation, D means logfile
+# log allows you to specify log file location and rotation, D means logfile
 # is created daily
 
 #logformat "L%d-%m-%Y %H:%M:%S %z %N.%p %E %U %C:%c %R:%r %O %I %h %T"
@@ -60,7 +60,7 @@ log c:\3proxy\logs\3proxy.log D
 #
 #Compatible with ISA 2000/2004 firewall FWSEXTD.log (fields are TAB-delimited):
 #
-#"-	+ L%C	%U	unnknown:0:0.0	N	%Y-%m-%d	%H:%M:%S	fwsrv	3PROXY	-	%n	%R	%r	%D	%O	%I	%r	TCP	Connect	-	-	-	%E	-	-	-	-	-"
+#"-	+ L%C	%U	unknown:0:0.0	N	%Y-%m-%d	%H:%M:%S	fwsrv	3PROXY	-	%n	%R	%r	%D	%O	%I	%r	TCP	Connect	-	-	-	%E	-	-	-	-	-"
 #
 #Compatible with HTTPD standard log (Apache and others)
 #
@@ -90,7 +90,7 @@ auth iponly
 # auth specifies type of user authentication. If you specify none proxy
 # will not do anything to check name of the user. If you specify
 # nbname proxy will send NetBIOS name request packet to UDP/137 of
-# client and parse request for NetBIOS name of messanger service.
+# client and parse request for NetBIOS name of messenger service.
 # Strong means that proxy will check password. For strong authentication
 # unknown user will not be allowed to use proxy regardless of ACL.
 # If you do not want username to be checked but wanna ACL to work you should
@@ -102,7 +102,7 @@ auth iponly
 #parent 1000 http 192.168.1.2 80 * * * 80
 #allow * 192.168.1.0/24 * 25,53,110,20-21,1024-65535
 # we will allow everything if username matches ADMINISTRATOR or root or
-# client ip is 127.0.0.1 or 192.168.1.1. Overwise we will redirect any request
+# client ip is 127.0.0.1 or 192.168.1.1. Otherwise we will redirect any request
 # to port 80 to our Web-server 192.168.0.2.
 # We will allow any outgoing connections from network 192.168.1.0/24 to
 # SMTP, POP3, FTP, DNS and unprivileged ports.
@@ -124,7 +124,7 @@ internal 192.168.1.1
 # have open proxy in your network in this case.
 
 auth none
-# no authentication is requires
+# no authentication is required
 
 dnspr
 
@@ -134,17 +134,9 @@ dnspr
 
 #external $./external.ip
 #internal $./internal.ip
-# this is just an alternative form fo giving external and internal address
+# this is just an alternative form for giving external and internal address
 # allows you to read this addresses from files
 
-auth strong
-# We want to protect internal interface
-deny * * 127.0.0.1,192.168.1.1
-# and llow HTTP and HTTPS traffic.
-allow * * * 80-88,8080-8088 HTTP
-allow * * * 443,8443 HTTPS
-proxy -n
-
 auth none
 # pop3p will be used without any authentication. It's bad choice
 # because it's possible to use pop3p to access any port
@@ -157,26 +149,16 @@ tcppm 25 mail.my.provider 25
 # Now we can use our proxy as SMTP and DNS server.
 # -s switch for UDP means "single packet" service - instead of setting
 # association for period of time association will only be set for 1 packet.
-# It's very userfull for services like DNS but not for some massive services
+# It's very useful for services like DNS but not for some massive services
 # like multimedia streams or online games.
 
-auth strong
-flush
-allow 3APA3A,test
-maxconn 20
-socks
-# for socks we will use password authentication and different access control -
-# we flush previously configured ACL list and create new one to allow users
-# test and 3APA3A to connect from any location
-
-
 auth strong
 flush
 internal 127.0.0.1
 allow 3APA3A 127.0.0.1
 maxconn 3
 admin
-#only allow acces to admin interface for user 3APA3A from 127.0.0.1 address
+#only allow access to admin interface for user 3APA3A from 127.0.0.1 address
 #via 127.0.0.1 address.
 
 # map external 80 and 443 ports to internal Web server
@@ -196,6 +178,24 @@ admin
 #chroot /usr/local/jail
 #setgid 65535
 #setuid 65535
-# now we needn't any root rights. We can chroot and setgid/setuid.
+# now we no longer need root rights. We can chroot and setgid/setuid.
+
+
+auth strong
+flush
+# We want to protect internal interface
+deny * * 127.0.0.1,192.168.1.1
+# and allow HTTP and HTTPS traffic.
+allow * * * 80-88,8080-8088 HTTP
+allow * * * 443,8443 HTTPS
+proxy -n
+
+flush
+allow 3APA3A,test
+maxconn 20
+socks
+# for socks we will use password authentication and different access control -
+# we flush previously configured ACL list and create new one to allow users
+# test and 3APA3A to connect from any location
 
 

cmake/FindODBC.cmake

@@ -0,0 +1,63 @@
+# FindODBC.cmake
+#
+# Find the ODBC library
+#
+# This module defines:
+#  ODBC_FOUND - whether the ODBC library was found
+#  ODBC_INCLUDE_DIRS - the ODBC include directories
+#  ODBC_LIBRARIES - the ODBC libraries
+
+# Try pkg-config first
+find_package(PkgConfig QUIET)
+if(PkgConfig_FOUND)
+    pkg_check_modules(PC_ODBC QUIET odbc)
+endif()
+
+# Find include directory
+find_path(ODBC_INCLUDE_DIR
+    NAMES sql.h
+    HINTS
+        ${PC_ODBC_INCLUDE_DIRS}
+        /usr/include
+        /usr/local/include
+)
+
+# Find library
+if(WIN32)
+    # On Windows, ODBC is typically available as odbc32
+    find_library(ODBC_LIBRARY
+        NAMES odbc32
+        HINTS
+            ${PC_ODBC_LIBRARY_DIRS}
+    )
+else()
+    # On Unix, look for odbc
+    find_library(ODBC_LIBRARY
+        NAMES odbc iodbc
+        HINTS
+            ${PC_ODBC_LIBRARY_DIRS}
+            /usr/lib
+            /usr/local/lib
+            /usr/lib/x86_64-linux-gnu
+    )
+endif()
+
+include(FindPackageHandleStandardArgs)
+find_package_handle_standard_args(ODBC
+    REQUIRED_VARS ODBC_LIBRARY ODBC_INCLUDE_DIR
+)
+
+if(ODBC_FOUND)
+    set(ODBC_LIBRARIES ${ODBC_LIBRARY})
+    set(ODBC_INCLUDE_DIRS ${ODBC_INCLUDE_DIR})
+
+    if(NOT TARGET ODBC::ODBC)
+        add_library(ODBC::ODBC UNKNOWN IMPORTED)
+        set_target_properties(ODBC::ODBC PROPERTIES
+            IMPORTED_LOCATION "${ODBC_LIBRARY}"
+            INTERFACE_INCLUDE_DIRECTORIES "${ODBC_INCLUDE_DIR}"
+        )
+    endif()
+endif()
+
+mark_as_advanced(ODBC_INCLUDE_DIR ODBC_LIBRARY)

cmake/FindPAM.cmake

@@ -0,0 +1,45 @@
+# FindPAM.cmake
+#
+# Find the PAM library
+#
+# This module defines:
+#  PAM_FOUND - whether the PAM library was found
+#  PAM_INCLUDE_DIRS - the PAM include directories
+#  PAM_LIBRARIES - the PAM libraries
+
+# Find include directory
+find_path(PAM_INCLUDE_DIR
+    NAMES security/pam_appl.h pam/pam_appl.h
+    HINTS
+        /usr/include
+        /usr/local/include
+)
+
+# Find library
+find_library(PAM_LIBRARY
+    NAMES pam
+    HINTS
+        /usr/lib
+        /usr/local/lib
+        /usr/lib/x86_64-linux-gnu
+)
+
+include(FindPackageHandleStandardArgs)
+find_package_handle_standard_args(PAM
+    REQUIRED_VARS PAM_LIBRARY PAM_INCLUDE_DIR
+)
+
+if(PAM_FOUND)
+    set(PAM_LIBRARIES ${PAM_LIBRARY})
+    set(PAM_INCLUDE_DIRS ${PAM_INCLUDE_DIR})
+
+    if(NOT TARGET PAM::PAM)
+        add_library(PAM::PAM UNKNOWN IMPORTED)
+        set_target_properties(PAM::PAM PROPERTIES
+            IMPORTED_LOCATION "${PAM_LIBRARY}"
+            INTERFACE_INCLUDE_DIRECTORIES "${PAM_INCLUDE_DIR}"
+        )
+    endif()
+endif()
+
+mark_as_advanced(PAM_INCLUDE_DIR PAM_LIBRARY)

cmake/FindPCRE2.cmake

@@ -0,0 +1,69 @@
+# FindPCRE2.cmake
+#
+# Find the PCRE2 library
+#
+# This module defines:
+#  PCRE2_FOUND - whether the PCRE2 library was found
+#  PCRE2_INCLUDE_DIRS - the PCRE2 include directories
+#  PCRE2_LIBRARIES - the PCRE2 libraries
+#  PCRE2_VERSION - the PCRE2 version
+
+# Try pkg-config first
+find_package(PkgConfig QUIET)
+if(PkgConfig_FOUND)
+    pkg_check_modules(PC_PCRE2 QUIET libpcre2-8)
+endif()
+
+# Find include directory
+find_path(PCRE2_INCLUDE_DIR
+    NAMES pcre2.h
+    HINTS
+        ${PC_PCRE2_INCLUDE_DIRS}
+        /usr/include
+        /usr/local/include
+    PATH_SUFFIXES
+        pcre2
+)
+
+# Find library
+find_library(PCRE2_LIBRARY
+    NAMES pcre2-8 pcre2-8d pcre2
+    HINTS
+        ${PC_PCRE2_LIBRARY_DIRS}
+        /usr/lib
+        /usr/local/lib
+)
+
+# Extract version from header
+if(PCRE2_INCLUDE_DIR AND EXISTS "${PCRE2_INCLUDE_DIR}/pcre2.h")
+    file(STRINGS "${PCRE2_INCLUDE_DIR}/pcre2.h" PCRE2_VERSION_MAJOR_LINE
+        REGEX "^#define[ \t]+PCRE2_MAJOR[ \t]+[0-9]+")
+    file(STRINGS "${PCRE2_INCLUDE_DIR}/pcre2.h" PCRE2_VERSION_MINOR_LINE
+        REGEX "^#define[ \t]+PCRE2_MINOR[ \t]+[0-9]+")
+    string(REGEX REPLACE "^#define[ \t]+PCRE2_MAJOR[ \t]+([0-9]+)" "\\1"
+        PCRE2_VERSION_MAJOR "${PCRE2_VERSION_MAJOR_LINE}")
+    string(REGEX REPLACE "^#define[ \t]+PCRE2_MINOR[ \t]+([0-9]+)" "\\1"
+        PCRE2_VERSION_MINOR "${PCRE2_VERSION_MINOR_LINE}")
+    set(PCRE2_VERSION "${PCRE2_VERSION_MAJOR}.${PCRE2_VERSION_MINOR}")
+endif()
+
+include(FindPackageHandleStandardArgs)
+find_package_handle_standard_args(PCRE2
+    REQUIRED_VARS PCRE2_LIBRARY PCRE2_INCLUDE_DIR
+    VERSION_VAR PCRE2_VERSION
+)
+
+if(PCRE2_FOUND)
+    set(PCRE2_LIBRARIES ${PCRE2_LIBRARY})
+    set(PCRE2_INCLUDE_DIRS ${PCRE2_INCLUDE_DIR})
+
+    if(NOT TARGET PCRE2::PCRE2)
+        add_library(PCRE2::PCRE2 UNKNOWN IMPORTED)
+        set_target_properties(PCRE2::PCRE2 PROPERTIES
+            IMPORTED_LOCATION "${PCRE2_LIBRARY}"
+            INTERFACE_INCLUDE_DIRECTORIES "${PCRE2_INCLUDE_DIR}"
+        )
+    endif()
+endif()
+
+mark_as_advanced(PCRE2_INCLUDE_DIR PCRE2_LIBRARY)

cmake/plugins.cmake

@@ -0,0 +1,52 @@
+#
+# 3proxy plugin definitions
+#
+# This file defines functions for building plugins
+#
+
+# Function to add a plugin with dependencies
+function(add_3proxy_plugin PLUGIN_NAME)
+    set(options "")
+    set(oneValueArgs "")
+    set(multiValueArgs SOURCES LIBRARIES INCLUDE_DIRS COMPILE_DEFINITIONS LINK_OPTIONS)
+
+    cmake_parse_arguments(PLUGIN "${options}" "${oneValueArgs}" "${multiValueArgs}" ${ARGN})
+
+    if(WIN32)
+        set(PLUGIN_SUFFIX ".dll")
+    else()
+        set(PLUGIN_SUFFIX ".ld.so")
+    endif()
+
+    add_library(${PLUGIN_NAME} SHARED ${PLUGIN_SOURCES})
+
+    set_target_properties(${PLUGIN_NAME} PROPERTIES
+        PREFIX ""
+        SUFFIX ${PLUGIN_SUFFIX}
+        LIBRARY_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/bin
+        RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/bin
+    )
+
+    # Always link with Threads
+    target_link_libraries(${PLUGIN_NAME} PRIVATE Threads::Threads)
+
+    if(PLUGIN_LIBRARIES)
+        target_link_libraries(${PLUGIN_NAME} PRIVATE ${PLUGIN_LIBRARIES})
+    endif()
+
+    if(PLUGIN_INCLUDE_DIRS)
+        target_include_directories(${PLUGIN_NAME} PRIVATE ${PLUGIN_INCLUDE_DIRS})
+    endif()
+
+    if(PLUGIN_COMPILE_DEFINITIONS)
+        target_compile_definitions(${PLUGIN_NAME} PRIVATE ${PLUGIN_COMPILE_DEFINITIONS})
+    endif()
+
+    if(PLUGIN_LINK_OPTIONS)
+        set_target_properties(${PLUGIN_NAME} PROPERTIES LINK_OPTIONS "${PLUGIN_LINK_OPTIONS}")
+    endif()
+
+    target_include_directories(${PLUGIN_NAME} PRIVATE
+        ${CMAKE_SOURCE_DIR}/src
+    )
+endfunction()

copying

@@ -1,8 +1,8 @@
 3proxy 0.9 Public License Agreement
 
-(c) 2000-2020 by 3APA3A (3APA3A@3proxy.ru)
-(c) 2000-2020 by 3proxy.org (https://3proxy.org/)
-(c) 2000-2020 by Vladimir Dubrovin (vlad@3proxy.ru)
+(c) 2000-2025 by 3APA3A (3APA3A@3proxy.ru)
+(c) 2000-2025 by 3proxy.org (https://3proxy.org/)
+(c) 2000-2025 by Vladimir Dubrovin (vlad@3proxy.org)
 
 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
@@ -38,20 +38,20 @@ terms of compatible license, including:
 1. Apache License, Version 2.0 or (at your option) any later version
    You may obtain a copy of the License at
 
-	http://www.apache.org/licenses/LICENSE-2.0
+	https://www.apache.org/licenses/LICENSE-2.0
 
 2. GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.
    You may obtain a copy of the License at
 
-	http://www.gnu.org/licenses/gpl.txt
+	https://www.gnu.org/licenses/gpl.txt
 
 3. GNU Lesser General Public License as published by the
    Free Software Foundation; either version 2.1 of the License, or
    (at your option) any later version.
    You may obtain a copy of the License at
 
-	http://www.gnu.org/licenses/lgpl.txt
+	https://www.gnu.org/licenses/lgpl.txt
 
 

debian/3proxy.manpages

@@ -1,10 +1,11 @@
 man/3proxy.8
-man/3proxy.cfg.3
-man/ftppr.8
-man/icqpr.8
-man/pop3p.8
-man/proxy.8
-man/smtpp.8
-man/socks.8
-man/tcppm.8
-man/udppm.8
+man/3proxy.cfg.5
+man/3proxy_ftppr.8
+man/3proxy_pop3p.8
+man/3proxy_tlspr.8
+man/3proxy_proxy.8
+man/3proxy_smtpp.8
+man/3proxy_socks.8
+man/3proxy_tcppm.8
+man/3proxy_udppm.8
+man/3proxy_crypt.8

debian/changelog

@@ -1,8 +1,20 @@
-3proxy (0.9.3-210629140419) buster; urgency=medium
- 
-  *3proxy 0.9.3 build
- 
- -- z3APA3A <3apa3a@3proxy.org>  Thu, 01 Jul 2021 19:48:44 +0300
+3proxy (0.9.6-1) buster; urgency=medium
+
+  *3proxy 0.9.6 initial build
+
+ -- z3APA3A <3apa3a@3proxy.org>  Sat, 11 Apr 2026 13:03:32 +0300
+
+3proxy (0.9.5-1) buster; urgency=medium
+
+  *3proxy 0.9.5 initial build
+
+ -- z3APA3A <3apa3a@3proxy.org>  Sun, 09 Mar 2025 15:55:48 +0300
+
+3proxy (0.9.4-1) buster; urgency=medium
+
+  *3proxy 0.9.4 initial build
+
+ -- z3APA3A <3apa3a@3proxy.org>  Fri, 02 Jul 2021 00:47:00 +0300
 
 3proxy (0.9.3-1) buster; urgency=medium
 

debian/conffiles

@@ -1,4 +0,0 @@
-/usr/local/3proxy/conf/3proxy.cfg
-/usr/local/3proxy/conf/add3proxyuser.sh
-/usr/local/3proxy/conf/bandlimiters
-/usr/local/3proxy/conf/counters

debian/copyright

@@ -4,17 +4,10 @@ Upstream-Contact: 3proxy@3proxy.org
 Source: https://3proxy.org/
 
 Files: *
-Copyright: 2000-2020 3APA3A, Vladimir Dubrovin, 3proxy.org
+Copyright: 2000-2026 Vladimir Dubrovin <vlad@3proxy.org>
 License: BSD-3-clause or Apache or GPL-2+ or LGPL-2+
 
-Files: src/libs/md*.*
-Copyright: 1990,1991,1992  RSA Data Security, Inc
-License: public-domain
+Files: src/libs/blake2*.*
+Copyright: 2012, Samuel Neves <sneves@dei.uc.pt>
+License: public-domain (CC0 1.0 Universal) or  OpenSSL license or Apache 2.0
 
-Files: src/libs/regex.*
-Copyright: Henry Spencer
-License: public-domain
-
-Files: src/libs/smbdes.c
-Copyright: Andrew Tridgell 1998
-License: GPL-2+

debian/postinst

@@ -1,10 +1,3 @@
-if [ ! -f /usr/local/3proxy/conf/passwd ]; then \
- touch /usr/local/3proxy/conf/passwd;\
-fi
-chown -R proxy:proxy /usr/local/3proxy
-chmod 550  /usr/local/3proxy/
-chmod 550  /usr/local/3proxy/conf/
-chmod 440  /usr/local/3proxy/conf/*
 if /bin/systemctl >/dev/null 2>&1; then \
  /usr/sbin/update-rc.d 3proxy disable || true; \
  /usr/sbin/chkconfig 3proxy off || true; \
@@ -19,8 +12,8 @@ fi
 echo ""
 echo 3proxy installed.
 if /bin/systemctl >/dev/null 2>&1; then \
- /bin/systemctl stop 3proxy.service \
- /bin/systemctl start 3proxy.service \
+ /bin/systemctl stop 3proxy.service ;\
+ /bin/systemctl start 3proxy.service ;\
  echo use ;\
  echo "  "systemctl start 3proxy.service ;\
  echo to start proxy ;\
@@ -34,10 +27,3 @@ elif [ -x /usr/sbin/service ]; then \
  echo "  "service 3proxy stop ;\
  echo to stop proxy ;\
 fi
-echo "  "/usr/local/3proxy/conf/add3proxyuser.sh
-echo to add users
-echo ""
-echo Default config uses Google\'s DNS.
-echo It\'s recommended to use provider supplied DNS or install local recursor, e.g. pdns-recursor.
-echo Configure preferred DNS in /usr/local/3proxy/conf/3proxy.cfg.
-echo run \'/usr/local/3proxy/conf/add3proxyuser.sh admin password\' to configure \'admin\' user

debian/rules

@@ -3,14 +3,8 @@
 %:
 	dh $@
 
-override_dh_auto_build:
-	ln -s Makefile.Linux Makefile || true
-	dh_auto_build
-
 override_dh_auto_clean:
 	find src/ -type f -name "*.o" -delete
 	find src/ -type f -name "Makefile.var" -delete
 	find bin/ -type f -executable -delete
-	rm -f Makefile
 
-override_dh_usrlocal:

doc/changelog/0/7/0

@@ -0,0 +1,26 @@
+
+3proxy 0.7
+
+This release is partially forced: while no new significant functions are
+added, 0.7 is code is much more stable and less buggy than 0.6. Since
+there is no new development for a long time, except few minor bugfixes,
+I decided to finally release 0.7. You may want it if you:
+
+    Use HTTP proxy
+    Use 3proxy under *BSD/Mac OS X/iPhone OS
+    Use plugins, specially traffic related ones, like PCRE.
+
+I have no time for active developement. There are interesting features
+in nearly ready state, e.g. SSL support / SSL decryption via
+certificates spoofing, NAT support and SSL auto-detection. You can step
+into development, if you are interested.
+
+There are some configuration changes:
+
+    auth iponly is now default (because most misconfigurations were
+    because of default auth none)
+    maxconn is now 500 by default (because WebKit browsers ignore
+    standards and create a lot of connections even if proxy is configured)
+    NTLM is disabled by default (-n options, -n1 to enable) because
+    NTLMv1 is disabled by default in Windows since Vista and there is no
+    NTLMv2 library with compatible license. Report me, if any.

doc/changelog/0/7/1

@@ -0,0 +1,35 @@
+3proxy-0.7.1.4
+
+!! Fix transparent flag not reset after keep-alive connection, can lead to
+
+
+3proxy-0.7.1.3
+
+! traffic displayed incorrectly
+! archiver doesn't add suffix if logname contains macro
+! fix potential race condition on configuration reload
+! fix FTP over HTTP authentication
+
+
+3proxy-0.7.1.2
+
+! Request / header size limitation relaxed for HTTP proxy
+
+
+3proxy 0.7.1.1
+
+! Linux compilation issues resolved
+
+
+3proxy 0.7.1
+
+Minor improvements and bugfixes:
+
++ Windows icons added
++ Warnings added for most common misconfigurations
++ ftppr NLSD command supported
+! Ignore NTLM handshake if NTLM is not enabled
+!! memcpy replaced with memmove for overlapped region
+! better EINTR handling on *nix
+! FTP proxy debugging output removed (introduced in 0.7), binding for data connection corrected
+! memory leak fixed in ldapauth plugin

doc/changelog/0/8/0

@@ -0,0 +1,9 @@
++ IPv6 support
++ back connect support
++ name resolution over TCP, parent proxy support for dnspr
++ SSLPlugin for TLS/SSL traffic decryption
+! multiple race conditions fixed
+! reduced memory usage
+! Generate Forwarded: header instead of X-Forwarded-For:
+! Default name resolution is non-blocking in *nix
+! multiple race conditions fixed on configuration reload

doc/changelog/0/8/1

@@ -0,0 +1 @@
+!!Fix: destination IP may be not checked against ACL

doc/changelog/0/8/10

@@ -0,0 +1,2 @@
+! Fix: parent proxy can be used in some cases where it shouldn't
+! Fix: bandlimiters may not work for older connections on configuration reload

doc/changelog/0/8/11

@@ -0,0 +1,9 @@
+Minor bugfixes / improvements:
+! Fixed: deadlock on insufficient resources
+! Fixed: race condition in ssl_plugin
+! Fixed: minor memory leak on configuration reload
+! Fixed: recursion detection was not working
+! Fixed: %n for IPv6 in logging terminates log record
+! Fixed: reverse PTR validation (required for dnsauth)
+! Fixed: error on external 0.0.0.0 for NOIPV6 (light version)
++ Better support for IPv6 in ftppr

doc/changelog/0/8/12

@@ -0,0 +1,5 @@
+Bugfixes:
+! Fixed hostname support in SOCKSv5 UDP portmapping
+! -fno-strict-aliasing added to gcc options (compiling without this option can lead to unpredictable issues under Debian with gcc 6 and potentially others)
+! Fixed LDAP plugin compilation issues (LDAP plugin is still listed as unsupported though)
+and some minor fixes and improvements.

