Shadowsocks 生鏽
1.21.2
這是shadowsocks的一個連接埠。
Shadowsocks 是一個快速隧道代理,可以幫助您繞過防火牆。
| 圖書館 | 描述 |
|---|---|
| 影子襪子 | Shadowsocks核心協議 |
| Shadowsocks 服務 | 提供 Shadowsocks 的服務 |
| Shadowsocks-Rust | 執行常見 Shadowsocks 服務的二進位文件 |
相關項目:
sslocal的 GUI,討論sslocal的 OpenWRT 解決方案,討論hickory-dns - 使用hickory-resolver作為 DNS 解析器,而不是tokio的內建解析器。
local-http - 允許使用 HTTP 協定進行sslocal
local-http-native-tls - 使用native-tls支援 HTTPS
local-http-rustls - 使用rustls支援 HTTPS
local-tunnel - 允許使用sslocal隧道協議
local-socks4 - 允許對sslocal使用 SOCKS4/4a 協議
local-redir - 允許對sslocal使用 redir(透明代理)協議
local-dns - 允許使用sslocal的 dns 協議,作為 DNS 伺服器透過 ACL 規則代理程式查詢本機或遠端 DNS 伺服器
local-fake-dns - FakeDNS,為特定 IP 池中的每個單獨查詢分配 IP 位址
local-tun - sslocal的 TUN 介面支持
local-online-config - SIP008線上設定下發
stream-cipher - 啟用已棄用的流密碼。警告:流密碼不安全!
aead-cipher-extra - 啟用非標準 AEAD 密碼
aead-cipher-2022 - 啟用 AEAD-2022 密碼 (SIP022)
aead-cipher-2022-extra - 啟用 AEAD-2022 額外密碼(非標準密碼)
此專案使用系統(libc)記憶體分配器(Rust 的預設值)。但它還允許您按功能使用其他著名的分配器:
jemalloc - 使用 jemalloc 作為全域記憶體分配器mimalloc - 使用 mi-malloc 作為全域記憶體分配器tcmalloc - 使用 TCMalloc 作為全域記憶體分配器。預設情況下,它嘗試連結系統範圍的 tcmalloc,使用tcmalloc-vendored的來源供應商。snmalloc - 使用 snmalloc 作為全域記憶體分配器rpmalloc - 使用 rpmalloc 作為全域記憶體分配器從 crates.io 安裝:
# Install from crates.io
cargo install shadowsocks-rust然後你可以在$CARGO_HOME/bin中找到sslocal和ssserver 。
對於 macOS 和 Linux,您可以使用 Homebrew 安裝它:
brew install shadowsocks-rust # Install from snapstore
snap install shadowsocks-rust
# List services
snap services shadowsocks-rust
# Enable and start shadowsocks-rust.sslocal-daemon snap service
snap start --enable shadowsocks-rust.sslocal-daemon
# Show generated systemd service status
systemctl status snap.shadowsocks-rust.sslocal-daemon.service
# Override generated systemd service (configure startup options)
systemctl edit snap.shadowsocks-rust.sslocal-daemon.service
# # NOTE: you can pass args to sslocal:
# # [Service]
# # ExecStart=
# # ExecStart=/usr/bin/snap run shadowsocks-rust.sslocal-daemon -b "127.0.0.1:1080" --server-url "ss://...."
# Restart generated systemd service to apply changes
systemctl restart snap.shadowsocks-rust.sslocal-daemon.service
# ... and show service status
systemctl status snap.shadowsocks-rust.sslocal-daemon.service在這裡下載靜態連結版本。
build-windows :為x86_64-pc-windows-msvc構建build-linux : 為x86_64-unknown-linux-gnu 、Debian 9 (Stretch)、GLIBC 2.18 構建build-docker :為x86_64-unknown-linux-musl 、 x86_64-pc-windows-gnu構建,...(靜態連結)該專案為linux/i386和linux/amd64以及linux/arm64/v8架構提供了 Docker 映像。
⚠️ 預設情況下,Docker 容器無法存取 IPv6 :請確保在用戶端中停用 IPv6 路由或啟用對 Docker 容器的 IPv6 存取。
Docker 將從我們的 GitHub 套件中提取適當架構的映像。
docker pull ghcr.io/shadowsocks/sslocal-rust:latest
docker pull ghcr.io/shadowsocks/ssserver-rust:latest如果您想自己建置Docker映像,則需要使用BuildX。
docker buildx build -t shadowsocks/ssserver-rust:latest -t shadowsocks/ssserver-rust:v1.15.2 --target ssserver .
