Yet another SIP003 plugin for shadowsocks, based on Xray-core

Overview

Yet another SIP003 plugin for shadowsocks, based on Xray-core

Build

  • go build

Usage

See command line args for advanced usages.

Shadowsocks over websocket (HTTP)

On your server

ss-server -c config.json -p 80 --plugin xray-plugin --plugin-opts "server"

On your client

ss-local -c config.json -p 80 --plugin xray-plugin

Shadowsocks over websocket (HTTPS)

On your server

ss-server -c config.json -p 443 --plugin xray-plugin --plugin-opts "server;tls;host=mydomain.com"

On your client

ss-local -c config.json -p 443 --plugin xray-plugin --plugin-opts "tls;host=mydomain.com"

Shadowsocks over quic

On your server

ss-server -c config.json -p 443 --plugin xray-plugin --plugin-opts "server;mode=quic;host=mydomain.com"

On your client

ss-local -c config.json -p 443 --plugin xray-plugin --plugin-opts "mode=quic;host=mydomain.com"

Issue a cert for TLS and QUIC

xray-plugin will look for TLS certificates signed by acme.sh by default. Here's some sample commands for issuing a certificate using CloudFlare. You can find commands for issuing certificates for other DNS providers at acme.sh.

wget -O-  https://get.acme.sh | sh
~/.acme.sh/acme.sh --issue --dns dns_cf -d mydomain.com

Alternatively, you can specify path to your certificates using option cert and key.

Use certRaw to pass certificate

Instead of using cert to pass the certificate file, certRaw could be used to pass in PEM format certificate, that is the content between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- without the line breaks.

Comments
  • shadowsocks-android使用xray-plugin后无法联网,而PC端和ios shadowrocket却不受影响。

    shadowsocks-android使用xray-plugin后无法联网,而PC端和ios shadowrocket却不受影响。

    一、基本情况: 手机为Nexus 4,Shadowsocks-android 5.2.1,xray-plugin 1.3.0。系统为LineageOS 14.1-20180302, Android 7.1.2 二、配置如下: 1. Transport mode: websocket-tls 2. Hostname: mydomain.io 3. Path: / (默认) 4. Concurrent connections: 1 (默认) 5. Certificate for TLS verification: (空) 三、问题情况: 无法联网。如上配置是在正常使用其他插件情况下的基础上进行的,所以问题不会出在插件之外的配置。经adb logcat分析可能是证书问题,但点开5. Certificate for TLS verification: (空),在Documents找到上传的购买的域名证书,发现文件名呈灰色不能正常读取,而且通过插件打开的各个文件夹下的所有文件都呈灰色无法读取。 这是否是插件本身的bug呢,自己知识有限,仰作者大人和各位大神帮忙解决,谢谢。

    opened by studylinus 16
  • 请教个和v2ray-plugin一样的错误

    请教个和v2ray-plugin一样的错误

    先说问题 下面是xray-plugin报错: 2021/03/15 19:21:31 [Info] failed to handler mux client connection > proxy/freedom: failed to open connection to tcp:baidu.mydomain.top:443 > common/retry: [transport/internet/websocket: failed to dial WebSocket > transport/internet/websocket: failed to dial to (wss://baidu.mydomain.top/r6of920f5b): > x509: certificate is valid for baidu.mydomain.top, not cloudfront.com] > common/retry: all retry attempts failed 这个报错和v2ray-plugin一模一样

    我的VPS上使用的是openresty,tail -f access.log,都没有访问记录。 我猜是域名解析问题,因为第一次启动shadowsocks-libev-redir时域名解析使用cloudflare的代理,但是后来我把代理改成“仅限DNS”,还是不行。我本地主机是网关服务器,上面使用了dnsmasq,我怀疑是dns缓存,就把dnsmasq重启了,同时添加了hosts,把域名直接hosts到VPS,可是报错依旧相同。猜hosts没生效,tail -f dnsmasq.log,发现reply是我的VPS主机ip,报错还是一样,不知道该怎么解决,请高人指点,我的配置如下:

    VPS: ip:123.123.123.123 OS: Debian 10 buster 443 port: openresty提供 shadowsocks-libev-3.2.5+ds-1 xray-plugin-v1.4.0或v2ray-plugin-v1.3.1 域名证书是使用acme.sh签发的

    openresty配置文件: http { 省略 map $http_upgrade $connection_upgrade { default upgrade; '' close; } server { listen 443 ssl; ssl_certificate ssl/baidu.mydomain.top.cer; ssl_certificate_key ssl/baidu.mydomain.top.key; server_name baidu.mydomain.top; root html; index index.html index.htm;

    	location = /r6of920f5b {
    		proxy_http_version 1.1;
    		proxy_set_header Upgrade $http_upgrade;
    		proxy_set_header Connection $connection_upgrade;
    		proxy_set_header Host $host;
    		proxy_pass http://127.0.0.1:8388;
    	}
    }
    省略
    