doc/changelog/0/8/13

@@ -0,0 +1,3 @@
+Bugfixes:
+!! Fixed out-of-bound write and few minor bugs on configuration saving in admin
+! fixed: $ is not correctly handled in the beginning of quoted line on configuration parsing

doc/changelog/0/8/2

@@ -0,0 +1,3 @@
+!! Fix transparent flag not reset after keep-alive connection, can lead to DoS by authenticated user.
+! Do not use SO_REUSEADDR by default (leads to random 00013 errors under some glibc versions)
+! Use SASIZE() instead of sizeof() in bind() for FreeBSD compatibility

doc/changelog/0/8/3

@@ -0,0 +1 @@
+! fixed: use SASIZE() instead of sizeof() in connect() for FreeBSD compatibility

doc/changelog/0/8/4

@@ -0,0 +1,5 @@
++ Build PamPlugin on *nix
++ stacksize and -S options, stacksize defaults changed for FreeBSD
++ extip redirection type added
+! SSL plugin fix to correct handling of certificates path
+! fixed random errors on IPv6 connect

doc/changelog/0/8/5

@@ -0,0 +1 @@
+!Fix: mutex was used prior to initialization on 'log' command processing

doc/changelog/0/8/6

@@ -0,0 +1 @@
+! Fix: random 00012 errors in some configurations

doc/changelog/0/8/7

@@ -0,0 +1,15 @@
+! Fix 'daemon' command for Linux
+! Fix 'extip' redirections 00009 errors
+! Fix counters for older Win platforms
+! Resolve logging race conditions
+! attempt to fix pam_auth race conditions
+! FTP proxy workaround for broken gethostname() on some libc limplementations
+! authcache IP matching corrected
+! fix SOCKSv5 BIND/UDP ASSOC
+! use setreuid/setregid instead of setuid / setgid
+
++ OpenWatcom makefiles for Windows
++ -u2 support for proxy
++ support %i in logformat
++ force/noforce configuration commands to disconnect / do not disconnect clients if nolonger match ACL after configuration change
++ support longer external passwords

doc/changelog/0/8/8

@@ -0,0 +1,3 @@
+!! Fix resolver for non-compressed reply parsing (on mixed-case sensitive resolvers)
+! Fix plugins export on OpenWatcom compiler (light version)
+! Fix SOCKSv5

doc/changelog/0/8/9

@@ -0,0 +1 @@
+! Fix: tcppm may fail if used with parent proxy

doc/changelog/0/9/0

@@ -0,0 +1,6 @@
++ Socket options, interface binding
++ Connection limiting / connection rate limiting
++ RADIUS support (beta)
++ Zero copy (splice) support for Linux
++ Possibility to limit user to single IP (via authentication cache)
+! bugfixes, improvements

doc/changelog/0/9/1

@@ -0,0 +1,8 @@
+Bugfixes:
+! Fixed: socket may be closed before all data received/sent
+! Fixed: bandlimin non-working
+! Fixed: countall/nocountall
+! Fixed: few race conditions
+
+Improvements:
++ deb/rpm build, systemd support (experimental)

doc/changelog/0/9/2

@@ -0,0 +1,9 @@
+Bugfixes:
+! Fixed: bandwidth limiters (once again)
+! Fixed: data filtering plugins (PCREPlugin, SSLPlugin). SSLPlugin use on Linux requires to disable splice (-s0)
+! FIxed: standalone proxies do not react on HUP (Ctrl+C) in Linux/Unix
+! Fixed: few minor bugs
+
+Improvements:
++ deb for arm platforms (experimental)
++ Openssl 1.1 support for SSLPlugin

doc/changelog/0/9/3

@@ -0,0 +1,11 @@
+Bugfixes:
+! Fixed: systemd description file (proxy may fail to start after reboot or via systemctl)
+! Fixed: group/account creation in installation scripts
+! Fixed: countall/nocounall do not work in some configurations
+! Fixed: counters do not work if counter file is not specified
+! Fixed: counters without rotation (type N) are incorrectly shown in web admin interface
+! Fixed: %n may be incomplete or missed in long log records
+! Fixed: connect back functionality does not work
+
+Improvements:
++ Docker builds

doc/changelog/0/9/4

@@ -0,0 +1,4 @@
+! Fix: invalid handling of '-' character in ACL hostname
+! Fix: minor bugfixes and improvements
++ parentretry command added (defaults to 2) to retry connections to parent proxies
+- icqpr related code (OSCAR proxy) removed, due to drop of OSCAR support by messengers

doc/changelog/0/9/5

@@ -0,0 +1,7 @@
+!! Security fix: proxy can potentially crash on on some platforms due to overlapping regions in strcpy() (thanks to @lenix123 for reporting)
++ new proxy service type: `tlspr` - SNI proxy, may also be used as parent `tls` type, sniffs hostname from TLS handhake, read more in https://github.com/3proxy/3proxy/wiki/tlspr https://github.com/3proxy/3proxy/wiki/How-To-(incomplete)#TLSPR
++ new proxy service type: `auto` - autodetect proxy type between `proxy` and `socks`
++ SSLPlugin is rewritten, production-ready, supports TLS (SSL) server (may be used to create https:// type proxy), certificates checks and cypher options, see https://github.com/3proxy/3proxy/wiki/SSLPlugin
++ -g option is added for grace delay to reduce CPU load, see https://github.com/3proxy/3proxy/wiki/High-Load
+! Multiple minor bugfixes
+! More supported sockets options

doc/changelog/0/9/6

@@ -0,0 +1,9 @@
++ ssl_client and multiple configuration options added to SSLPlugin, SSLPlugin code significantly improved and bugfixed. See https://github.com/3proxy/3proxy/wiki/SSLPlugin. 3proxy can now be used as stunnel replacement for many scenarios.
++ HAProxy proxy protocol v1 support as client and server, add -H option for service to expect HA proxy v1 protocol header, use ha parent type: parent 1000 ha 0.0.0.0 0 to send v1 header.
++ tlspr is supported in auto
++ tlspr supports -s option, it breaks HELLO packet to prevent some DPIs from detecting SNI
++ maxseg configuration option and TCP_MAXSEG socket flag support added. It sets maximum size of TCP segment to fix PathMTU discovery problems
++ -Ne / -Ni options added to specify external / internal NAT address for SOCKSv5
++ cmake environment added
+! External pcre2 (pcre2-8) library is used for PCRE, pcre code is removed from 3proxy
+! Multiple minor bugfixes

doc/html/faqe.html

@@ -1,2 +1,2 @@
 
-<H2><A href="hotoe.html">See HowTo:</a></H2>
+<H2><A href="howtoe.html">See HowTo:</a></H2>

doc/html/faqr.html

@@ -1,2 +1,2 @@
 
-<H2><A href="hotoe.html">См. HowTo</a></H2>
+<H2><A href="howtoe.html">См. HowTo</a></H2>

doc/html/highload.html

@@ -1,12 +1,12 @@
-<h3>Optimizing 3proxy for high load</h3>
-<p>Precaution 1: 3proxy was not initially developed for high load and is positioned as a SOHO product, the main reason is "one connection - one thread" model 3proxy uses. 3proxy is known to work with above 200,000 connections under proper configuration, but use it in production environment under high loads at your own risk and do not expect too much.
-<p>Precaution 2: This documentation is incomplete and is not sufficient. High loads may require very specific system tuning including, but not limited to specific or cusomized kernels, builds, settings, sysctls, options, etc. All this is not covered by this documentation.
+<h3>Optimizing 3proxy for High Load</h3>
+<p>Precaution 1: 3proxy was not initially developed for high load and is positioned as a SOHO product. The main reason is the "one connection - one thread" model 3proxy uses. 3proxy is known to work with over 200,000 connections under proper configuration, but use it in a production environment under high loads at your own risk and do not expect too much.
+<p>Precaution 2: This documentation is incomplete and insufficient. High loads may require very specific system tuning including, but not limited to, specific or customized kernels, builds, settings, sysctls, options, etc. All of this is not covered by this documentation.
 
 <h4>Configuring 'maxconn'</h4>
 
-A number of simulatineous connections per service is limited by 'maxconn' option.
-Default maxconn value since 3proxy 0.8 is 500. You may want to set 'maxconn'
-to higher value. Under this configuration:
+The number of simultaneous connections per service is limited by the 'maxconn' option.
+The default maxconn value since 3proxy 0.8 is 500. You may want to set 'maxconn'
+to a higher value. Under this configuration:
 <pre>
 maxconn 1000
 proxy -p3129
@@ -14,53 +14,53 @@ proxy -p3128
 socks
 </pre>
 maxconn for every service is 1000, and there are 3 services running
-(2 proxy and 1 socks), so, for all services there can be up to 3000
-simulatineous connections to 3proxy.
-<p>Avoid setting 'maxconn' to arbitrary high value, it should be carefully
-choosen to protect system and proxy from resources exhaution. Setting maxconn
-above resources available can lead to denial of service conditions.
-<h4>Understanding resources requirements</h4>
-Each running service require:
+(2 proxy and 1 socks), so for all services there can be up to 3000
+simultaneous connections to 3proxy.
+<p>Avoid setting 'maxconn' to an arbitrarily high value; it should be carefully
+chosen to protect the system and proxy from resource exhaustion. Setting maxconn
+above available resources can lead to denial of service conditions.
+<h4>Understanding Resource Requirements</h4>
+Each running service requires:
 <ul>
-<li>1*thread (process)
-<li>1*socket (file descriptor)
+<li>1 thread (process)
+<li>1 socket (file descriptor)
 <li>1 stack memory segment + some heap memory, ~64K-128K depending on the system
 </ul>
-Each connected client require:
+Each connected client requires:
 <ul>
-<li>1*thread (process)
-<li>2*socket (file descriptor). For FTP 4 sockets are required. 
-<br>Under linux since 0.9 splice() is used. It's much more effective, but requires
-<br>2*socket (file descriptor) + 2*pipe (file descriptors) = 4 file descriptors.
-<br>For FTP 4 sockets and 2 pipes are required with splice().
-<br>Up to 128K (up to 256K in the case of splice()) of kernel buffers memory. This is theoretical maximum, actual numbers depend on connection quality and traffic amount.
+<li>1 thread (process)
+<li>2 sockets (file descriptors). For FTP, 4 sockets are required.
+<br>Under Linux since 0.9, splice() is used. It's much more efficient but requires
+<br>2 sockets (file descriptors) + 2 pipes (file descriptors) = 4 file descriptors.
+<br>For FTP with splice(), 4 sockets and 2 pipes are required.
+<br>Up to 128K (up to 256K in the case of splice()) of kernel buffer memory. This is the theoretical maximum; actual numbers depend on connection quality and traffic amount.
 <br>1 additional socket (file descriptor) during name resolution for non-cached names
 <br>1 additional socket during authentication or logging for RADIUS authentication or logging.
-<li>1*ephemeral port (3*ephemeral ports for FTP connection).
-<li>1 stack memory segment of ~32K-128K depending on the system + at least 16K and up to few MB (for 'proxy' and 'ftppr') of heap memory. If you are short of memory, prefer 'socks' to 'proxy' and 'ftppr'.
-<li>a lot of system buffers, specially in the case of slow network connections.
+<li>1 ephemeral port (3 ephemeral ports for FTP connections).
+<li>1 stack memory segment of ~32K-128K depending on the system + at least 16K and up to a few MB (for 'proxy' and 'ftppr') of heap memory. If you are short on memory, prefer 'socks' over 'proxy' and 'ftppr'.
+<li>Many system buffers, especially in the case of slow network connections.
 </ul>
 Also, additional resources like system buffers are required for network activity.
 
 <h4>Setting ulimits</h4>
 
 Hard and soft ulimits must be set above calculated requirements. Under Linux, you can
-check limits of running process with
+check the limits of a running process with
 <pre>
 cat /proc/PID/limits
 </pre>
-where PID is a pid of the process. 
-Validate ulimits match your expectation, especially if you run 3proxy under dedicated account
-by adding e.g.
+where PID is the process ID.
+Validate that ulimits match your expectations, especially if you run 3proxy under a dedicated account
+by adding, e.g.:
 <pre>
 system "ulimit -Ha >>/tmp/3proxy.ulim.hard"
 system "ulimit -Sa >>/tmp/3proxy.ulim.soft"
 </pre>
-in the beginning (before first service started) and the end of config file.
-Make both hard restart (that is kill and start 3proxy process) and soft restart
-by sending SIGUSR1 to 3proxy process, check ulimits recorded to files match your
-expecation. In systemd based distros (e.g. latest Debian / Ubuntu) changing limits.conf
-is not enough, limits must be ajusted in systemd configuration, e.g. by setting
+at the beginning (before the first service is started) and at the end of the config file.
+Perform both a hard restart (i.e., kill and start the 3proxy process) and a soft restart
+by sending SIGUSR1 to the 3proxy process; check that the ulimits recorded to files match your
+expectations. In systemd-based distros (e.g., latest Debian/Ubuntu), changing limits.conf
+is not enough; limits must be adjusted in the systemd configuration, e.g., by setting:
 <pre>
 DefaultLimitDATA=infinity
 DefaultLimitSTACK=infinity
@@ -73,51 +73,51 @@ DefaultLimitMEMLOCK=infinity
 </pre>
 in user.conf / system.conf
 
-<h4>Extending system limitation</h4>
+<h4>Extending System Limitations</h4>
 
-Check manuals / documentation for your system limitations e.g. system-wide limit for number of open files
+Check the manuals/documentation for your system's limitations, e.g., the system-wide limit for the number of open files
 (fs.file-max in Linux). You may need to change sysctls or even rebuild the kernel from source.
 <p>
-To help with socket-based system-dependant settings, since 0.9-devel 3proxy supports different
-socket options which can be set via -ol option for listening socket, -oc for proxy-to-client
-socket and -os for proxy-to-server socket. Example:
+To help with socket-based system-dependent settings, since 0.9-devel, 3proxy supports different
+socket options which can be set via the -ol option for the listening socket, -oc for the proxy-to-client
+socket, and -os for the proxy-to-server socket. Example:
 <pre>
 proxy -olSO_REUSEADDR,SO_REUSEPORT -ocTCP_TIMESTAMPS,TCP_NODELAY -osTCP_NODELAY
 </pre>
-available options are system dependant.
+Available options are system-dependent.
 
-<h4>Using 3proxy in virtual environment</h4>
+<h4>Using 3proxy in a Virtual Environment</h4>
 
-If 3proxy is used in VPS environment, there can be additional limitations. 
-For example, kernel resources / system CPU usage / IOCTLs can be limited in a different way, and this can become a bottleneck. 
-Since 0.9 devel, 3proxy uses splice() by default on Linux, splice() prevents network traffic from being copied from
-kernel space to 3proxy process and generally increases throughput, epecially in the case of high volume traffic. It especially
-true for virtual environment (it can improve thoughput up to 10 times) unless there are additional kernel limitations.
-Since some work is moved to kernel, it requires up to 2 times more kernel resources in terms of CPU, memory and IOCTLs.
-If your hosting additionally limits kernel resources (you can see it as nearly 100% CPU usage without any real CPU activity for
-any application which performs IOCTLS), use -s0 option to disable splice() usage for given service e.g.
-<pre> 
+If 3proxy is used in a VPS environment, there can be additional limitations.
+For example, kernel resources, system CPU usage, and IOCTLs can be limited differently, and this can become a bottleneck.
+Since 0.9-devel, 3proxy uses splice() by default on Linux. splice() prevents network traffic from being copied from
+kernel space to the 3proxy process and generally increases throughput, especially in the case of high-volume traffic. This is especially
+true for virtual environments (it can improve throughput up to 10 times) unless there are additional kernel limitations.
+Since some work is moved to the kernel, it requires up to 2 times more kernel resources in terms of CPU, memory, and IOCTLs.
+If your hosting additionally limits kernel resources (you can see this as nearly 100% CPU usage without any real CPU activity for
+any application performing IOCTLs), use the -s0 option to disable splice() usage for a given service, e.g.:
+<pre>
 socks -s0
 </pre>
 
-<h4>Extending ephemeral port range</h4>
+<h4>Extending the Ephemeral Port Range</h4>
 
-Check ephemeral port range for your system and extend it to the number of the
+Check the ephemeral port range for your system and extend it to the number of
 ports required.
-Ephimeral range is always limited to maximum number of ports (64K). To extend the
-number of outgoing connections above this limit, extending ephemeral port range
-is not enough, you need additional actions:
+The ephemeral range is always limited to the maximum number of ports (64K). To extend the
+number of outgoing connections above this limit, extending the ephemeral port range
+is not enough; you need additional actions:
 <ol>
 <li> Configure multiple outgoing IPs
-<li> Make sure 3proxy is configured to use different outgoing IP by either setting
-external IP via RADIUS
+<li> Make sure 3proxy is configured to use a different outgoing IP by either setting
+the external IP via RADIUS:
 <pre>
 radius secret 1.2.3.4
 auth radius
 proxy
 </pre>
 or by using multiple services with different external
-interfaces, example:
+interfaces, for example:
 <pre>
 allow user1,user11,user111
 proxy -p1111 -e1.1.1.1
@@ -133,7 +133,7 @@ proxy -p4444 -e4.4.4.4
 flush
 </pre>
 or via "parent extip" rotation,
-e.g.
+e.g.:
 <pre>
 allow user1,user11,user111
 parent 1000 extip 1.1.1.1 0
@@ -156,8 +156,8 @@ socks
 </pre>
 <pre>
 </pre>
-Under latest Linux version you can also start multiple services with different
-external addresses on the single port with SO_REUSEPORT on listening socket to
+Under the latest Linux versions, you can also start multiple services with different
+external addresses on a single port with SO_REUSEPORT on the listening socket to
 evenly distribute incoming connections between outgoing interfaces:
 <pre>
 socks -olSO_REUSEPORT -p3128 -e 1.1.1.1
@@ -165,123 +165,136 @@ socks -olSO_REUSEPORT -p3128 -e 2.2.2.2
 socks -olSO_REUSEPORT -p3128 -e 3.3.3.3
 socks -olSO_REUSEPORT -p3128 -e 4.4.4.4
 </pre>
-for Web browsing last two examples are not recommended, because same client can get
-different external address for different requests, you should choose external
+For web browsing, the last two examples are not recommended because the same client can get
+a different external address for different requests; you should choose the external
 interface with user-based rules instead.
-<li> You may need additional system dependant actions to use same port on different IPs,
-usually by adding SO_REUSEADDR (SO_PORT_SCALABILITY for Windows) socket option to
-external socket. This option can be set (since 0.9 devel) with -os option:
+<li> You may need additional system-dependent actions to use the same port on different IPs,
+usually by adding the SO_REUSEADDR (SO_PORT_SCALABILITY for Windows) socket option to
+the external socket. This option can be set (since 0.9-devel) with the -os option:
 <pre>
 proxy -p3128 -e1.2.3.4 -osSO_REUSEADDR
 </pre>
-Behavior for SO_REUSEADDR and SO_REUSEPORT is different between different system,
-even between different kernel versions and can lead to unexpected results.
-Specifics is described <a href="https://stackoverflow.com/questions/14388706/socket-options-so-reuseaddr-and-so-reuseport-how-do-they-differ-do-they-mean-t">here</a>.
-Use this options only if actually required and if you fully understand possible
-consiquences. E.g. SO_REUSEPORT can help to establish more connections than the
-number of the client port available, but it can also lead to situation connections
-are randomely fail due to ip+port pairs collision if remote or local system 
+The behavior for SO_REUSEADDR and SO_REUSEPORT is different between different systems,
+even between different kernel versions, and can lead to unexpected results.
+The specifics are described <a href="https://stackoverflow.com/questions/14388706/socket-options-so-reuseaddr-and-so-reuseport-how-do-they-differ-do-they-mean-t">here</a>.
+Use these options only if actually required and if you fully understand the possible
+consequences. For example, SO_REUSEPORT can help establish more connections than the
+number of client ports available, but it can also lead to situations where connections
+randomly fail due to IP+port pair collisions if the remote or local system
 doesn't support this trick.
 </ol>
 
-<h4>Setting stacksize</h4>
+<h4>Setting Stack Size</h4>
 
 'stacksize' is a size added to all stack allocations and can be both positive and
-negative. Stack is required in functions call. 3proxy itself doesn't require large
+negative. Stack is required for function calls. 3proxy itself doesn't require a large
 stack, but it can be required if some
-purely-written libc, 3rd party libraries or system functions called. There is known\
+poorly written libc, 3rd party libraries, or system functions are called. There is known
 dirty code in Unix ODBC
-implementations, build-in DNS resolvers, especially in the case of IPv6 and large
-number of interfaces. Under most 64-bit system extending stacksize will lead
-to additional memory space usage, but do not require actual commited memory,
-so you can inrease stacksize to relatively large value (e.g. 1024000) without
-the need to add additional phisical memory,
-but it's system/libc dependant and requires additional testing under your
-installation. Don't forget about memory related ulimts.
-<p>For 32-bit systems address space can be a bottlneck you should consider. If
-you're short of address space you can try to use negative stack size.
+implementations and built-in DNS resolvers, especially in the case of IPv6 and a large
+number of interfaces. Under most 64-bit systems, extending stacksize will lead
+to additional memory space usage but does not require actual committed memory,
+so you can increase stacksize to a relatively large value (e.g., 1024000) without
+the need to add additional physical memory,
+but it's system/libc dependent and requires additional testing under your
+installation. Don't forget about memory-related ulimits.
+<p>For 32-bit systems, address space can be a bottleneck you should consider. If
+you're short on address space, you can try using a negative stack size.
 
