🚀 One-click deployment script for Naiveproxy with Caddy2 - Advanced proxy solution for secure internet access
- Overview
- Features
- System Requirements
- Quick Start
- Detailed Installation Guide
- Configuration Options
- Menu Functions
- Client Configuration
- Advanced Usage
- Troubleshooting
- FAQ
- Contributing
- License
- Acknowledgments
Naiveproxy NEO is a powerful, automated deployment script for setting up Naiveproxy with Caddy2. It provides a secure, high-performance proxy solution that resists traffic analysis and detection through advanced obfuscation techniques.
Naiveproxy is a proxy built on Chrome's network stack to camouflage traffic as standard HTTPS connections. It leverages Caddy's forwardproxy plugin to provide:
- Undetectable Traffic: Mimics genuine Chrome browser traffic
- Probe Resistance: Resists active probing attempts
- TLS Fingerprinting Protection: Uses real Chrome TLS implementation
- High Performance: Built on efficient HTTP/2 and QUIC protocols
This script automates the entire setup process, making it accessible even for users without Linux expertise:
- ✅ Fully automated installation and configuration
- ✅ Interactive, user-friendly interface with clear prompts
- ✅ Automatic SSL/TLS certificate management via ACME
- ✅ Multi-port multiplexing support
- ✅ One-command deployment and management
- ✅ Built-in QR code generation for easy client setup
- One-Click Installation: Complete deployment in minutes
- Automatic Dependencies: Handles all package installations
- SSL Certificate Automation: Integrates ACME for free SSL certificates
- Multi-Distribution Support: Works on Ubuntu, Debian, and CentOS
- Architecture Support: Compatible with x86_64 (amd64) and ARM64 processors
- Automatic Firewall Management: Configures necessary ports
- Random Credential Generation: Secure default username/password
- TLS 1.3 Support: Uses latest encryption standards
- Probe Resistance: Built-in protection against active probing
- IP/Via Header Hiding: Enhanced privacy protection
- Multi-Port Multiplexing: Run proxy on multiple ports simultaneously
- Custom Masquerade Website: Disguise proxy as legitimate web server
- IPv6 Support: Full IPv6 compatibility with DNS64
- OpenVZ/LXC Support: Special handling for virtualized environments
- Service Management: Easy start/stop/restart controls
- Real-time Logs: Built-in log viewer for troubleshooting
- V2rayN: Auto-generated JSON configuration
- Nekobox: QR code generation for mobile setup
- Direct Configuration: Manual setup guides available
| Distribution | Versions | Status |
|---|---|---|
| Ubuntu | 18.04, 20.04, 22.04, 24.04 | ✅ Fully Supported |
| Debian | 10, 11, 12 | ✅ Fully Supported |
| CentOS | 7, 8 | ✅ Fully Supported |
x86_64(amd64)aarch64(ARM64)
- Root Access: Script must run as root
- Fresh VPS: Recommended for first-time installation
- Open Ports: Ability to open custom ports (default: random 2000-65535)
- Domain Name: Required for SSL certificate (with DNS A record pointing to VPS)
- RAM: 512 MB minimum, 1 GB recommended
- Storage: 2 GB free space
- Network: Public IP address (IPv4 or IPv6)
# Download the script
wget -N https://raw.githubusercontent.com/hendrywang/Naiveproxy_Neo/main/naiveproxy_neo.sh
# Make it executable
chmod +x naiveproxy_neo.sh
# Run the script
./naiveproxy_neo.sh- Select Option 1 (Install Naiveproxy)
- Choose installation method (online compilation recommended)
- Configure SSL certificate (ACME script or custom)
- Set proxy port (or use random)
- Set username (minimum 3 characters)
- Set password (minimum 5 characters)
- Set masquerade website (default: example.com)
- Set Caddy listening port (or use random)
The script will automatically:
- Install all dependencies
- Configure firewall rules
- Generate SSL certificates
- Start the proxy service
- Display share links and QR codes
-
Purchase a VPS from providers like:
- DigitalOcean, Vultr, Linode
- AWS Lightsail, Google Cloud
- Any provider supporting Ubuntu/Debian/CentOS
-
Set up a domain name:
- Purchase a domain from Namecheap, Cloudflare, etc.
- Create an A record pointing to your VPS IP
- Wait for DNS propagation (5-30 minutes)
-
Connect via SSH:
ssh root@your-vps-ip
# Update system packages (optional but recommended)
apt update && apt upgrade -y # Ubuntu/Debian
yum update -y # CentOS
# Download the script
wget -N https://raw.githubusercontent.com/hendrywang/Naiveproxy_Neo/main/naiveproxy_neo.sh
# Make executable
chmod +x naiveproxy_neo.sh
# Run the script
./naiveproxy_neo.sh1. Please select installation or update method for naiveproxy core:
1. Online compilation of caddy2-naiveproxy version (slower, may fail, default)
2. Build from source (requires Go environment)
Please select:
Recommendation: Select 1 (online compilation) for most users.
