jigsaw-code / outline-ss-server Goto Github PK
View Code? Open in Web Editor NEWThis project forked from fortuna/ss-example
Outline Shadowsocks server
Home Page: https://getoutline.org
License: Apache License 2.0
outline-ss-server's People
Contributors
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Stargazers
Watchers
Forkers
lionsole morristech benert victzero jsoref altoplano lulu1113 hyper-vpn rchen9012 syncxplus hsueeh guxkai geekok hydrionz presentfyou vo0doo duyamin z-exit admpub lotapp shadowthiefcc o289697 cnydpl bonomali luyunpsyduck 101script google38438 tatianab qwivan han767 outline-vpn v64500 shirataly cnujia tnevel wjybluse ailenli ramyhhh ksharpdabu duke0727 tedyarm chaobingya cp-i-pc nstaa alexander-guesnon prathanbomb msgpo tonyzzzzzz pu55yf3r azat89 bigflood will7455 cnydw chace233 faghani avaxvpn tinyconch tuanha1305 clarkding emadghaffari elonchen global-localhost global19 global19-atlassian-net sharmasecureservicesusa imgk ennea8 vvhh2002 hcwasa daihao18 lifehacking ducksoft shendlcode nnnlog blackc03r oolaygyer cnssl putradany diezzap zzzzzzzzzzzzzzzzz buzhiyun classicvalues forever8361 mustang2247 solaire6 carbule dbug-dbug stjordanis scvnconnect jeffry38 betaxab sergey-gusarov a1ip yoech clintoniwoloma itotx sschiz gennadyspb mkll bzdongloutline-ss-server's Issues
Outline is blocked in Russia
Outline is blocked in Russia. What can you do about it? vless protocol works good, outline partialy. Some websites won't open.
This blocking started a few days ago.
Performance best practice documentation for large scale server managers
Currently, I am using an older version of Shadowsocks (non-ss2022) to build my service, and it is encountering severe performance issues (CPU usage often exceeds 150%) when there are a large number of users (over 10,000 available users and 200+ online).
Are there any strategies or methods for performance optimization? I would appreciate any suggestions you may have.
Thank you!
Unable to connect to server using UDP
Setting up my own outline server I stumbled upon an issue with connecting to the server via UDP traffic.
When the server boots up i can see that it is listening for connection with both tcp and udp on same port.
I2024-08-05T22:58:12.161Z 47 main.go:81] Shadowsocks TCP service listening on 0.0.0.0:40000
I2024-08-05T22:58:12.161Z 47 main.go:87] Shadowsocks UDP service listening on 0.0.0.0:40000
However, if disallow tcp traffic and only allow udp, the client won't be able to connect at all.
I am 100% certain this is not a configuration issue on my side as I have deployed a container to test udp connectivity and it works. (Using exact configuration as showcased below)
Maybe I am missing something and outline is not meant to connect using UDP or using UDP at all. (Which is a bit misleading then)
In my proxy(traefik) I can see that the stream gets forwarded but the connection does not get established
Handling UDP stream from [REDACTED]:41694 to 10.152.183.183:40000
Below is my full k8s configuration:
Traefik Deployment
kind: Deployment
apiVersion: apps/v1
metadata:
name: traefik-deployment
labels:
app: traefik
spec:
replicas: 2
selector:
matchLabels:
app: traefik
template:
metadata:
labels:
app: traefik
spec:
serviceAccountName: traefik
containers:
- name: traefik
image: traefik:v3.1
args:
- --log.level=DEBUG
- --accesslog
- --providers.kubernetesingress # Ingress
- --providers.kubernetescrd # IngressRoute
- --providers.kubernetescrd.allowCrossNamespace=true
# - --entrypoints.outline-access-tcp.address=:40000
- --entrypoints.outline-access-udp.address=:40000/udp
- --entrypoints.outline-api.address=:60000
ports:
# - name: outline-acc-tcp
# containerPort: 40000
- name: outline-acc-udp
containerPort: 40000
protocol: UDP
- name: outline-api
containerPort: 60000
Traefik Service
apiVersion: v1
kind: Service
metadata:
name: traefik
spec:
type: LoadBalancer
externalTrafficPolicy: Local
ports:
# - protocol: TCP
# name: outline-acc-tcp
# port: 40000
# targetPort: outline-acc-tcp
- protocol: UDP
name: outline-acc-udp
port: 40000
targetPort: outline-acc-udp
- protocol: TCP
name: outline-api
port: 60000
targetPort: outline-api
selector:
app: traefik
Outline Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: outline
spec:
replicas: 1
selector:
matchLabels:
app: outline
name: outline
template:
metadata:
labels:
app: outline
name: outline
spec:
volumes:
- name: cache
emptyDir: {}
- name: persistance
persistentVolumeClaim:
claimName: outline
- name: tls
secret:
secretName: redacted.com
items:
- key: tls.crt
path: shadowbox.crt
- key: tls.key
path: shadowbox.key
defaultMode: 420
containers:
- name: outline
image: quay.io/outline/shadowbox:stable
ports:
# - name: access-tcp
# containerPort: 40000
# protocol: TCP
- name: access-udp
containerPort: 40000
protocol: UDP
- name: api
containerPort: 60000
protocol: TCP
env:
- name: SB_API_PORT
value: "60000"
- name: SB_API_PREFIX
value: redacted
- name: SB_CERTIFICATE_FILE
value: /tmp/shadowbox.crt
- name: SB_PRIVATE_KEY_FILE
value: /tmp/shadowbox.key
volumeMounts:
- name: cache
mountPath: /cache
- name: persistance
mountPath: /opt/outline
- name: persistance
mountPath: /root/shadowbox
- name: tls
readOnly: true
mountPath: /tmp/shadowbox.crt
subPath: shadowbox.crt
- name: tls
readOnly: true
mountPath: /tmp/shadowbox.key
subPath: shadowbox.key
lifecycle:
postStart:
exec:
command:
- /bin/sh
- "-c"
- >-
echo
'{"rollouts":[{"id":"single-port","enabled":true}],"portForNewAccessKeys":40000,"hostname":"redacted.com"}'
>
/root/shadowbox/persisted-state/shadowbox_server_config.json;
Outline Service
apiVersion: v1
kind: Service
metadata:
name: outline
labels:
app: outline
spec:
selector:
app: outline
type: ClusterIP
ports:
# - name: access-tcp
# protocol: TCP
# port: 40000
# targetPort: access-tcp
- name: access-udp
protocol: UDP
port: 40000
targetPort: access-udp
- name: api
protocol: TCP
port: 60000
targetPort: api
Outline IngressRouteUDP
apiVersion: traefik.io/v1alpha1
kind: IngressRouteUDP
metadata:
name: outline-access-udp
spec:
entryPoints:
- outline-access-udp
routes:
- services:
- name: outline
port: 40000
nativeLB: true
Uncommenting everything and adding IngressRouteTCP makes it work again but using TCP, but thats not the point since I am trying to make UDP work aswell.