-<h4>Known system issues</h4>
+<h4>Known System Issues</h4>
 
-There are known race condition issues in Linux / glibc resolver. The probability
-of race condition arises under configuration with IPv6, large number of interfaces
-or IP addresses or resolvers configured. In this case, install local recursor and
-use 3proxy built-in resolver (nserver / nscache / nscache6).
-<h4>Do not use public resolvers</h4>
-Public resolvers like ones from Google have ratelimits. For large number of
-requests install local caching recursor (ISC bind named, PowerDNS recursor, etc).
+There are known race condition issues in the Linux/glibc resolver. The probability
+of a race condition arises under configuration with IPv6, a large number of interfaces
+or IP addresses, or with resolvers configured. In this case, install a local recursor and
+use 3proxy's built-in resolver (nserver / nscache / nscache6).
+<h4>Do Not Use Public Resolvers</h4>
+Public resolvers like those from Google have rate limits. For a large number of
+requests, install a local caching recursor (ISC bind named, PowerDNS recursor, etc).
 
-<h4>Avoid large lists</h4>
+<h4>Avoid Large Lists</h4>
 
 Currently, 3proxy is not optimized to use large ACLs, user lists, etc. All lists
-are processed lineary. In devel version you can use RADIUS authentication to avoid
-user lists and ACLs in 3proxy itself. Also, RADIUS allows to easily set outgoing IP
-on per-user basis or more sophisicated logics.
-RADIUS is a new beta feature, test it before using in production.
+are processed linearly. In the devel version, you can use RADIUS authentication to avoid
+user lists and ACLs in 3proxy itself. Also, RADIUS allows you to easily set an outgoing IP
+on a per-user basis or implement more sophisticated logic.
+RADIUS is a new beta feature; test it before using it in production.
 
-<h4>Avoid changing configuration too often</h4>
+<h4>Avoid Changing Configuration Too Often</h4>
 
-Every configuration reload requires additional resources. Do not do frequent
-changes, like users addition/deletaion via connfiguration, use alternative
+Every configuration reload requires additional resources. Do not make frequent
+changes, such as user addition/deletion via configuration; use alternative
 authentication methods instead, like RADIUS.
 
-<h4>Consider using 'noforce'</h4>
+<h4>Consider Using 'noforce'</h4>
 
-'force' behaviour (default) re-authenticates all connections after
-configuration reload, it may be resource consuming on large number of
-connections. Consider adding 'noforce' command before services started
-to prevent connections reauthentication.
+The 'force' behavior (default) re-authenticates all connections after
+configuration reload; it may be resource-consuming with a large number of
+connections. Consider adding the 'noforce' command before services are started
+to prevent connection re-authentication.
 
-<h4>Do not monitor configuration files directly</h4>
+<h4>Do Not Monitor Configuration Files Directly</h4>
 
-Using configuration file directly in 'monitor' can lead to race condition where
-configuration is reloaded while file is being written.
+Using a configuration file directly in 'monitor' can lead to a race condition where
+the configuration is reloaded while the file is being written.
 To avoid race conditions:
 <ol>
 <li> Update config files only if there is no lock file
-<li> Create lock file then 3proxy configuration is updated, e.g. with
+<li> Create a lock file when the 3proxy configuration is updated, e.g., with
 "touch /some/path/3proxy/3proxy.lck". If you generate config files
-asynchronously, e.g. by user's request via web, you should consider
-implementing existance checking and file creation as atomic operation.
-<li>add
+asynchronously, e.g., by a user's request via web, you should consider
+implementing existence checking and file creation as an atomic operation.
+<li> Add
 <pre>
 system "rm /some/path/3proxy/3proxy.lck"
 </pre>
-at the end of config file to remove it after configuration is successfully loaded
-<li> Use a dedicated version file to monitor, e.g.
+at the end of the config file to remove it after the configuration is successfully loaded
+<li> Use a dedicated version file to monitor, e.g.:
 <pre>
 monitor "/some/path/3proxy/3proxy.ver"
 </pre>
-<li> After config is updated, change version file for 3proxy to reload configuration,
-e.g. with "touch /some/path/3proxy/3proxy.ver".
+<li> After the config is updated, change the version file for 3proxy to reload the configuration,
+e.g., with "touch /some/path/3proxy/3proxy.ver".
 </ol>
 
-<h4>Use TCP_NODELAY to speed-up connections with small amount of data</h4>
+<h4>Use TCP_NODELAY to Speed Up Connections with Small Amounts of Data</h4>
 
-If most requests require exchange with a small amount of data in a both ways
-without the need for bandwidth, e.g. messengers or small web request,
-you can eliminate Nagle's algorithm delay with TCP_NODELAY flag. Usage example:
+If most requests require an exchange with a small amount of data in both directions
+without the need for bandwidth, e.g., messengers or small web requests,
+you can eliminate Nagle's algorithm delay with the TCP_NODELAY flag. Usage example:
 <pre>
 proxy -osTCP_NODELAY -ocTCP_NODELAY
 </pre>
 sets TCP_NODELAY for client (oc) and server (os) connections.
-<p>Do not use TCP_NODELAY on slow connections with high delays and then
+<p>Do not use TCP_NODELAY on slow connections with high delays when
 connection bandwidth is a bottleneck.
 
-<h4>Use splice to speedup large data amount transfers</h4>
+<h4>Use Splice to Speed Up Large Data Amount Transfers</h4>
 
-splice() allows to copy data between connections without copying to process
-addres space. It can speedup proxy on high bandwidth connections, if most
+splice() allows copying data between connections without copying to the process
+address space. It can speed up the proxy on high-bandwidth connections if most
 connections require large data transfers. Splice is enabled by default on Linux
-since 0.9, "-s0" disables splice usage. Example:
+since 0.9; "-s0" disables splice usage. Example:
 <pre>
 proxy -s0
 </pre>
-Splice is only available on Linux. Splice requires more system buffers and file descriptors,
+Splice is only available on Linux. Splice requires more system buffers and file descriptors
 and produces more IOCTLs but reduces process memory and overall CPU usage.
-Disable splice if there is a lot of short-living connections with no bandwidth
+Disable splice if there are a lot of short-lived connections with no bandwidth
 requirements.
-<p>Use splice only on high-speed connections (e.g. 10GBE), if processor, memory speed or
+<p>Use splice only on high-speed connections (e.g., 10GbE) when the processor, memory speed, or
 system bus are bottlenecks.
-<p>TCP_NODELAY and splice are not contrary to each over and should be combined on
+<p>TCP_NODELAY and splice are not contrary to each other and should be combined on
 high-speed connections.
+
+<h4>Add Grace Delay to Reduce System Calls</h4>
+
+<pre>proxy -g8000,3,10</pre>
+The first parameter is the average read size we want to keep, the second parameter is
+the minimal number of packets in the same direction to apply the algorithm,
+and the last value is the delay added after polling and prior to reading data.
+The example above adds a 10-millisecond delay before reading data if the average
+polling size is below 8000 bytes and 3 read operations have been made in the same
+direction. It's especially useful with splice. <pre>logdump 1 1</pre> is useful
+to see how grace delays work; choose a delay value to avoid filling the read
+pipe/buffer (typically 64K) but keep the request sizes close to the chosen average
+on large file uploads/downloads.

