$ git clone https://github.com/rkonfj/toh.git
$ go build -ldflags "-s -w"

$ ./toh serve --help
ToH server daemon

Usage:
  toh serve [flags]

Flags:
      --acl string      file path for authentication (default "acl.json")
  -h, --help            help for serve
  -l, --listen string   http server listen address (default "0.0.0.0:9986")

Global Flags:
      --log-level string   logrus logger level (default "info")
$ ./toh serve
time="2023-04-26T21:49:33+08:00" level=info msg="initializing ack file acl.json"
{
    "keys": [
        {
            "name": "default",
            "key": "5868a941-3025-4c6d-ad3a-41e29bb42e5f"
        }
    ]
}
time="2023-04-26T21:49:33+08:00" level=info msg="acl: load 1 keys"
time="2023-04-26T21:49:33+08:00" level=info msg="server listen on 0.0.0.0:9986 now"

$ caddy reverse-proxy --from https://us-l4-vultr.synf.in --to 127.0.0.1:9986

server {
	listen 443 ssl;
	server_name us-l4-vultr.synf.in;

	ssl_certificate     tls.crt;
	ssl_certificate_key tls.key;

	location /ws {
		proxy_pass http://127.0.0.1:9986;
		proxy_set_header Host $host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection upgrade;
	}
}

$ ./toh pf --help
Port-forwarding daemon act as ToH client

Usage:
  toh pf [flags]

Flags:
  -k, --api-key string    the ToH api-key for authcate
  -f, --forward strings   tunnel mapping (<net>/<local>/<remote>, i.e. udp/0.0.0.0:53/8.8.8.8:53)
  -h, --help              help for pf
  -s, --server string     the ToH server address

$ ./toh pf -s wss://us-l4-vultr.synf.in/ws -k 5868a941-3025-4c6d-ad3a-41e29bb42e5f -f udp/127.0.0.53:53/8.8.8.8:53 -f tcp/0.0.0.0:1080/google.com:80
time="2023-04-28T13:52:31+08:00" level=info msg="listen on 127.0.0.53:53 for udp://8.8.8.8:53 now"
time="2023-04-28T13:52:31+08:00" level=info msg="listen on 0.0.0.0:1080 for tcp://google.com:80 now"

$ dig @127.0.0.53 www.google.com +short
142.250.68.4

$ curl 127.0.0.1:8080
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com:8080/">here</A>.
</BODY></HTML>

$ ./toh s5 --help
Socks5 proxy server act as ToH client

Usage:
  toh s5 [flags]

Flags:
  -c, --config string       socks5 server config file (default is $HOME/.config/toh/socks5.yml)
      --dns string          dns upstream to use (leave blank to disable local dns)
      --dns-evict string    local dns cache evict duration (default "2h")
      --dns-listen string   local dns (default "0.0.0.0:2053")
  -h, --help                help for s5

Global Flags:
      --log-level string   logrus logger level (default "info")
$ ./toh s5
time="2023-04-28T13:46:37+08:00" level=info msg="initializing config file /root/.config/toh/socks5.yml"
geoip2: country.mmdb
listen: 0.0.0.0:2080
servers:
  - name: us1
    api: wss://us-l4-vultr.synf.in/ws
    key: 5868a941-3025-4c6d-ad3a-41e29bb42e5f
    ruleset:
      - https://raw.githubusercontent.com/rkonfj/toh/main/ruleset.txt
    healthcheck: https://www.google.com/generate_204
groups: []
time="2023-04-28T13:46:37+08:00" level=info msg="downloading https://raw.githubusercontent.com/rkonfj/toh/main/ruleset.txt"
time="2023-04-28T13:46:40+08:00" level=info msg="ruleset   us1: special 0, direct 0, wildcard 20"
time="2023-04-28T13:46:40+08:00" level=info msg="downloading country.mmdb to /root/.config/toh. this can take up to 2m0s"
time="2023-04-28T13:46:46+08:00" level=info msg="total 1 proxy servers and 0 groups loaded"
time="2023-04-28T13:46:46+08:00" level=info msg="listen on 0.0.0.0:2080 for socks5 now"

$ https_proxy=socks5://127.0.0.1:2080 curl -i https://api64.ipify.org
104.207.152.45