It is also pretty hard to debug this sort of stuff as I have not found a way to enable more detailed logging on the ss-server
Any help would be much appriciated)
Ban and log client IPs with too many failures too quick to protect against DoS.
Looking to work on TODO in line 61 of tcp.go, but I have a few questions.
- What's a reasonable number of failures?
- Should this be user tunable?
- Should this result in a timeout or a permanent(user revokable) ban?
- Are there any concerns with logging IP addresses of good actors?
Mechanically we could probably do something like a map with the key type representing the IP attempting to connect, and then the value type being a slice of a count of failures and average time since last failure.
If failures gets passed n (decided above) and average time since last failure is < $some_reasonable_amount we could start denying connections.
Let me know what you think / if anyone is already working on this.
Cheers
findAccessKey cache
On every new connection findAccessKey tests every single user's key against the incoming data.
This isn't that much of an issue for TCP where the 'findAccessKey' time is much smaller that the overall TX time of the data.
But for UDP this is going to be a mess. UDP packets are small and frequent. Any application that sends large amounts of UDP is likely to waste many many cycles of CPU time.
Why not add a cache?
Because of NAT we need to have an array per ip and store all users who connect from that ip. We can go a step further and search users already bound to an ip last.
unbound_Users = { user1, user2, user3, user4 }
cache_ip_userlist = {}
cache_user_to_ip = {}
// user1 connection from ip1
findAccessKey [test keys for user in] cache_ip_userlist[ip1] - Nothing found
findAccessKey [test keys for user in] unbound_Users - found user1
unbound_Users.remove(user1)
cache_ip_userlist[ip1][user1] = expire_time;
cache_user_to_ip[user1] = ip1;
// user2 connection from ip1
findAccessKey [test keys for user in] cache_ip_userlist[ip1] - Nothing found
findAccessKey [test keys for user in] unbound_Users - found user2
unbound_Users.remove(user2)
cache_ip_userlist[ip1][user2] = expire_time;
cache_user_to_ip[user2] = ip1;
// user1 connection from ip1 (again)
findAccessKey [test keys for user in] cache_ip_userlist[ip1] - found user1
cache_ip_userlist[ip1][user1] = expire_time; // Refresh expire time
// user1 connects from ip2 (user1 was connecting from ip1, but changed to ip2)
findAccessKey [test keys for user in] cache_ip_userlist[ip2] - Nothing found
findAccessKey [test keys for user in] unbound_Users - Nothing found
findAccessKey [test keys for user in] all cache_ip_userlist's - found user1 in cache_ip_userlist[ip]
cache_ip_userlist[ cache_user_to_ip[user1] ].remove(user1) // Move user1 from cache_ip_userlist[ip1] -> cache_ip_userlist[ip2]
cache_ip_userlist[ip2][user1] = expire_time;
cache_user_to_ip[user1] = ip2;
cache_ip_userlist should also store an expire time, which should get updated on any match, and expired entries can be purged every time it's searched, and cache_user_to_ip along with it.
A long expire time will mean less key search time when clients don't send data often, while a short expire time will mean connections from new clients won't waste time searching disconnected clients.
In any case since it's per ip, worst case scenario is having to search all user's keys for every connection WHEN all users happen to connect from exactly the same IP.
Hope to reload config file without restart process.
Restart process will cause connection lost.
A large number of udp6 connections, the CPU usage rate is as high as 100%
root@VM-4-2-ubuntu:~# netstat -atunp | grep ss
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 974/sshd
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 8813/sshd: root@pts
tcp 0 0 10.0.4.2:45946 8.129.63.1:443 ESTABLISHED 1121/ss
tcp 0 0 10.0.4.2:53448 173.194.209.188:443 ESTABLISHED 1121/ss
tcp 0 0 10.0.4.2:22 109.172.10.241:55268 ESTABLISHED 8957/sshd: root@not
tcp 0 0 10.0.4.2:54722 61.111.129.166:3306 ESTABLISHED 1121/ss
tcp 0 0 10.0.4.2:39708 17.57.145.8:443 ESTABLISHED 1121/ss
tcp 0 0 10.0.4.2:39870 163.181.33.228:443 ESTABLISHED 1121/ss