doc/html/howtor.html

@@ -5,16 +5,15 @@
   <li><a href="#COMPILE">Компиляция</a>
   <ul>
     <li><a href="#MSVC">Как скомпилировать 3proxy Visual C++</a>
-    <li><a href="#INTL">Как скомпилировать 3proxy Intel C Compiler под Windows</a>
-    <li><a href="#GCCWIN">Как скомпилировать 3proxy GCC под Windows</a>
+    <li><a href="#CMAKE">Как скомпилировать 3proxy с помощью CMake</a>
     <li><a href="#GCCUNIX">Как скомпилировать 3proxy GCC под Unix/Linux</a>
-    <li><a href="#CCCUNIX">Как скомпилировать 3proxy Compaq C Compiler под Unix/Linux</a>
   </ul>
   <li><a href="#INSTALL">Установка и удаление 3proxy</a>
   <ul>
-    <li><a href="#INSTNT">Как установить/удалить 3proxy под Windows 95/98/ME/NT/2000/XP как службу</a>
-    <li><a href="#INST95">Как установить/удалить 3proxy под Windows 95/98/ME</a>
+    <li><a href="#INSTNT">Как установить/удалить 3proxy под Windows NT/2000/XP/2003 как службу</a>
     <li><a href="#INSTUNIX">Как установить/удалить 3proxy под Unix/Linux</a>
+    <li><a href="#INSTMACOS">Как установить/удалить 3proxy под macOS</a>
+    <li><a href="#INSTDOCKER">Как использовать 3proxy с Docker</a>
   </ul>
   <li><a href="#SERVER">Конфигурация сервера</a>
   <ul>
@@ -33,6 +32,10 @@
     <li><a href="#BIND">Как повесить службу на определенный интерфейс или порт</a>
     <li><a href="#NAMES">Как разрешать имена на родительском прокси?</a></li>
     <li><a href="#ISFTP">Как настроить FTP прокси?</a></li>
+    <li><a href="#TLSPR">Как настроить SNI proxy (tlspr)</a></li>
+    <li><a href="#SSLPLUGIN">Как настроить TLS/SSL (https прокси, mTLS)</a></li>
+    <li><a href="#CERTIFICATES">Как создать CA и сертификаты для SSL</a></li>
+    <li><a href="#PCRE">Как использовать PCRE-фильтрацию (регулярные выражения)</a></li>
     <li><a href="#AUTH">Как ограничить доступ к службе</a>
     <li><a href="#USERS">Как создать список пользователей</a>
     <li><a href="#ACL">Как ограничить доступ пользователей к ресурсам</a>
@@ -46,6 +49,8 @@
     <li><a href="#NSCACHING">Как управлять разрешением имен и кэшированием DNS</a>
     <li><a href="#IPV6">Как использовать IPv6</a>
     <li><a href="#CONNBACK">Как использовать connect back</a>
+    <li><a href="#HAPROXY">Как использовать протокол HAProxy PROXY</a>
+    <li><a href="#MAXSEG">Как установить максимальный размер сегмента TCP (MSS)</a>
   </ul>
   <li><a href="#CLIENT">Конфигурация и настройка клиентов</a>
   <ul>
@@ -71,64 +76,67 @@
   <ul>
     <li><a name="MSVC"><i>Как скомпилировать 3proxy Visual C++</i></a>
     <p>
-    Извлеките файлы из архива 3proxy.tgz (например, с помощью WinZip).
-    Используйте команду nmake /f Makefile.msvc.
+    Извлеките файлы из архива 3proxy.tgz (например, с помощью WinZip) или используйте git.
+    <pre>
+    nmake /f Makefile.msvc
+    </pre>
+    Исполняемые файлы будут помещены в каталог <code>bin/</code>.
     </p>
-    <li><a name="INTL"><i>Как скомпилировать 3proxy Intel C Compiler под Windows</i></a>
+    <li><a name="CMAKE"><i>Как скомпилировать 3proxy с помощью CMake</i></a>
     <p>
-    См. <a href="#MSVC">Как скомпилировать 3proxy Visual C++</a>. 
-    Используйте Makefile.intl вместо Makefile.msvc
-    </p>
-    <li><a name="GCCWIN"><i>Как скомпилировать 3proxy GCC под Windows</i></a></li>
-    <p>
-    Извлеките файлы из архива 3proxy.tgz (например, с помощью WinZip или, при наличии
-    Cygwin, tar -xzf 3proxy.tgz).
-    Используйте команду make -f Makefile.win. Если по каким-то причинам вы хотите использовать
-    библиотеку POSIX-эмуляции CygWin - используйте make -f Makefile.unix.
-    При использовании CygWin, функции, специфичные для Windows (такие, как запуск в
-    качестве службы) будут недоступны.
+    CMake предоставляет кроссплатформенную систему сборки. Работает на Windows (MSVC, MinGW), Linux, macOS и BSD.
+    <br>Базовые шаги сборки:
+    <pre>
+    mkdir build
+    cd build
+    cmake ..
+    cmake --build .</pre>
+    На Windows с Visual Studio можно также сгенерировать файл решения:
+    <pre>
+    cmake -G "Visual Studio 17 2022" -A x64 ..
+    cmake --build . --config Release</pre>
+    Опциональные функции можно включить через параметры cmake:
+    <pre>
+    cmake -D3PROXY_USE_OPENSSL=ON -D3PROXY_USE_PCRE2=ON ..</pre>
+    Доступные опции: 3PROXY_USE_OPENSSL, 3PROXY_USE_PCRE2, 3PROXY_USE_PAM, 3PROXY_USE_ODBC.
+    <br>Исполняемые файлы будут помещены в каталог <code>build/bin/</code>.
     </p>
     <li><a name="GCCUNIX"><i>Как скомпилировать 3proxy GCC под Unix/Linux</i></a></li>
     <p>
-    Используйте make -f Makefile.unix. Должен использоваться GNU make, на
-    некоторых системах необходимо использовать gmake вместо make. Под Linux
-    необходимо использовать Makefile.Linux, под Solaris - Makefile.Solaris-* (в
-    зависимости от используемого компилятора). Компиляция проверена в FreeBSD/i386,
-    OpenBSD/i386, NetBSD/i386, RH Linux/Alpha, Debian/i386, Gentoo/i386, Gentoo/PPC,
-    Solaris 10, но должно собираться в любых версиях *BSD/Linux/Solaris.
-    В других системах может потребоваться модификация make-файла и/или исходных текстов.
-    Для компиляции с поддержкой ODBC необходимо убрать -DNOODBC из флагов
-    компиляции и добавить -lodbc (или другую ODBC-библиотеку) к флагам линковщика.
-    </p>
-	<li><a name="CCCUNIX"><i>Как скомпилировать 3proxy Compaq C Compiler под Unix/Linux</i></a></li>
-	<p>
-	Используйте make -f Makefile.ccc. Компиляция проверена в RH Linux 7.1/Alpha.
-    В других системах может потребоваться модификация файла и/или исходных текстов.
+    Для Linux используйте:
+    <pre>
+    ln -sf Makefile.Linux Makefile
+    make</pre>
+    Для FreeBSD используйте:
+    <pre>
+    ln -sf Makefile.FreeBSD Makefile
+    make</pre>
+    Для других Unix-подобных систем используйте Makefile.unix. На BSD-производных системах
+    убедитесь, что используете GNU make; иногда он называется gmake вместо make.
+    <br>Компиляция проверена на FreeBSD, NetBSD, OpenBSD, Linux, Solaris и macOS.
+    <br>Для поддержки ODBC необходимо установить Unix ODBC, убрать -DNOODBC из флагов
+    компиляции и добавить ODBC-библиотеку к флагам линковщика.
+    <br>Исполняемые файлы будут помещены в каталог <code>bin/</code>.
     </p>
   </ul>
 <hr>
 <li><a name="INSTALL"><b>Установка и удаление 3proxy</b></a>
 <p>
 <ul>
-  <li><a name="INSTNT"><i>Как установить/удалить 3proxy под Windows 95/98/ME/NT/2000/XP/2003 как службу</i></a>
+  <li><a name="INSTNT"><i>Как установить/удалить 3proxy под Windows NT/2000/XP/2003 как службу</i></a>
   <p>
-  Извлеките файлы из архива 3proxy.zip в любой каталог 
+  Извлеките файлы из архива 3proxy.zip в любой каталог
   (например, c:\Program Files\3proxy). Если необходимо, создайте каталог для
   хранения файлов журналов. Создайте файл конфигурации 3proxy.cfg в
   каталоге 3proxy (см. раздел <a href="#SERVER">Конфигурация сервера</a>).
-  Если используется версия более ранняя, чем 0.6, добавьте строку
-  <pre>
-  service</pre>
-  в файл 3proxy.cfg. Откройте командную строку (cmd.exe).
+  Откройте командную строку (cmd.exe).
   Перейдите в каталог с 3proxy и дайте команду 3proxy.exe --install:
   <pre>
   D:\>C:
   C:\>cd C:\Program Files\3proxy
   C:\Program Files\3proxy>3proxy.exe --install</pre>
   Сервис должен быть установлен и запущен. Если сервис не запускается,
-  проверьте содержимое файла журнала,
-  попробуйте удалить строку service из 3proxy.cfg, запустить 3proxy.exe вручную
-  и проанализировать сообщения об ошибках.
+  попробуйте запустить 3proxy.exe вручную и проанализировать сообщения об ошибках.
   </p><p>
   Для удаления 3proxy необходимо остановить сервис и дать
   команду 3proxy.exe --remove:
@@ -138,43 +146,110 @@
   C:\Program Files\3proxy>net stop 3proxy
   C:\Program Files\3proxy>3proxy.exe --remove</pre>
   после чего каталог 3proxy можно удалить.
-  <p>
-  Установка в качестве системной службы под Windows 9x поддерживается с версии 0.5
-  </p>
-  <li><a name="INST95"><i>Как установить/удалить 3proxy под Windows 95/98/ME</i></a>
-  <p>
-  Извлеките файлы из архива 3proxy.zip в любой каталог 
-  (например, c:\Program Files\3proxy). Если необходимо, создайте каталог для
-  хранения файлов журналов. Создайте файл конфигурации 3proxy.cfg в
-  каталоге 3proxy (См. раздел <a href="#SERVER">Конфигурация сервера</a>).
-  В файле конфигурации удалите строку
-  <pre>
-  service</pre>
-  и добавьте строку
-  <pre>
-  daemon</pre>
-  Создайте ярлык для 3proxy.exe и поместите его в автозагрузку либо с помощью
-  редактора реестра regedit.exe добавьте в разделе
-  <br>HKLM\Software\Microsoft\Windows\CurrentVersion\Run</br>
-  строковый параметр 
-  <br>3proxy = "c:\Program Files\3proxy.exe" "C:\Program Files\3proxy.cfg"<br>
-  Использование кавычек при наличии в пути пробела обязательно.
-  Перезагрузитесь.
-  Если сервер не запускается,
-  проверьте содержимое файла журнала,
-  попробуйте удалить строку daemon из 3proxy.cfg, запустить 3proxy.exe вручную
-  и проанализировать сообщения об ошибках.
   </p>
   <li><a name="INSTUNIX"><i>Как установить/удалить 3proxy под Unix/Linux</i></a>
   <p>
-  Скомпилируйте 3proxy (см. раздел <a href="#COMPILE">Компиляция</a>). Скопируйте
-  исполняемые файлы в подходящий каталог (например, /usr/local/3proxy/sbin для
-  серверных приложений или /usr/local/3proxy/bin для клиентских утилит).
-  Создайте файл /usr/local/etc/3proxy.cfg. 
-  (См. раздел <a href="#SERVER">Конфигурация сервера</a>).
-  Изменить расположение файла конфигурации можно, задав параметр при вызове
-  3proxy или изменив путь в файле 3proxy.c до компиляции.
-  Добавьте вызов 3proxy в скрипты начальной инициализации.
+  <b>С помощью Makefile:</b>
+  <br>Скомпилируйте 3proxy (см. раздел <a href="#COMPILE">Компиляция</a>), затем выполните:
+  <pre>
+  sudo make install</pre>
+  Это установит исполняемые файлы в <code>/usr/local/3proxy/sbin/</code>,
+  конфигурацию в <code>/etc/3proxy/</code> и настроит chroot-каталоги.
+  Файл конфигурации по умолчанию: <code>/etc/3proxy/3proxy.cfg</code>.
+  </p>
+  <p>
+  <b>С помощью CMake:</b>
+  <pre>
+  mkdir build && cd build
+  cmake ..
+  cmake --build .
+  sudo cmake --install .</pre>
+  </p>
+  <p>
+  <b>С помощью готовых пакетов из GitHub:</b>
+  <br>Скачайте .deb или .rpm пакеты со страницы <a href="https://github.com/3proxy/3proxy/releases">GitHub Releases</a>.
+  <br>Для Debian/Ubuntu:
+  <pre>
+  sudo dpkg -i 3proxy_*.deb</pre>
+  Для RHEL/CentOS/Fedora:
+  <pre>
+  sudo rpm -i 3proxy-*.rpm</pre>
+  </p>
+  <p>
+  Добавьте 3proxy в скрипты автозапуска или используйте systemd:
+  <pre>
+  sudo systemctl enable 3proxy
+  sudo systemctl start 3proxy</pre>
+  </p>
+  <li><a name="INSTMACOS"><i>Как установить/удалить 3proxy под macOS</i></a>
+  <p>
+  <b>С помощью CMake (рекомендуется):</b>
+  <pre>
+  mkdir build && cd build
+  cmake ..
+  cmake --build .
+  sudo cmake --install .</pre>
+  Это установит:
+  <ul>
+  <li>Исполняемые файлы в <code>/usr/local/bin/</code></li>
+  <li>Конфигурацию в <code>/etc/3proxy/</code></li>
+  <li>Плагины в <code>/usr/local/lib/3proxy/</code></li>
+  <li>Launchd plist в <code>/Library/LaunchDaemons/org.3proxy.3proxy.plist</code></li>
+  </ul>
+  </p>
+  <p>
+  <b>С помощью Makefile:</b>
+  <pre>
+  ln -sf Makefile.FreeBSD Makefile
+  make
+  sudo make install</pre>
+  Это установит исполняемые файлы в <code>/usr/local/3proxy/bin/</code> и конфигурацию в <code>/usr/local/etc/3proxy/</code>.
+  </p>
+  <p>
+  <b>Управление службой через launchd:</b>
+  <br>После установки через cmake службой можно управлять с помощью launchctl:
+  <pre>
+  # Загрузить и запустить службу
+  sudo launchctl load /Library/LaunchDaemons/org.3proxy.3proxy.plist
+
+  # Остановить службу
+  sudo launchctl stop org.3proxy.3proxy
+
+  # Запустить службу
+  sudo launchctl start org.3proxy.3proxy
+
+  # Выгрузить и отключить службу
+  sudo launchctl unload /Library/LaunchDaemons/org.3proxy.3proxy.plist</pre>
+  Служба запускается от имени пользователя <code>proxy</code> (создаётся при установке).
+  Файл конфигурации: <code>/etc/3proxy/3proxy.cfg</code>
+  </p>
+  <li><a name="INSTDOCKER"><i>Как использовать 3proxy с Docker</i></a>
+  <p>
+  <b>Использование готовых образов из GitHub Container Registry:</b>
+  <pre>
+  docker pull ghcr.io/3proxy/3proxy:latest</pre>
+  </p>
+  <p>
+  <b>Сборка Docker-образов:</b>
+  <br>Предоставляются два Dockerfile:
+  <ul>
+  <li><code>Dockerfile.minimal</code> - минимальная статическая сборка без плагинов, конфигурация из stdin:
+  <pre>
+  docker build -f Dockerfile.minimal -t 3proxy.minimal .
+  docker run -i -p 3129:3129 --name 3proxy 3proxy.minimal</pre>
+  Затем введите конфигурацию, завершив командой "end".
+  </li>
+  <li><code>Dockerfile.full</code> - полная сборка с плагинами (SSL, PCRE, Transparent):
+  <pre>
+  docker build -f Dockerfile.full -t 3proxy.full .
+  docker run -p 3129:3129 -v /path/to/config:/usr/local/3proxy/conf 3proxy.full</pre>
+  Файл конфигурации должен находиться по пути <code>/path/to/config/3proxy.cfg</code>.
+  </li>
+  </ul>
+  </p>
+  <p>
+  По умолчанию 3proxy работает в chroot-окружении с uid/gid 65535. Используйте <code>nserver</code> в конфигурации для DNS-разрешения в chroot.
+  Для запуска без chroot монтируйте конфигурацию в <code>/etc/3proxy</code>.
   </p>
 </ul>
 <hr>
@@ -218,7 +293,7 @@
     <li>Служба уже установлена или запущена
   </ul>
   </p>
-  <li><a name="INTEXT">Как разобраться с internal и external</a></li></li>
+  <li><a name="INTEXT">Как разобраться с internal и external</a></li>
   <p>
   Убедитесь, что выправильно понимаете что такое internal и external адреса.
   Оба адреса - это адреса, принадлежищие хосту, на котором установлен 3proxy.
@@ -439,7 +514,7 @@
   -	Internal	External	0x0	Allowed&quot;</pre>
   Формат ISA 2000/2004 firewall FWSEXTD.log (поля разделены табуляцией):
   <pre>
-  &quot;-	+ L%C	%U	unnknown:0:0.0	N	%Y-%m-%d
+  &quot;-	+ L%C	%U	unknown:0:0.0	N	%Y-%m-%d
   %H:%M:%S	fwsrv	3PROXY	-	%n	%R	%r
   %D	%O	%I	%r	TCP	Connect	-	-
   -	%E	-	-	-	-	-&quot;</pre>
@@ -508,6 +583,341 @@
   через http прокси, дополнительного прокси поднимать не надо. Для FTP-клиентов необходимо поднять ftppr. FTP прокси всегда работает
   с FTP сервером в пассивном режиме.
   </p>
+    <li><a name="TLSPR"><i>Как настроить SNI proxy (tlspr)</i></a></li>
+  <p>
+    SNI proxy может быть использован для транспарентного перенаправления любого TLS трафика (например HTTPS) на внешнем маршрутизаторе
+    или локальными правилами. Так же можно использовать его для извлечения имени хоста из TLS хендшейка с целью логгирования или использования в ACL.
+    Еще одна задача которую может решать модуль - требование наличия TLS или mTLS (mutual TLS).
+    Если tlspr используется как отдельный сервис без использования плагина Transparent, то необходимо задать порт назначения через опцию -P (по умолчанию 443),
+    т.к. TLS хендшейк не содержит информации о порте назначения.
+  </p><p>
+    <b>Опции:</b>
+</p><pre>
+-P &lt;порт&gt;  - порт назначения (по умолчанию: 443)
+-c &lt;уровень&gt; - уровень проверки TLS:
+  0 (по умолчанию) - пропустить трафик без TLS
+  1 - требовать TLS, проверять наличие client HELLO
+  2 - требовать TLS, проверять наличие client и server HELLO
+  3 - требовать TLS, проверять наличие серверного сертификата (не совместим с TLS 1.3+)
+  4 - требовать взаимный (mutual) TLS, проверять что сервер запрашивает сертификат и клиент его отправляет (не совместим с TLS 1.3+)
+</pre>
+<p>
+<b>SNI Break (обход DPI):</b>
+<br>tlspr может использоваться как родительский прокси типа "tls" для реализации SNI-фрагментации (аналог NoDPI/GoodByeDPI).
+Клиент отправляет первую часть TLS ClientHello, tlspr разбивает его на расширении SNI и отправляет двумя TCP-пакетами,
+что позволяет обойти некоторые DPI-системы, ищущие заблокированные имена хостов в TLS-рукопожатиях.
+<br>Для включения SNI break используйте <code>parent ... tls 0.0.0.0 0</code> и опцию <code>-s</code> на слушающем сервисе с TCP_NODELAY:
+</p><pre>
+auth iponly
+allow *
+parent 1000 tls 0.0.0.0 0
+allow *
+proxy -s -i127.0.0.1 -ocTCP_NODELAY -osTCP_NODELAY -p1443
+</pre>
+<p>
+TCP_NODELAY необходим, чтобы ядро не объединяло разделенные пакеты.
+</p>
+<p>
+<b>Примеры конфигурации:</b>
+</p>
+<p>
+1. Отдельный SNI proxy на порту 1443 с перенаправлением на порт назначения 443:
+</p><pre>
+tlspr -p1443 -P443 -c1
+</pre>
+<p>
+2. Использование tlspr как родительского прокси в SOCKS для обнаружения hostname из TLS (даже если клиент подключается по IP):
+</p><pre>
+allow * * * 80
+parent 1000 http 0.0.0.0 0
+allow * * * * CONNECT
+parent 1000 tls 0.0.0.0 0
+deny * * some.not.allowed.host
+allow *
+socks
+</pre>
+<p>
+3. Использование tlspr с HTTP proxy для ACL по имени хоста TLS:
+</p><pre>
+allow * * * 80
+parent 1000 http 0.0.0.0 0
+allow * * * 443
+parent 1000 tls 0.0.0.0 0
+deny * * blocked.example.com
+allow *
+proxy
+</pre>
+  </p>
+
+  <li><a name="SSLPLUGIN"><i>Как настроить TLS/SSL (https прокси, mTLS)</i></a>
+<p>
+Начиная с версии 0.9.7 поддержка TLS/SSL встроена в 3proxy при компиляции с OpenSSL
+(WITH_SSL). Ранее доступная как SSLPlugin, функциональность теперь интегрирована
+в основной бинарный файл. Строка plugin больше не нужна.
+TLS/SSL может использоваться для:
+<ul>
+<li>Создания https:// прокси (TLS-шифрованное соединение между клиентом и прокси)</li>
+<li>Реализации MITM для инспекции TLS-трафика</li>
+<li>Соединения с вышестоящими серверами через TLS с аутентификацией по клиентскому сертификату</li>
+<li>Требования аутентификации по клиентскому сертификату (mTLS)</li>
+</ul>
+</p>
+<p>
+<b>Создание https:// прокси:</b>
+<br>Для создания https:// прокси требуется сертификат и ключ сервера. Сертификат не должен быть самоподписанным
+и должен содержать альтернативные имена (SAN) для имени хоста/IP прокси.
+</p><pre>
+ssl_server_cert /etc/3proxy/certs/server.crt
+ssl_server_key /etc/3proxy/certs/server.key
+ssl_serv
+proxy -p3129
+ssl_noserv
+proxy -p3128
+</pre>
+<p>
+Создаётся https:// прокси на порту 3129 и http:// прокси на порту 3128.
+Настройте клиенты на использование https://proxy-host:3129/ в качестве URL прокси.
+</p>
+<p>
+<b>Аутентификация по клиентскому сертификату (mTLS):</b>
+<br>Чтобы требовать от клиентов аутентификацию по сертификату, используйте ssl_server_verify и укажите CA-сертификат:
+</p><pre>
+ssl_server_cert /etc/3proxy/certs/server.crt
+ssl_server_key /etc/3proxy/certs/server.key
+ssl_server_ca_file /etc/3proxy/certs/ca.crt
+ssl_server_verify
+ssl_serv
+proxy -p3129
+</pre>
+<p>
+Только клиенты с действительным сертификатом, подписанным CA, смогут подключиться.
+</p>
+<p>
+<b>MITM для инспекции TLS-трафика:</b>
+<br>Для перехвата и расшифровки TLS-трафика требуется CA-сертификат для генерации подделанных серверных сертификатов:
+</p><pre>
+ssl_server_ca_file /etc/3proxy/certs/ca.crt
+ssl_server_ca_key /etc/3proxy/certs/ca.key
+ssl_client_verify
+ssl_client_ca_file /etc/ssl/certs/ca-certificates.crt
+ssl_mitm
+proxy -p3128
+ssl_nomitm
+proxy -p3129
+</pre>
+<p>
+CA-сертификат должен быть доверенным для клиентов. ssl_client_verify обеспечивает проверку реальных серверных сертификатов.
+Без ssl_client_verify прокси уязвим для MITM-атак.
+</p>
+<p>
+<b>TLS-клиент (соединение с вышестоящим сервером через TLS):</b>
+<br>Для соединения с вышестоящими серверами через TLS с аутентификацией по клиентскому сертификату:
+</p><pre>
+ssl_client_cert /etc/3proxy/certs/client.crt
+ssl_client_key /etc/3proxy/certs/client.key
+ssl_client_verify
+ssl_client_ca_file /etc/ssl/certs/ca-certificates.crt
+ssl_cli
+proxy -p3128
+</pre>
+<p>
+<b>Условное TLS для parent прокси (ssl_client_mode 3):</b>
+<br>При ssl_client_mode 3 TLS-рукопожатие с родительским прокси выполняется только если тип parent прокси заканчивается на 's' (защищённые типы). Это позволяет смешивать защищённые и незащищённые родительские прокси в одной конфигурации:
+</p><pre>
+ssl_server_cert /etc/3proxy/certs/server.crt
+ssl_server_key /etc/3proxy/certs/server.key
+ssl_client_mode 3
+
+auth strong
+allow user1
+parent 1000 https parent1.example.com 443
+allow user2
+parent 1000 socks5 parent2.example.com 1080
+ssl_serv
+ssl_cli
+proxy -p3128
+ssl_noserv
+ssl_nocli
+</pre>
+<p>
+Создаётся HTTPS-прокси (ssl_serv), принимающий TLS-соединения от клиентов. Для соединений с родительским прокси трафик user1 идёт через https родитель с TLS-шифрованием (защищённый тип), а трафик user2 — через обычный socks5 родитель без TLS. Защищённые типы parent прокси: tcps, https, connects, connect+s, socks4s, socks5s, socks4+s, socks5+s, pop3s, smtps, ftps.
+</p>
+  <li><a name="CERTIFICATES"><i>Как создать CA и сертификаты для SSL</i></a>
+<p>
+<b>Создание удостоверяющего центра (CA):</b>
+<br>Для MITM или mTLS требуется CA. Сгенерируйте закрытый ключ CA и сертификат:
+</p><pre>
+# Генерация закрытого ключа CA
+openssl genrsa -out ca.key 4096
+
+# Генерация сертификата CA (действителен 10 лет)
+openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 \
+    -subj "/C=RU/ST=Region/L=City/O=MyOrg/CN=My CA" \
+    -out ca.crt
+</pre>
+<p>
+Для MITM импортируйте ca.crt в браузеры/ОС клиентов как доверенный корневой CA.
+</p>
+<p>
+<b>Создание серверного сертификата для https:// прокси:</b>
+<br>Серверный сертификат должен иметь правильные альтернативные имена (SAN):
+</p><pre>
+# Генерация закрытого ключа сервера
+openssl genrsa -out server.key 2048
+
+# Создание запроса на подпись сертификата (CSR)
+openssl req -new -key server.key \
+    -subj "/C=RU/ST=Region/L=City/O=MyOrg/CN=proxy.example.com" \
+    -out server.csr
+
+# Создание файла расширений для SAN
+cat > server.ext << 'EOF'
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+extendedKeyUsage = serverAuth
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = proxy.example.com
+DNS.2 = proxy
+IP.1 = 192.168.1.100
+EOF
+
+# Подписание сертификата CA
+openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key \
+    -CAcreateserial -out server.crt -days 365 -sha256 \
+    -extfile server.ext
+</pre>
+<p>
+Для публичного https:// прокси используйте CA вроде Let's Encrypt вместо самоподписанного.
+</p>
+<p>
+<b>Создание клиентского сертификата для mTLS:</b>
+</p><pre>
+# Генерация закрытого ключа клиента
+openssl genrsa -out client1.key 2048
+
+# Создание CSR
+openssl req -new -key client1.key \
+    -subj "/C=RU/ST=Region/L=City/O=MyOrg/CN=client1" \
+    -out client1.csr
+
+# Создание файла расширений
+cat > client.ext << 'EOF'
+basicConstraints=CA:FALSE
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment
+extendedKeyUsage = clientAuth
+EOF
+
+# Подписание CA
+openssl x509 -req -in client1.csr -CA ca.crt -CAkey ca.key \
+    -CAcreateserial -out client1.crt -days 365 -sha256 \
+    -extfile client.ext
+
+# Создание PKCS#12 для импорта в браузер
+openssl pkcs12 -export -out client1.p12 \
+    -inkey client1.key -in client1.crt -certfile ca.crt
+</pre>
+<p>
+Импортируйте client1.p12 в хранилище сертификатов браузера или ОС клиента.
+</p>
+<p>
+<b>Скрипт быстрой настройки для разработки/тестирования:</b>
+</p><pre>
+#!/bin/sh
+# Создаёт CA, серверный и клиентский сертификаты для тестирования SSLPlugin
+
+# CA
+openssl genrsa -out ca.key 4096
+openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 \
+    -subj "/CN=3proxy CA" -out ca.crt
+
+# Сервер
+openssl genrsa -out server.key 2048
+openssl req -new -key server.key -subj "/CN=localhost" -out server.csr
+cat > server.ext << 'EOF'
+basicConstraints=CA:FALSE
+keyUsage = keyEncipherment
+extendedKeyUsage = serverAuth
+subjectAltName = DNS:localhost,DNS:proxy,IP:127.0.0.1
+EOF
+openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key \
+    -CAcreateserial -out server.crt -days 365 -sha256 -extfile server.ext
+
+# Клиент
+openssl genrsa -out client.key 2048
+openssl req -new -key client.key -subj "/CN=client" -out client.csr
+cat > client.ext << 'EOF'
+basicConstraints=CA:FALSE
+extendedKeyUsage = clientAuth
+EOF
+openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key \
+    -CAcreateserial -out client.crt -days 365 -sha256 -extfile client.ext
+openssl pkcs12 -export -out client.p12 -passout pass: \
+    -inkey client.key -in client.crt -certfile ca.crt
+</pre>
+
+  <li><a name="PCRE"><i>Как использовать PCRE-фильтрацию (регулярные выражения)</i></a>
+<p>
+Начиная с версии 0.9.7 фильтрация PCRE встроена в 3proxy при компиляции с поддержкой
+PCRE2 (WITH_PCRE). Ранее доступная как PCREPlugin, функциональность теперь интегрирована
+в основной бинарный файл. Строка plugin больше не нужна.
+</p>
+<p>
+PCRE-фильтрация может использоваться для создания правил поиска и замены с регулярными
+выражениями для запросов клиентов, заголовков клиента и сервера, а также данных.
+</p>
+<p>
+<b>Команды:</b>
+</p><pre>
+pcre TYPE FILTER_ACTION REGEXP [ACE]
+pcre_rewrite TYPE FILTER_ACTION REGEXP REWRITE_EXPRESSION [ACE]
+pcre_extend FILTER_ACTION [ACE]
+pcre_options OPTION1 [...]
+</pre>
+<p>
+<ul>
+<li><b>TYPE</b> - тип фильтруемых данных (список через запятую):
+ <ul>
+ <li><b>request</b> - содержимое запроса клиента (например, строка HTTP GET-запроса)
+ <li><b>cliheader</b> - содержимое заголовков запроса клиента
+ <li><b>srvheader</b> - содержимое заголовков ответа сервера
+ <li><b>clidata</b> - данные полученные от клиента (например, данные POST-запроса)
+ <li><b>srvdata</b> - данные полученные от сервера (например, HTML-страница)
+ </ul>
+<li><b>FILTER_ACTION</b> - действие при совпадении:
+ <ul>
+ <li><b>allow</b> - разрешить запрос без проверки остальных правил
+ <li><b>deny</b> - запретить запрос без проверки остальных правил
+ <li><b>dunno</b> - продолжить проверку правил (полезно для pcre_rewrite)
+ </ul>
+<li><b>REGEXP</b> - регулярное выражение PCRE (Perl). Используйте * если проверка не требуется.
+<li><b>REWRITE_EXPRESSION</b> - строка замены. Может содержать Perl-подстановки
+$1, $2 и т.д. $0 - вся найденная подстрока. \r и \n для вставки новых строк.
+<li><b>ACE</b> - элемент списка контроля доступа (имена пользователей, IP источника,
+IP назначения, порты и т.д.), аналогичный командам allow/deny/bandlimin.
+Регулярное выражение проверяется только при совпадении ACL с данными соединения.
+</ul>
+</p>
+<p>
+<b>Примеры:</b>
+</p><pre>
+# Блокировать запросы с определёнными ключевыми словами для некоторых пользователей
+pcre request deny "porn|sex" user1,user2,user3 192.168.0.0/16
+
+# Блокировать ответы с определённым content-type
+pcre srvheader deny "Content-type: application"
+
+# Замена содержимого в обоих направлениях (цензура)
+pcre_rewrite clidata,srvdata dunno "porn|sex|pussy" "***" baduser
+pcre_extend deny * 192.168.0.1/16
+</pre>
+<p>
+<b>Примечание:</b> Регулярные выражения не требуют авторизации и не могут заменить
+авторизацию и/или ACL allow/deny.
+</p>
+
   <li><a name="AUTH"><i>Как ограничить доступ к службе</i></a>
   <p>
   Во-первых, для ограничения доступа необходимо указать внутренний интерфейс,
@@ -632,7 +1042,7 @@
   или
   <pre>
   users $"c:\Program Files\3proxy\passwords"</pre>
-  Шифрованные NT и crypt пароли можно создавать с помощью утилиты mycrypt.
+  Шифрованные NT и crypt пароли можно создавать с помощью утилиты 3proxy_crypt.
   <br>Список пользователей един для всех служб. Разграничение доступа по службам
   необходимо производить с помощью списков доступа.
   </p>
@@ -1009,7 +1419,55 @@
   allow * * 1.1.1.1
   tcppm -R0.0.0.0:1234 3128 1.1.1.1 3128</pre>
   В настройках браузера указывается host.dyndns.example.org:3128.
-  </p>	
+  </p>
+  <li><a name="HAPROXY"><i>Как использовать протокол HAProxy PROXY</i></a>
+  <p>
+  3proxy поддерживает протокол HAProxy PROXY v1 как для приёма, так и для
+  отправки информации об IP-адресе клиента. Это полезно, когда 3proxy находится
+  за балансировщиком нагрузки или при передаче информации о клиенте родительскому прокси.
+  </p>
+  <p>
+  <b>Приём заголовка PROXY протокола:</b>
+  <br>Используйте опцию <code>-H</code>, чтобы 3proxy ожидал заголовок PROXY протокола v1
+  на входящих соединениях. Это позволяет 3proxy получать реальный IP-адрес клиента
+  от HAProxy или другого балансировщика нагрузки:
+  </p><pre>
+proxy -H -p3128
+socks -H -p1080
+</pre>
+  <p>
+  Заголовок PROXY протокола должен быть отправлен до любых протокольных данных.
+  </p>
+  <p>
+  <b>Отправка заголовка PROXY протокола родительскому прокси:</b>
+  <br>Используйте тип родительского прокси <code>ha</code> для отправки заголовка
+  PROXY протокола v1 родительскому прокси. Это должен быть последний родитель в цепочке:
+  </p><pre>
+allow *
+parent 1000 ha
+parent 1000 socks5 parent.example.com 1080
+socks
+</pre>
+  <p>
+  Эта конфигурация отправляет информацию об IP-адресе клиента SOCKS5 родительскому
+  прокси через PROXY протокол.
+  </p>
+  <li><a name="MAXSEG"><i>Как установить максимальный размер сегмента TCP (MSS)</i></a>
+  <p>
+  Используйте команду <code>maxseg</code> для установки максимального размера
+  сегмента TCP (MSS) для исходящих соединений. Это может быть полезно для обхода
+  проблем с Path MTU Discovery или для оптимизации трафика в специфических
+  сетевых условиях:
+  </p><pre>
+maxseg 1400
+proxy -p3128 -OcTCP_NODELAY,TCP_MAXSEG -OsTCP_NODELAY,TCP_MAXSEG
+</pre>
+  <p>
+  Значение указывается в байтах. Эта настройка использует опцию сокета TCP_MAXSEG
+  и может не поддерживаться на всех платформах. Типичный случай использования -
+  уменьшение MSS для избежания фрагментации в VPN туннелях или для обхода проблем
+  с MTU на определённых сетевых путях.
+  </p>
 </ul>
 <hr>
 <li><a name="CLIENT"><b>Конфигурация клиентов</b></a>
@@ -1066,9 +1524,9 @@
   прокси-серверы для доступа к разным ресурсам. Эта возможность разбирается в
   статьях
   <br>Microsoft: Q296591 A Description of the Automatic Discovery Feature
-  <br><a href="http://support.microsoft.com/default.aspx?scid=kb;EN-US;296591">http://support.microsoft.com/default.aspx?scid=kb;EN-US;296591</a>
+  <br><a href="https://support.microsoft.com/default.aspx?scid=kb;EN-US;296591">http://support.microsoft.com/default.aspx?scid=kb;EN-US;296591</a>
   <br>Netscape: Navigator Proxy Auto-Config File Format
-  <br><a href="http://wp.netscape.com/eng/mozilla/2.0/relnotes/demo/proxy-live.html">http://wp.netscape.com/eng/mozilla/2.0/relnotes/demo/proxy-live.html</a>
+  <br><a href="https://wp.netscape.com/eng/mozilla/2.0/relnotes/demo/proxy-live.html">http://wp.netscape.com/eng/mozilla/2.0/relnotes/demo/proxy-live.html</a>
   <li><a name="FTP"><i>Как настраивать FTP клиент</i></a>
   <p>
   Настройка FTP клиента для работы через SOCKS прокси не отличается от настройки
@@ -1124,20 +1582,14 @@
   </p>
   <li><a name="CAP"><i>Как использовать 3proxy с программой, не поддерживающей работу с прокси-сервером</i></a>
   <p>
-  Можно использовать любую программу-редиректор, например,
-  <a href="http://www.socks.permeo.com">SocksCAP</a> или
-  <a href="http://www.freecap.ru">FreeCAP</a>. 3proxy поддерживает исходящие
+  Можно использовать любую программу-редиректор. 3proxy поддерживает исходящие
   и обратные TCP и UDP соединения, но редиректоры могут иметь свои ограничения,
   кроме того, некоторые плохо написаные приложения не поддаются "соксификации".
   Если программе требуется обращаться к небольшому набору серверов 
   (например, игровых), то проблему можно решить с помощью портмаппинга.
   <li><a name="GAMES"><i>Как использовать 3proxy с играми</i></a>
   <p>
-  Оптимальный варинт - использовать соксификатор (<a href="#CAP">Как использовать
-  3proxy с программой, не поддерживающей работу с прокси-сервером</a>). 
-  <a href="http://www.freecap.ru/">FreeCap 3.13 </a> проверен с играми на движке
-  Unreal (включая Unreal Tournament), Half-Life (включая Counter-Strike) и
-  другими. Если по каким-то причинам соксификатор не работает или недоступен,
+  Если по каким-то причинам соксификатор не работает или недоступен,
   то необходимо использовать отображения портов (обычно игры, 
   кроме mood-подобных, работают по протоколу UDP, надо использовать udppm).
   Нужно иметь ввиду, что для udppm требуется отдельный маппинг для каждого
@@ -1162,7 +1614,7 @@
   <li><a name="NEWVERSION"><i>Где взять свежую версию</i></a>
   <p>
   Свежую версию всегда можно взять
-  <a href="http://3proxy.ru/">здесь</a>. Обратите внимание,
+  <a href="https://3proxy.ru/">здесь</a>. Обратите внимание,
   что в новой версии может измениться порядок лицензирования или команды
   конфигурации, поэтому прежде чем устанавливать новую версии программы
   обязательно ознакомьтесь с документацией.

