[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-128":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":15,"stars30d":18,"stars90d":16,"forks30d":16,"starsTrendScore":19,"compositeScore":20,"rankGlobal":10,"rankLanguage":10,"license":21,"archived":22,"fork":22,"defaultBranch":23,"hasWiki":24,"hasPages":22,"topics":25,"createdAt":10,"pushedAt":10,"updatedAt":26,"readmeContent":27,"aiSummary":28,"trendingCount":16,"starSnapshotCount":16,"syncStatus":29,"lastSyncTime":30,"discoverSource":31},128,"zyrln","ajavadinezhad\u002Fzyrln","ajavadinezhad","Domain-fronting relay that routes traffic through Google infrastructure to bypass DPI-based censorship,  Android VPN    app + desktop proxy  https:\u002F\u002Ft.me\u002Fz_yrln  | https:\u002F\u002Ft.me\u002Fz_yrln_channel","",null,"Go",740,114,6,22,0,17,340,51,10.18,"MIT License",false,"main",true,[],"2026-06-12 02:00:08","# Zyrln\n\nA domain-fronting relay that routes traffic through Google infrastructure to bypass DPI-based censorship.\n\n## How It Works\n\n```\nyour device\n  → local proxy (Go)\n  → Google-fronted Apps Script   ← looks like Google traffic to DPI\n  → VPS exit relay\n  → target site\n```\n\nTLS connections go to Google's IP ranges. The encrypted `Host` header targets your Apps Script deployment. From a DPI perspective the traffic is indistinguishable from normal Google traffic.\n\n## Features\n\n- **Undetectable by DPI** — all traffic exits from Google's IP ranges and is indistinguishable from normal Google traffic. There is no VPN fingerprint, no unusual port, and no dedicated server IP to block.\n- **Request coalescing** — concurrent browser requests are batched into a single Apps Script call. A page load that fires 30 requests uses 1–3 Apps Script executions instead of 30, dramatically extending daily quota.\n- **In-proxy response cache** — static assets (JS, CSS, fonts, images) are served from memory on repeat visits. Cached responses skip the relay entirely, making subsequent page loads significantly faster.\n- **Multi-URL quota failover** — configure multiple Apps Script deployments across different Google accounts. The relay sticks to the first URL until quota runs out, then switches transparently with no reconnection or dropped requests.\n- **Full HTTPS support** — the proxy performs local TLS termination so blocked HTTPS sites work transparently. No plaintext data leaves the device.\n- **Android VPN — no root** — one tap routes all browser traffic through the relay at the system level. No per-app configuration, no ADB, no root required.\n- **Multiple saved configs** — save as many relay configs as you want on Android and switch between them with a single tap. Useful for managing multiple Apps Script deployments or sharing configs between users.\n- **Reachability probe tool** — the desktop CLI can test which endpoints are reachable from your network before setting anything up. Covers baseline connectivity, Google APIs, domain-fronting, and the full relay chain so you know exactly what works and what doesn't.\n\n## Before You Start\n\n**The pre-built binaries and APK do not work out of the box.** Zyrln is a client — it has no built-in relay. You must set up your own relay chain before anything works:\n\n| What you need | Why |\n|---|---|\n| Google account | To deploy the Apps Script relay (free) |\n| VPS with a public IP | To run the exit relay, or use a Cloudflare Worker instead |\n| Auth key | A shared secret that ties all components together |\n\nGenerate your auth key once and keep it — you will use it in every component:\n\n```bash\nopenssl rand -base64 32\n# example: swrkwbMS1X666fjzReip+PbodKcPyDK7Xbk5gRSgRUE=\n```\n\n---\n\n## Setup\n\n### 1. Deploy the Apps Script relay\n\nThis is the front door — it receives your traffic and forwards it to your VPS.\n\n1. Open [script.google.com](https:\u002F\u002Fscript.google.com) → New project\n2. Paste the contents of `relay\u002Fapps-script\u002FCode.gs`\n3. Set the constants at the top:\n\n```js\nconst AUTH_KEY       = \"YOUR_KEY\";           \u002F\u002F from the openssl command above\nconst EXIT_RELAY_URL = \"http:\u002F\u002FYOUR_VPS_IP:8787\u002Frelay\";\nconst EXIT_RELAY_KEY = \"\";                   \u002F\u002F optional, leave empty for now\n```\n\n4. Click **Deploy → New deployment → Web app**\n   - Execute as: **Me**\n   - Who has access: **Anyone**\n5. Copy the deployment URL — it looks like:\n   `https:\u002F\u002Fscript.google.com\u002Fmacros\u002Fs\u002FAKfycb...\u002Fexec`\n\n> **Quota:** each Google account gets 20,000 relay calls\u002Fday. You can add multiple Apps Script deployments (under different Google accounts) as a comma-separated list in your config. The relay automatically switches to the next URL when one runs out.\n\n### 2. Deploy the exit relay (VPS or Cloudflare)\n\nThis is the exit node — it fetches the real target URLs on behalf of Apps Script. Pick one:\n\n**Option A — VPS** (any Linux server with a public IP):\nSee **[docs\u002Fvps-setup.md](docs\u002Fvps-setup.md)** for build, deploy, systemd service, and firewall steps.