2. Naiveproxy certificate configuration:
1. Use ACME script for certificate (supports port 80 mode and DNS API mode) (default)
2. Custom certificate path
Please select:
Option 1 (Recommended): Automatic certificate via ACME
- The script will guide you through domain verification
- Supports both HTTP-01 (port 80) and DNS-01 (DNS API) challenges
- Automatic renewal configured
Option 2: Use existing certificates
- Provide paths to your
.crtand.keyfiles
3. Set Naiveproxy port [1-65535] (press Enter for random port 2000-65535):
- Default: Random port between 2000-65535
- Custom: Enter specific port (ensure it's not occupied)
- Note: This is the port clients will connect to
4. Set username (minimum 3 characters, press Enter for random):
- Default: Random 3-character string
- Custom: Any username ≥3 characters
- Security: Use strong, unique username
5. Set password (minimum 5 characters, press Enter for random):
- Default: Random 5-character string
- Custom: Any password ≥5 characters
- Security: Use strong password with mixed characters
6. Set masquerade website (do not include http(s)://, press Enter for default: example.com):
- Purpose: Website to display when accessing proxy URL directly
- Default:
example.com - Recommendation: Use a popular, legitimate website (e.g.,
www.google.com) - Note: Do not include
http://orhttps://
7. Set caddy2-naiveproxy listening port [1-65535] (press Enter for random port 2000-65535):
- Purpose: HTTP port for Caddy's internal operations
- Default: Random port between 2000-65535
- Note: Different from proxy port; not directly used by clients
Upon successful installation, the script displays:
Naiveproxy proxy service installation completed. Shortcut command: na
v2rayn client configuration file v2rayn.json saved to /root/naive/v2rayn.json
{
"listen": "socks://127.0.0.1:1080",
"proxy": "https://username:[email protected]:port"
}
Share link saved to /root/naive/URL.txt
naive+https://username:[email protected]:port?padding=true#Naive-hostname
QR code share link (Nekobox)
[QR CODE DISPLAYED]
Save this information! You'll need it to configure client applications.
After installation, access the script anytime with:
na| File | Purpose | Location |
|---|---|---|
Caddyfile |
Main Caddy configuration | /etc/caddy/Caddyfile |
v2rayn.json |
V2rayN config file | /root/naive/v2rayn.json |
URL.txt |
Share link | /root/naive/URL.txt |
cert.crt |
SSL certificate | /root/naivecert/cert.crt |
private.key |
SSL private key | /root/naivecert/private.key |
# Check service status
systemctl status caddy
# Start service
systemctl start caddy
# Stop service
systemctl stop caddy
# Restart service
systemctl restart caddy
# Enable auto-start on boot
systemctl enable caddy
# View logs
journalctl -u caddy -fAccess the main menu by running:
./naiveproxy_neo.sh
# or simply
na 1. Install Naiveproxy
2. Uninstall Naiveproxy
3. Change Configuration (multi-port, credentials, certificate, masquerade)
4. Stop / Restart Naiveproxy
5. Update Naiveproxy-NEO Script
6. Update Naiveproxy Core Version
7. Show Naiveproxy Share Link, V2rayN Config, QR Code
8. View Naiveproxy Service Logs
9. Manage Acme Certificate Application
10. Manage Warp (Check Netflix, ChatGPT unlock status)
11. Install BBR+FQ Acceleration
0. Exit Script
- Complete installation wizard
- Handles all dependencies automatically
- Configures firewall and services
- Generates credentials and certificates
- Completely removes Naiveproxy
- Deletes all configuration files
- Removes service files
- Cleans up dependencies
Submenu with options:
- Add/Remove Multi-Port: Set up proxy on multiple ports
- Change Main Port: Modify primary proxy port
- Change Username: Update authentication username
- Change Password: Update authentication password
- Re-apply Certificate: Renew or change SSL certificate
- Change Masquerade Website: Update disguise website
- Restart: Reload service with new configs
- Stop: Completely stop the service
- Updates the management script itself
- Preserves configurations
- Updates Caddy/Naiveproxy binaries
- Uses latest version from upstream
- Displays V2rayN configuration
- Shows share URL
- Generates QR code for Nekobox
- Real-time log monitoring
- Press
Ctrl+Cto exit - Useful for troubleshooting
- Apply for new SSL certificates
- Renew existing certificates
- Supports multiple domains
- Configure Cloudflare Warp
- Check streaming service availability
- Useful for Netflix, ChatGPT access
- Installs BBR congestion control
- Improves connection speed
- Optimizes network performance
-
Download V2rayN: GitHub Releases
-
Import Configuration:
- Method 1: Import JSON file (
/root/naive/v2rayn.json) - Method 2: Import from share URL
- Method 3: Scan QR code
- Method 1: Import JSON file (
-
Manual Configuration:
Server: yourdomain.com Port: your-port Username: your-username Password: your-password Protocol: Naive
-
Download Nekobox:
- Android: Google Play or GitHub
- iOS: App Store
-
Scan QR Code:
- Run
naon server - Select option 7
- Scan displayed QR code with Nekobox
- Run
-
Manual Setup:
- Paste share URL from