doc/html/index.html

@@ -1,16 +1,18 @@
-<html><title>3proxy documentation</title><body><h2>3proxy documentation</h2> 
-<a href="securityen.html">Security recommendations</a><br> 
-<a href="highload.html">Optimizing 3proxy for high loads</a><br> 
-<a href="howtoe.html">How To (English, very incomplete)</a><br> 
-<a href="howtor.html">How To (Russian)</a><br> 
-<h3>Man pages:</h> 
-<br><A HREF="man8/3proxy.8.html">3proxy.8</A> 
-<br><A HREF="man8/ftppr.8.html">ftppr.8</A> 
-<br><A HREF="man8/pop3p.8.html">pop3p.8</A> 
-<br><A HREF="man8/proxy.8.html">proxy.8</A> 
-<br><A HREF="man8/smtpp.8.html">smtpp.8</A> 
-<br><A HREF="man8/socks.8.html">socks.8</A> 
-<br><A HREF="man8/tcppm.8.html">tcppm.8</A> 
-<br><A HREF="man8/udppm.8.html">udppm.8</A> 
-<br><A HREF="man3/3proxy.cfg.3.html">3proxy.cfg.3</A> 
-</body></html> 
+<html><title>3proxy documentation</title><body><h2>3proxy documentation</h2>
+<a href="securityen.html">Security recommendations</a><br>
+<a href="highload.html">Optimizing 3proxy for high loads</a><br>
+<a href="howtoe.html">How To (English, very incomplete)</a><br>
+<a href="howtor.html">How To (Russian)</a><br>
+<h3>Man pages:</h3>
+<br><A HREF="man8/3proxy_crypt.8.html">3proxy_crypt.8</A>
+<br><A HREF="man8/3proxy.8.html">3proxy.8</A>
+<br><A HREF="man8/ftppr.8.html">ftppr.8</A>
+<br><A HREF="man8/pop3p.8.html">pop3p.8</A>
+<br><A HREF="man8/proxy.8.html">proxy.8</A>
+<br><A HREF="man8/smtpp.8.html">smtpp.8</A>
+<br><A HREF="man8/socks.8.html">socks.8</A>
+<br><A HREF="man8/tcppm.8.html">tcppm.8</A>
+<br><A HREF="man8/tlspr.8.html">tlspr.8</A>
+<br><A HREF="man8/udppm.8.html">udppm.8</A>
+<br><A HREF="man5/3proxy.cfg.5.html">3proxy.cfg.5</A>
+</body></html>

doc/html/man8/3proxy.8.html

@@ -0,0 +1,221 @@
+<!-- Creator     : groff version 1.24.1 -->
+<html>
+<head>
+
+</head>
+<body>
+
+<h1 align="center">3proxy</h1>
+
+<a href="#NAME">NAME</a><br>
+<a href="#SYNOPSIS">SYNOPSIS</a><br>
+<a href="#DESCRIPTION">DESCRIPTION</a><br>
+<a href="#OPTIONS">OPTIONS</a><br>
+<a href="#SIGNALS">SIGNALS</a><br>
+<a href="#FILES">FILES</a><br>
+<a href="#BUGS">BUGS</a><br>
+<a href="#SEE ALSO">SEE ALSO</a><br>
+<a href="#TRIVIA">TRIVIA</a><br>
+<a href="#AUTHORS">AUTHORS</a><br>
+
+<hr>
+
+
+<h2>NAME
+<a name="NAME"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em"><b>3proxy</b> -
+3[APA3A] tiny proxy server, or trivial proxy server, or free
+proxy server</p>
+
+<h2>SYNOPSIS
+<a name="SYNOPSIS"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em"><b>3proxy</b>
+[<i>config_file</i>] <b><br>
+3proxy</b> [<i>--install</i>] <b><br>
+3proxy</b> [<i>--remove</i>]</p>
+
+<h2>DESCRIPTION
+<a name="DESCRIPTION"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em"><b>3proxy</b> is
+a universal proxy server. It can be used to provide internal
+users with fully controllable access to external resources
+or to provide external users with access to internal
+resources. 3proxy is not developed to replace
+<b>squid</b>(8), but it can extend the functionality of an
+existing caching proxy. It can be used to route requests
+between different types of clients and proxy servers. Think
+about it as application level gateway with configuration
+like hardware router has for network layer. It can establish
+multiple gateways with HTTP and HTTPS proxy with FTP over
+HTTP support, SOCKS v4, v4.5 and v5, POP3 proxy, UDP and TCP
+portmappers. Each gateway is started from the configuration
+file like an independent service <b>proxy</b>(8)
+<b>socks</b>(8) <b>pop3p</b>(8) <b>tcppm</b>(8)
+<b>udppm</b>(8) <b>ftppr</b>(8) <b>dnspr</b> but
+<b>3proxy</b> is not a kind of wrapper or superserver for
+these daemons. It just has the same code compiled in, but
+provides much more functionality. SOCKSv5 implementation
+allows you to use 3proxy with any UDP or TCP based client
+applications designed without proxy support (with
+<i>SocksCAP</i>, <i>FreeCAP</i> or another client-side
+redirector under Windows or with a socksification library
+under Unix). So you can play your favourite games, listen to
+music, exchange files and messages and even accept incoming
+connections behind a proxy server.</p>
+
+<p style="margin-left:6%; margin-top: 1em"><i>dnspr</i>
+does not exist as an independent service. It&rsquo;s a DNS
+caching proxy (it requires <i>nscache</i> and <i>nserver</i>
+to be set in the configuration. Only A-records are cached.
+Please note that this caching is mostly a &rsquo;hack&rsquo;
+and has nothing to do with a real DNS server, but it works
+perfectly for SOHO networks.</p>
+
+<p style="margin-left:6%; margin-top: 1em">3proxy supports
+access control lists (ACL) like network router. Source and
+destination networks and destination port can be specified.
+In addition, usernames and gateway action (for example GET
+or POST) can be used in ACLs. In order to filter request on
+username basis user must be authenticated somehow. There are
+few authentication types including password authentication
+and authentication by NetBIOS name for Windows clients
+(it&acute;s very like ident authentication). Depending on
+ACL action request can be allowed, denied or redirected to
+another host or to another proxy server or even to a chain
+of proxy servers.</p>
+
+<p style="margin-left:6%; margin-top: 1em">It supports
+different types of logging: to logfiles, <b>syslog</b>(3)
+(only under Unix) or to an ODBC database. Logging format is
+tunable to provide compatibility with existing log file
+parsers. It makes it possible to use 3proxy with IIS, ISA,
+Apache or Squid log parsers.</p>
+
+<h2>OPTIONS
+<a name="OPTIONS"></a>
+</h2>
+
+
+
+<p style="margin-left:6%; margin-top: 1em"><b>config_file</b></p>
+
+<p style="margin-left:15%;">Name of config file. See
+<b>3proxy.cfg</b>(3) for configuration file format. Under
+Windows, if config_file is not specified, <b>3proxy</b>
+looks for a file named <i>3proxy.cfg</i> in the default
+location (in the same directory as the executable file and
+in the current directory). Under Unix, if no config file is
+specified, 3proxy reads configuration from stdin. It makes
+it possible to use the 3proxy.cfg file as an executable
+script just by setting +x mode and adding <br>
+#!/usr/local/3proxy/3proxy <br>
+as a first line in 3proxy.cfg</p>
+
+<p style="margin-left:6%;"><b>--install</b></p>
+
+<p style="margin-left:15%;">(Windows NT family only)
+install <b>3proxy</b> as a system service</p>
+
+<p style="margin-left:6%;"><b>--remove</b></p>
+
+<p style="margin-left:15%;">(Windows NT family only) remove
+<b>3proxy</b> from system services</p>
+
+<h2>SIGNALS
+<a name="SIGNALS"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">Under Unix there
+are a few signals <b>3proxy</b> catches. See <b>kill</b>(1).
+<b><br>
+SIGTERM</b></p>
+
+<p style="margin-left:15%;">clean up connections and
+exit</p>
+
+<p style="margin-left:6%;"><b>SIGPAUSE</b></p>
+
+<p style="margin-left:15%;">stop accepting new connections,
+on second signal - start and re-read configuration</p>
+
+<p style="margin-left:6%;"><b>SIGCONT</b></p>
+
+<p style="margin-left:15%;">start to accept new
+connections</p>
+
+<p style="margin-left:6%;"><b>SIGUSR1</b></p>
+
+<p style="margin-left:15%;">reload configuration</p>
+
+<p style="margin-left:6%; margin-top: 1em">Under Windows,
+if <b>3proxy</b> is installed as a service you can use
+standard service management to start, stop, pause and
+continue the 3proxy service, for example: <b><br>
+net start 3proxy <br>
+net stop 3proxy <br>
+net pause 3proxy <br>
+net continue 3proxy</b></p>
+
+<p style="margin-left:6%; margin-top: 1em">Web admin
+service can also be used to reload configuration. Use wget
+to automate this task.</p>
+
+<h2>FILES
+<a name="FILES"></a>
+</h2>
+
+
+
+<p style="margin-left:6%; margin-top: 1em"><i>/usr/local/3proxy/3proxy.cfg
+(3proxy.cfg)</i></p>
+
+<p style="margin-left:15%;"><b>3proxy</b> configuration
+file</p>
+
+<h2>BUGS
+<a name="BUGS"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">Report all bugs
+to <b>3proxy@3proxy.org</b></p>
+
+<h2>SEE ALSO
+<a name="SEE ALSO"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">3proxy.cfg(5),
+proxy(8), ftppr(8), socks(8), pop3p(8), tcppm(8), udppm(8),
+kill(1), syslogd(8), <br>
+https://3proxy.org/</p>
+
+<h2>TRIVIA
+<a name="TRIVIA"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">3APA3A is
+pronounced as ``zaraza&acute;&acute;.</p>
+
+<h2>AUTHORS
+<a name="AUTHORS"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">3proxy is
+designed by Vladimir 3APA3A Dubrovin
+(<i>3proxy@3proxy.org</i>)</p>
+<hr>
+</body>
+</html>

doc/html/man8/3proxy_crypt.8.html

@@ -0,0 +1,168 @@
+<!-- Creator     : groff version 1.24.1 -->
+<html>
+<head>
+
+</head>
+<body>
+
+<h1 align="center">3proxy_crypt</h1>
+
+<a href="#NAME">NAME</a><br>
+<a href="#SYNOPSIS">SYNOPSIS</a><br>
+<a href="#DESCRIPTION">DESCRIPTION</a><br>
+<a href="#OPTIONS">OPTIONS</a><br>
+<a href="#EXAMPLE">EXAMPLE</a><br>
+<a href="#NOTES">NOTES</a><br>
+<a href="#BUGS">BUGS</a><br>
+<a href="#SEE ALSO">SEE ALSO</a><br>
+<a href="#AUTHORS">AUTHORS</a><br>
+
+<hr>
+
+
+<h2>NAME
+<a name="NAME"></a>
+</h2>
+
+
+
+<p style="margin-left:6%; margin-top: 1em"><b>3proxy_crypt</b>
+- utility to generate encrypted passwords for 3proxy</p>
+
+<h2>SYNOPSIS
+<a name="SYNOPSIS"></a>
+</h2>
+
+
+
+<p style="margin-left:6%; margin-top: 1em"><b>3proxy_crypt</b>
+<i>password</i> <b><br>
+3proxy_crypt</b> <i>salt password</i></p>
+
+<h2>DESCRIPTION
+<a name="DESCRIPTION"></a>
+</h2>
+
+
+
+<p style="margin-left:6%; margin-top: 1em"><i><b>3proxy_crypt</b></i>
+is a utility to generate encrypted password hashes for use
+with 3proxy configuration. Encrypted passwords allow the
+system to avoid storing passwords in cleartext in
+configuration files.</p>
+
+<p style="margin-left:6%; margin-top: 1em">When invoked
+with a single argument, it produces an NT password hash
+(MD4-based, suitable for NTLM authentication). The output is
+prefixed with <b>NT:</b>.</p>
+
+<p style="margin-left:6%; margin-top: 1em">When invoked
+with two arguments (salt and password), it produces a
+BLAKE2b password hash. The salt length is limited to 64
+characters. The output is prefixed with <b>CR:</b>.</p>
+
+<p style="margin-left:6%; margin-top: 1em">The resulting
+hash can be used in the 3proxy configuration file with the
+<b>users</b> directive instead of a cleartext password.</p>
+
+<h2>OPTIONS
+<a name="OPTIONS"></a>
+</h2>
+
+
+
+<p style="margin-left:6%; margin-top: 1em"><i>password</i></p>
+
+<p style="margin-left:15%;">Cleartext password to
+encrypt.</p>
+
+<table width="100%" border="0" rules="none" frame="void"
+       cellspacing="0" cellpadding="0">
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="5%">
+
+
+<p><i>salt</i></p></td>
+<td width="4%"></td>
+<td width="65%">
+
+
+<p>Salt string for BLAKE2b hashing (max 64 characters).</p></td>
+<td width="20%">
+</td></tr>
+</table>
+
+<h2>EXAMPLE
+<a name="EXAMPLE"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">Generate NT
+password hash:</p>
+
+<p style="margin-left:15%;">3proxy_crypt
+MySecretPassword</p>
+
+<p style="margin-left:6%;">Result:</p>
+
+
+<p style="margin-left:15%;">NT:3F7E6D8D96E8E7A9B0C1D2E3F4A5B6C7</p>
+
+<p style="margin-left:6%;">Generate BLAKE2b password hash
+with salt:</p>
+
+<p style="margin-left:15%;">3proxy_crypt MySalt
+MySecretPassword</p>
+
+<p style="margin-left:6%;">Result:</p>
+
+<p style="margin-left:15%;">CR:$3$MySalt$...</p>
+
+<p style="margin-left:6%;">Using in 3proxy.cfg:</p>
+
+<p style="margin-left:15%;">users
+user1:CR:$3$MySalt$...</p>
+
+<h2>NOTES
+<a name="NOTES"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">The NT hash uses
+the RSA MD4 Message-Digest Algorithm. The BLAKE2b hash uses
+the BLAKE2 cryptographic hash function.</p>
+
+<p style="margin-left:6%; margin-top: 1em">When a password
+hash is prefixed with <b>NT:</b> or <b>CR:</b>, 3proxy uses
+the corresponding algorithm to verify passwords instead of
+comparing cleartext strings.</p>
+
+<h2>BUGS
+<a name="BUGS"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">Report all bugs
+to <b>3proxy@3proxy.org</b></p>
+
+<h2>SEE ALSO
+<a name="SEE ALSO"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">3proxy(8),
+3proxy.cfg(5), <br>
+https://3proxy.org/</p>
+
+<h2>AUTHORS
+<a name="AUTHORS"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">3proxy is
+designed by Vladimir 3APA3A Dubrovin
+(<i>3proxy@3proxy.org</i>)</p>
+<hr>
+</body>
+</html>

doc/html/man8/ftppr.8.html

@@ -0,0 +1,258 @@
+<!-- Creator     : groff version 1.24.1 -->
+<html>
+<head>
+
+</head>
+<body>
+
+<h1 align="center">ftppr</h1>
+
+<a href="#NAME">NAME</a><br>
+<a href="#SYNOPSIS">SYNOPSIS</a><br>
+<a href="#DESCRIPTION">DESCRIPTION</a><br>
+<a href="#OPTIONS">OPTIONS</a><br>
+<a href="#CLIENTS">CLIENTS</a><br>
+<a href="#BUGS">BUGS</a><br>
+<a href="#SEE ALSO">SEE ALSO</a><br>
+<a href="#AUTHORS">AUTHORS</a><br>
+
+<hr>
+
+
+<h2>NAME
+<a name="NAME"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em"><b>ftppr</b> -
+FTP proxy gateway service</p>
+
+<h2>SYNOPSIS
+<a name="SYNOPSIS"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em"><b>ftppr</b>
+[<b>-d</b>] [<b>-l</b>[[<i>@</i>]<i>logfile</i>]]
+[<b>-p</b><i>port</i>] [<b>-i</b><i>internal_ip</i>]
+[<b>-e</b><i>external_ip</i>]
+[<b>-h</b><i>default_ip[:port]</i>]</p>
+
+<h2>DESCRIPTION
+<a name="DESCRIPTION"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em"><b>ftppr</b> is
+FTP gateway service to allow internal users to access
+external FTP servers.</p>
+
+<h2>OPTIONS
+<a name="OPTIONS"></a>
+</h2>
+
+
+<table width="100%" border="0" rules="none" frame="void"
+       cellspacing="0" cellpadding="0">
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-I</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Inetd mode. Standalone service
+only.</p> </td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-d</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Daemonize. Detach service from
+console and run in the background.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-t</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Be silenT. Do not log
+start/stop/accept error records.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-u</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Never look for username
+authentication.</p> </td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-e</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">External address. IP address of
+the interface the proxy should initiate connections from. By
+default, the system will decide which address to use in
+accordance with the routing table.</p></td></tr>
+</table>
+
+<p style="margin-left:6%;"><b>-ni</b><i>PATH</i></p>
+
+<p style="margin-left:15%;">(Linux only) Switch to the
+network namespace identified by <i>PATH</i> before opening
+the listening socket. The current namespace is saved and
+restored immediately after binding, so outgoing connections
+run in the original namespace unless <b>-ne</b> is also
+given.</p>
+
+<p style="margin-left:6%;"><b>-ne</b><i>PATH</i></p>
+
+<p style="margin-left:15%;">(Linux only) Switch to the
+network namespace identified by <i>PATH</i> after the
+listening socket has been bound (and after restoring from
+<b>-ni</b> if applicable). Both options accept any namespace
+file path (e.g. <i>/var/run/netns/myns</i> or
+<i>/proc/PID/ns/net</i>) and require
+<b>CAP_SYS_ADMIN</b>.</p>
+
+<table width="100%" border="0" rules="none" frame="void"
+       cellspacing="0" cellpadding="0">
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p><b>-i</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p>Internal address. IP address the proxy accepts
+connections to. By default, connections to any interface are
+accepted. It&acute;s usually unsafe. Unix domain sockets can
+be specified with <i>-iunix:/path/to/socket</i> syntax
+(e.g., -iunix:/var/run/ftppr.sock). On Linux, abstract
+sockets use <i>-iunix:@socketname</i> syntax.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-h</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Default destination. It&rsquo;s
+used if the target address is not specified by the user.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-p</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Port. Port proxy listens for
+incoming connections. Default is 21.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-l</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Log. By default logging is to
+stdout. If <i>logfile</i> is specified logging is to file.
+Under Unix, if &acute;<i>@</i>&acute; precedes
+<i>logfile</i>, syslog is used for logging.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-S</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Increase or decrease stack size.
+You may want to try something like -S8192 if you experience
+3proxy crashes.</p></td></tr>
+</table>
+
+<h2>CLIENTS
+<a name="CLIENTS"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">You can use any
+FTP client, regardless of FTP proxy support. For a client
+with FTP proxy support, configure <i>internal_ip</i> and
+<i>port</i> in the FTP proxy parameters. For clients without
+FTP proxy support, use <i>internal_ip</i> and <i>port</i> as
+the FTP server. The address of the real FTP server must be
+configured as a part of the FTP username. The format for the
+username is <i>username</i>@<i>server</i>, where
+<i>server</i> is the address of the FTP server and
+<i>username</i> is the user&acute;s login on this FTP
+server. The login itself may contain an &acute;@&acute;
+sign. Only cleartext authentication is currently
+supported.</p>
+
+<h2>BUGS
+<a name="BUGS"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">Report all bugs
+to <b>3proxy@3proxy.org</b></p>
+
+<h2>SEE ALSO
+<a name="SEE ALSO"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">3proxy(8),
+proxy(8), pop3p(8), socks(8), tcppm(8), udppm(8),
+syslogd(8), <br>
+https://3proxy.org/</p>
+
+<h2>AUTHORS
+<a name="AUTHORS"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">3proxy is
+designed by Vladimir 3APA3A Dubrovin
+(<i>3proxy@3proxy.org</i>)</p>
+<hr>
+</body>
+</html>

doc/html/man8/pop3p.8.html

@@ -0,0 +1,258 @@
+<!-- Creator     : groff version 1.24.1 -->
+<html>
+<head>
+
+</head>
+<body>
+
+<h1 align="center">pop3p</h1>
+
+<a href="#NAME">NAME</a><br>
+<a href="#SYNOPSIS">SYNOPSIS</a><br>
+<a href="#DESCRIPTION">DESCRIPTION</a><br>
+<a href="#OPTIONS">OPTIONS</a><br>
+<a href="#CLIENTS">CLIENTS</a><br>
+<a href="#BUGS">BUGS</a><br>
+<a href="#SEE ALSO">SEE ALSO</a><br>
+<a href="#AUTHORS">AUTHORS</a><br>
+
+<hr>
+
+
+<h2>NAME
+<a name="NAME"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em"><b>pop3p</b> -
+POP3 proxy gateway service</p>
+
+<h2>SYNOPSIS
+<a name="SYNOPSIS"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em"><b>pop3p</b>
+[<b>-d</b>] [<b>-l</b>[[<i>@</i>]<i>logfile</i>]]
+[<b>-p</b><i>port</i>] [<b>-i</b><i>internal_ip</i>]
+[<b>-e</b><i>external_ip</i>]
+[<b>-h</b><i>default_ip[:port]</i>]</p>
+
+<h2>DESCRIPTION
+<a name="DESCRIPTION"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em"><b>pop3p</b> is
+POP3 gateway service to allow internal users to access
+external POP3 servers.</p>
+
+<h2>OPTIONS
+<a name="OPTIONS"></a>
+</h2>
+
+
+<table width="100%" border="0" rules="none" frame="void"
+       cellspacing="0" cellpadding="0">
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-I</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Inetd mode. Standalone service
+only.</p> </td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-d</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Daemonize. Detach service from
+console and run in the background.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-t</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Be silenT. Do not log
+start/stop/accept error records.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-u</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Never look for username
+authentication.</p> </td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-e</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">External address. IP address of
+the interface the proxy should initiate connections from. By
+default, the system will decide which address to use in
+accordance with the routing table.</p></td></tr>
+</table>
+
+<p style="margin-left:6%;"><b>-ni</b><i>PATH</i></p>
+
+<p style="margin-left:15%;">(Linux only) Switch to the
+network namespace identified by <i>PATH</i> before opening
+the listening socket. The current namespace is saved and
+restored immediately after binding, so outgoing connections
+run in the original namespace unless <b>-ne</b> is also
+given.</p>
+
+<p style="margin-left:6%;"><b>-ne</b><i>PATH</i></p>
+
+<p style="margin-left:15%;">(Linux only) Switch to the
+network namespace identified by <i>PATH</i> after the
+listening socket has been bound (and after restoring from
+<b>-ni</b> if applicable). Both options accept any namespace
+file path (e.g. <i>/var/run/netns/myns</i> or
+<i>/proc/PID/ns/net</i>) and require
+<b>CAP_SYS_ADMIN</b>.</p>
+
+<table width="100%" border="0" rules="none" frame="void"
+       cellspacing="0" cellpadding="0">
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p><b>-i</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p>Internal address. IP address the proxy accepts
+connections to. By default, connections to any interface are
+accepted. It&acute;s usually unsafe. Unix domain sockets can
+be specified with <i>-iunix:/path/to/socket</i> syntax
+(e.g., -iunix:/var/run/pop3p.sock). On Linux, abstract
+sockets use <i>-iunix:@socketname</i> syntax.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-p</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Port. Port proxy listens for
+incoming connections. Default is 110.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-h</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Default destination. It&rsquo;s
+used if the target address is not specified by the user.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-l</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Log. By default logging is to
+stdout. If <i>logfile</i> is specified logging is to file.
+Under Unix, if &acute;<i>@</i>&acute; precedes
+<i>logfile</i>, syslog is used for logging.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-S</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Increase or decrease stack size.
+You may want to try something like -S8192 if you experience
+3proxy crashes.</p></td></tr>
+</table>
+
+<h2>CLIENTS
+<a name="CLIENTS"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">You can use any
+MUA (Mail User Agent) with POP3 support. Set the client to
+use <i>internal_ip</i> and <i>port</i> as a POP3 server. The
+address of the real POP3 server must be configured as a part
+of the POP3 username. The format for the username is
+<i>username</i>@<i>server</i>, where <i>server</i> is the
+address of the POP3 server and <i>username</i> is the
+user&acute;s login on this POP3 server. The login itself may
+contain an &acute;@&acute; sign. Only cleartext
+authentication is supported, because challenge-response
+authentication (APOP, CRAM-MD5, etc.) requires a challenge
+from the server before we know which server to connect
+to.</p>
+
+<h2>BUGS
+<a name="BUGS"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">Report all bugs
+to <b>3proxy@3proxy.org</b></p>
+
+<h2>SEE ALSO
+<a name="SEE ALSO"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">3proxy(8),
+ftppr(8), proxy(8), socks(8), tcppm(8), udppm(8),
+syslogd(8), <br>
+https://3proxy.org/</p>
+
+<h2>AUTHORS
+<a name="AUTHORS"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">3proxy is
+designed by Vladimir 3APA3A Dubrovin
+(<i>3proxy@3proxy.org</i>)</p>
+<hr>
+</body>
+</html>