\n\n**Option B — Cloudflare Worker** (no VPS needed, free tier is enough):\nDeploy `relay\u002Fcloudflare\u002Fworker.js` as a Worker. See **[docs\u002Fcloudflare-setup.md](docs\u002Fcloudflare-setup.md)**.\n\n### 3. Set up the desktop proxy\n\n**Prerequisites:** Go 1.25+, `make`. On Windows, use **Git Bash** — cmd.exe and PowerShell are not supported.\n\nCreate `config.env` (gitignored):\n\n```\nfronted-appscript-url = https:\u002F\u002Fscript.google.com\u002Fmacros\u002Fs\u002FYOUR_ID\u002Fexec\nauth-key              = YOUR_KEY\nlisten                = 127.0.0.1:8085\n```\n\nMultiple Apps Script URLs (comma-separated, no spaces):\n\n```\nfronted-appscript-url = https:\u002F\u002Fscript.google.com\u002F...\u002Fexec1,https:\u002F\u002Fscript.google.com\u002F...\u002Fexec2\n```\n\nBuild and generate the local CA once:\n\n```bash\nmake desktop && .\u002Fzyrln -init-ca\n```\n\nInstall `certs\u002Fzyrln-ca.pem` as a trusted CA in your browser:\n- **Chrome\u002FEdge**: Settings → Privacy → Security → Manage certificates → Authorities → Import\n- **Firefox**: Settings → Privacy & Security → View Certificates → Authorities → Import\n\nStart the proxy:\n\n```bash\nmake proxy\n```\n\nSet your browser's HTTP and HTTPS proxy to `127.0.0.1:8085`.\n\n### 4. Verify the full chain\n\n```bash\nmake test\n```\n\nYou should see `relay fetch ok` and `status: 204`. If not, check that your Apps Script deployment and VPS are running and the auth key matches in all three places.\n\n---\n\n## Android App\n\nSee **[docs\u002Fandroid-setup.md](docs\u002Fandroid-setup.md)** for the full build and install guide.\n\n> The app requires steps 1–2 above to be completed first. The pre-built APK from the release page needs your own Apps Script URL and auth key — it has no built-in relay.\n\n**Using the pre-built APK from the release:**\n1. Install the APK on your phone\n2. On desktop, run `.\u002Fzyrln -export-config` → copy the JSON output\n3. In the app: tap **Import Config from Clipboard** → tap the config to connect\n\n**Building the APK yourself** (requires Android SDK + NDK):\n1. `make keystore && make android`\n2. Install the APK from `android\u002Fapp\u002Fbuild\u002Foutputs\u002Fapk\u002Frelease\u002F`\n3. Same steps 2–3 as above\n\n---\n\n## Build Reference\n\n```bash\nmake desktop        # build desktop CLI binary\nmake proxy          # start desktop proxy (reads config.env)\nmake test           # smoke test the full relay chain\nmake android        # build signed release APK (requires keystore + Android SDK)\nmake android-debug  # build debug APK (no keystore needed)\n```\n\n---\n\n## Components\n\n| Component | Path | Role |\n|---|---|---|\n| Desktop proxy | `platforms\u002Fdesktop\u002F` | Local HTTPS MITM proxy + reachability probes |\n| Relay core | `relay\u002Fcore\u002F` | Shared Go relay logic (desktop + Android) |\n| Mobile bindings | `platforms\u002Fmobile\u002F` | gomobile API for Android |\n| Apps Script relay | `relay\u002Fapps-script\u002FCode.gs` | Google-side relay (the front door) |\n| VPS relay | `relay\u002Fvps\u002Fmain.go` | Exit relay running on your server |\n| Cloudflare Worker | `relay\u002Fcloudflare\u002Fworker.js` | Optional alternative exit relay |\n| Android app | `android\u002F` | Android VPN app |\n\n---\n\n## Limitations\n\n- **Browser-based only**: this is an HTTP proxy, not a full VPN. Only browser traffic and apps that respect the system proxy are relayed. Apps like Instagram, WhatsApp, and Telegram bypass it entirely.\n- **Apps Script quota**: each Google account gets 20,000 relay requests\u002Fday. Heavy sites can exhaust this quickly. Each user should deploy their own Apps Script.\n- **Large downloads**: responses over ~12MB per request will be truncated (Apps Script response limit).\n\n---\n\n## Security Notes\n\n- Each user should deploy their own Apps Script and generate their own auth key\n- Never commit `config.env`, `certs\u002F`, or any auth keys\n- Rotate your auth key if it appeared in logs or chat\n- The local CA private key (`certs\u002Fzyrln-ca-key.pem`) must not be shared\n- Google and your VPS provider can see metadata (timing, volume) even though they cannot read content\n\n---\n\n## Credits\n\nThe domain-fronting technique used here was pioneered by [denuitt1\u002Fmhr-cfw](https:\u002F\u002Fgithub.com\u002Fdenuitt1\u002Fmhr-cfw).\n\nDeveloped with the assistance of [Claude](https:\u002F\u002Fclaude.ai) by Anthropic.\n\n## License\n\nMIT — see [LICENSE](LICENSE).\n","Zyrln 是一个通过利用 Google 基础设施进行域名前置以绕过基于深度包检测（DPI）的网络审查工具。其核心功能包括使用不可被 DPI 检测到的方法将流量伪装成普通的 Google 流量，支持请求合并、内存缓存静态资源以及多 URL 配额故障转移等特性，确保高效且安全的数据传输。此外，它还提供了一个无需 root 权限即可在 Android 设备上一键配置系统级 VPN 的应用，同时桌面端代理也具备全面的 HTTPS 支持和可达性探测工具。此项目特别适合需要规避互联网审查限制或希望提高在线隐私保护水平的用户，在不牺牲访问速度的前提下享受更加自由的网络环境。",2,"2026-06-11 02:31:01","CREATED_QUERY"]