Skip to content
Switch branches/tags
This branch is 348 commits ahead of fortuna:master.
Fetch upstream

Outline ss-server

Build Status

This repository has the Shadowsocks service used by Outline servers. It uses components from go-shadowsocks2, and adds a number of improvements to meet the needs of the Outline users.

The Outline Shadowsocks service allows for:

  • Multiple users on a single port.
    • Does so by trying all the different credentials until one succeeds.
  • Multiple ports
  • Whitebox monitoring of the service using
    • Includes traffic measurements and other health indicators.
  • Live updates via config change + SIGHUP
  • Replay defense (add --replay_history 10000). See PROBES for details.

Graphana Dashboard

Try it!

Fetch dependencies for this demo:

GO111MODULE=off go get

On Terminal 1, from the repository directory, build and start the SS server:

go run . -config config_example.yml -metrics localhost:9091

On Terminal 2, start prometheus scraper for metrics collection:

$(go env GOPATH)/bin/prometheus --config.file=prometheus_example.yml

On Terminal 3, start the SS client:

$(go env GOPATH)/bin/go-shadowsocks2 -c ss://chacha20-ietf-poly1305:Secret0@:9000 -verbose  -socks localhost:1080

On Terminal 4, fetch a page using the SS client:

curl --proxy socks5h://localhost:1080

Stop and restart the client on Terminal 3 with "Secret1" as the password and try to fetch the page again on Terminal 4.

Open http://localhost:9091/metrics and see the exported Prometheus variables.

Open http://localhost:9090/ and see the Prometheus server dashboard.

Performance Testing

Start the iperf3 server (runs on port 5201 by default):

iperf3 -s

Start the SS server (listening on port 9000):

go run . -config config_example.yml

Start the SS tunnel to redirect port 8000 -> localhost:5201 via the proxy on 9000:

$(go env GOPATH)/bin/go-shadowsocks2 -c ss://chacha20-ietf-poly1305:Secret0@:9000 -tcptun ":8000=localhost:5201" -udptun ":8000=localhost:5201" -verbose

Test TCP upload (client -> server):

iperf3 -c localhost -p 8000

Test TCP download (server -> client):

iperf3 -c localhost -p 8000 --reverse

Test UDP upload:

iperf3 -c localhost -p 8000 --udp -b 0

Test UDP download:

iperf3 -c localhost -p 8000 --udp -b 0 --reverse

Compare to go-shadowsocks2

Run the commands above, but start the SS server with

$(go env GOPATH)/bin/go-shadowsocks2 -s ss://chacha20-ietf-poly1305:Secret0@:9000 -verbose

Compare to shadowsocks-libev

Start the SS server (listening on port 10001):

ss-server -s localhost -p 10001 -m chacha20-ietf-poly1305 -k Secret1 -u -v

Start the SS tunnel to redirect port 10002 -> localhost:5201 via the proxy on 10001:

ss-tunnel -s localhost -p 10001 -m chacha20-ietf-poly1305 -k Secret1 -l 10002 -L localhost:5201 -u -v

Run the iperf3 client tests listed above on port 10002.

You can mix and match the libev and go servers and clients.

Tests and Benchmarks

Before running tests, you should first run

git submodule update --init

to download test data used by the GeoIP metrics tests. To run all tests, you can use

go test -v ./...

You can benchmark the cipher finding code with

go test -cpuprofile -memprofile -bench . -benchmem -run=^$

You can inspect the CPU or memory profiles with go tool pprof or go tool pprof, and then enter web on the prompt.


We use GoReleaser to build and upload binaries to our GitHub releases.


Full instructions in GoReleaser's Quick Start (jump to the section starting "You’ll need to export a GITHUB_TOKEN environment variable").