doc/html/man8/proxy.8.html

@@ -0,0 +1,263 @@
+<!-- Creator     : groff version 1.24.1 -->
+<html>
+<head>
+
+</head>
+<body>
+
+<h1 align="center">proxy</h1>
+
+<a href="#NAME">NAME</a><br>
+<a href="#SYNOPSIS">SYNOPSIS</a><br>
+<a href="#DESCRIPTION">DESCRIPTION</a><br>
+<a href="#OPTIONS">OPTIONS</a><br>
+<a href="#CLIENTS">CLIENTS</a><br>
+<a href="#BUGS">BUGS</a><br>
+<a href="#SEE ALSO">SEE ALSO</a><br>
+<a href="#AUTHORS">AUTHORS</a><br>
+
+<hr>
+
+
+<h2>NAME
+<a name="NAME"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em"><b>proxy</b> -
+HTTP proxy gateway service</p>
+
+<h2>SYNOPSIS
+<a name="SYNOPSIS"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em"><b>proxy</b>
+[<b>-d</b>][<b>-a</b>] [<b>-l</b>[[<i>@</i>]<i>logfile</i>]]
+[<b>-p</b><i>port</i>] [<b>-i</b><i>internal_ip</i>]
+[<b>-e</b><i>external_ip</i>]</p>
+
+<h2>DESCRIPTION
+<a name="DESCRIPTION"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em"><b>proxy</b> is
+HTTP gateway service with HTTPS and FTP over HTTPS
+support.</p>
+
+<h2>OPTIONS
+<a name="OPTIONS"></a>
+</h2>
+
+
+<table width="100%" border="0" rules="none" frame="void"
+       cellspacing="0" cellpadding="0">
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-I</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Inetd mode. Standalone service
+only.</p> </td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-d</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Daemonize. Detach service from
+console and run in the background.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-t</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Be silenT. Do not log
+start/stop/accept error records.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-u</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Never ask for username
+authentication</p> </td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-e</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">External address. IP address of
+the interface the proxy should initiate connections from. By
+default, the system will decide which address to use in
+accordance with the routing table.</p></td></tr>
+</table>
+
+<p style="margin-left:6%;"><b>-ni</b><i>PATH</i></p>
+
+<p style="margin-left:15%;">(Linux only) Switch to the
+network namespace identified by <i>PATH</i> before opening
+the listening socket. The current namespace is saved and
+restored immediately after binding, so outgoing connections
+run in the original namespace unless <b>-ne</b> is also
+given.</p>
+
+<p style="margin-left:6%;"><b>-ne</b><i>PATH</i></p>
+
+<p style="margin-left:15%;">(Linux only) Switch to the
+network namespace identified by <i>PATH</i> after the
+listening socket has been bound (and after restoring from
+<b>-ni</b> if applicable). Both options accept any namespace
+file path (e.g. <i>/var/run/netns/myns</i> or
+<i>/proc/PID/ns/net</i>) and require
+<b>CAP_SYS_ADMIN</b>.</p>
+
+<table width="100%" border="0" rules="none" frame="void"
+       cellspacing="0" cellpadding="0">
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="4%">
+
+
+<p><b>-i</b></p></td>
+<td width="5%"></td>
+<td width="85%">
+
+
+<p>Internal address. IP address the proxy accepts
+connections to. By default, connections to any interface are
+accepted. It&acute;s usually unsafe. Unix domain sockets can
+be specified with <i>-iunix:/path/to/socket</i> syntax
+(e.g., -iunix:/var/run/proxy.sock). On Linux, abstract
+sockets use <i>-iunix:@socketname</i> syntax.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="4%">
+
+
+<p style="margin-top: 1em"><b>-a</b></p></td>
+<td width="5%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Anonymous. Hide information
+about client.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="4%">
+
+
+<p style="margin-top: 1em"><b>-a1</b></p></td>
+<td width="5%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Anonymous. Show fake information
+about client.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="4%">
+
+
+<p style="margin-top: 1em"><b>-p</b></p></td>
+<td width="5%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Port. Port proxy listens for
+incoming connections. Default is 3128.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="4%">
+
+
+<p style="margin-top: 1em"><b>-l</b></p></td>
+<td width="5%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Log. By default logging is to
+stdout. If <i>logfile</i> is specified logging is to file.
+Under Unix, if &acute;<i>@</i>&acute; preceeds
+<i>logfile</i>, syslog is used for logging.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="4%">
+
+
+<p style="margin-top: 1em"><b>-S</b></p></td>
+<td width="5%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Increase or decrease stack size.
+You may want to try something like -S8192 if you experience
+3proxy crashes.</p></td></tr>
+</table>
+
+<h2>CLIENTS
+<a name="CLIENTS"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">You should use a
+client with HTTP proxy support or configure a router to
+redirect HTTP traffic to the proxy (transparent proxy).
+Configure the client to connect to <i>internal_ip</i> and
+<i>port</i>. HTTPS support allows you to use almost any
+TCP-based protocol. If you need to limit clients, use
+<b>3proxy</b>(8) instead.</p>
+
+<h2>BUGS
+<a name="BUGS"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">Report all bugs
+to <b>3proxy@3proxy.org</b></p>
+
+<h2>SEE ALSO
+<a name="SEE ALSO"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">3proxy(8),
+ftppr(8), socks(8), pop3p(8), tcppm(8), udppm(8),
+syslogd(8), <br>
+https://3proxy.org/</p>
+
+<h2>AUTHORS
+<a name="AUTHORS"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">3proxy is
+designed by Vladimir 3APA3A Dubrovin
+(<i>3proxy@3proxy.org</i>)</p>
+<hr>
+</body>
+</html>

doc/html/man8/smtpp.8.html

@@ -0,0 +1,258 @@
+<!-- Creator     : groff version 1.24.1 -->
+<html>
+<head>
+
+</head>
+<body>
+
+<h1 align="center">smtpp</h1>
+
+<a href="#NAME">NAME</a><br>
+<a href="#SYNOPSIS">SYNOPSIS</a><br>
+<a href="#DESCRIPTION">DESCRIPTION</a><br>
+<a href="#OPTIONS">OPTIONS</a><br>
+<a href="#CLIENTS">CLIENTS</a><br>
+<a href="#BUGS">BUGS</a><br>
+<a href="#SEE ALSO">SEE ALSO</a><br>
+<a href="#AUTHORS">AUTHORS</a><br>
+
+<hr>
+
+
+<h2>NAME
+<a name="NAME"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em"><b>smtpp</b> -
+SMTP proxy gateway service</p>
+
+<h2>SYNOPSIS
+<a name="SYNOPSIS"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em"><b>smtpp</b>
+[<b>-d</b>] [<b>-l</b>[[<i>@</i>]<i>logfile</i>]]
+[<b>-p</b><i>port</i>] [<b>-i</b><i>internal_ip</i>]
+[<b>-e</b><i>external_ip</i>]
+[<b>-h</b><i>default_ip[:port]</i>]</p>
+
+<h2>DESCRIPTION
+<a name="DESCRIPTION"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em"><b>smtpp</b> is
+SMTP gateway service to allow internal users to access
+external SMTP servers.</p>
+
+<h2>OPTIONS
+<a name="OPTIONS"></a>
+</h2>
+
+
+<table width="100%" border="0" rules="none" frame="void"
+       cellspacing="0" cellpadding="0">
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-I</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Inetd mode. Standalone service
+only.</p> </td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-d</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Daemonize. Detach service from
+console and run in the background.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-t</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Be silenT. Do not log
+start/stop/accept error records.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-u</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Never look for username
+authentication.</p> </td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-e</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">External address. IP address of
+the interface the proxy should initiate connections from. By
+default, the system will decide which address to use in
+accordance with the routing table.</p></td></tr>
+</table>
+
+<p style="margin-left:6%;"><b>-ni</b><i>PATH</i></p>
+
+<p style="margin-left:15%;">(Linux only) Switch to the
+network namespace identified by <i>PATH</i> before opening
+the listening socket. The current namespace is saved and
+restored immediately after binding, so outgoing connections
+run in the original namespace unless <b>-ne</b> is also
+given.</p>
+
+<p style="margin-left:6%;"><b>-ne</b><i>PATH</i></p>
+
+<p style="margin-left:15%;">(Linux only) Switch to the
+network namespace identified by <i>PATH</i> after the
+listening socket has been bound (and after restoring from
+<b>-ni</b> if applicable). Both options accept any namespace
+file path (e.g. <i>/var/run/netns/myns</i> or
+<i>/proc/PID/ns/net</i>) and require
+<b>CAP_SYS_ADMIN</b>.</p>
+
+<table width="100%" border="0" rules="none" frame="void"
+       cellspacing="0" cellpadding="0">
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p><b>-i</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p>Internal address. IP address the proxy accepts
+connections to. By default, connections to any interface are
+accepted. It&acute;s usually unsafe. Unix domain sockets can
+be specified with <i>-iunix:/path/to/socket</i> syntax
+(e.g., -iunix:/var/run/smtpp.sock). On Linux, abstract
+sockets use <i>-iunix:@socketname</i> syntax.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-p</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Port. Port proxy listens for
+incoming connections. Default is 25.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-h</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Default destination. It&rsquo;s
+used if the target address is not specified by the user.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-l</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Log. By default logging is to
+stdout. If <i>logfile</i> is specified logging is to file.
+Under Unix, if &acute;<i>@</i>&acute; precedes
+<i>logfile</i>, syslog is used for logging.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-S</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Increase or decrease stack size.
+You may want to try something like -S8192 if you experience
+3proxy crashes.</p></td></tr>
+</table>
+
+<h2>CLIENTS
+<a name="CLIENTS"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">You can use any
+MUA (Mail User Agent) with SMTP authentication support. Set
+the client to use <i>internal_ip</i> and <i>port</i> as an
+SMTP server. The address of the real SMTP server must be
+configured as a part of the SMTP username. The format for
+the username is <i>username</i>@<i>server</i>, where
+<i>server</i> is the address of the SMTP server and
+<i>username</i> is the user&acute;s login on this SMTP
+server. The login itself may contain an &acute;@&acute;
+sign. Only cleartext authentication is supported, because
+challenge-response authentication (CRAM-MD5, SPA, etc.)
+requires a challenge from the server before we know which
+server to connect to.</p>
+
+<h2>BUGS
+<a name="BUGS"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">Report all bugs
+to <b>3proxy@3proxy.org</b></p>
+
+<h2>SEE ALSO
+<a name="SEE ALSO"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">3proxy(8),
+ftppr(8), proxy(8), socks(8), tcppm(8), udppm(8),
+syslogd(8), <br>
+https://3proxy.org/</p>
+
+<h2>AUTHORS
+<a name="AUTHORS"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">3proxy is
+designed by Vladimir 3APA3A Dubrovin
+(<i>3proxy@3proxy.org</i>)</p>
+<hr>
+</body>
+</html>

doc/html/man8/socks.8.html

@@ -0,0 +1,276 @@
+<!-- Creator     : groff version 1.24.1 -->
+<html>
+<head>
+
+</head>
+<body>
+
+<h1 align="center">socks</h1>
+
+<a href="#NAME">NAME</a><br>
+<a href="#SYNOPSIS">SYNOPSIS</a><br>
+<a href="#DESCRIPTION">DESCRIPTION</a><br>
+<a href="#OPTIONS">OPTIONS</a><br>
+<a href="#CLIENTS">CLIENTS</a><br>
+<a href="#BUGS">BUGS</a><br>
+<a href="#SEE ALSO">SEE ALSO</a><br>
+<a href="#AUTHORS">AUTHORS</a><br>
+
+<hr>
+
+
+<h2>NAME
+<a name="NAME"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em"><b>socks</b> -
+SOCKS 4/4.5/5 gateway service</p>
+
+<h2>SYNOPSIS
+<a name="SYNOPSIS"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em"><b>socks</b>
+[<b>-d</b>] [<b>-l</b>[[<i>@</i>]<i>logfile</i>]]
+[<b>-p</b><i>port</i>] [<b>-i</b><i>internal_ip</i>]
+[<b>-e</b><i>external_ip</i>]</p>
+
+<h2>DESCRIPTION
+<a name="DESCRIPTION"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em"><b>socks</b> is
+SOCKS server. It supports SOCKSv4, SOCKSv4.5 (extension to
+v4 for server side name resolution) and SOCKSv5. SOCKSv5
+specification allows both outgoing and reverse TCP
+connections and UDP portmapping.</p>
+
+<h2>OPTIONS
+<a name="OPTIONS"></a>
+</h2>
+
+
+<table width="100%" border="0" rules="none" frame="void"
+       cellspacing="0" cellpadding="0">
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-I</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Inetd mode. Standalone service
+only.</p> </td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-d</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Daemonize. Detach service from
+console and run in the background.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-t</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Be silenT. Do not log
+start/stop/accept error records.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-u</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Never ask for username
+authentication</p> </td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-e</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">External address. IP address of
+the interface the proxy should initiate connections from.
+External IP must be specified if you need incoming
+connections. By default, the system will decide which
+address to use in accordance with the routing table.</p></td></tr>
+</table>
+
+<p style="margin-left:6%;"><b>-ni</b><i>PATH</i></p>
+
+<p style="margin-left:15%;">(Linux only) Switch to the
+network namespace identified by <i>PATH</i> before opening
+the listening socket. The current namespace is saved and
+restored immediately after binding, so outgoing connections
+run in the original namespace unless <b>-ne</b> is also
+given.</p>
+
+<p style="margin-left:6%;"><b>-ne</b><i>PATH</i></p>
+
+<p style="margin-left:15%;">(Linux only) Switch to the
+network namespace identified by <i>PATH</i> after the
+listening socket has been bound (and after restoring from
+<b>-ni</b> if applicable). Both options accept any namespace
+file path (e.g. <i>/var/run/netns/myns</i> or
+<i>/proc/PID/ns/net</i>) and require
+<b>CAP_SYS_ADMIN</b>.</p>
+
+<table width="100%" border="0" rules="none" frame="void"
+       cellspacing="0" cellpadding="0">
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="4%">
+
+
+<p><b>-Ne</b></p></td>
+<td width="5%"></td>
+<td width="85%">
+
+
+<p>External NAT address 3proxy reports to client for
+CONNECT/BIND. This is external address of NAT between 3proxy
+and destination server. By default, the external address is
+reported. It&rsquo;s only useful in the case of IP-IP NAT
+and does not work with port translation.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="4%">
+
+
+<p style="margin-top: 1em"><b>-Ni</b></p></td>
+<td width="5%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Internal NAT address 3proxy
+reports to client for UDPASSOC. This is external address of
+the NAT between 3proxy and the client, client uses to
+connect to 3proxy. By default, the internal address is
+reported. It&rsquo;s only useful in the case of IP-IP NAT
+and does not work with port translation.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="4%">
+
+
+<p style="margin-top: 1em"><b>-i</b></p></td>
+<td width="5%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Internal address. IP address the
+proxy accepts connections to. By default, connections to any
+interface are accepted. It&acute;s usually unsafe. Unix
+domain sockets can be specified with
+<i>-iunix:/path/to/socket</i> syntax (e.g.,
+-iunix:/var/run/socks.sock). On Linux, abstract sockets use
+<i>-iunix:@socketname</i> syntax.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="4%">
+
+
+<p style="margin-top: 1em"><b>-p</b></p></td>
+<td width="5%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Port. Port proxy listens for
+incoming connections. Default is 1080.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="4%">
+
+
+<p style="margin-top: 1em"><b>-l</b></p></td>
+<td width="5%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Log. By default logging is to
+stdout. If <i>logfile</i> is specified logging is to file.
+Under Unix, if &acute;<i>@</i>&acute; preceeds
+<i>logfile</i>, syslog is used for logging.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="4%">
+
+
+<p style="margin-top: 1em"><b>-S</b></p></td>
+<td width="5%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Increase or decrease stack size.
+You may want to try something like -S8192 if you experience
+3proxy crashes.</p></td></tr>
+</table>
+
+<h2>CLIENTS
+<a name="CLIENTS"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">You should use a
+client with SOCKS support or use some socksification support
+(for example <i>SocksCAP</i> or <i>FreeCAP</i>). Configure
+client to use <i>internal_ip</i> and <i>port</i>. SOCKS
+allows you to use almost any application protocol without
+limitation. This implementation also allows you to open
+privileged ports on the server (if socks has sufficient
+privileges). If you need to control access, use
+<b>3proxy</b>(8) instead.</p>
+
+<h2>BUGS
+<a name="BUGS"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">Report all bugs
+to <b>3proxy@3proxy.org</b></p>
+
+<h2>SEE ALSO
+<a name="SEE ALSO"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">3proxy(8),
+proxy(8), ftppr(8), pop3p(8), tcppm(8), udppm(8),
+syslogd(8), <br>
+https://3proxy.org/</p>
+
+<h2>AUTHORS
+<a name="AUTHORS"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">3proxy is
+designed by Vladimir 3APA3A Dubrovin
+(<i>3proxy@3proxy.org</i>)</p>
+<hr>
+</body>
+</html>

doc/html/man8/tcppm.8.html

@@ -0,0 +1,241 @@
+<!-- Creator     : groff version 1.24.1 -->
+<html>
+<head>
+
+</head>
+<body>
+
+<h1 align="center">tcppm</h1>
+
+<a href="#NAME">NAME</a><br>
+<a href="#SYNOPSIS">SYNOPSIS</a><br>
+<a href="#DESCRIPTION">DESCRIPTION</a><br>
+<a href="#OPTIONS">OPTIONS</a><br>
+<a href="#ARGUMENTS">ARGUMENTS</a><br>
+<a href="#CLIENTS">CLIENTS</a><br>
+<a href="#BUGS">BUGS</a><br>
+<a href="#SEE ALSO">SEE ALSO</a><br>
+<a href="#AUTHORS">AUTHORS</a><br>
+
+<hr>
+
+
+<h2>NAME
+<a name="NAME"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em"><b>tcppm</b> -
+TCP port mapper</p>
+
+<h2>SYNOPSIS
+<a name="SYNOPSIS"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em"><b>tcppm</b>
+[<b>-d</b>] [<b>-l</b>[[<i>@</i>]<i>logfile</i>]]
+[<b>-i</b><i>internal_ip</i>] [<b>-e</b><i>external_ip</i>]
+<i>local_port remote_host remote_port</i></p>
+
+<h2>DESCRIPTION
+<a name="DESCRIPTION"></a>
+</h2>
+
+
+
+<p style="margin-left:6%; margin-top: 1em"><i><b>tcppm</b></i>
+forwards connections from local to remote TCP port</p>
+
+<h2>OPTIONS
+<a name="OPTIONS"></a>
+</h2>
+
+
+<table width="100%" border="0" rules="none" frame="void"
+       cellspacing="0" cellpadding="0">
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-I</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Inetd mode. Standalone service
+only.</p> </td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-d</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Daemonize. Detach service from
+console and run in the background.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-t</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Be silenT. Do not log
+start/stop/accept error records.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-e</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">External address. IP address of
+the interface the proxy should initiate connections from. By
+default, the system will decide which address to use in
+accordance with the routing table.</p></td></tr>
+</table>
+
+<p style="margin-left:6%;"><b>-ni</b><i>PATH</i></p>
+
+<p style="margin-left:15%;">(Linux only) Switch to the
+network namespace identified by <i>PATH</i> before opening
+the listening socket. The current namespace is saved and
+restored immediately after binding, so outgoing connections
+run in the original namespace unless <b>-ne</b> is also
+given.</p>
+
+<p style="margin-left:6%;"><b>-ne</b><i>PATH</i></p>
+
+<p style="margin-left:15%;">(Linux only) Switch to the
+network namespace identified by <i>PATH</i> after the
+listening socket has been bound (and after restoring from
+<b>-ni</b> if applicable). Both options accept any namespace
+file path (e.g. <i>/var/run/netns/myns</i> or
+<i>/proc/PID/ns/net</i>) and require
+<b>CAP_SYS_ADMIN</b>.</p>
+
+<table width="100%" border="0" rules="none" frame="void"
+       cellspacing="0" cellpadding="0">
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p><b>-i</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p>Internal address. IP address the proxy accepts
+connections to. By default, connections to any interface are
+accepted. It&acute;s usually unsafe. Unix domain sockets can
+be specified with <i>-iunix:/path/to/socket</i> syntax
+(e.g., -iunix:/var/run/tcppm.sock). On Linux, abstract
+sockets use <i>-iunix:@socketname</i> syntax.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-l</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Log. By default logging is to
+stdout. If <i>logfile</i> is specified logging is to file.
+Under Unix, if &acute;<i>@</i>&acute; precedes
+<i>logfile</i>, syslog is used for logging.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-S</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Increase or decrease stack size.
+You may want to try something like -S8192 if you experience
+3proxy crashes.</p></td></tr>
+</table>
+
+<h2>ARGUMENTS
+<a name="ARGUMENTS"></a>
+</h2>
+
+
+
+<p style="margin-left:6%; margin-top: 1em"><i>local_port</i></p>
+
+<p style="margin-left:15%;">- port tcppm accepts
+connections on</p>
+
+<p style="margin-left:6%;"><i>remote_host</i></p>
+
+<p style="margin-left:15%;">- IP address of the host the
+connection is forwarded to. Unix domain sockets can be
+specified with the syntax <i>unix:/path/to/socket</i> (e.g.,
+unix:/var/run/app.sock). On Linux, abstract (fileless) Unix
+sockets use the syntax <i>unix:@socketname</i> (e.g.,
+unix:@app.socket).</p>
+
+<p style="margin-left:6%;"><i>remote_port</i></p>
+
+<p style="margin-left:15%;">- remote port the connection is
+forwarded to. Ignored when using Unix socket destination,
+but must be specified (use any positive value) for syntax
+compatibility.</p>
+
+<h2>CLIENTS
+<a name="CLIENTS"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">Any TCP-based
+application can be used as a client. Use <i>internal_ip</i>
+and <i>local_port</i> as the destination in the client
+application. The connection is forwarded to
+<i>remote_host</i>:<i>remote_port</i></p>
+
+<h2>BUGS
+<a name="BUGS"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">Report all bugs
+to <b>3proxy@3proxy.org</b></p>
+
+<h2>SEE ALSO
+<a name="SEE ALSO"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">3proxy(8),
+proxy(8), ftppr(8), socks(8), pop3p(8), udppm(8),
+syslogd(8), <br>
+https://3proxy.org/</p>
+
+<h2>AUTHORS
+<a name="AUTHORS"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">3proxy is
+designed by Vladimir 3APA3A Dubrovin
+(<i>3proxy@3proxy.org</i>)</p>
+<hr>
+</body>
+</html>