tcp 0 52 10.0.4.2:22 109.172.10.241:55180 ESTABLISHED 8813/sshd: root@pts
tcp6 0 0 :::8888 :::* LISTEN 1121/ss
tcp6 0 0 :::20030 :::* LISTEN 1121/ss
tcp6 0 0 :::6060 :::* LISTEN 1121/ss
tcp6 0 0 10.0.4.2:20030 193.84.85.86:7270 ESTABLISHED 1121/ss
tcp6 0 0 10.0.4.2:20030 193.84.85.86:7269 ESTABLISHED 1121/ss
tcp6 0 0 10.0.4.2:20030 103.135.102.66:48588 ESTABLISHED 1121/ss
tcp6 0 0 10.0.4.2:20030 103.135.102.66:56064 ESTABLISHED 1121/ss
tcp6 0 0 10.0.4.2:20030 103.135.102.66:48784 ESTABLISHED 1121/ss
tcp6 0 0 10.0.4.2:20030 193.84.85.86:7271 ESTABLISHED 1121/ss
tcp6 0 0 10.0.4.2:20030 103.135.102.66:48622 ESTABLISHED 1121/ss
udp6 0 0 :::42133 :::* 1121/ss
udp6 0 0 :::53909 :::* 1121/ss
udp6 0 0 :::44693 :::* 1121/ss
udp6 0 0 :::48278 :::* 1121/ss
udp6 0 0 :::39063 :::* 1121/ss
udp6 0 0 :::44184 :::* 1121/ss
udp6 0 0 :::39065 :::* 1121/ss
udp6 0 0 :::46745 :::* 1121/ss
udp6 0 0 :::36506 :::* 1121/ss
udp6 0 0 :::48794 :::* 1121/ss
udp6 0 0 :::43675 :::* 1121/ss
udp6 0 0 :::58523 :::* 1121/ss
udp6 0 0 :::47260 :::* 1121/ss
udp6 0 0 :::52382 :::* 1121/ss
udp6 0 0 :::44190 :::* 1121/ss
udp6 0 0 :::49822 :::* 1121/ss
udp6 0 0 :::42655 :::* 1121/ss
udp6 0 0 :::51871 :::* 1121/ss
udp6 0 0 :::39586 :::* 1121/ss
udp6 0 0 :::44194 :::* 1121/ss
udp6 0 0 :::32933 :::* 1121/ss
udp6 0 0 :::34982 :::* 1121/ss
udp6 0 0 :::35496 :::* 1121/ss
udp6 0 0 :::45224 :::* 1121/ss
udp6 0 0 :::36009 :::* 1121/ss
udp6 0 0 :::49321 :::* 1121/ss
udp6 0 0 :::56491 :::* 1121/ss
udp6 0 0 :::35499 :::* 1121/ss
udp6 0 0 :::57519 :::* 1121/ss
udp6 0 0 :::58033 :::* 1121/ss
udp6 0 0 :::51889 :::* 1121/ss
udp6 0 0 :::57010 :::* 1121/ss
udp6 0 0 :::46771 :::* 1121/ss
udp6 0 0 :::40115 :::* 1121/ss
udp6 0 0 :::47283 :::* 1121/ss
udp6 0 0 :::57524 :::* 1121/ss
udp6 0 0 :::33977 :::* 1121/ss
udp6 0 0 :::57531 :::* 1121/ss
udp6 0 0 :::60603 :::* 1121/ss
udp6 0 0 :::45758 :::* 1121/ss
udp6 0 0 :::33983 :::* 1121/ss
udp6 0 0 :::51903 :::* 1121/ss
udp6 0 0 :::44223 :::* 1121/ss
udp6 0 0 :::37056 :::* 1121/ss
udp6 0 0 :::39104 :::* 1121/ss
udp6 0 0 :::56001 :::* 1121/ss
udp6 0 0 :::39105 :::* 1121/ss
udp6 0 0 :::59586 :::* 1121/ss
udp6 0 0 :::60098 :::* 1121/ss
udp6 0 0 :::47299 :::* 1121/ss
udp6 0 0 :::51396 :::* 1121/ss
udp6 0 0 :::55492 :::* 1121/ss
udp6 0 0 :::51397 :::* 1121/ss
udp6 0 0 :::47301 :::* 1121/ss
udp6 0 0 :::45766 :::* 1121/ss
udp6 0 0 :::41158 :::* 1121/ss
udp6 0 0 :::59591 :::* 1121/ss
udp6 0 0 :::36553 :::* 1121/ss
udp6 0 0 :::59082 :::* 1121/ss
udp6 0 0 :::37580 :::* 1121/ss
udp6 0 0 :::56524 :::* 1121/ss
udp6 0 0 :::60108 :::* 1121/ss
udp6 0 0 :::57550 :::* 1121/ss
udp6 0 0 :::50894 :::* 1121/ss
udp6 0 0 :::42191 :::* 1121/ss
udp6 0 0 :::47314 :::* 1121/ss
udp6 0 0 :::46802 :::* 1121/ss
udp6 0 0 :::50901 :::* 1121/ss
udp6 0 0 :::36568 :::* 1121/ss
udp6 0 0 :::47320 :::* 1121/ss
udp6 0 0 :::39642 :::* 1121/ss
udp6 0 0 :::38108 :::* 1121/ss
udp6 0 0 :::34015 :::* 1121/ss
udp6 0 0 :::56031 :::* 1121/ss
udp6 0 0 :::59107 :::* 1121/ss
udp6 0 0 :::40675 :::* 1121/ss
udp6 0 0 :::33508 :::* 1121/ss
udp6 0 0 :::55012 :::* 1121/ss
udp6 0 0 :::55013 :::* 1121/ss
udp6 0 0 :::51942 :::* 1121/ss
udp6 0 0 :::57063 :::* 1121/ss
udp6 0 0 :::59111 :::* 1121/ss
udp6 0 0 :::53991 :::* 1121/ss
udp6 0 0 :::45289 :::* 1121/ss
udp6 0 0 :::46313 :::* 1121/ss
udp6 0 0 :::40170 :::* 1121/ss
udp6 0 0 :::44266 :::* 1121/ss
udp6 0 0 :::38637 :::* 1121/ss
udp6 0 0 :::41198 :::* 1121/ss
udp6 0 0 :::58608 :::* 1121/ss
udp6 0 0 :::52976 :::* 1121/ss
udp6 0 0 :::43248 :::* 1121/ss
udp6 0 0 :::33520 :::* 1121/ss
udp6 0 0 :::36081 :::* 1121/ss
udp6 0 0 :::48369 :::* 1121/ss
udp6 0 0 :::49394 :::* 1121/ss
udp6 0 0 :::37106 :::* 1121/ss
udp6 0 0 :::36595 :::* 1121/ss
udp6 0 0 :::35059 :::* 1121/ss
udp6 0 0 :::50933 :::* 1121/ss
udp6 0 0 :::45814 :::* 1121/ss
udp6 0 0 :::44278 :::* 1121/ss
udp6 0 0 :::48887 :::* 1121/ss
udp6 0 0 :::39672 :::* 1121/ss
udp6 0 0 :::51961 :::* 1121/ss
udp6 0 0 :::58107 :::* 1121/ss
udp6 0 0 :::54012 :::* 1121/ss
udp6 0 0 :::33020 :::* 1121/ss
udp6 0 0 :::60668 :::* 1121/ss
udp6 0 0 :::55036 :::* 1121/ss
udp6 0 0 :::51454 :::* 1121/ss
udp6 0 0 :::58623 :::* 1121/ss
udp6 0 0 :::56064 :::* 1121/ss
udp6 0 0 :::44289 :::* 1121/ss