docker buildx build -t shadowsocks/sslocal-rust:latest -t shadowsocks/sslocal-rust:v1.15.2 --target sslocal . 您需要將設定檔掛載到容器中,並建立外部連接埠對映以供容器連接到它。
docker run --name sslocal-rust
--restart always
-p 1080:1080/tcp
-v /path/to/config.json:/etc/shadowsocks-rust/config.json
-dit ghcr.io/shadowsocks/sslocal-rust:latest
docker run --name ssserver-rust
--restart always
-p 8388:8388/tcp
-p 8388:8388/udp
-v /path/to/config.json:/etc/shadowsocks-rust/config.json
-dit ghcr.io/shadowsocks/ssserver-rust:latest該專案提供了用於部署到 Kubernetes 的 yaml 清單。
您可以利用 k8s 服務將流量暴露到外部,例如 LoadBalancer 或 NodePort,與固定主機或連接埠相比,它們獲得更細粒度的流量。
對於更有趣的用例,您可以使用 Ingress(Istio、nginx 等),它將匹配的流量與真實的 Web 服務一起路由到 Shadowsocks。
kubectl kubectl apply -f https://github.com/shadowsocks/shadowsocks-rust/raw/master/k8s/shadowsocks-rust.yaml
您可以透過編輯名為shadowsocks-rust的ConfigMap來變更配置。
若要進行更細粒度的控制,請使用helm 。
helm helm install my-release k8s/chart -f my-values.yaml
以下是您可以更改的常見預設值:
# This is the shadowsocks config which will be mount to /etc/shadowocks-rust.
# You can put arbitrary yaml here, and it will be translated to json before mounting.
servers :
- server : " :: "
server_port : 8388
service_port : 80 # the k8s service port, default to server_port
password : mypassword
method : aes-256-gcm
fast_open : true
mode : tcp_and_udp
# plugin: v2ray-plugin
# plugin_opts: server;tls;host=github.com
# Whether to download v2ray and xray plugin.
downloadPlugins : false
# Name of the ConfigMap with config.json configuration for shadowsocks-rust.
configMapName : " "
service :
# Change to LoadBalancer if you are behind a cloud provider like aws, gce, or tke.
type : ClusterIP
# Bind shadowsocks port port to host, i.e., we can use host:port to access shawdowsocks server.
hostPort : false
replicaCount : 1
image :
repository : ghcr.io/shadowsocks/ssserver-rust
pullPolicy : IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag : " latest "使用貨物來建造。注意: RAM >= 2GiB
cargo build --release然後sslocal和ssserver將出現在./target/(debug|release)/中,其工作方式與官方 ShadowSocks 實作中的兩個二進位檔案類似。
make install TARGET=release然後sslocal 、 ssserver 、 ssmanager和ssurl將被安裝到/usr/local/bin (變數 PREFIX)。
對於Windows用戶,如果您在建置過程中遇到任何問題,請在#102中查看並討論。
如果您正在針對目前的 CPU 平台進行建置(例如,在個人電腦上建置並執行),建議設定target-cpu=native功能,讓rustc為執行編譯器的 CPU 產生和最佳化程式碼。
export RUSTFLAGS= " -C target-cpu=native "要求:
./build/build-release然後sslocal , ssserver , ssmanager和ssurl將被打包在
./build/shadowsocks-${VERSION}-stable.x86_64-unknown-linux-musl.tar.xz./build/shadowsocks-${VERSION}-stable.x86_64-pc-windows-gnu.zip閱讀Cargo.toml以了解更多詳細資訊。
使用下列命令為特定加密方法(範例中的aes-128-gcm )產生安全密碼:
ssservice genkey -m " aes-128-gcm "建立 ShadowSocks 的設定檔。例子
{
"server" : "my_server_ip" ,
"server_port" : 8388 ,
"password" : "rwQc8qPXVsRpGx3uW+Y3Lj4Y42yF9Bs0xg1pmx8/+bo=" ,
"method" : "aes-256-gcm" ,
// ONLY FOR `sslocal`
// Delete these lines if you are running `ssserver` or `ssmanager`
"local_address" : "127.0.0.1" ,
"local_port" : 1080
}設定檔的詳細解釋可以在shadowsocks的文檔中找到。 (原始項目的鏈接,不再維護!)
