Outline Shadowsocks server
Branch: master
Clone or download
Pull request Compare This branch is 108 commits ahead of fortuna:master.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
metrics Remove status from cipher time Dec 19, 2018
net
shadowsocks Restrict access to the server's private networks (#14) Jan 31, 2019
.gitignore ignore goreleaser working files Dec 4, 2018
.goreleaser.yml Tweak release Dec 17, 2018
LICENSE Initial commit Apr 19, 2018
README.md Add release review instructions Dec 17, 2018
config_example.yml Fix config example Aug 20, 2018
go.mod Use Go Modules Dec 10, 2018
go.sum Use Go Modules Dec 10, 2018
prometheus_example.yml Fix yml comment Aug 14, 2018
server.go Keep active ciphers at the front Dec 18, 2018

README.md

Outline ss-server

This repository has the Shadowsocks service soon to be used by Outline servers. It uses components from go-shadowsocks2, and adds a number of improvements to meet the needs of the Outline users.

The Outline Shadowsocks service allows for:

  • Multiple users on a single port.
    • Does so by trying all the different credentials until one succeeds.
  • Multiple ports
  • Whitebox monitoring of the service using prometheus.io
    • Includes traffic measurements and other health indicators.
  • Live updates via config change + SIGHUP

Graphana Dashboard

Try it!

Fetch auxiliary dependencies:

GO111MODULE=off go get github.com/shadowsocks/go-shadowsocks2 github.com/prometheus/prometheus/cmd/...

On Terminal 1, from the repository directory, build and start the SS server:

go run . -config config_example.yml -metrics localhost:9091

On Terminal 2, start prometheus scraper for metrics collection:

$(go env GOPATH)/bin/prometheus --config.file=prometheus_example.yml

On Terminal 3, start the SS client:

$(go env GOPATH)/bin/go-shadowsocks2 -c ss://chacha20-ietf-poly1305:Secret0@:9000 -verbose  -socks localhost:1080

On Terminal 4, fetch a page using the SS client:

curl --proxy socks5h://localhost:1080 example.com

Stop and restart the client on Terminal 3 with "Secret1" as the password and try to fetch the page again on Terminal 4.

Open http://localhost:9091/metrics and see the exported Prometheus variables.

Open http://localhost:9090/ and see the Prometheus server dashboard.

Performance Testing

Start the iperf3 server (runs on port 5201 by default):

iperf3 -s

Start the SS server (listening on port 9000):

go run . -config config_example.yml

Start the SS tunnel to redirect port 8000 -> localhost:5201 via the proxy on 9000:

$(go env GOPATH)/bin/go-shadowsocks2 -c ss://chacha20-ietf-poly1305:Secret0@:9000 -tcptun ":8000=localhost:5201" -udptun ":8000=localhost:5201" -verbose

Test TCP upload (client -> server):

iperf3 -c localhost -p 8000

Test TCP download (server -> client):

iperf3 -c localhost -p 8000 --reverse

Test UDP upload:

iperf3 -c localhost -p 8000 --udp -b 0

Test UDP download:

iperf3 -c localhost -p 8000 --udp -b 0 --reverse

Compare to go-shadowsocks2

Run the commands above, but start the SS server with

$(go env GOPATH)/bin/go-shadowsocks2 -s ss://chacha20-ietf-poly1305:Secret0@:9000 -verbose

Compare to shadowsocks-libev

Start the SS server (listening on port 10001):

ss-server -s localhost -p 10001 -m chacha20-ietf-poly1305 -k Secret1 -u -v

Start the SS tunnel to redirect port 10002 -> localhost:5201 via the proxy on 10001:

ss-tunnel -s localhost -p 10001 -m chacha20-ietf-poly1305 -k Secret1 -l 10002 -L localhost:5201 -u -v

Run the iperf3 client tests listed above on port 10002.

You can mix and match the libev and go servers and clients.

Benchmark

You can benchmark the cipher finding code with

go test -cpuprofile cpu.prof -memprofile mem.prof -bench . -benchmem -run=^$ github.com/Jigsaw-Code/outline-ss-server/shadowsocks

You can inspect the CPU or memory profiles with go tool pprof cpu.prof or go tool pprof mem.prof, and then enter web on the prompt.

Release

We use GoReleaser to build and upload binaries to our GitHub releases.

Summary:

Full instructions in GoReleaser's Quick Start (jump to the section starting "You’ll need to export a GITHUB_TOKEN environment variable").