udp6 0 0 :::57602 :::* 1121/ss
udp6 0 0 :::34563 :::* 1121/ss
udp6 0 0 :::44803 :::* 1121/ss
udp6 0 0 :::49411 :::* 1121/ss
udp6 0 0 :::59655 :::* 1121/ss
udp6 0 0 :::41735 :::* 1121/ss
udp6 0 0 :::54024 :::* 1121/ss
udp6 0 0 :::42248 :::* 1121/ss
udp6 0 0 :::55048 :::* 1121/ss
udp6 0 0 :::50441 :::* 1121/ss
udp6 0 0 :::58121 :::* 1121/ss
udp6 0 0 :::59145 :::* 1121/ss
udp6 0 0 :::49417 :::* 1121/ss
udp6 0 0 :::44297 :::* 1121/ss
udp6 0 0 :::54026 :::* 1121/ss
udp6 0 0 :::36107 :::* 1121/ss
udp6 0 0 :::44300 :::* 1121/ss
udp6 0 0 :::60173 :::* 1121/ss
udp6 0 0 :::51983 :::* 1121/ss
udp6 0 0 :::40207 :::* 1121/ss
udp6 0 0 :::49935 :::* 1121/ss
udp6 0 0 :::60688 :::* 1121/ss
udp6 0 0 :::50960 :::* 1121/ss
udp6 0 0 :::33041 :::* 1121/ss
udp6 0 0 :::37650 :::* 1121/ss
udp6 0 0 :::60691 :::* 1121/ss
udp6 0 0 :::59667 :::* 1121/ss
udp6 0 0 :::56084 :::* 1121/ss
udp6 0 0 :::59157 :::* 1121/ss
udp6 0 0 :::46871 :::* 1121/ss
udp6 0 0 :::33048 :::* 1121/ss
udp6 0 0 :::48921 :::* 1121/ss
udp6 0 0 :::45852 :::* 1121/ss
udp6 0 0 :::50972 :::* 1121/ss
udp6 0 0 :::47901 :::* 1121/ss
udp6 0 0 :::56093 :::* 1121/ss
udp6 0 0 :::53022 :::* 1121/ss
udp6 0 0 :::40225 :::* 1121/ss
udp6 0 0 :::59682 :::* 1121/ss
udp6 0 0 :::60707 :::* 1121/ss
udp6 0 0 :::58149 :::* 1121/ss
udp6 0 0 :::60710 :::* 1121/ss
udp6 0 0 :::43303 :::* 1121/ss
udp6 0 0 :::46378 :::* 1121/ss
udp6 0 0 :::52010 :::* 1121/ss
udp6 0 0 :::50475 :::* 1121/ss
udp6 0 0 :::43308 :::* 1121/ss
udp6 0 0 :::38189 :::* 1121/ss
udp6 0 0 :::46893 :::* 1121/ss
udp6 0 0 :::48942 :::* 1121/ss
udp6 0 0 :::49966 :::* 1121/ss
udp6 0 0 :::57649 :::* 1121/ss
udp6 0 0 :::60723 :::* 1121/ss
udp6 0 0 :::48435 :::* 1121/ss
udp6 0 0 :::40756 :::* 1121/ss
udp6 0 0 :::48437 :::* 1121/ss
udp6 0 0 :::55605 :::* 1121/ss
udp6 0 0 :::58678 :::* 1121/ss
udp6 0 0 :::47926 :::* 1121/ss
udp6 0 0 :::44342 :::* 1121/ss
udp6 0 0 :::34103 :::* 1121/ss
udp6 0 0 :::34615 :::* 1121/ss
udp6 0 0 :::52537 :::* 1121/ss
udp6 0 0 :::54585 :::* 1121/ss
udp6 0 0 :::57657 :::* 1121/ss
udp6 0 0 :::57658 :::* 1121/ss
udp6 0 0 :::35642 :::* 1121/ss
udp6 0 0 :::49466 :::* 1121/ss
udp6 0 0 :::54075 :::* 1121/ss
udp6 0 0 :::59195 :::* 1121/ss
udp6 0 0 :::59708 :::* 1121/ss
udp6 0 0 :::56125 :::* 1121/ss
udp6 0 0 :::57149 :::* 1121/ss
udp6 0 0 :::36669 :::* 1121/ss
udp6 0 0 :::41789 :::* 1121/ss
udp6 0 0 :::56127 :::* 1121/ss
udp6 0 0 :::40255 :::* 1121/ss
udp6 0 0 :::44864 :::* 1121/ss
udp6 0 0 :::56131 :::* 1121/ss
udp6 0 0 :::37191 :::* 1121/ss
udp6 0 0 :::51527 :::* 1121/ss
udp6 0 0 :::48458 :::* 1121/ss
udp6 0 0 :::45898 :::* 1121/ss
udp6 0 0 :::34634 :::* 1121/ss
udp6 0 0 :::36683 :::* 1121/ss
udp6 0 0 :::45899 :::* 1121/ss
udp6 0 0 :::42315 :::* 1121/ss
udp6 0 0 :::33101 :::* 1121/ss
udp6 0 0 :::35150 :::* 1121/ss
udp6 0 0 :::51538 :::* 1121/ss
udp6 0 0 :::52050 :::* 1121/ss
udp6 0 0 :::60754 :::* 1121/ss
udp6 0 0 :::50003 :::* 1121/ss
udp6 0 0 :::48980 :::* 1121/ss
udp6 0 0 :::43861 :::* 1121/ss
udp6 0 0 :::52054 :::* 1121/ss
udp6 0 0 :::40792 :::* 1121/ss
udp6 0 0 :::45400 :::* 1121/ss
udp6 0 0 :::48472 :::* 1121/ss
udp6 0 0 :::60249 :::* 1121/ss
udp6 0 0 :::48989 :::* 1121/ss
udp6 0 0 :::50527 :::* 1121/ss
udp6 0 0 :::38752 :::* 1121/ss
udp6 0 0 :::60259 :::* 1121/ss
udp6 0 0 :::41828 :::* 1121/ss
udp6 0 0 :::57189 :::* 1121/ss
udp6 0 0 :::56679 :::* 1121/ss
udp6 0 0 :::45416 :::* 1121/ss
udp6 0 0 :::60267 :::* 1121/ss
udp6 0 0 :::49005 :::* 1121/ss
udp6 0 0 :::36205 :::* 1121/ss
udp6 0 0 :::44912 :::* 1121/ss
udp6 0 0 :::57201 :::* 1121/ss
udp6 0 0 :::38257 :::* 1121/ss
udp6 0 0 :::41329 :::* 1121/ss
udp6 0 0 :::56178 :::* 1121/ss
udp6 0 0 :::56179 :::* 1121/ss
udp6 0 0 :::60276 :::* 1121/ss
udp6 0 0 :::39284 :::* 1121/ss
udp6 0 0 :::49524 :::* 1121/ss
udp6 0 0 :::44918 :::* 1121/ss
udp6 0 0 :::53111 :::* 1121/ss
udp6 0 0 :::39800 :::* 1121/ss
udp6 0 0 :::49018 :::* 1121/ss
udp6 0 0 :::54138 :::* 1121/ss
udp6 0 0 :::50044 :::* 1121/ss
udp6 0 0 :::40833 :::* 1121/ss
udp6 0 0 :::57217 :::* 1121/ss
udp6 0 0 :::49028 :::* 1121/ss
udp6 0 0 :::51590 :::* 1121/ss
udp6 0 0 :::50054 :::* 1121/ss
udp6 0 0 :::39305 :::* 1121/ss
udp6 0 0 :::34185 :::* 1121/ss
udp6 0 0 :::52619 :::* 1121/ss
udp6 0 0 :::45964 :::* 1121/ss