⚠️ 對於 snap 安裝,設定檔很可能位於/var/snap/shadowsocks-rust/common/etc/shadowsocks-rust/config.json中(請參閱 #621 / #1146)
在shadowsocks-rust中,我們也有一種擴充的設定檔格式,它能夠定義多個伺服器。您也可以停用單一伺服器。
{
"servers" : [
{
"server" : "127.0.0.1" ,
"server_port" : 8388 ,
"password" : "rwQc8qPXVsRpGx3uW+Y3Lj4Y42yF9Bs0xg1pmx8/+bo=" ,
"method" : "aes-256-gcm" ,
"timeout" : 7200
} ,
{
"server" : "127.0.0.1" ,
"server_port" : 8389 ,
"password" : "/dliNXn5V4jg6vBW4MnC1I8Jljg9x7vSihmk6UZpRBM=" ,
"method" : "chacha20-ietf-poly1305"
} ,
{
"disabled" : true ,
"server" : "eg.disable.me" ,
"server_port" : 8390 ,
"password" : "mGvbWWay8ueP9IHnV5F1uWGN2BRToiVCAWJmWOTLU24=" ,
"method" : "chacha20-ietf-poly1305"
}
] ,
// ONLY FOR `sslocal`
// Delete these lines if you are running `ssserver` or `ssmanager`
"local_port" : 1080 ,
"local_address" : "127.0.0.1"
} sslocal自動選擇具有最低延遲和最高可用性的最佳伺服器。
使用下列命令啟動 Shadowsocks 用戶端和伺服器:
sslocal -c config.json
ssserver -c config.json如果你用 Cargo 建造它:
cargo run --bin sslocal -- -c config.json
cargo run --bin ssserver -- -c config.json使用-h列出所有可用參數。
使用設定檔啟動本機用戶端
# Read local client configuration from file
sslocal -c /path/to/shadowsocks.json # Pass all parameters via command line
sslocal -b " 127.0.0.1:1080 " -s " [::1]:8388 " -m " aes-256-gcm " -k " hello-kitty " --plugin " v2ray-plugin " --plugin-opts " server;tls;host=github.com "
# Pass server with SIP002 URL
sslocal -b " 127.0.0.1:1080 " --server-url " ss://[email protected]:8388/?plugin=v2ray-plugin%3Bserver%3Btls%3Bhost%3Dgithub.com "sslocal -b " 127.0.0.1:3128 " --protocol http -s " [::1]:8388 " -m " aes-256-gcm " -k " hello-kitty "所有參數與 Socks5 用戶端相同,除了--protocol http 。
# Set 127.0.0.1:8080 as the target for forwarding to
sslocal --protocol tunnel -b " 127.0.0.1:3128 " -f " 127.0.0.1:8080 " -s " [::1]:8388 " -m " aes-256-gcm " -k " hello-kitty "--protocol tunnel啟用本機用戶端隧道模式-f "127.0.0.1:8080設定隧道目標位址注意:目前僅支援
iptables目標REDIRECT和TPROXY )pf ),例如 OS X 10.10+、FreeBSD,... sslocal -b " 127.0.0.1:60080 " --protocol redir -s " [::1]:8388 " -m " aes-256-gcm " -k " hello-kitty " --tcp-redir " redirect " --udp-redir " tproxy "將具有iptables配置的連線重新導向至sslocal正在偵聽的連接埠。
--protocol redir啟用本機用戶端 Redir 模式--tcp-redir將 TCP 模式設定為REDIRECT (Linux)--udp-redir將 UDP 模式設定為TPROXY (Linux)注意:目前僅支援
建立名為tun0的 Tun 介面
ip tuntap add mode tun tun0
ifconfig tun0 inet 10.255.0.1 netmask 255.255.255.0 up使用--protocol tun啟動sslocal並綁定到tun0
sslocal --protocol tun -s " [::1]:8388 " -m " aes-256-gcm " -k " hello-kitty " --outbound-bind-interface lo0 --tun-interface-name tun0sslocal --protocol tun -s " [::1]:8388 " -m " aes-256-gcm " -k " hello-kitty " --outbound-bind-interface lo0 --tun-interface-address 10.255.0.1/24它將建立一個位址為10.255.0.1和網路遮罩255.255.255.0的 Tun 介面。
從Wintun下載wintun.dll ,並將其放置在shadowsocks可執行二進位檔案所在的資料夾中,或放置在系統PATH中。