    }

    shadowsocks-libev-server配置文件如下: { "server_host":"127.0.0.1", "server_port":8388, "password":"mima", "timeout":300, "method":"chacha20-ietf-poly1305", "mode":"tcp_only", "plugin":"/etc/shadowsocks-libev/v2ray-plugin", "plugin_opts":"server;path=/r6of920f5b;loglevel=debug", "use_syslog": false }

    客户端/网关服务器 OS: Debian 10 buster shadowsocks-libev-3.2.5+ds-1 xray-plugin-v1.4.0或v2ray-plugin-v1.3.1

    shadowsocks-libev-redir配置文件如下: { "server": "baidu.mydomain.top", "server_port": 443, "ipv6_first": false, "fast_open": true, "reuse_port": true, "local_address": "0.0.0.0", "local_port": 1080, "mode": "tcp_only", "timeout": 60, "method": "chacha20-ietf-poly1305", "password": "mima", "plugin":"/etc/shadowsocks-libev/xray-plugin", "plugin_opts":"tls;path=/r6of920f5b;loglevel=debug", "use_syslog": true }

    /etc/hosts配置如下: 123.123.123.123 baidu.mydomain.top

    谢谢了!

    opened by oule 3
  • 没法自定义serviceName

    没法自定义serviceName

    v2ray plugin那边的windows x64版本,在配合ss windows使用时,即使添加了 serviceName=MYSERVICENAME 参数后,还是向mydomain.me/GunService/Tun 这个URL发起请求。。。

    由于v2ray plugin那边没法提交issue就到这里提交了。。

    opened by estallaris 1
  • 同学,您这个项目引入了158个开源组件,存在4个漏洞,辛苦升级一下

    同学,您这个项目引入了158个开源组件,存在4个漏洞,辛苦升级一下

    检测到 teddysun/xray-plugin 一共引入了158个开源组件,存在4个漏洞

    漏洞标题:David Kitchen bluemonday 安全漏洞
    缺陷组件:github.com/microcosm-cc/[email protected]
    漏洞编号:CVE-2021-42576
    漏洞描述:David Kitchen bluemonday是  (David Kitchen)开源的一个应用程序。用于在Go中实现的HTML清理程序。
    bluemonday sanitizer 存在安全漏洞,该漏洞源于Go中1.0.16之前的bluemonday和Python中 0.0.8之前的bluemonday(在pybluemonday中),不能正确地强制与SELECT、STYLE和OPTION元素关联的策略。
    影响范围:(∞, 1.0.16)
    最小修复版本:1.0.16
    缺陷组件引入路径:github.com/teddysun/[email protected]>github.com/microcosm-cc/[email protected]
    

    另外还有4个漏洞,详细报告:https://mofeisec.com/jr?p=a6c46a

    opened by ghost 1
  • loglevel 参数是否生效?

    loglevel 参数是否生效?

    启动参数

    ssserver \
      --server-addr 0.0.0.0:443 \
      --password password \
      --encrypt-method chacha20-ietf-poly1305 \
      --timeout 3600 \
      --udp-timeout 300 \
      --udp-max-associations 1024 \
      --nofile 1048576 \
      --tcp-keep-alive 300 \
      --tcp-fast-open \
      --tcp-no-delay \
      -U \
      --plugin "xray-plugin" \
      --plugin-opts "server;tls;fast-open;host=example.com;loglevel=warning;path=/ws"
    

    虽然设置了 loglevel=warning, 但是仍然在日志里见到有大量这样的输出

    2022/01/19 17:17:24 tcp:xx.xx.xx.xx:3958 accepted tcp:127.0.0.1:0
    2022/01/19 17:17:27 tcp:xx.xx.xx.xx:3958 accepted tcp:127.0.0.1:0
    2022/01/19 17:17:32 tcp:xx.xx.xx.xx:3958 accepted tcp:127.0.0.1:0
    2022/01/19 17:17:32 tcp:xx.xx.xx.xx:3958 accepted tcp:127.0.0.1:0
    2022/01/19 17:17:36 tcp:xx.xx.xx.xx:3958 accepted tcp:127.0.0.1:0
    2022/01/19 17:17:43 tcp:xx.xx.xx.xx:3959 accepted tcp:127.0.0.1:0
    2022/01/19 17:17:45 tcp:xx.xx.xx.xx:3959 accepted tcp:127.0.0.1:0
    2022/01/19 17:17:50 tcp:xx.xx.xx.xx:3959 accepted tcp:127.0.0.1:0
    2022/01/19 17:17:51 tcp:xx.xx.xx.xx:3959 accepted tcp:127.0.0.1:0
    2022/01/19 17:17:52 tcp:xx.xx.xx.xx:3959 accepted tcp:127.0.0.1:0
    2022/01/19 17:17:57 tcp:xx.xx.xx.xx:3960 accepted tcp:127.0.0.1:0
    2022/01/19 17:17:59 tcp:xx.xx.xx.xx:3960 accepted tcp:127.0.0.1:0
    
    opened by pexcn 0
Releases(v1.6.0)
Owner
Teddysun
Programmer, Developer
Teddysun
Xray, Penetrates Everything. Also the best v2ray-core, with XTLS support. Fully compatible configuration.