udp6 0 0 :::46477 :::* 1121/ss
udp6 0 0 :::43405 :::* 1121/ss
udp6 0 0 :::51086 :::* 1121/ss
udp6 0 0 :::43406 :::* 1121/ss
udp6 0 0 :::33167 :::* 1121/ss
udp6 0 0 :::38289 :::* 1121/ss
udp6 0 0 :::45458 :::* 1121/ss
udp6 0 0 :::37267 :::* 1121/ss
udp6 0 0 :::49045 :::* 1121/ss
udp6 0 0 :::58773 :::* 1121/ss
udp6 0 0 :::39830 :::* 1121/ss
udp6 0 0 :::49047 :::* 1121/ss
udp6 0 0 :::46999 :::* 1121/ss
udp6 0 0 :::49560 :::* 1121/ss
udp6 0 0 :::58777 :::* 1121/ss
udp6 0 0 :::43931 :::* 1121/ss
udp6 0 0 :::57244 :::* 1121/ss
udp6 0 0 :::51101 :::* 1121/ss
udp6 0 0 :::43933 :::* 1121/ss
udp6 0 0 :::58269 :::* 1121/ss
udp6 0 0 :::49055 :::* 1121/ss
udp6 0 0 :::34719 :::* 1121/ss
udp6 0 0 :::45473 :::* 1121/ss
udp6 0 0 :::33698 :::* 1121/ss
udp6 0 0 :::55203 :::* 1121/ss
udp6 0 0 :::36771 :::* 1121/ss
udp6 0 0 :::47012 :::* 1121/ss
udp6 0 0 :::42405 :::* 1121/ss
udp6 0 0 :::60837 :::* 1121/ss
udp6 0 0 :::59302 :::* 1121/ss
udp6 0 0 :::60838 :::* 1121/ss
udp6 0 0 :::52134 :::* 1121/ss
udp6 0 0 :::43944 :::* 1121/ss
udp6 0 0 :::57770 :::* 1121/ss
udp6 0 0 :::44458 :::* 1121/ss
udp6 0 0 :::42411 :::* 1121/ss
udp6 0 0 :::35245 :::* 1121/ss
udp6 0 0 :::51117 :::* 1121/ss
udp6 0 0 :::51631 :::* 1121/ss
udp6 0 0 :::55727 :::* 1121/ss
udp6 0 0 :::50608 :::* 1121/ss
udp6 0 0 :::39344 :::* 1121/ss
udp6 0 0 :::49585 :::* 1121/ss
udp6 0 0 :::49073 :::* 1121/ss
udp6 0 0 :::33713 :::* 1121/ss
udp6 0 0 :::52147 :::* 1121/ss
udp6 0 0 :::34229 :::* 1121/ss
udp6 0 0 :::46005 :::* 1121/ss
udp6 0 0 :::59831 :::* 1121/ss
udp6 0 0 :::57272 :::* 1121/ss
udp6 0 0 :::58299 :::* 1121/ss
udp6 0 0 :::44989 :::* 1121/ss
udp6 0 0 :::42941 :::* 1121/ss
udp6 0 0 :::42944 :::* 1121/ss
udp6 0 0 :::55746 :::* 1121/ss
udp6 0 0 :::49602 :::* 1121/ss
udp6 0 0 :::40899 :::* 1121/ss
udp6 0 0 :::46020 :::* 1121/ss
udp6 0 0 :::46532 :::* 1121/ss
udp6 0 0 :::42948 :::* 1121/ss
udp6 0 0 :::50629 :::* 1121/ss
udp6 0 0 :::57798 :::* 1121/ss
udp6 0 0 :::52168 :::* 1121/ss
udp6 0 0 :::55241 :::* 1121/ss
udp6 0 0 :::58315 :::* 1121/ss
udp6 0 0 :::40907 :::* 1121/ss
udp6 0 0 :::34251 :::* 1121/ss
udp6 0 0 :::45518 :::* 1121/ss
udp6 0 0 :::43982 :::* 1121/ss
udp6 0 0 :::44494 :::* 1121/ss
udp6 0 0 :::40399 :::* 1121/ss
udp6 0 0 :::59346 :::* 1121/ss
udp6 0 0 :::34258 :::* 1121/ss
udp6 0 0 :::46547 :::* 1121/ss
udp6 0 0 :::47059 :::* 1121/ss
udp6 0 0 :::53716 :::* 1121/ss
udp6 0 0 :::40917 :::* 1121/ss
udp6 0 0 :::45013 :::* 1121/ss
udp6 0 0 :::49622 :::* 1121/ss
udp6 0 0 :::55256 :::* 1121/ss
udp6 0 0 :::40408 :::* 1121/ss
udp6 0 0 :::52185 :::* 1121/ss
udp6 0 0 :::60889 :::* 1121/ss
udp6 0 0 :::55770 :::* 1121/ss
udp6 0 0 :::47579 :::* 1121/ss
udp6 0 0 :::37342 :::* 1121/ss
udp6 0 0 :::39390 :::* 1121/ss
udp6 0 0 :::36319 :::* 1121/ss
udp6 0 0 :::36320 :::* 1121/ss
udp6 0 0 :::34273 :::* 1121/ss
udp6 0 0 :::51172 :::* 1121/ss
udp6 0 0 :::46564 :::* 1121/ss
udp6 0 0 :::45029 :::* 1121/ss
udp6 0 0 :::51173 :::* 1121/ss
udp6 0 0 :::37351 :::* 1121/ss
udp6 0 0 :::38892 :::* 1121/ss
udp6 0 0 :::37869 :::* 1121/ss
udp6 0 0 :::53742 :::* 1121/ss
udp6 0 0 :::34804 :::* 1121/ss
udp6 0 0 :::40950 :::* 1121/ss
udp6 0 0 :::59383 :::* 1121/ss
udp6 0 0 :::39927 :::* 1121/ss
udp6 0 0 :::38905 :::* 1121/ss
udp6 0 0 :::59385 :::* 1121/ss
udp6 0 0 :::39930 :::* 1121/ss
udp6 0 0 :::56827 :::* 1121/ss
udp6 0 0 :::41980 :::* 1121/ss
udp6 0 0 :::33277 :::* 1121/ss
udp6 0 0 :::51710 :::* 1121/ss
udp6 0 0 :::59902 :::* 1121/ss
udp6 0 0 :::46079 :::* 1121/ss
udp6 0 0 :::39424 :::* 1121/ss
udp6 0 0 :::44032 :::* 1121/ss
udp6 0 0 :::46081 :::* 1121/ss
udp6 0 0 :::49154 :::* 1121/ss
udp6 0 0 :::59395 :::* 1121/ss
udp6 0 0 :::35844 :::* 1121/ss
udp6 0 0 :::55300 :::* 1121/ss
udp6 0 0 :::56325 :::* 1121/ss
udp6 0 0 :::55302 :::* 1121/ss
udp6 0 0 :::53256 :::* 1121/ss
udp6 0 0 :::36361 :::* 1121/ss
udp6 0 0 :::58380 :::* 1121/ss
udp6 0 0 :::46606 :::* 1121/ss
udp6 0 0 :::39439 :::* 1121/ss
udp6 0 0 :::48655 :::* 1121/ss
udp6 0 0 :::48656 :::* 1121/ss
udp6 0 0 :::52241 :::* 1121/ss
udp6 0 0 :::54290 :::* 1121/ss
udp6 0 0 :::48658 :::* 1121/ss
udp6 0 0 :::55827 :::* 1121/ss
udp6 0 0 :::37396 :::* 1121/ss
udp6 0 0 :::57878 :::* 1121/ss
udp6 0 0 :::43543 :::* 1121/ss
udp6 0 0 :::45079 :::* 1121/ss