sslocal -- protocol tun - s " [::1]:8388 " - m " aes-256-gcm " - k " hello-kitty " -- outbound - bind - interface " Ethernet 0 " -- tun - interface - name " shadowsocks "透過啟用--features "winservice"來編譯它(不包含在預設建置中):
cargo build --release --bin " sswinservice " --features " winservice "將其安裝為 Windows 服務 (PowerShell):
New-Service - Name " shadowsocks-local-service " ` - DisplayName " Shadowsocks Local Service " ` - BinaryPathName "sswinservice.exe local -c local_config.json "
還有其他方法可以將sswinservice安裝為 Windows 服務,例如sc命令。
您可能已經注意到, -BinaryPathName不僅包含sswinservice.exe ,還包含local -c local_config.json 。這些命令列參數將作為Windows服務啟動時的預設參數。您也可以使用自訂參數啟動服務。
從微軟的文檔中了解更多。
sswinservice的參數的工作方式與ssservice完全相同。它支援local 、 server和manager命令。
# Read server configuration from file
ssserver -c /path/to/shadowsocks.json
# Pass all parameters via command line
ssserver -s " [::]:8388 " -m " aes-256-gcm " -k " hello-kitty " --plugin " v2ray-plugin " --plugin-opts " server;tls;host=github.com "支援的管理多用戶 API:
add - 啟動伺服器實例remove - 刪除現有的伺服器實例list - 列出所有目前正在運行的伺服器ping - 列出所有伺服器的統計數據注意:不支援stat指令。因為伺服器與管理器本身運行在同一進程中。
# Start it just with --manager-address command line parameter
ssmanager --manager-address " 127.0.0.1:6100 "
# For *nix system, manager can bind to unix socket address
ssmanager --manager-address " /tmp/shadowsocks-manager.sock "
# You can also provide a configuration file
#
# `manager_address` key must be provided in the configuration file
ssmanager -c /path/to/shadowsocks.json
# Create one server by UDP
echo ' add: {"server_port":8388,"password":"hello-kitty"} ' | nc -u ' 127.0.0.1 ' ' 6100 '
# Close one server by unix socket
echo ' remove: {"server_port":8388} ' | nc -Uu ' /tmp/shadowsocks-manager.sock '對於管理器 UI,請查看 Shadowsocks-manager 專案中的更多詳細資訊。
設定範例:
{
// Required option
// Address that ssmanager is listening on
"manager_address" : "127.0.0.1" ,
"manager_port" : 6100 ,
// Or bind to a Unix Domain Socket
"manager_address" : "/tmp/shadowsocks-manager.sock" ,
"servers" : [
// These servers will be started automatically when ssmanager is started
] ,
// Outbound socket binds to this IP address
// For choosing different network interface on the same machine
"local_address" : "xxx.xxx.xxx.xxx" ,
// Other options that may be passed directly to new servers
} {
// LOCAL: Listen address. This is exactly the same as `locals[0]`
// SERVER: Bind address for remote sockets, mostly used for choosing interface
// Don't set it if you don't know what's this for.
"local_address" : "127.0.0.1" ,
"local_port" : 1080 ,
// Extended multiple local configuration
"locals" : [
{
// Basic configuration, a SOCKS5 local server
"local_address" : "127.0.0.1" ,
"local_port" : 1080 ,
// OPTIONAL. Setting the `mode` for this specific local server instance.
