Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support shadowsocks Cloak plugin #35

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

Support shadowsocks Cloak plugin #35

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
df1d2da
Support shadowsocks Cloak plugin
bingzhangdai Dec 11, 2023
3ec97ad
update cloak plugin
bingzhangdai Jan 3, 2024
f4f8b39
update
bingzhangdai Jan 3, 2024
5a1f5fd
Update main.yml
bingzhangdai Jan 8, 2024
5765a47
Update main.yml
bingzhangdai Jan 8, 2024
a7fd42a
Update main.yml
bingzhangdai Jan 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 14 additions & 3 deletions group_vars/all/shadowsocks-libev.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,19 @@ ss_config:

encrypt_method: chacha20-ietf-poly1305
plugin:
v2ray:
opts: server
# v2ray:
# opts: server
cloak:
# optional
ProxyBook:
wireguard:
- udp
- 127.0.0.1:500
BypassUID:
- ck-server -uid
RedirAddr: www.bing.com
PrivateKey: ck-server -key
PublicKey: ck-server -key
timeout: 300
local_port: 1080
fast_open: true
fast_open: true
5 changes: 5 additions & 0 deletions roles/shadowsocks-libev/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,10 @@ ss_github:
user: shadowsocks
v2ray_repo: v2ray-plugin

cloak_github:
user: cbeuw
repo: Cloak

ss_plugin_release:
v2ray: "https://github.com/{{ ss_github.user }}/{{ ss_github.v2ray_repo }}/releases/download/v{{ release_version }}/v2ray-plugin-linux-amd64-v{{ release_version }}.tar.gz"
cloak: "https://github.com/{{ cloak_github.user }}/{{ cloak_github.repo }}/releases/download/v{{ release_version }}/ck-server-linux-amd64-v{{ release_version }}"
66 changes: 58 additions & 8 deletions roles/shadowsocks-libev/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,25 @@
command: setcap 'CAP_NET_BIND_SERVICE=+eip' /etc/shadowsocks-libev/v2ray-plugin_linux_amd64
when: ss_config.server_port < 1024
when: ss_config.plugin.v2ray is defined
- name: install cloak
block:
- name: detect latest cloak version
import_role:
name: utils
tasks_from: github-release
vars:
user: "{{ cloak_github.user }}"
repo: "{{ cloak_github.repo }}"
- name: download cloak-server {{ release_version }}
get_url:
url: "{{ ss_plugin_release.cloak }}"
dest: "/etc/shadowsocks-libev/ck-server"
mode: 755
notify: restart shadowsocks-libev
- name: allow a non-root process to bind to a privileged port
command: setcap 'CAP_NET_BIND_SERVICE=+eip' /etc/shadowsocks-libev/ck-server
when: ss_config.server_port < 1024
when: ss_config.plugin.cloak is defined
when: ss_config.plugin is defined

- name: optimize shadowsocks
Expand Down Expand Up @@ -65,22 +84,43 @@
value: '4096'
# TCP receive buffer
- name: net.ipv4.tcp_rmem
value: '4096 131072 67108864'
value: '4096 87380 67108864'
# # default read buffer
# - name: net.core.rmem_default
# value: '65536'
# max read buffer
- name: net.core.rmem_max
value: '67108864'
# TCP write buffer
- name: net.ipv4.tcp_wmem
value: '4096 65536 67108864'
# # default write buffer
# - name: net.core.wmem_default
# value: '65536'
# max write buffer
- name: net.core.wmem_max
value: '67108864'
# max backlog
- name: net.core.somaxconn
value: '4096'
# max processor input queue
- name: net.core.netdev_max_backlog
value: '4096'
# max read buffer
- name: net.core.rmem_max
value: '67108864'
# max write buffer
- name: net.core.wmem_max
value: '67108864'
# max open files
- name: fs.file-max
value: '51200'
# resist SYN flood attacks
- name: net.ipv4.tcp_syncookies
value: '1'
# # turn off fast timewait sockets recycling
# - name: net.ipv4.tcp_tw_recycle
# value: '0'
# outbound port range
# - name: net.ipv4.ip_local_port_range
# value: '10000 65000'
# # max timewait sockets held by system simultaneously
# - name: net.ipv4.tcp_max_tw_buckets
# value: '5000'

- name: configure and start shadowsocks-libev
block:
Expand All @@ -90,6 +130,16 @@
dest: /etc/shadowsocks-libev/config.json
mode: '644'
notify: restart shadowsocks-libev
- name: update ss_config.plugin.cloak
set_fact:
cloak_conf: "{{ ss_config.plugin.cloak | combine( { 'location': ansible_env.HOME + '/userinfo.db' } ) }}"
when: ss_config.plugin is defined and ss_config.plugin.cloak is defined
- name: edit /etc/shadowsocks-libev/ckserver.json
template:
src: ckserver.json.j2
dest: /etc/shadowsocks-libev/ckserver.json
mode: '644'
when: ss_config.plugin is defined and ss_config.plugin.cloak is defined
- name: turn on TCP Fast Open on server side
sysctl:
name: net.ipv4.tcp_fastopen
Expand Down Expand Up @@ -147,4 +197,4 @@
delegate_to: localhost
delegate_facts: True
ignore_errors: yes
run_once: true
run_once: true
1 change: 1 addition & 0 deletions roles/shadowsocks-libev/templates/ckserver.json.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{{ cloak_conf | to_nice_json(indent=4) }}
4 changes: 2 additions & 2 deletions roles/shadowsocks-libev/templates/config.json.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
"password": "{{ ss_config.password }}",
"timeout": {{ ss_config.timeout }},
"method": "{{ ss_config.encrypt_method }}",
"nameserver": "8.8.8.8",
"nameserver": "{{ ansible_dns.nameservers[0] }}",
"mode": "tcp_and_udp",
"fast_open": {{ ss_config.fast_open | default(false) | lower }}
}
}
6 changes: 4 additions & 2 deletions roles/shadowsocks-libev/templates/config.local.json.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,5 +6,7 @@
"password": "{{ ss_config.password }}",
"timeout": {{ ss_config.timeout }},
"method": "{{ ss_config.encrypt_method }}",
"fast_open": {{ ss_config.fast_open | default(false) | lower }}
}
"fast_open": {{ ss_config.fast_open | default(false) | lower }},
"reuse_port": true,
"no_delay": true,
}
8 changes: 6 additions & 2 deletions roles/shadowsocks-libev/templates/shadowsocks-libev.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ CONFFILE="/etc/shadowsocks-libev/config.json"
DAEMON_ARGS=

# User and group to run the server as
USER=nobody
USER={{ ansible_env.USER }}
GROUP=nogroup

# Number of maximum file descriptors
Expand All @@ -20,4 +20,8 @@ MAXFD=32768
PLUGIN="/etc/shadowsocks-libev/v2ray-plugin_linux_amd64"
PLUGINOPTS="{{ ss_config.plugin.v2ray.opts }}"
{% endif %}
{% endif %}
{% if ss_config.plugin.cloak is defined %}
PLUGIN="/etc/shadowsocks-libev/ck-server"
PLUGINOPTS="/etc/shadowsocks-libev/ckserver.json"
{% endif %}
{% endif %}
Loading