udp6 0 0 :::42520 :::* 1121/ss
udp6 0 0 :::49176 :::* 1121/ss
udp6 0 0 :::40475 :::* 1121/ss
udp6 0 0 :::34843 :::* 1121/ss
udp6 0 0 :::57884 :::* 1121/ss
udp6 0 0 :::32796 :::* 1121/ss
udp6 0 0 :::46111 :::* 1121/ss
udp6 0 0 :::45089 :::* 1121/ss
udp6 0 0 :::49185 :::* 1121/ss
udp6 0 0 :::50722 :::* 1121/ss
udp6 0 0 :::58914 :::* 1121/ss
udp6 0 0 :::51235 :::* 1121/ss
udp6 0 0 :::52774 :::* 1121/ss
udp6 0 0 :::51238 :::* 1121/ss
udp6 0 0 :::55847 :::* 1121/ss
udp6 0 0 :::56359 :::* 1121/ss
udp6 0 0 :::51751 :::* 1121/ss
udp6 0 0 :::34857 :::* 1121/ss
udp6 0 0 :::46633 :::* 1121/ss
udp6 0 0 :::33322 :::* 1121/ss
udp6 0 0 :::39980 :::* 1121/ss
udp6 0 0 :::58929 :::* 1121/ss
udp6 0 0 :::45105 :::* 1121/ss
udp6 0 0 :::54321 :::* 1121/ss
udp6 0 0 :::43571 :::* 1121/ss
udp6 0 0 :::53299 :::* 1121/ss
udp6 0 0 :::58421 :::* 1121/ss
udp6 0 0 :::59445 :::* 1121/ss
udp6 0 0 :::47669 :::* 1121/ss
udp6 0 0 :::42038 :::* 1121/ss
udp6 0 0 :::52790 :::* 1121/ss
udp6 0 0 :::44599 :::* 1121/ss
udp6 0 0 :::51255 :::* 1121/ss
udp6 0 0 :::37946 :::* 1121/ss
udp6 0 0 :::50234 :::* 1121/ss
udp6 0 0 :::58427 :::* 1121/ss
udp6 0 0 :::49213 :::* 1121/ss
udp6 0 0 :::35389 :::* 1121/ss
udp6 0 0 :::50237 :::* 1121/ss
udp6 0 0 :::57406 :::* 1121/ss
udp6 0 0 :::20030 :::* 1121/ss
udp6 0 0 :::53824 :::* 1121/ss
udp6 0 0 :::52801 :::* 1121/ss
udp6 0 0 :::47171 :::* 1121/ss
udp6 0 0 :::37443 :::* 1121/ss
udp6 0 0 :::56902 :::* 1121/ss
udp6 0 0 :::49734 :::* 1121/ss
udp6 0 0 :::35911 :::* 1121/ss
udp6 0 0 :::44616 :::* 1121/ss
udp6 0 0 :::43592 :::* 1121/ss
udp6 0 0 :::58440 :::* 1121/ss
udp6 0 0 :::52297 :::* 1121/ss
udp6 0 0 :::35401 :::* 1121/ss
udp6 0 0 :::45642 :::* 1121/ss
udp6 0 0 :::42058 :::* 1121/ss
udp6 0 0 :::54347 :::* 1121/ss
udp6 0 0 :::50252 :::* 1121/ss
udp6 0 0 :::35404 :::* 1121/ss
udp6 0 0 :::44620 :::* 1121/ss
udp6 0 0 :::33868 :::* 1121/ss
udp6 0 0 :::57933 :::* 1121/ss
udp6 0 0 :::37454 :::* 1121/ss
udp6 0 0 :::50254 :::* 1121/ss
udp6 0 0 :::54350 :::* 1121/ss
udp6 0 0 :::58959 :::* 1121/ss
udp6 0 0 :::58448 :::* 1121/ss
udp6 0 0 :::52304 :::* 1121/ss
udp6 0 0 :::41042 :::* 1121/ss
udp6 0 0 :::47187 :::* 1121/ss
udp6 0 0 :::45141 :::* 1121/ss
udp6 0 0 :::36949 :::* 1121/ss
udp6 0 0 :::33878 :::* 1121/ss
udp6 0 0 :::48728 :::* 1121/ss
udp6 0 0 :::39513 :::* 1121/ss
udp6 0 0 :::47705 :::* 1121/ss
udp6 0 0 :::50265 :::* 1121/ss
udp6 0 0 :::34394 :::* 1121/ss
udp6 0 0 :::47196 :::* 1121/ss
udp6 0 0 :::49246 :::* 1121/ss
udp6 0 0 :::45663 :::* 1121/ss
udp6 0 0 :::33891 :::* 1121/ss
udp6 0 0 :::35427 :::* 1121/ss
udp6 0 0 :::57956 :::* 1121/ss
udp6 0 0 :::48741 :::* 1121/ss
udp6 0 0 :::47717 :::* 1121/ss
udp6 0 0 :::46693 :::* 1121/ss
udp6 0 0 :::43110 :::* 1121/ss
udp6 0 0 :::60519 :::* 1121/ss
udp6 0 0 :::44649 :::* 1121/ss
udp6 0 0 :::35947 :::* 1121/ss
udp6 0 0 :::41579 :::* 1121/ss
udp6 0 0 :::53355 :::* 1121/ss
udp6 0 0 :::53357 :::* 1121/ss
udp6 0 0 :::59503 :::* 1121/ss
udp6 0 0 :::56431 :::* 1121/ss
udp6 0 0 :::34415 :::* 1121/ss
udp6 0 0 :::60527 :::* 1121/ss
udp6 0 0 :::47217 :::* 1121/ss
udp6 0 0 :::34418 :::* 1121/ss
udp6 0 0 :::39027 :::* 1121/ss
udp6 0 0 :::37494 :::* 1121/ss
udp6 0 0 :::39031 :::* 1121/ss
udp6 0 0 :::46711 :::* 1121/ss
udp6 0 0 :::43127 :::* 1121/ss
udp6 0 0 :::57975 :::* 1121/ss
udp6 0 0 :::47737 :::* 1121/ss
udp6 0 0 :::45177 :::* 1121/ss
udp6 0 0 :::32889 :::* 1121/ss
udp6 0 0 :::60025 :::* 1121/ss
udp6 0 0 :::54394 :::* 1121/ss
udp6 0 0 :::55930 :::* 1121/ss
udp6 0 0 :::52859 :::* 1121/ss
udp6 0 0 :::50300 :::* 1121/ss
udp6 0 0 :::47741 :::* 1121/ss
udp6 0 0 :::36990 :::* 1121/ss
udp6 0 0 :::45183 :::* 1121/ss
udp6 0 0 :::40066 :::* 1121/ss
udp6 0 0 :::34948 :::* 1121/ss
udp6 0 0 :::47238 :::* 1121/ss
udp6 0 0 :::42630 :::* 1121/ss
udp6 0 0 :::37511 :::* 1121/ss
udp6 0 0 :::48776 :::* 1121/ss
udp6 0 0 :::53898 :::* 1121/ss
udp6 0 0 :::43660 :::* 1121/ss
udp6 0 0 :::41612 :::* 1121/ss
udp6 0 0 :::46734 :::* 1121/ss
udp6 0 0 :::42638 :::* 1121/ss
udp6 0 0 :::48782 :::* 1121/ss
udp6 0 0 :::46227 :::* 1121/ss
root@VM-4-2-ubuntu:~#
Log IP addresses of connecting devices per key to protect against abuse
Some of my users dos/ddos externals servers through VPN. and the datacenter sends me a abuse email.