// If not set, it will derive from the outer `mode`
"mode" : "tcp_and_udp" ,
// OPTIONAL. Authentication configuration file
// Configuration file document could be found in the next section.
"socks5_auth_config_path" : "/path/to/auth.json" ,
// OPTIONAL. Instance specific ACL
"acl" : "/path/to/acl/file.acl" ,
// OPTIONAL. macOS launchd activate socket
"launchd_tcp_socket_name" : "TCPListener" ,
"launchd_udp_socket_name" : "UDPListener"
} ,
{
// SOCKS5, SOCKS4/4a local server
"protocol" : "socks" ,
// Listen address
"local_address" : "127.0.0.1" ,
"local_port" : 1081 ,
// OPTIONAL. Enables UDP relay
"mode" : "tcp_and_udp" ,
// OPTIONAL. Customizing the UDP's binding address. Depending on `mode`, if
// - TCP is enabled, then SOCKS5's UDP Association command will return this address
// - UDP is enabled, then SOCKS5's UDP server will listen to this address.
"local_udp_address" : "127.0.0.1" ,
"local_udp_port" : 2081 ,
// OPTIONAL. macOS launchd activate socket
"launchd_tcp_socket_name" : "TCPListener" ,
"launchd_udp_socket_name" : "UDPListener"
} ,
{
// Tunnel local server (feature = "local-tunnel")
"protocol" : "tunnel" ,
// Listen address
"local_address" : "127.0.0.1" ,
"local_port" : 5353 ,
// Forward address, the target of this tunnel
// In this example, this will build a `127.0.0.1:5353` -> `8.8.8.8:53` tunnel
"forward_address" : "8.8.8.8" ,
"forward_port" : 53 ,
// OPTIONAL. Customizing whether to start TCP and UDP tunnel
"mode" : "tcp_only" ,
// OPTIONAL. macOS launchd activate socket
"launchd_tcp_socket_name" : "TCPListener" ,
"launchd_udp_socket_name" : "UDPListener"
} ,
{
// HTTP local server (feature = "local-http")
"protocol" : "http" ,
// Listen address
"local_address" : "127.0.0.1" ,
"local_port" : 3128 ,
// OPTIONAL. macOS launchd activate socket
"launchd_tcp_socket_name" : "TCPListener"
} ,
{
// DNS local server (feature = "local-dns")
// This DNS works like China-DNS, it will send requests to `local_dns` and `remote_dns` and choose by ACL rules
"protocol" : "dns" ,
// Listen address
"local_address" : "127.0.0.1" ,
"local_port" : 53 ,
// OPTIONAL. DNS local server uses `tcp_and_udp` mode by default
"mode" : "udp_only" ,
// Local DNS address, DNS queries will be sent directly to this address
"local_dns_address" : "114.114.114.114" ,
// OPTIONAL. Local DNS's port, 53 by default
"local_dns_port" : 53 ,
// Remote DNS address, DNS queries will be sent through ssserver to this address
"remote_dns_address" : "8.8.8.8" ,
// OPTIONAL. Remote DNS's port, 53 by default
"remote_dns_port" : 53 ,
// OPTIONAL. dns client cache size for fetching dns queries.
"client_cache_size" : 5 ,
// OPTIONAL. macOS launchd activate socket
"launchd_tcp_socket_name" : "TCPListener" ,
"launchd_udp_socket_name" : "UDPListener"
} ,
{
// Tun local server (feature = "local-tun")
"protocol" : "tun" ,
// Tun interface name
"tun_interface_name" : "tun0" ,
// Tun interface address
//
// It has to be a host address in CIDR form
"tun_interface_address" : "10.255.0.1/24"
} ,
{
// Transparent Proxy (redir) local server (feature = "local-redir")
"protocol" : "redir" ,
// OPTIONAL: TCP type, may be different between platforms
// Linux/Android: redirect (default), tproxy
// FreeBSD/OpenBSD: pf (default), ipfw
// NetBSD/macOS/Solaris: pf (default), ipfw
"tcp_redir" : "tproxy" ,
// OPTIONAL: UDP type, may be different between platforms
// Linux/Android: tproxy (default)
// FreeBSD/OpenBSD: pf (default)
"udp_redir" : "tproxy"
} ,
{
// FakeDNS local server (feature = "local-fake-dns")
// FakeDNS is a DNS server that allocates an IPv4 / IPv6 address in a specific pool for each queries.