doc/html/man8/tlspr.8.html

@@ -0,0 +1,298 @@
+<!-- Creator     : groff version 1.24.1 -->
+<html>
+<head>
+
+</head>
+<body>
+
+<h1 align="center">tlspr</h1>
+
+<a href="#NAME">NAME</a><br>
+<a href="#SYNOPSIS">SYNOPSIS</a><br>
+<a href="#DESCRIPTION">DESCRIPTION</a><br>
+<a href="#OPTIONS">OPTIONS</a><br>
+<a href="#CLIENTS">CLIENTS</a><br>
+<a href="#BUGS">BUGS</a><br>
+<a href="#SEE ALSO">SEE ALSO</a><br>
+<a href="#AUTHORS">AUTHORS</a><br>
+
+<hr>
+
+
+<h2>NAME
+<a name="NAME"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em"><b>tlspr</b> -
+SNI proxy gateway service</p>
+
+<h2>SYNOPSIS
+<a name="SYNOPSIS"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em"><b>tlspr</b>
+[<b>-d</b>][<b>-a</b>] [<b>-l</b>[[<i>@</i>]<i>logfile</i>]]
+[<b>-p</b><i>listening_port</i>]
+[<b>-P</b><i>destination_port</i>]
+[<b>-c</b><i>tls_check_level</i>]
+[<b>-i</b><i>internal_ip</i>]
+[<b>-e</b><i>external_ip</i>]</p>
+
+<h2>DESCRIPTION
+<a name="DESCRIPTION"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em"><b>tlspr</b> is
+an SNI gateway service (destination host is taken from TLS
+handshake). The destination port must be specified via the
+-P option (or it may be detected with the Transparent
+plugin).</p>
+
+<h2>OPTIONS
+<a name="OPTIONS"></a>
+</h2>
+
+
+<table width="100%" border="0" rules="none" frame="void"
+       cellspacing="0" cellpadding="0">
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-I</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Inetd mode. Standalone service
+only.</p> </td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-d</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Daemonize. Detach service from
+console and run in the background.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-t</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Be silenT. Do not log
+start/stop/accept error records.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-u</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Never ask for username
+authentication</p> </td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-e</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">External address. IP address of
+the interface the proxy should initiate connections from. By
+default, the system will decide which address to use in
+accordance with the routing table.</p></td></tr>
+</table>
+
+<p style="margin-left:6%;"><b>-ni</b><i>PATH</i></p>
+
+<p style="margin-left:15%;">(Linux only) Switch to the
+network namespace identified by <i>PATH</i> before opening
+the listening socket. The current namespace is saved and
+restored immediately after binding, so outgoing connections
+run in the original namespace unless <b>-ne</b> is also
+given.</p>
+
+<p style="margin-left:6%;"><b>-ne</b><i>PATH</i></p>
+
+<p style="margin-left:15%;">(Linux only) Switch to the
+network namespace identified by <i>PATH</i> after the
+listening socket has been bound (and after restoring from
+<b>-ni</b> if applicable). Both options accept any namespace
+file path (e.g. <i>/var/run/netns/myns</i> or
+<i>/proc/PID/ns/net</i>) and require
+<b>CAP_SYS_ADMIN</b>.</p>
+
+<table width="100%" border="0" rules="none" frame="void"
+       cellspacing="0" cellpadding="0">
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="4%">
+
+
+<p><b>-i</b></p></td>
+<td width="5%"></td>
+<td width="85%">
+
+
+<p>Internal address. IP address the proxy accepts
+connections to. By default, connections to any interface are
+accepted. It&acute;s usually unsafe. Unix domain sockets can
+be specified with <i>-iunix:/path/to/socket</i> syntax
+(e.g., -iunix:/var/run/tlspr.sock). On Linux, abstract
+sockets use <i>-iunix:@socketname</i> syntax.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="4%">
+
+
+<p style="margin-top: 1em"><b>-a</b></p></td>
+<td width="5%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Anonymous. Hide information
+about client.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="4%">
+
+
+<p style="margin-top: 1em"><b>-a1</b></p></td>
+<td width="5%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Anonymous. Show fake information
+about client.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="4%">
+
+
+<p style="margin-top: 1em"><b>-p</b></p></td>
+<td width="5%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">listening_port. Port proxy
+listens for incoming connections. Default is 1443.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="4%">
+
+
+<p style="margin-top: 1em"><b>-P</b></p></td>
+<td width="5%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">destination_port. Port to
+establish outgoing connections. Required unless the
+Transparent plugin is used, because the TLS handshake does
+not contain port information. Default is 443.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="4%">
+
+
+<p style="margin-top: 1em"><b>-c</b></p></td>
+<td width="5%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">TLS_CHECK_LEVEL. 0 (default) -
+allow non-TLS traffic to pass, 1 - require TLS, only check
+client HELLO packet, 2 - require TLS, check both client and
+server HELLO, 3 - require TLS, check that the server sends a
+certificate (not compatible with TLS 1.3), 4 - require
+mutual TLS, check that the server sends a certificate
+request and the client sends a certificate (not compatible
+with TLS 1.3)</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="4%">
+
+
+<p style="margin-top: 1em"><b>-l</b></p></td>
+<td width="5%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Log. By default logging is to
+stdout. If <i>logfile</i> is specified logging is to file.
+Under Unix, if &acute;<i>@</i>&acute; precedes
+<i>logfile</i>, syslog is used for logging.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="4%">
+
+
+<p style="margin-top: 1em"><b>-S</b></p></td>
+<td width="5%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Increase or decrease stack size.
+You may want to try something like -S8192 if you experience
+3proxy crashes.</p></td></tr>
+</table>
+
+<h2>CLIENTS
+<a name="CLIENTS"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">You should use a
+client with TLS support or configure a router to redirect
+TLS traffic to the proxy (transparent proxy). Configure the
+client to connect to <i>internal_ip</i> and <i>port</i>. If
+you need to limit clients, use <b>3proxy</b>(8) instead.</p>
+
+<h2>BUGS
+<a name="BUGS"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">Report all bugs
+to <b>3proxy@3proxy.org</b></p>
+
+<h2>SEE ALSO
+<a name="SEE ALSO"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">3proxy(8),
+ftppr(8), proxy(8), socks(8), pop3p(8), smtpp(8), tcppm(8),
+udppm(8), syslogd(8), <br>
+https://3proxy.org/</p>
+
+<h2>AUTHORS
+<a name="AUTHORS"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">3proxy is
+designed by Vladimir 3APA3A Dubrovin
+(<i>3proxy@3proxy.org</i>)</p>
+<hr>
+</body>
+</html>

doc/html/man8/udppm.8.html

@@ -0,0 +1,248 @@
+<!-- Creator     : groff version 1.24.1 -->
+<html>
+<head>
+
+</head>
+<body>
+
+<h1 align="center">udppm</h1>
+
+<a href="#NAME">NAME</a><br>
+<a href="#SYNOPSIS">SYNOPSIS</a><br>
+<a href="#DESCRIPTION">DESCRIPTION</a><br>
+<a href="#OPTIONS">OPTIONS</a><br>
+<a href="#ARGUMENTS">ARGUMENTS</a><br>
+<a href="#CLIENTS">CLIENTS</a><br>
+<a href="#BUGS">BUGS</a><br>
+<a href="#SEE ALSO">SEE ALSO</a><br>
+<a href="#AUTHORS">AUTHORS</a><br>
+
+<hr>
+
+
+<h2>NAME
+<a name="NAME"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em"><b>udppm</b> -
+UDP port mapper</p>
+
+<h2>SYNOPSIS
+<a name="SYNOPSIS"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em"><b>udppm</b>
+[<b>-ds</b>] [<b>-l</b>[[<i>@</i>]<i>logfile</i>]]
+[<b>-i</b><i>internal_ip</i>] [<b>-e</b><i>external_ip</i>]
+<i>local_port remote_host remote_port</i></p>
+
+<h2>DESCRIPTION
+<a name="DESCRIPTION"></a>
+</h2>
+
+
+
+<p style="margin-left:6%; margin-top: 1em"><i><b>udppm</b></i>
+forwards datagrams from local to remote UDP port</p>
+
+<h2>OPTIONS
+<a name="OPTIONS"></a>
+</h2>
+
+
+<table width="100%" border="0" rules="none" frame="void"
+       cellspacing="0" cellpadding="0">
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-I</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Inetd mode. Standalone service
+only.</p> </td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-d</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Daemonize. Detach service from
+console and run in the background.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-t</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Be silenT. Do not log
+start/stop/accept error records.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-e</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">External address. IP address of
+the interface the proxy should initiate datagrams from. By
+default, the system will decide which address to use in
+accordance with the routing table.</p></td></tr>
+</table>
+
+<p style="margin-left:6%;"><b>-ni</b><i>PATH</i></p>
+
+<p style="margin-left:15%;">(Linux only) Switch to the
+network namespace identified by <i>PATH</i> before opening
+the listening socket. The current namespace is saved and
+restored immediately after binding, so outgoing connections
+run in the original namespace unless <b>-ne</b> is also
+given.</p>
+
+<p style="margin-left:6%;"><b>-ne</b><i>PATH</i></p>
+
+<p style="margin-left:15%;">(Linux only) Switch to the
+network namespace identified by <i>PATH</i> after the
+listening socket has been bound (and after restoring from
+<b>-ni</b> if applicable). Both options accept any namespace
+file path (e.g. <i>/var/run/netns/myns</i> or
+<i>/proc/PID/ns/net</i>) and require
+<b>CAP_SYS_ADMIN</b>.</p>
+
+<table width="100%" border="0" rules="none" frame="void"
+       cellspacing="0" cellpadding="0">
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p><b>-i</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p>Internal address. IP address the proxy accepts datagrams
+to. By default, connections to any interface are accepted.
+It&acute;s usually unsafe.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-l</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Log. By default logging is to
+stdout. If <i>logfile</i> is specified logging is to file.
+Under Unix, if &acute;<i>@</i>&acute; precedes
+<i>logfile</i>, syslog is used for logging.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-s</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Single packet. By default, only
+one client can use the udppm service, but if -s is
+specified, only one packet will be forwarded between client
+and server. This allows the service to be shared between
+multiple clients for single-packet services (for example,
+name lookups).</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="3%">
+
+
+<p style="margin-top: 1em"><b>-S</b></p></td>
+<td width="6%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Increase or decrease stack size.
+You may want to try something like -S8192 if you experience
+3proxy crashes.</p></td></tr>
+</table>
+
+<h2>ARGUMENTS
+<a name="ARGUMENTS"></a>
+</h2>
+
+
+
+<p style="margin-left:6%; margin-top: 1em"><i>local_port</i></p>
+
+<p style="margin-left:15%;">- port udppm accepts datagrams
+on</p>
+
+<p style="margin-left:6%;"><i>remote_host</i></p>
+
+<p style="margin-left:15%;">- IP address of the host
+datagrams are forwarded to</p>
+
+<p style="margin-left:6%;"><i>remote_port</i></p>
+
+<p style="margin-left:15%;">- remote port datagrams are
+forwarded to</p>
+
+<h2>CLIENTS
+<a name="CLIENTS"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">Any UDP-based
+application can be used as a client. Use <i>internal_ip</i>
+and <i>local_port</i> as the destination in the client
+application. All datagrams are forwarded to
+<i>remote_host</i>:<i>remote_port</i></p>
+
+<h2>BUGS
+<a name="BUGS"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">Report all bugs
+to <b>3proxy@3proxy.org</b></p>
+
+<h2>SEE ALSO
+<a name="SEE ALSO"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">3proxy(8),
+proxy(8), ftppr(8), socks(8), pop3p(8), udppm(8),
+syslogd(8), <br>
+https://3proxy.org/</p>
+
+<h2>AUTHORS
+<a name="AUTHORS"></a>
+</h2>
+
+
+<p style="margin-left:6%; margin-top: 1em">3proxy is
+designed by Vladimir 3APA3A Dubrovin
+(<i>3proxy@3proxy.org</i>)</p>
+<hr>
+</body>
+</html>

doc/html/plugins/PCREPlugin.html

@@ -1,10 +1,13 @@
+<h3>3proxy PCRE (Perl Compatible Regular Expressions) Filtering</h3>
 
-<h3>3proxy Perl Compatible Regular Expressions (PCRE) plugin</h3>
+<p><b>Note:</b> Since version 0.9.7, PCRE filtering is built into 3proxy and does not require
+a separate plugin. All pcre_* commands are available directly when 3proxy is compiled with
+PCRE2 support (WITH_PCRE). The plugin line is no longer needed.</p>
 
-This filtering plugin can be used to create matching and replace
-rules with regular expressions for client's request, client and
-servers header and client and server data. It adds 3 additional
-configuration commands:
+<p>This filtering functionality can be used to create matching and replacement
+rules with regular expressions for client requests, client and
+server headers, and client and server data. It adds 3 additional
+configuration commands:</p>
 
 <pre>
 pcre TYPE FILTER_ACTION REGEXP [ACE]
@@ -12,11 +15,11 @@ pcre_rewrite TYPE FILTER_ACTION REGEXP REWRITE_EXPRESSION [ACE]
 pcre_extend FILTER_ACTION [ACE]
 pcre_options OPTION1 [...]
 </pre>
-pcre - allows to apply some rule for matching
-<br>pcre_rewrite - in addition to 'pcre' allows to substitute substrings
-<br>pcre_extend - extends ACL of the last pcre or pcre_rewrite comand by
-adding additional ACE (like with allow/deny configuration commands).
-<br>pcre_options - allows to set matching options. Awailable options are:
+pcre - allows applying a rule for matching
+<br>pcre_rewrite - in addition to 'pcre', allows substituting substrings
+<br>pcre_extend - extends the ACL of the last pcre or pcre_rewrite command by
+adding an additional ACE (like with allow/deny configuration commands).
+<br>pcre_options - allows setting matching options. Available options are:
 PCRE_CASELESS,
 PCRE_MULTILINE,
 PCRE_DOTALL,
@@ -32,7 +35,7 @@ PCRE_UTF8,
 PCRE_NO_AUTO_CAPTURE,
 PCRE_NO_UTF8_CHECK,
 PCRE_AUTO_CALLOUT,
-PCRE_PARTIAL,     
+PCRE_PARTIAL,
 PCRE_DFA_SHORTEST,
 PCRE_DFA_RESTART,
 PCRE_FIRSTLINE,
@@ -47,48 +50,41 @@ PCRE_BSR_UNICODE
 
 <ul>
 <li>TYPE - type of filtered data. May contain one or more
-(comma delimited list) values:
+(comma-delimited list) values:
  <ul>
- <li>request - content of client's request e.g. HTTP GET request string.
-(known problem: changing request string doesn't change IP of the host to connect)
- <li>cliheader - content of client request headers,  e.g. HTTP request header.
- <li>srvheader - content of server's reply headers, e.g. HTTP status and headers.
- <li>clidata - data received from client, e.g. HTTP POST request data
- <li>srvdata - data received from server, e.g. HTML page
+ <li>request - content of the client's request, e.g., the HTTP GET request string.
+(known problem: changing the request string doesn't change the IP of the host to connect to)
+ <li>cliheader - content of the client request headers, e.g., HTTP request headers.
+ <li>srvheader - content of the server's reply headers, e.g., HTTP status and headers.
+ <li>clidata - data received from the client, e.g., HTTP POST request data
+ <li>srvdata - data received from the server, e.g., an HTML page
  </ul>
 <li>FILTER_ACTION - action on match
- <ul>allow - allow this request without checking rest of the given type
-of the rules
- <li>deny - deny this request without checking rest of the rules
- <li>dunno - continue with the rest of rules (useful with pcre_rewrite) 
+ <ul><li>allow - allow this request without checking the rest of the rules for the given type
+ <li>deny - deny this request without checking the rest of the rules
+ <li>dunno - continue with the rest of the rules (useful with pcre_rewrite)
  </ul>
-<li>REGEXP - PCRE (perl) regular expression. Use * if no regexp matching
-required.
-<li>REWRITE_EXPRESSION - substitution string. May contain perl-style
+<li>REGEXP - PCRE (Perl) regular expression. Use * if no regexp matching
+is required.
+<li>REWRITE_EXPRESSION - substitution string. May contain Perl-style
 substrings
-(not tested) $1, $2. $0 - means whole matched string. \r and \n may be used
-to insert new strings, string may be empty ("").
+(not tested) $1, $2. $0 means the whole matched string. \r and \n may be used
+to insert new strings; the string may be empty ("").
 <li>ACE - access control entry (user names, source IPs, destination IPs,
-ports, etc), absolutely identical to allow/deny/bandlimin commands.
-Regular expression is only matched if ACL matches connection data.
+ports, etc.), absolutely identical to allow/deny/bandlimin commands.
+The regular expression is only matched if the ACL matches the connection data.
 Warning:
-reqular expression doesn't require authentication and can not replace
+Regular expressions don't require authentication and cannot replace
 authentication and/or allow/deny ACLs.
 </ul>
 
 
 <h4>Example:</h4>
 <pre>
-plugin PCREPlugin.dll pcre_plugin
 pcre request deny "porn|sex" user1,user2,user3 192.168.0.0/16
 pcre srvheader deny "Content-type: application"
 pcre_rewrite clidata,srvdata dunno "porn|sex|pussy" "***" baduser
 pcre_extend deny * 192.168.0.1/16
 </pre>
 
-<h4>Download:</h4>
-<ul>
- <li>Plugin is included into 3proxy 0.6 binary and source distribution
- <li>Example configuration (by Dennis Garber): <A HREF="NoPornLitest.cfg.txt">NoPornLitest.cfg</A>
-</ul>
-
+&copy; Vladimir Dubrovin, License: BSD style

doc/html/plugins/PCREPlugin.ru.html

@@ -1,8 +1,12 @@
-<h3>Плагин регулярных выражений совместимых с Perl (PCRE) для 3proxy</h3>
+<h3>Фильтрация PCRE (Perl Compatible Regular Expressions) в 3proxy</h3>
 
-Фильтрующий плагин используется для создания правил поиска и замены
+<p><b>Примечание:</b> Начиная с версии 0.9.7 фильтрация PCRE встроена в 3proxy и не требует
+отдельного плагина. Все команды pcre_* доступны напрямую при компиляции 3proxy с поддержкой
+PCRE2 (WITH_PCRE). Строка plugin больше не нужна.</p>
+
+<p>Фильтрующий плагин используется для создания правил поиска и замены
 регулярных выражений в запросе, заголовков запроса и ответа и данных.
-Добавляет поддержку 3х новых команд в файле конфигурации:
+Добавляет поддержку 3х новых команд в файле конфигурации:</p>
 
 <pre>
 pcre TYPE FILTER_ACTION REGEXP [ACE]
@@ -30,7 +34,7 @@ PCRE_UTF8,
 PCRE_NO_AUTO_CAPTURE,
 PCRE_NO_UTF8_CHECK,
 PCRE_AUTO_CALLOUT,
-PCRE_PARTIAL,     
+PCRE_PARTIAL,
 PCRE_DFA_SHORTEST,
 PCRE_DFA_RESTART,
 PCRE_FIRSTLINE,
@@ -56,9 +60,9 @@ PCRE_BSR_UNICODE
  <li>srvdata - данные полученные от сервера, например содержимое HTML-страницы
  </ul>
 <li>FILTER_ACTION - действие при совпадении. Может принимать значение
- <ul>allow - разрешить данный запрос без просмотра дальнейших правил
+ <ul><li>allow - разрешить данный запрос без просмотра дальнейших правил
  <li>deny - запретить данный запрос без просмотра дальнейших правил
- <li>dunno - продолжить анализ правил (полезно для pcre_rewrite) 
+ <li>dunno - продолжить анализ правил (полезно для pcre_rewrite)
  </ul>
 <li>REGEXP - регулярное выражение в формате PCRE (perl). Используйте * если не
 требуется проерка регулярного выражения.
@@ -76,15 +80,10 @@ PCRE_BSR_UNICODE
 
 <h4>Пример:</h4>
 <pre>
-plugin PCREPlugin.dll pcre_plugin
 pcre request deny "porn|sex" user1,user2,user3 192.168.0.0/16
 pcre srvheader deny "Content-type: application"
 pcre_rewrite clidata,srvdata dunno "porn|sex|pussy" "***" baduser
 pcre_extend deny * 192.168.0.1/16
 </pre>
 
-<h4>Загрузить:</h4>
-<ul>
- <li>Плагин включен в дистрибутив 3proxy 0.6
- <li>Пример конфигурации (by Dennis Garber): <A HREF="NoPornLitest.cfg.txt">NoPornLitest.cfg</A>
-</ul>
+&copy; Vladimir Dubrovin, License: BSD style

doc/html/plugins/SSLPlugin.html

@@ -1,34 +1,124 @@
-<h3>3proxy SSL/TLS plugin</h3>
+<h3>3proxy SSL/TLS Support</h3>
 
-Plugin can be used to transparently decypher SSL/TLS data. Plugin should never be used in production environment due to
-potential securiy reasons.
+<p><b>Note:</b> Since version 0.9.7, SSL/TLS support is built into 3proxy and does not require
+a separate plugin. All ssl_* commands are available directly when 3proxy is compiled with
+OpenSSL support (WITH_SSL). The plugin line is no longer needed.</p>
 
-<pre>
-ssl_certcache PATH_TO_CACHE
-ssl_mitm
-ssl_nomitm
-</pre>
-ssl_certcache - path to certificates cache. For transparent spoofing cache must contain 3 files: 3proxy.pem - public
-self-signed certificates, 3proxy.key - key for public certificates, server.key - this key will be used to generates
-spoofed certificates.
-Generated certificates will be placed to the same path.
-<br>ssl_mitm - spoof certificates for services started below
+<p>SSL/TLS support can be used to transparently decrypt SSL/TLS data, provide TLS encryption
+for proxy traffic, and authenticate using client certificates.</p>
+
+<h4>For transparent certificate spoofing (MITM):</h4>
+
+<br>ssl_mitm - spoof certificates for services started below. Usage without ssl_client_verify is insecure.
 <br>ssl_nomitm - do not spoof certificates for services started below
 