Project X Project X originates from XTLS protocol, provides a set of network tools such as Xray-core and Xray-flutter. License Mozilla Public License

Project X Community 9.8k Sep 27, 2022
一个多功能 SSPanel 机场后端, 支持 V2Ray(Vmess), Trojan, Shadowsocks(单端口多用户)

一个多功能 SSPanel 机场后端, 支持 V2Ray(Vmess), Trojan, Shadowsocks(单端口多用户)

crossfw 389 Sep 26, 2022
Sstreamcry - Shadowsocks stream bomb

ShadowStreamCry A Shadowsocks stream bomb. Credits DuckSoft Qv2ray/rc4md5cry v2f

秋のかえで 7 Feb 24, 2022
A Xray backend framework that can easily support many panels. 一个基于Xray的后端框架,支持V2ay,Trojan,Shadowsocks协议,极易扩展,支持多面板对接

XRayR A Xray backend framework that can easily support many panels. 一个基于Xray的后端框架,支持V2ay,Trojan,Shadowsocks协议,极易扩展,支持多面板对接。 如果您喜欢本项目,可以右上角点个star+watch

null 294 Sep 30, 2022
A base gui tool for xray/v2ray/hysteria/trojan-go without system proxy

A base gui tool for xray/v2ray/hysteria/trojan-go without system proxy

youlika 14 Sep 9, 2022
🚥 Yet another pinger: A high-performance ICMP ping implementation build on top of BPF technology.

yap Yet-Another-Pinger: A high-performance ICMP ping implementation build on top of BPF technology. yap uses the gopacket library to receive and handl

dongdong 40 Aug 29, 2022
Yet another codemod alternative

rnm Yet another codemod alternative. Replace all occurrences of a name to another name in your code! Features Support for different case styles See rn

Yota Toyama 19 Mar 3, 2022
Yet another TCP Port Scanner, but lightning faster.

Fast TCP Port Scanner A highly concurrent TCP port scanner. Run Tests with Code Coverage (Linux) go test -cover Compile (Linux) go build -v -o fglps R

Hysteresis 6 Jul 23, 2022
Yagma - Yet Another Go Mojang API

Yagma Yet Another Go Mojang API Mojang API support While we plan on wrapping Moj

Altea 1 Jan 13, 2022
Kasen - Yet-another open-source CMS for scanlators

Kasen Oh no, a yet-another open-source CMS for scanlators. Anyways... The back-e

rs 11 Aug 8, 2022
Poseidon -- An Enhanced V2Ray(based on v2ray-core)

Poseidon -- An Enhanced V2Ray(based on v2ray-core) Support SSRPanel(VNetPanel), V2board, SSpanel-v3-Uim Features Sync user from your panel to v2ray Lo

null 0 Nov 14, 2021
ULE - Rust-based minecraft server core

ULE - Minecraft's server core written in Rust This's server core fully written i

null 11 Jul 16, 2022
Build - The axelar-core app based on the Cosmos SDK is the main application of the axelar network

⚠️ ⚠️ ⚠️ THIS IS A WORK IN PROGRESS ⚠️ ⚠️ ⚠️ axelar-core The axelar-core app bas

Kalidux 0 Feb 15, 2022
The plugin serves as a starting point for writing a Mattermost plugin

Plugin Starter Template This plugin serves as a starting point for writing a Mattermost plugin. Feel free to base your own plugin off this repository.

Juho Nurminen 0 Dec 10, 2021
Nhat Tran 0 Feb 10, 2022
Cf-cli-find-app-plugin - CF CLI plugin to find applications containing a search string

Overview This cf cli plugin allows users to search for application names that co

null 0 Jan 3, 2022
Twitter-plugin - Falco Plugin for Twitter Stream

Twitter Plugin This repository contains the twittter plugin for Falco, which fol

Thomas Labarussias 4 Mar 17, 2022
Open source 5G core network base on 3GPP R15

What is free5GC The free5GC is an open-source project for 5th generation (5G) mobile core networks. The ultimate goal of this project is to implement

free5GC 1.4k Sep 28, 2022
Magma is an open-source software platform that gives network operators an open, flexible and extendable mobile core network solution.

Connecting the Next Billion People Magma is an open-source software platform that gives network operators an open, flexible and extendable mobile core

Magma 1.4k Sep 22, 2022