// Subsequence requests from the other local interfaces that the target addresses includes those allocated IP addresses,
// will be substituted back to their original domain name addresses.
// This feature is useful mostly for transparent proxy, which will allow the proxied domain names to be resolved remotely.
"protocol" : "fake-dns" ,
// Listen address
"local_address" : "127.0.0.1" ,
"local_port" : 10053 ,
// IPv4 address pool (for A records)
"fake_dns_ipv4_network" : "10.255.0.0/16" ,
// IPv6 address pool (for AAAA records)
"fake_dns_ipv6_network" : "fdf2:e786:ab40:9d2f::/64" ,
// Persistent storage for all allocated DNS records
"fake_dns_database_path" : "/var/shadowsocks/fakedns.db" ,
// OPTIONAL: Record expire duration in seconds, 10s by default
"fake_dns_record_expire_duration" : 10
}
] ,
// Server configuration
// listen on :: for dual stack support, no need add [] around.
"server" : "::" ,
// Change to use your custom port number
"server_port" : 8388 ,
"method" : "aes-256-gcm" ,
"password" : "your-password" ,
"plugin" : "v2ray-plugin" ,
"plugin_opts" : "mode=quic;host=github.com" ,
"plugin_args" : [
// Each line is an argument passed to "plugin"
"--verbose"
] ,
"plugin_mode" : "tcp_and_udp" , // SIP003u, default is "tcp_only"
// Server: TCP socket timeout in seconds.
// Client: TCP connection timeout in seconds.
// Omit this field if you don't have specific needs.
"timeout" : 7200 ,
// Extended multiple server configuration
// LOCAL: Choosing the best server to connect dynamically
// SERVER: Creating multiple servers in one process
"servers" : [
{
// Fields are the same as the single server's configuration
// Individual servers can be disabled
// "disabled": true,
"address" : "0.0.0.0" ,
"port" : 8389 ,
"method" : "aes-256-gcm" ,
"password" : "your-password" ,
"plugin" : "..." ,
"plugin_opts" : "..." ,
"plugin_args" : [ ] ,
"plugin_mode" : "..." ,
"timeout" : 7200 ,
// Customized weight for local server's balancer
//
// Weight must be in [0, 1], default is 1.0.
// The higher weight, the server may rank higher.
"tcp_weight" : 1.0 ,
"udp_weight" : 1.0 ,
// OPTIONAL. Instance specific ACL
"acl" : "/path/to/acl/file.acl" ,
} ,
{
// Same key as basic format "server" and "server_port"
"server" : "0.0.0.0" ,
"server_port" : 8388 ,
"method" : "chacha20-ietf-poly1305" ,
// Read the actual password from environment variable PASSWORD_FROM_ENV
"password" : "${PASSWORD_FROM_ENV}"
} ,
{
// AEAD-2022
"server" : "::" ,
"server_port" : 8390 ,
"method" : "2022-blake3-aes-256-gcm" ,
"password" : "3SYJ/f8nmVuzKvKglykRQDSgg10e/ADilkdRWrrY9HU=" ,
// For Server (OPTIONAL)
// Support multiple users with Extensible Identity Header
// https://github.com/Shadowsocks-NET/shadowsocks-specs/blob/main/2022-2-shadowsocks-2022-extensible-identity-headers.md
"users" : [
{
"name" : "username" ,
// User's password must have the same length as server's password
"password" : "4w0GKJ9U3Ox7CIXGU4A3LDQAqP6qrp/tUi/ilpOR9p4="
}
] ,
// For Client (OPTIONAL)
// If EIH enabled, then "password" should have the following format: iPSK:iPSK:iPSK:uPSK
// - iPSK is one of the middle relay servers' PSK, for the last `ssserver`, it must be server's PSK ("password")
// - uPSK is the user's PSK ("password")
// Example:
// "password": "3SYJ/f8nmVuzKvKglykRQDSgg10e/ADilkdRWrrY9HU=:4w0GKJ9U3Ox7CIXGU4A3LDQAqP6qrp/tUi/ilpOR9p4="
}
] ,
// Global configurations for UDP associations
"udp_timeout" : 300 , // Timeout for UDP associations (in seconds), 5 minutes by default
"udp_max_associations" : 512 , // Maximum UDP associations to be kept in one server, unlimited by default
// Options for Manager
"manager_address" : "127.0.0.1" , // Could be a path to UNIX socket, /tmp/shadowsocks-manager.sock
"manager_port" : 5300 , // Not needed for UNIX socket
// DNS server's address for resolving domain names
// For *NIX and Windows, it uses system's configuration by default
//
// Value could be IP address of DNS server, for example, "8.8.8.8".