How can I find access key id by IP ? is there logs about this ?
I would like to log the IP addresses of connecting devices per key. any solution ?
For example :
| Time | Key ID | IP |
|---|---|---|
| 2023/04/30 10:13:16 | 3 | 144.8.252.162 |
| 2023/04/30 11:34:56 | 3 | 45.19.146.148 |
| 2023/04/30 14:54:06 | 2 | 220.126.224.116 |
| 2023/04/30 21:04:25 | 10 | 63.235.39.34 |
UDP is not working (v1.0.5)
I recently upgraded to v1.0.5 and it looks like the UDP is not working now.
Steps to reproduce:
On the server, run
outline-ss-server -config server.yml -udptimeout 32s -metrics 127.0.0.1:9999
On the client side, I use ss-tunnel from shadowsocks-libev
ss-tunnel -b 127.0.42.1 -l 53 -L 8.8.8.8:53 -c client.json
Then on the client side, run
dig example.com @127.0.42.1
The dig command timed out, and on the server side, I see these error logs:
E2019-08-09T09:56:22.368+08:00 19076 udp.go:93] Panic in UDP loop: interface conversion: net.Addr is *net.UDPAddr, not *net.IPAddr
goroutine 21 [running]:
runtime/debug.Stack(0x79115a, 0xc00007d830, 0x1)
/usr/lib/go-1.11/src/runtime/debug/stack.go:24 +0xa7
runtime/debug.PrintStack()
/usr/lib/go-1.11/src/runtime/debug/stack.go:16 +0x22
github.com/Jigsaw-Code/outline-ss-server/shadowsocks.(*udpService).Start.func1.1()
/home/xxxx/build/outline-ss-server/outline-ss-server-master/shadowsocks/udp.go:94 +0xc2
panic(0x8485e0, 0xc0004407b0)
/usr/lib/go-1.11/src/runtime/panic.go:513 +0x1b9
github.com/Jigsaw-Code/outline-ss-server/shadowsocks.(*udpService).Start.func1(0xc000065940, 0xc000150000, 0x10000, 0x10000, 0xc000160000, 0x10000, 0x10000, 0xc000065a00, 0x0)
/home/xxxx/build/outline-ss-server/outline-ss-server-master/shadowsocks/udp.go:124 +0x16e1
github.com/Jigsaw-Code/outline-ss-server/shadowsocks.(*udpService).Start(0xc000065940)
/home/xxxx/build/outline-ss-server/outline-ss-server-master/shadowsocks/udp.go:165 +0x1d5
created by main.(*SSServer).startPort
/home/xxxx/build/outline-ss-server/outline-ss-server-master/server.go:81 +0x5aa
Feature request: Chain Shadowsocks
Is your feature request related to a problem? Please describe.
I would like to create a chain of shadowsocks servers
Describe the solution you'd like
Have a chain option in shadowsocks
Describe alternatives you've considered
Tor but its not self hosted and all nodes are on blacklists
Additional context
Replay protection for UDP
The replay cache is only passed to the TCP service. Was UDP left out intentionally, or was it an oversight?
Shadowsocks
Fix a race condition that could allow same Salt/IV to be reused
refer: shadowsocks/go-shadowsocks2@e07df3f
Should we update the go-shadowsocks2 version to 0.15?
thanks.
Your Grafana dashboard
Hey guys, thanks for all of your hard work on Outline. Really enjoying using it.
Would you mind sharing your Grafana dashboard info? I would like to set it up the way that you guys show in the README of this project.
Thank you!
SIGSEGV after "too many open files"
Not exactly a bug, might be a problem in some situation. Hit the limit of open file count happened in many ss server. When ss-libev got this problem, it won't exit.
Log:
./outline-ss-server -config config.yml
I2019-03-06T09:29:07.810-05:00 6853 server.go:75] Listening TCP and UDP on port 3389
I2019-03-06T09:29:07.810-05:00 6853 server.go:75] Listening TCP and UDP on port 1521
I2019-03-06T09:29:07.810-05:00 6853 server.go:149] Loaded 2 access keys
E2019-04-02T22:58:06.287-04:00 6853 tcp.go:157] Failed to accept: accept tcp [::]:3389: accept4: too many open files
E2019-04-02T22:58:06.288-04:00 6853 tcp.go:157] Failed to accept: accept tcp [::]:3389: accept4: too many open files
E2019-04-02T22:58:06.288-04:00 6853 tcp.go:157] Failed to accept: accept tcp [::]:3389: accept4: too many open files
E2019-04-02T22:58:06.288-04:00 6853 tcp.go:157] Failed to accept: accept tcp [::]:3389: accept4: too many open files
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x532425]
goroutine 456877 [running]:
net.(*TCPConn).RemoteAddr(0x0, 0x0, 0x0)
<autogenerated>:1 +0x5
github.com/Jigsaw-Code/outline-ss-server/shadowsocks.(*tcpService).Start.func1(0xc0001185a0, 0xc0001e5e30, 0x0)
/usr/local/google/home/fortuna/firehook/outline-ss-server/shadowsocks/tcp.go:161 +0x57
created by github.com/Jigsaw-Code/outline-ss-server/shadowsocks.(*tcpService).Start
/usr/local/google/home/fortuna/firehook/outline-ss-server/shadowsocks/tcp.go:160 +0x61
Can I add new users?
Can I add new users , is there an API for this ? Well or as it is possible to load dynamically new users and to delete .
Thanks
Manager API
https://github.com/shadowsocks/shadowsocks/wiki/Manage-Multiple-Users#protocol
Users can be add, delete and transfer statistics through the API.
Update golang to v1.17
The existing dependencies have not been updated for too long, could we update them? Thanks.