+<h4>To protect traffic to the server (https:// proxy):</h4>
 
-<h4>Example:</h4>
+ssl_serv (or ssl_server) - require TLS connection from clients for services below
+<br>ssl_noserv (or ssl_noserver) - do not require TLS connection from clients for services below
+
+<h4>To use TLS for upstream connections:</h4>
+
+ssl_cli (or ssl_client) - establish TLS connection to upstream server for services below
+<br>ssl_nocli (or ssl_noclient) - do not establish TLS connection to upstream server for services below
+
+<h4>Parameters:</h4>
+
+<br><b>ssl_server_cert</b> /path/to/cert - Server certificate (should not be self-signed and must contain an Alternative Name) for ssl_serv
+<br><b>ssl_server_key</b> /path/to/key - Server certificate key for ssl_server_cert or generated MITM certificate
+<br><b>ssl_client_cert</b> /path/to/cert - Client certificate for authentication on upstream server (used with ssl_cli)
+<br><b>ssl_client_key</b> /path/to/key - Client certificate key for ssl_client_cert
+<br><b>ssl_client_ciphersuites</b> ciphersuites_list - TLS client ciphers for TLS 1.3, e.g., ssl_client_ciphersuites TLS_AES_128_GCM_SHA256
+<br><b>ssl_server_ciphersuites</b> ciphersuites_list - TLS server ciphers for TLS 1.3
+<br><b>ssl_client_cipher_list</b> ciphers_list - TLS client ciphers for TLS 1.2 and below, e.g., ssl_client_cipher_list ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
+<br><b>ssl_server_cipher_list</b> ciphers_list - TLS server ciphers for TLS 1.2 and below
+<br><b>ssl_client_min_proto_version</b> tls_version - TLS client minimum TLS version (e.g., TLSv1.2)
+<br><b>ssl_server_min_proto_version</b> tls_version - TLS server minimum TLS version (e.g., TLSv1.2)
+<br><b>ssl_client_max_proto_version</b> tls_version - TLS client maximum TLS version (e.g., TLSv1.2)
+<br><b>ssl_server_max_proto_version</b> tls_version - TLS server maximum TLS version (e.g., TLSv1.2)
+<br><b>ssl_client_verify</b> - verify the certificate for the upstream server in TLS client functionality (used with ssl_mitm or ssl_cli)
+<br><b>ssl_client_no_verify</b> - do not verify the certificate for the upstream server in TLS client functionality (default)
+<br><b>ssl_server_verify</b> - require client certificate authentication (mTLS) for ssl_serv
+<br><b>ssl_server_no_verify</b> - do not require client certificate (default)
+<br><b>ssl_server_ca_file</b> /path/to/cafile - CA certificate file for MITM
+<br><b>ssl_server_ca_key</b> /path/to/cakey - key for ssl_server_ca_file MITM CA
+<br><b>ssl_server_ca_dir</b> /path/to/cadir - CA directory for ssl_server_verify
+<br><b>ssl_server_ca_store</b> /path/to/castore - CA store for ssl_server_verify (OpenSSL 3.0+)
+<br><b>ssl_client_ca_file</b> /path/to/cafile - CA file for ssl_client_verify
+<br><b>ssl_client_ca_dir</b> /path/to/cadir - CA directory for ssl_client_verify
+<br><b>ssl_client_ca_store</b> /path/to/castore - CA store for ssl_client_verify (OpenSSL 3.0+)
+<br><b>ssl_client_sni</b> hostname - SNI hostname to send to upstream server (overrides the requested hostname)
+<br><b>ssl_client_alpn</b> protocol1 protocol2 ... - ALPN protocols to negotiate with upstream server (e.g., ssl_client_alpn h2 http/1.1)
+<br><b>ssl_client_mode</b> mode - when to establish TLS connection: 0 - on connect (default), 1 - after authentication, 2 - before data, 3 - only for secure parent types (ending with 's')
+<br><b>ssl_certcache</b> /path/to/cache/ - location for the generated MITM certificates cache, optional if ssl_server_ca_file / ssl_server_ca_key are configured.
+The cache may contain 3 files: 3proxy.pem - public
+self-signed certificates (used if ssl_server_ca_file is not configured),
+3proxy.key - key for public certificates, used if ssl_server_ca_key is not configured, server.key - this key is used if ssl_server_key is not configured to generate
+spoofed certificates. If server.key is absent, 3proxy.key is used to generate certificates.
+Generated certificates are placed in the same path.
+
+
+<h4>MITM example:</h4>
 <pre>
-plugin /path/to/SslPlugin.dll ssl_plugin
-ssl_certcache /path/to/cache/
+ssl_server_ca_file /path/to/cafile
+ssl_server_ca_key /path/to/cakey
 ssl_mitm
 proxy -p3128
 ssl_nomitm
 proxy -p3129
 </pre>
+MITM's traffic with a spoofed certificate for the port 3128 proxy.
 
-<h4>Download:</h4>
-<ul>
- <li>Plugin included into 3proxy 0.8
-</ul>
+<h4>https:// proxy example:</h4>
+<pre>
+ssl_server_cert path_to_cert
+ssl_server_key path_to_key
+ssl_serv
+proxy -p33128
+ssl_noserv
+proxy -p3128
+</pre>
+Creates an https:// proxy on port 33128 and an http:// proxy on port 3128
+
+<h4>TLS client example (connect to upstream via TLS):</h4>
+<pre>
+ssl_client_cert /path/to/client.crt
+ssl_client_key /path/to/client.key
+ssl_client_verify
+ssl_client_ca_file /path/to/ca.crt
+ssl_cli
+proxy -p3128
+</pre>
+Creates an HTTP proxy that connects to upstream servers via TLS with client certificate authentication.
+
+<h4>Conditional TLS for parent proxy (ssl_client_mode 3):</h4>
+<pre>
+ssl_server_cert /path/to/server.crt
+ssl_server_key /path/to/key
+ssl_client_mode 3
+
+auth strong
+allow user1
+parent 1000 https parent1.example.com 443
+allow user2
+parent 1000 socks5 parent2.example.com 1080
+ssl_serv
+ssl_cli
+proxy -p3128
+ssl_noserv
+ssl_nocli
+</pre>
+Creates an HTTP proxy on port 3128 that uses TLS for client connections (ssl_serv). With ssl_client_mode 3, TLS handshake to parent proxy is performed only if the parent type ends with 's' (secure types). In this example, user1's traffic goes through an https parent proxy with TLS encryption, while user2's traffic goes through a regular socks5 parent without TLS. Secure parent types include: tcps, https, connects, connect+s, socks4s, socks5s, socks4+s, socks5+s, pop3s, smtps, ftps.
+
+<h4>mTLS example (require client certificate):</h4>
+<pre>
+ssl_server_cert /path/to/server.crt
+ssl_server_key /path/to/server.key
+ssl_server_ca_file /path/to/ca.crt
+ssl_server_verify
+ssl_serv
+proxy -p3128
+</pre>
+Creates an https:// proxy that requires client certificate authentication.
 
 &copy; Vladimir Dubrovin, License: BSD style

doc/html/plugins/SSLPlugin.ru.html

@@ -1,32 +1,120 @@
-<h3>Плагин SSL/TLS для 3proxy</h3>
+<h3>3proxy SSL/TLS поддержка</h3>
 
-Плагин используется для транспарентной дешифровки SSL-трафика с подменой сертификата.
-Плагин не должен использоваться в рабочем окружении, т.к. его использование дает возможность обхода проверок SSL.
+<p><b>Примечание:</b> Начиная с версии 0.9.7 поддержка SSL/TLS встроена в 3proxy и не требует
+отдельного плагина. Все команды ssl_* доступны напрямую при компиляции 3proxy с поддержкой
+OpenSSL (WITH_SSL). Строка plugin больше не нужна.</p>
 
+<p>Плагин можно использовать для перехвата и дешифровки SSL/TLS трафика, для шифрования трафика прокси-сервера и аутентификации с помощью клиентских сертификатов.</p>
 
+<h4>Для прозрачного перехвата трафика (MITM):</h4>
+
+<br>ssl_mitm - подменять сертификаты для сервисов, запущенных ниже. Использование без ssl_client_verify небезопасно.
+<br>ssl_nomitm - не подменять сертификаты для сервисов, запущенных ниже.
+
+<h4>Для защиты трафика прокси-сервера (https:// proxy):</h4>
+
+ssl_serv (или ssl_server) - требовать TLS-соединение от клиентов для сервисов, запущенных ниже
+<br>ssl_noserv (или ssl_noserver) - не требовать TLS-соединение от клиентов для сервисов, запущенных ниже
+
+<h4>Для использования TLS при соединении к вышестоящему серверу:</h4>
+
+ssl_cli (или ssl_client) - устанавливать TLS-соединение к вышестоящему серверу для сервисов, запущенных ниже
+<br>ssl_nocli (или ssl_noclient) - не устанавливать TLS-соединение к вышестоящему серверу для сервисов, запущенных ниже
+
+<h4>Параметры:</h4>
+
+<br><b>ssl_server_cert</b> /path/to/cert - сертификат сервера (не должен быть самоподписанным, должен содержать альтернативные имена) для ssl_serv
+<br><b>ssl_server_key</b> /path/to/key - ключ сертификата сервера для ssl_server_cert или сгенерированного MITM-сертификата
+<br><b>ssl_client_cert</b> /path/to/cert - клиентский сертификат для аутентификации на вышестоящем сервере (используется с ssl_cli)
+<br><b>ssl_client_key</b> /path/to/key - ключ клиентского сертификата для ssl_client_cert
+<br><b>ssl_client_ciphersuites</b> ciphersuites_list - наборы шифров TLS для TLS 1.3 (клиент), пример: ssl_client_ciphersuites TLS_AES_128_GCM_SHA256
+<br><b>ssl_server_ciphersuites</b> ciphersuites_list - наборы шифров TLS для TLS 1.3 (сервер)
+<br><b>ssl_client_cipher_list</b> ciphers_list - наборы шифров TLS для TLS 1.2 и ниже (клиент), пример: ssl_client_cipher_list ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
+<br><b>ssl_server_cipher_list</b> ciphers_list - наборы шифров TLS для TLS 1.2 и ниже (сервер)
+<br><b>ssl_client_min_proto_version</b> tls_version - минимальная версия TLS клиента (например, ssl_client_min_proto_version TLSv1.2)
+<br><b>ssl_server_min_proto_version</b> tls_version - минимальная версия TLS сервера
+<br><b>ssl_client_max_proto_version</b> tls_version - максимальная версия TLS клиента
+<br><b>ssl_server_max_proto_version</b> tls_version - максимальная версия TLS сервера
+<br><b>ssl_client_verify</b> - проверять сертификат вышестоящего сервера (используется с ssl_mitm или ssl_cli)
+<br><b>ssl_client_no_verify</b> - не проверять сертификат вышестоящего сервера (по умолчанию)
+<br><b>ssl_server_verify</b> - требовать клиентский сертификат (mTLS) для ssl_serv
+<br><b>ssl_server_no_verify</b> - не требовать клиентский сертификат (по умолчанию)
+<br><b>ssl_server_ca_file</b> /path/to/cafile - файл CA-сертификата для MITM
+<br><b>ssl_server_ca_key</b> /path/to/cakey - ключ CA-сертификата ssl_server_ca_file для MITM
+<br><b>ssl_server_ca_dir</b> /path/to/cadir - директория CA-сертификатов для ssl_server_verify
+<br><b>ssl_server_ca_store</b> /path/to/castore - хранилище CA-сертификатов для ssl_server_verify (OpenSSL 3.0+)
+<br><b>ssl_client_ca_file</b> /path/to/cafile - файл CA-сертификатов для ssl_client_verify
+<br><b>ssl_client_ca_dir</b> /path/to/cadir - директория CA-сертификатов для ssl_client_verify
+<br><b>ssl_client_ca_store</b> /path/to/castore - хранилище CA-сертификатов для ssl_client_verify (OpenSSL 3.0+)
+<br><b>ssl_client_sni</b> hostname - SNI-имя хоста для отправки вышестоящему серверу (переопределяет запрошенное имя хоста)
+<br><b>ssl_client_alpn</b> протокол1 протокол2 ... - ALPN-протоколы для согласования с вышестоящим сервером (например, ssl_client_alpn h2 http/1.1)
+<br><b>ssl_client_mode</b> режим - когда устанавливать TLS-соединение: 0 - при подключении (по умолчанию), 1 - после аутентификации, 2 - перед передачей данных, 3 - только для защищённых типов parent прокси (заканчивающихся на 's')
+<br><b>ssl_certcache</b> /path/to/cache/ - расположение кеша сгенерированных MITM-сертификатов. Кеш может содержать
+файлы 3proxy.pem, 3proxy.key, server.key, которые используются как ssl_server_ca_file,
+ssl_server_ca_key и ssl_server_key соответственно, если они не заданы. Если server.key не задан,
+3proxy.key используется для генерации серверного сертификата.
+
+<h4>Пример MITM:</h4>
 <pre>
-ssl_certcache PATH_TO_CACHE
-ssl_mitm
-ssl_nomitm
-</pre>
-ssl_certcache - путь к кэшу сертификатов. Для транспорентной подмены сертификатов в кэше должно находиться 3 файла: 3proxy.pem - публичный
-самоподписанный сертификат, 3proxy.key - ключ от этого сертификата, server.key - ключ с которым будут генерироваться подменные сертификаты.
-Сгенерированные сертификаты будут помещаться в этот же каталог.
-<br>ssl_mitm - подменять сертитфикаты для запущенных ниже сервисов
-<br>ssl_nomitm - не подменять сертитфикаты для запущенных ниже сервисов
-
-
-<h4>Пример:</h4>
-<pre>
-plugin /path/to/SslPlugin.dll ssl_plugin
-ssl_certcache /path/to/cache/
+ssl_server_ca_file /path/to/cafile
+ssl_server_ca_key /path/to/cakey
 ssl_mitm
 proxy -p3128
 ssl_nomitm
 proxy -p3129
 </pre>
+Перехватывается трафик в прокси на порту 3128.
 
-<h4>Загрузить:</h4>
-<ul>
- <li>Плагин включен в дистрибутив 3proxy 0.8
-</ul>
+<h4>Пример конфигурации https:// прокси:</h4>
+<pre>
+ssl_server_cert path_to_cert
+ssl_server_key path_to_key
+ssl_serv
+proxy -p33128
+ssl_noserv
+proxy -p3128
+</pre>
+На порту 33128 создается https:// прокси, на порту 3128 - http:// прокси.
+
+<h4>Пример TLS-клиента (соединение к вышестоящему серверу через TLS):</h4>
+<pre>
+ssl_client_cert /path/to/client.crt
+ssl_client_key /path/to/client.key
+ssl_client_verify
+ssl_client_ca_file /path/to/ca.crt
+ssl_cli
+proxy -p3128
+</pre>
+Создается HTTP-прокси, который соединяется с вышестоящими серверами через TLS с аутентификацией по клиентскому сертификату.
+
+<h4>Условное TLS для parent прокси (ssl_client_mode 3):</h4>
+<pre>
+ssl_server_cert /path/to/server.crt
+ssl_server_key /path/to/key
+ssl_client_mode 3
+
+auth strong
+allow user1
+parent 1000 https parent1.example.com 443
+allow user2
+parent 1000 socks5 parent2.example.com 1080
+ssl_serv
+ssl_cli
+proxy -p3128
+ssl_noserv
+ssl_nocli
+</pre>
+Создается HTTP-прокси на порту 3128, использующий TLS для клиентских соединений (ssl_serv). При ssl_client_mode 3 TLS-рукопожатие с родительским прокси выполняется только если тип parent прокси заканчивается на 's' (защищённые типы). В данном примере трафик user1 идёт через https родительский прокси с TLS-шифрованием, а трафик user2 — через обычный socks5 родитель без TLS. Защищённые типы parent прокси: tcps, https, connects, connect+s, socks4s, socks5s, socks4+s, socks5+s, pop3s, smtps, ftps.
+
+<h4>Пример mTLS (требование клиентского сертификата):</h4>
+<pre>
+ssl_server_cert /path/to/server.crt
+ssl_server_key /path/to/server.key
+ssl_server_ca_file /path/to/ca.crt
+ssl_server_verify
+ssl_serv
+proxy -p3128
+</pre>
+Создается https:// прокси, требующий аутентификацию по клиентскому сертификату.
+
+&copy; Vladimir Dubrovin, License: BSD style

doc/html/plugins/StringsPlugin.html

@@ -1,16 +1,16 @@
 
-<h3>3proxy strings substitution plugin</h3>
-May be used to make interface more pretty or to translate proxy server
-messages to different language. All messages are taken from proxy.c and
-moved to external text file (e.g. rus.3ps). On the moment of
-writing there are 15 sections. Sections are delimited with "[end]".
+<h3>3proxy Strings Substitution Plugin</h3>
+This may be used to make the interface more attractive or to translate proxy server
+messages to a different language. All messages are taken from proxy.c and
+moved to an external text file (e.g., rus.3ps). At the time of
+writing, there are 15 sections. Sections are delimited with "[end]".
 <h4>Example:</h4>
 <pre>plugin "StringsPlugin.dll" start c:\3proxy\bin\rus.3ps
 </pre>
 
 <h4>Download:</h4>
 <ul>
- <li>Plugin is included into 3proxy 0.6 binary and source distribution
+ <li>Plugin is included in the 3proxy 0.6 binary and source distribution
 </li></ul>
 
-©Kirill Lopuchov
+&copy; Kirill Lopuchov

doc/html/plugins/StringsPlugin.ru.html

@@ -1,4 +1,4 @@
-<h3>Плагин подмены строк 3proxy</h3>
+<h3>Плагин подмены строк 3proxy</h3>
 
 Используется, в частности, для руссификации сообщений выдаваемых 3proxy.
 Для корректной работы требуется 0.6 версия 3proxy. 
@@ -15,4 +15,4 @@ plugin "StringsPlugin.dll" start c:\3proxy\bin\rus-win1251.3ps
 <h4>Загрузить:</h4>
 <ul>
  <li>Плагин включен в дистрибутив 3proxy 0.6
-</ul>
+</li></ul>

doc/html/plugins/TrafficPlugin.html

@@ -1,15 +1,15 @@
-<h3>3proxy traffic correction plugin</h3>
-3proxy logs and counts traffic on application level, while provider usually does
-it on network or link level. It's significant if you use 3proxy for billing,
-especially in case where network packets are small, e.g. network games.
+<h3>3proxy Traffic Correction Plugin</h3>
+3proxy logs and counts traffic at the application level, while providers usually do
+so at the network or link level. This is significant if you use 3proxy for billing,
+especially in cases where network packets are small, e.g., online games.
 <p>
-This plugin attempts to correct 3proxy computations to approximate network or
-link level traffic by using either fixed coefficients by port number or
-attempting to predict number and sizes of network packets.
+This plugin attempts to correct 3proxy's computations to approximate network or
+link-level traffic by using either fixed coefficients by port number or
+by attempting to predict the number and sizes of network packets.
 </p><h4>Usage:</h4>
 <ol>
- <li>Extract TrafficPlugin.dll to the same folder with 3proxy executable.
- </li><li>Start plugin in 3proxy.cfg with 
+ <li>Extract TrafficPlugin.dll to the same folder as the 3proxy executable.
+ </li><li>Start the plugin in 3proxy.cfg with:
 <pre>plugin TrafficPlugin.dll start
 </pre>
  </li><li>Add correction rules:
@@ -17,36 +17,36 @@ attempting to predict number and sizes of network packets.
 FOR FIXED COEFFICIENTS MODE:
 <pre>trafcorrect m &lt;service&gt; &lt;target port&gt; &lt;coefficient&gt;
 </pre>
-where &lt;service&gt; - one of proxy, socks4, socks45, socks5, tcppm, udppm, pop3p, * matches "any".
-<br> &lt;target port&gt; - target port, * matches any
+where &lt;service&gt; - one of proxy, socks4, socks45, socks5, tcppm, udppm, pop3p; * matches "any".
+<br> &lt;target port&gt; - target port; * matches any
 <br> &lt;coefficient&gt; - coefficient to multiply traffic for this port.
 <br>
-FOR PACKET HEADER PREDICTION MODE
+FOR PACKET HEADER PREDICTION MODE:
 <pre>trafcorrect p &lt;service&gt; &lt;tcp/udp&gt; &lt;target port&gt; [empty packet size]
 </pre>
-tcp ot udp - transport level protocol to apply rule
+tcp or udp - transport-level protocol to apply the rule to
 <br>
-empty packet size - average size of "empty" packet, that is sum of average network/transport headers.
-You can use network sniffer, such is Ethereal to discover it. Usually packet size
-is 42 for UDP and 
+empty packet size - average size of an "empty" packet, i.e., the sum of average network/transport headers.
+You can use a network sniffer such as Ethereal to discover it. Usually, the packet size
+is 42 for UDP and
 <br>Modes can be mixed.
-<br>Plugin creates a list of rules, first matching rule will be applied.
+<br>The plugin creates a list of rules; the first matching rule will be applied.
 </li></ol>
-For any mode plugin approximates traffic, logged or counted amount is not exact.
+For any mode, the plugin approximates traffic; the logged or counted amount is not exact.
 <h4>Example:</h4>
 <pre>plugin "TrafficPlugin.dll" start
 trafcorrect m socks5 6112 4.5
 trafcorrect m socks5 * 1.1
 </pre>
-wrong usage:
+Wrong usage:
 <pre>trafcorrect m socks5 * 1.1
 trafcorrect m socks5 6112 4.5
 </pre>
-second rule will never be applied.
+The second rule will never be applied.
 <h4>Download:</h4>
 <ul>
- <li>Plugin is included into 3proxy 0.6 binary and source distribution
+ <li>Plugin is included in the 3proxy 0.6 binary and source distribution
 </li></ul>
 
-©Maslov Michael aka Flexx(rus)
+&copy; Maslov Michael aka Flexx(rus)
 	

doc/html/plugins/TrafficPlugin.ru.html

@@ -1,4 +1,4 @@
-<h3>Плагин коррекции траффика 3proxy</h3>
+<h3>Плагин коррекции траффика 3proxy</h3>
 Как известно, 3proxy считает траффик не сетевой, а прикладной.
 Обычно прикладной траффик немного меньше (примерно на 10%) чем сетевой,
 однако в некоторых случаях, например когда пользователи сети играют в
@@ -46,7 +46,7 @@ trafcorrect p &lt;сервис&gt; &lt;tcp/udp&gt; &lt;исходящий пор
 Когда происходит окончание соединения выполняется первое подходящее правило.
 </ol>
 Подсчет трафика в любом режиме не является точным, это некоторая аппроксимация
-позволяющаяподсчитать трафик с точностью до нескольких процентов.
+позволяющая подсчитать трафик с точностью до нескольких процентов.
 
 <h4>Пример:</h4>
 <pre>
@@ -66,4 +66,4 @@ trafcorrect m socks5 6112 4.5
 <h4>Загрузить:</h4>
 <ul>
  <li>Плагин включен в дистрибутив 3proxy 0.6
-</ul>
+</li></ul>