// DNS client will automatically request port 53 with both TCP and UDP protocol.
//
// - system, uses system provided API (`getaddrinfo` on *NIX)
//
// It also allows some pre-defined well-known public DNS servers:
// - google (TCP, UDP)
// - cloudflare (TCP, UDP)
// - cloudflare_tls (TLS), enable by feature "dns-over-tls"
// - cloudflare_https (HTTPS), enable by feature "dns-over-https"
// - quad9 (TCP, UDP)
// - quad9_tls (TLS), enable by feature "dns-over-tls"
//
// The field is only effective if feature "hickory-dns" is enabled.
"dns" : "google" ,
// Configure `cache_size` for "hickory-dns" ResolverOpts. Set to "0" to disable DNS cache.
"dns_cache_size" : 0 ,
// Mode, could be one of the
// - tcp_only
// - tcp_and_udp
// - udp_only
"mode" : "tcp_only" ,
// TCP_NODELAY
"no_delay" : false ,
// Enables `SO_KEEPALIVE` and set `TCP_KEEPIDLE`, `TCP_KEEPINTVL` to the specified seconds
"keep_alive" : 15 ,
// Soft and Hard limit of file descriptors on *NIX systems
"nofile" : 10240 ,
// Try to resolve domain name to IPv6 (AAAA) addresses first
"ipv6_first" : false ,
// Set IPV6_V6ONLY for all IPv6 listener sockets
// Only valid for locals and servers listening on `::`
"ipv6_only" : false ,
// Outbound socket options
// Linux Only (SO_MARK)
"outbound_fwmark" : 255 ,
// FreeBSD only (SO_USER_COOKIE)
"outbound_user_cookie" : 255 ,
// `SO_BINDTODEVICE` (Linux), `IP_BOUND_IF` (BSD), `IP_UNICAST_IF` (Windows) socket option for outbound sockets
"outbound_bind_interface" : "eth1" ,
// Outbound socket bind() to this IP (choose a specific interface)
"outbound_bind_addr" : "11.22.33.44" ,
// Balancer customization
"balancer" : {
// MAX Round-Trip-Time (RTT) of servers
// The timeout seconds of each individual checks
"max_server_rtt" : 5 ,
// Interval seconds between each check
"check_interval" : 10 ,
// Interval seconds between each check for the best server
// Optional. Specify to enable shorter checking interval for the best server only.