Support multiple IPs on the server
Hi
I have many ip of one interface card(Centos 7) as like below
eth0 10.10.10.10
eth0:0 10.10.10.11
eth0:1 10.10.10.12
eth0:2 10.10.10.13
but, if i connect 10.10.10.12 then all packet's are output on 10.10.10.10, not 10.10.10.12
how can i output packet to client request ip (of request port)
ex)
8081 port 10.10.10.11 <-> client A
8082 port 10.10.10.12 <-> client B
8083 port 10.10.10.13 <-> client C
Thanks
censorship resistance now inadequate for new Great Firewall techniques
Hi Outline team,
First of all, thank you for your great and essential work. After having multiple Outline servers of mine blocked within a week, all of which were serving users in China, it came to my attention that new detection techniques were rolled out on or around October 3rd, 2022 according to this issue: net4people/bbs#136
The authors of that post have developed a preliminary workaround, but it breaks compatibility with the existing shadowsocks packet format and is thus only supported on their temporary fork of shadowsocks-rust.
I realize this leaves y'all (and us) in kind of a shitty situation in which the old format is dying and the new format struggles to be born, but I would strongly suggest paying attention to that thread and/or participating in development so that outline-ss-server can implement the new format as soon as it's ready.
why networkin suddenly Significant increase?
Add support SIP022 AEAD-2022 Ciphers
Many clients already support AEAD-2022 Ciphers (v2rayNG, FoXray, V2Box)
https://shadowsocks.org/doc/sip022.html
del
del
Support Shadowsocks 2022 (SIP022)
The Shadowsocks-Rust currently supports SIP022 (Shadowsocks 2022) which handles multiple users on a single port in a proper way to avoid performance issues. I was wondering if there is any plan to switch the outline ss server to Shadowsocks 2022.
Option to modify TCP Keep-Alive duration in Client (in the form of a battery life optimization setting)
shadowsocks/go-shadowsocks2#224
Since outline-ss-server is based on go-shadowsocks2, this issue applies to it as well.
Describe the bug
go-shadowsocks2 sends TCP Keep-Alive packets every 15 seconds, on every connected and listened TCP socket (shadowsocks server-client connections, outgoing connections to other servers), which leads to high battery usage on mobile devices.
Since keep-alive interval is set also on listening socket, non-go-shadowsocks2 clients will also receive keep-alive packets every 15 seconds when connecting to go-shadowsocks2 server.
More information here: golang/go#48622
To Reproduce
Steps to reproduce the behavior:
- Connect to go-shadowsocks2 server or run go-shadowsocks2 client.
- Initiate TCP connection and keep it idle for some time.
- Check keep-alive packets sending/receiving every 15 seconds with the network sniffer.
Expected behavior
I expect Keep-Alive interval to be configurable.
go-shadowsocks2 should allow to increase TCP Keep-Alive or to disable it completely.
15 seconds is a golang default value and it's way too short. For comparison, Linux sets default keep-alive value to 2 hours (which is probably too high).
Hope to support haproxy protocol
If transport traffic with proxy protocol, outline-ss-server can't get the real client ip & can't auth the user
hope to support proxy protocol
UDP SetReadDeadline only set on incoming messages
Just looking at the UDP code and it seems to work the same as shadowsocks2. There's a timed copy setup from remote netCon to the local netCon sending back to the user.
Every time a message arrives from the peer the message is processed and a new timed read starts again - i.e. the timeout is reset.
However if only the client is sending the readdeadline is never reset.
Consider this example with timeout 30 seconds:
Time=0) user sends UDP message, new natmap starts with a timed read of 30 seconds from the peer
Time=29) user sends second UDP message.
Time=30) the natmap expires
Time=32) peer replies to a stale socket - message is lost.
The timed read should be reset every time a message comes in from either side.
Also it really would make sense to store the (found) key in the natmap too, and test that first when a new message comes in from the same source ip/port. In fact if we find the key has changed then the whole natmap should be re-created or at least the key changed to the new one.
outline-ss-server get data from DB
Can I make a setup with mysql (mariadb) or another db? I want to store creds in one mariadb, and connect multiple outline-ss-server to db with ssl. This is convenient for centralized management.
Running a few days,Cpu suddenly 100%
This happened several times.
Listen on specific interface or IP address
Hey guys,
How can I configure the server to listen on a specific interface or IP address ?
Outline server pinging, but doesn't work
Just yesterday, VPN server stopped working. Connection and control are fine. ReInstallation - hangs on Starting Shadowbox. The connection line is not present in access.txt /opt/outline.
my uninstall: I removed all docker containers, run docker builder prune command and rm -rf /opt/outline remove this folder.
After I stop docker-daemon by sudo systemctl stop docker.service
After I use manager helper command:
sudo bash -c "$(wget -qO- https://raw.githubusercontent.com/Jigsaw-Code/outline-apps/master/server_manager/install_scripts/install_server.sh)"
And hang up on Starting Shadowbox..........
Re run install command hang up on Verifying that Docker daemon is running ..... line
I don’t know which logs I can provide, tell me - I’ll do it.
Set up Outline server in private network
Use case; I want to run a local server that's not\barely exposed to the public internet. Via shadowsocks I would be able to connect to the local network of the shadowsocks server. Currently this is completely blocked via
outline-ss-server/net/private_net.go
Line 36 in 3c2b0f1
DNS pre-filter to block ad servers & torrent servers
It would be great to add a pre-filter for DNS requests (for example, a redirect to AdguardHome DNS installed on the same server to block ad servers or torrent servers or something).
I apologize if this possibility already exists and was considered by someone, but I found the manual only for the wireguard + AdguardHome bundle, but not for Outline-ss.
I'm not very good at this myself(
Best regards
Need help to install and run
Sorry to distrub.
Situation: I am a starter with few knowledge and experience on Linux. I have successfully deployed an outline server and it is running well, but I would like to taste this outline_ss_server.
Efforts I have made: I have read the README.MD and I have googled about how to install GO Envriment and how to install shadowsocks_go as a reference. And I have followed the steps above with little understanding of them. And I also tried to follow the instructions in README.MD. But I still neither can get a clue nor get a successful install or running.
Is there any possiblity of publishing a beginner-friendly installing guide? I tried mutiple times and fail to find someone I can follow on the existing Internet. And if google does not have it, I can't get a clue what and where to learn to install this.😂 Or would you please give me some hints about which knowledge needed?
Best regards, thanks!
Filtering in Iran causes to not to able to create new ACTIVE servers on AMAZON LIGHTSAIL SERVERS or DIGITAL OCEAN !
Filtering in Iran causes to not to able to create new ACTIVE servers on AMAZON LIGHTSAIL SERVERS or DIGITAL OCEAN !
I have amazon lightsail premium account and digital ocean too and I am from Iran . it is about 3 days ago when I wanted to create new servers I did it but new servers were not able to connect to the Servers by Outline Client on any of internet providers like MTN IRANCEL or MCI . so what should we do ?
We need a great and non-censorship solution for Iran on Outline Servers and Client ????
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.