/root/naive/URL.txt - Format:
naive+https://user:pass@domain:port?padding=true#Name
- Paste share URL from
Test connection directly:
curl -v --proxy https://username:[email protected]:port https://www.google.comRun proxy on multiple ports:
- Run
na→ Select option 3 → Select option 1 - Choose "Add multi-port multiplexing"
- Enter new port number
- Repeat to add more ports
Use Case:
- Load balancing
- Port redundancy if one port is blocked
- Different users on different ports
If you prefer managing certificates externally:
- During installation, select option 2 for certificates
- Provide paths to your certificate files:
- Certificate:
/path/to/cert.crt - Private Key:
/path/to/private.key
- Certificate:
The script automatically detects IPv6-only environments and:
- Configures DNS64 resolvers
- Ensures proper connectivity
- No manual intervention required
For OpenVZ VPS:
- Script automatically enables TUN/TAP
- Sets up persistent TUN device
- Configures auto-start on reboot
Problem: Dependencies fail to install
# Manually update package manager
apt update && apt upgrade -y # Ubuntu/Debian
yum update -y # CentOS
# Then re-run script
./naiveproxy_neo.shProblem: Certificate application fails
- Ensure domain DNS is properly configured
- Check if port 80 is accessible (for HTTP-01 challenge)
- Verify firewall allows incoming connections
- Try DNS-01 challenge mode instead
Problem: Service fails to start
# Check service status
systemctl status caddy
# View detailed logs
journalctl -u caddy -n 50 --no-pager
# Common fixes:
# 1. Check if port is already in use
ss -tunlp | grep :your-port
# 2. Verify Caddyfile syntax
/usr/bin/caddy validate --config /etc/caddy/Caddyfile
# 3. Check certificate paths
ls -la /root/naivecert/Problem: Connection refused from client
-
Verify service is running:
systemctl status caddy
-
Check firewall:
# Ubuntu/Debian ufw status # CentOS firewall-cmd --list-all
-
Test locally:
curl -v https://yourdomain.com:your-port
Problem: Slow connection speeds
-
Install BBR:
- Run
na→ Select option 11 - Reboots VPS to apply kernel changes
- Run
-
Check VPS resources:
# CPU usage top # Memory usage free -h # Network usage iftop
-
Optimize Caddy:
# Increase buffer size sysctl -w net.core.rmem_max=8000000
Q: Is Naiveproxy free?
A: Yes, Naiveproxy is completely free and open-source.
Q: Do I need coding knowledge?
A: No, this script is designed for users of all levels. Just follow the prompts.
Q: Can I use this for commercial purposes?
A: Yes, under MIT license terms.
Q: What's the difference between Naiveproxy and other proxies?
A: Naiveproxy uses Chrome's network stack, making traffic indistinguishable from regular browser activity. This provides superior resistance to detection compared to traditional proxy protocols.
Q: Can I run multiple instances?
A: Yes, using multi-port multiplexing (option 3.1 in menu).
Q: How do I backup my configuration?
# Backup important files
cp /etc/caddy/Caddyfile /root/backup/
cp -r /root/naivecert /root/backup/
cp /root/naive/URL.txt /root/backup/Q: How often should I update?
A: Check for updates monthly. Major security updates should be applied immediately.
Q: Certificate renewal failed, what should I do?
# Re-run ACME script
na
# Select option 9
# Follow prompts to renewQ: Service won't start after reboot
# Enable auto-start
systemctl enable caddy
# Check if TUN device exists (for OpenVZ)
cat /dev/net/tunContributions are welcome! Please follow these guidelines:
- Fork the repository
- Create a feature branch (
git checkout -b feature/AmazingFeature) - Commit your changes (
git commit -m 'Add some AmazingFeature') - Push to the branch (
git push origin feature/AmazingFeature) - Open a Pull Request
- 🐛 Bug fixes
- ✨ New features
- 📝 Documentation improvements
- 🌍 Translations
- 🧪 Testing on different platforms
- Use 4 spaces for indentation
- Follow existing bash scripting conventions
- Add comments for complex logic
- Test on Ubuntu, Debian, and CentOS
This project is licensed under the MIT License - see below for details:
MIT License
Copyright (c) 2024 Naiveproxy NEO
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
This project builds upon the excellent work of:
- Naiveproxy - The core proxy implementation
- Caddy - Modern web server with automatic HTTPS
- forwardproxy - Caddy forward proxy plugin
The script integrates with:
- ACME Script - SSL certificate automation
- CFwarp - Cloudflare Warp integration
- BBR Script - TCP congestion control optimization
- Issues: GitHub Issues
- Discussions: GitHub Discussions
If you find this project helpful, please consider supporting its development:
Your support helps:
- 🛠️ Maintain and improve the script
- 📝 Create better documentation
- 🐛 Fix bugs and add new features
- ⚡ Keep the project actively maintained
Every contribution, no matter how small, is greatly appreciated! 💙
If you find this project useful, please consider giving it a star! ⭐
Disclaimer: This tool is provided for educational and privacy protection purposes. Users are responsible for complying with local laws and regulations.