"check_best_interval" : 5
} ,
// SIP008 Online Configuration Delivery
// https://shadowsocks.org/doc/sip008.html
"online_config" : {
"config_url" : "https://path-to-online-sip008-configuration" ,
// Optional. Seconds between each update to config_url. Default to 3600s
"update_interval" : 3600
} ,
// Service configurations
// Logger configuration
"log" : {
// Equivalent to `-v` command line option
"level" : 1 ,
"format" : {
// Euiqvalent to `--log-without-time`
"without_time" : false ,
} ,
// Equivalent to `--log-config`
// More detail could be found in https://crates.io/crates/log4rs
"config_path" : "/path/to/log4rs/config.yaml"
} ,
// Runtime configuration
"runtime" : {
// single_thread or multi_thread
"mode" : "multi_thread" ,
// Worker threads that are used in multi-thread runtime
"worker_count" : 10
}
}設定檔由locals中的socks5_auth_config_path設定。
{
// Password/Username Authentication (RFC1929)
"password" : {
"users" : [
{
"user_name" : "USERNAME in UTF-8" ,
"password" : "PASSWORD in UTF-8"
}
]
}
}SS_SERVER_PASSWORD :從命令列參數 ( --server-addr ) 建立的伺服器的預設密碼SS_SYSTEM_DNS_RESOLVER_FORCE_BUILTIN : "system" DNS 解析器強制使用系統的內建(*NIX 中的getaddrinfo ) 2022-blake3-aes-128-gcm , 2022-blake3-aes-256-gcm2022-blake3-chacha20-poly1305 , 2022-blake3-chacha8-poly1305這些密碼要求"password"是 Base64 密鑰字串,其長度與密碼的密鑰大小完全相同。建議使用ssservice genkey -m "METHOD_NAME"產生安全的金鑰。
chacha20-ietf-poly1305aes-128-gcm , aes-256-gcmplain或none (無加密,僅用於調試或與確保傳輸安全的插件一起使用)tableaes-128-cfb 、 aes-128-cfb1 、 aes-128-cfb8 、 aes-128-cfb128aes-192-cfb 、 aes-192-cfb1 、 aes-192-cfb8 、 aes-192-cfb128aes-256-cfb 、 aes-256-cfb1 、 aes-256-cfb8 、 aes-256-cfb128aes-128-ctraes-192-ctraes-256-ctrcamellia-128-cfb , camellia-128-cfb1 , camellia-128-cfb8 , camellia-128-cfb128camellia-192-cfb , camellia-192-cfb1 , camellia-192-cfb8 , camellia-192-cfb128camellia-256-cfb , camellia-256-cfb1 , camellia-256-cfb8 , camellia-256-cfb128rc4-md5chacha20-ietfsslocal 、 ssserver和ssmanager支援 ACL 文件,其語法類似於 Shadowsocks-libev。一些例子可以在這裡找到。
sslocal , ssredir ,...)[bypass_all] - ACL 在BlackList模式下運作。繞過所有不符合任何規則的位址。[proxy_all] - ACL 在WhiteList模式下運作。代理所有不符合任何規則的地址。[bypass_list] - 直接連線的規則[proxy_list] - 透過代理連接的規則ssserver )[reject_all] - ACL 在BlackList模式下運作。拒絕所有不符合任何規則的客戶端。[accept_all] - ACL 在WhiteList模式下運作。接受所有不符合任何規則的客戶端。[white_list] - 接受客戶的規則[black_list] - 拒絕客戶的規則[outbound_block_list] - 阻止出站位址的規則。 # SERVERS
# For ssserver, accepts requests from all clients by default
[accept_all]
# Blocks these clients
[black_list]
1.2.3.4
127.0.0.1/8
# Disallow these outbound addresses
[outbound_block_list]
127.0.0.1/8
::1
# Using regular expression
^[a-z]{5}.baidu.com
# Match exactly
|baidu.com
# Match with subdomains
||google.com
# An internationalized domain name should be converted to punycode
# |☃-⌘.com - WRONG
|xn----dqo34k.com
# ||джpумлатест.bрфa - WRONG
||xn--p-8sbkgc5ag7bhce.xn--ba-lmcq
# CLIENTS
# For sslocal, ..., bypasses all targets by default
[bypass_all]
# Proxy these addresses
[proxy_list]
||google.com
8.8.8.8ssurl用於編碼和解碼 ShadowSocks URL (SIP002)。例子: ss://[email protected]:8388/?plugin=obfs-local%3Bobfs%3Dhttp%3Bobfs-host%3Dwww.baidu.com
它支援以下功能:
libcrypto (等待可接受的 Rust 加密庫實現) rustc進行構建crypto2阻止)麻省理工學院許可證 (MIT)
版權所有 (c) 2014 鐘宇濤
特此免費授予任何獲得本軟體和相關文件文件(「軟體」)副本的人不受限制地使用本軟體,包括但不限於使用、複製、修改、合併的權利、發布、分發、再授權和/或銷售軟體的副本,並允許向其提供軟體的人員這樣做,但須滿足以下條件:
上述版權聲明和本授權聲明應包含在本軟體的所有副本或主要部分中。
本軟體以「現況」提供,不提供任何明示或暗示的保證,包括但不限於適銷性、特定用途的適用性和不侵權的保證。 IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE軟體.
