You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
185 lines
4.5 KiB
185 lines
4.5 KiB
ss-server(1)
|
|
============
|
|
|
|
NAME
|
|
----
|
|
ss-server - shadowsocks server, libev port
|
|
|
|
SYNOPSIS
|
|
--------
|
|
*ss-server*
|
|
[-uUv] [-h|--help]
|
|
[-s <server_host>] [-p <server_port>] [-l <local_port>]
|
|
[-k <password>] [-m <encrypt_method>] [-f <pid_file>]
|
|
[-t <timeout>] [-c <config_file>] [-i <interface>]
|
|
[-a <user_name>] [-d <addr>] [-n <nofile>]
|
|
[-b <local_address>] [--fast-open] [--reuse-port]
|
|
[--mptcp] [--acl <acl_config>] [--mtu <MTU>] [--no-delay]
|
|
[--manager-address <path_to_unix_domain>]
|
|
[--plugin <plugin_name>] [--plugin-opts <plugin_options>]
|
|
[--password <password>] [--key <key_in_base64>]
|
|
|
|
DESCRIPTION
|
|
-----------
|
|
*Shadowsocks-libev* is a lightweight and secure socks5 proxy.
|
|
It is a port of the original shadowsocks created by clowwindy.
|
|
*Shadowsocks-libev* is written in pure C and takes advantage of libev to
|
|
achieve both high performance and low resource consumption.
|
|
|
|
*Shadowsocks-libev* consists of five components.
|
|
`ss-server`(1) runs on a remote server to provide secured tunnel service.
|
|
For more information, check out `shadowsocks-libev`(8).
|
|
|
|
OPTIONS
|
|
-------
|
|
-s <server_host>::
|
|
Set the server's hostname or IP.
|
|
|
|
-p <server_port>::
|
|
Set the server's port number.
|
|
|
|
-k <password>::
|
|
--password <password>::
|
|
Set the password. The server and the client should use the same password.
|
|
|
|
--key <key_in_base64>::
|
|
Set the key directly. The key should be encoded with URL-safe Base64.
|
|
|
|
-m <encrypt_method>::
|
|
Set the cipher.
|
|
+
|
|
*Shadowsocks-libev* accepts 18 different ciphers:
|
|
+
|
|
aes-128-gcm, aes-192-gcm, aes-256-gcm,
|
|
rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb,
|
|
aes-128-ctr, aes-192-ctr, aes-256-ctr, bf-cfb,
|
|
camellia-128-cfb, camellia-192-cfb, camellia-256-cfb,
|
|
chacha20-ietf-poly1305, salsa20, chacha20 and chacha20-ietf.
|
|
+
|
|
If built with PolarSSL or custom OpenSSL libraries, some of
|
|
these ciphers may not work.
|
|
|
|
-a <user_name>::
|
|
Run as a specific user.
|
|
|
|
-f <pid_file>::
|
|
Start shadowsocks as a daemon with specific pid file.
|
|
|
|
-t <timeout>::
|
|
Set the socket timeout in seconds. The default value is 60.
|
|
|
|
-c <config_file>::
|
|
Use a configuration file.
|
|
+
|
|
Refer to `shadowsocks-libev`(8) 'CONFIG FILE' section for more details.
|
|
|
|
-n <number>::
|
|
Specify max number of open files.
|
|
+
|
|
Only available on Linux.
|
|
|
|
-i <interface>::
|
|
Send traffic through specific network interface.
|
|
+
|
|
For example, there are three interfaces in your device,
|
|
which is lo (127.0.0.1), eth0 (192.168.0.1) and eth1 (192.168.0.2).
|
|
Meanwhile, you configure `ss-server` to listen on 0.0.0.0:8388 and bind to eth1.
|
|
That results the traffic go out through eth1, but not lo nor eth0.
|
|
This option is useful to control traffic in multi-interface environment.
|
|
|
|
-b <local_address>::
|
|
Specify local address to bind.
|
|
|
|
-u::
|
|
Enable UDP relay.
|
|
|
|
-U::
|
|
Enable UDP relay and disable TCP relay.
|
|
|
|
-6::
|
|
Resovle hostname to IPv6 address first.
|
|
|
|
-d <addr>::
|
|
Setup name servers for internal DNS resolver (libudns).
|
|
The default server is fetched from '/etc/resolv.conf'.
|
|
|
|
--fast-open::
|
|
Enable TCP fast open.
|
|
+
|
|
Only available with Linux kernel > 3.7.0.
|
|
|
|
--reuse-port::
|
|
Enable port reuse.
|
|
+
|
|
Only available with Linux kernel > 3.9.0.
|
|
|
|
--no-delay::
|
|
Enable TCP_NODELAY.
|
|
|
|
--acl <acl_config>::
|
|
Enable ACL (Access Control List) and specify config file.
|
|
|
|
--manager-address <path_to_unix_domain>::
|
|
Specify UNIX domain socket address for the communication between ss-manager(1) and ss-server(1).
|
|
+
|
|
Only available in server and manager mode.
|
|
|
|
--mtu <MTU>::
|
|
Specify the MTU of your network interface.
|
|
|
|
--mptcp::
|
|
Enable Multipath TCP.
|
|
+
|
|
Only available with MPTCP enabled Linux kernel.
|
|
|
|
--plugin <plugin_name>::
|
|
Enable SIP003 plugin. (Experimental)
|
|
|
|
--plugin-opts <plugin_options>::
|
|
Set SIP003 plugin options. (Experimental)
|
|
|
|
-v::
|
|
Enable verbose mode.
|
|
|
|
-h|--help::
|
|
Print help message.
|
|
|
|
EXAMPLE
|
|
-------
|
|
It is recommended to use a config file when starting `ss-server`(1).
|
|
|
|
The config file is written in JSON and is easy to edit.
|
|
Check out the 'SEE ALSO' section for the default path of config file.
|
|
|
|
....
|
|
# Start the ss-server
|
|
ss-server -c /etc/shadowsocks-libev/config.json
|
|
....
|
|
|
|
INCOMPATIBILITY
|
|
---------------
|
|
The config file of `shadowsocks-libev`(8) is slightly different from original
|
|
shadowsocks.
|
|
|
|
In order to listen to both IPv4/IPv6 address, use the following grammar in
|
|
your config json file:
|
|
....
|
|
{
|
|
"server":["::0","0.0.0.0"],
|
|
...
|
|
}
|
|
....
|
|
|
|
`ss-server`(1) also does not understand "port_password" field in config file.
|
|
If you want to start up multiple server instances with a single config file,
|
|
please try ss-manager tool. See `ss-manager`(8) for details.
|
|
|
|
SEE ALSO
|
|
--------
|
|
`ss-local`(1),
|
|
`ss-tunnel`(1),
|
|
`ss-redir`(1),
|
|
`ss-manager`(1),
|
|
`shadowsocks-libev`(8),
|
|
`iptables`(8),
|
|
/etc/shadowsocks-libev/config.json
|