Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Shadowsocks-Rust and Cloak #240

Open
SchattenWolf2008 opened this issue Nov 18, 2023 · 6 comments
Open

Shadowsocks-Rust and Cloak #240

SchattenWolf2008 opened this issue Nov 18, 2023 · 6 comments

Comments

@SchattenWolf2008
Copy link

SchattenWolf2008 commented Nov 18, 2023
edited

Hello.

I wanted to go for a rather simple setup with docker.

I have installed Shadowsocks-rust on docker with an docker-compose.

On the ShadowSocks-Rust Server container, I have installed cloak by having the executable file on the host system and mapped it into the container.

In the SS config I have configured it to use the plugin using the path.

This seemed to work, but cloak complained about the config file.

I then also mapped a config file into the docker container (I can also access it from inside the docker container) but it still complains.

My config for the plugin in ssserver.json is:

    "plugin": "/usr/bin/ck-server-linux-amd64", // or the correct path to the plugin
    "plugin_opts": "-c /etc/cloak/ckserver.json",

And I get this error:

docker-compose up

 ✔ Network container_default  Created                                                                                                                                                                               0.1s 
 ✔ Container sslocal-rust     Created                                                                                                                                                                               0.1s 
 ✔ Container ssserver-rust    Created                                                                                                                                                                               0.1s 
Attaching to sslocal-rust, ssserver-rust
ssserver-rust  | /usr/bin/docker-entrypoint.sh: Configuration complete; ready for start up
sslocal-rust   | /usr/bin/docker-entrypoint.sh: Configuration complete; ready for start up
ssserver-rust  | INFO  shadowsocks server 1.17.0 build 2023-10-15T02:34:53.113976544+00:00
ssserver-rust  | INFO  shadowsocks tcp server listening on 127.0.0.1:37955, inbound address 0.0.0.0:8388
ssserver-rust  | INFO  shadowsocks udp server listening on 0.0.0.0:8388, inbound address 0.0.0.0:8388
sslocal-rust   | INFO  shadowsocks local 1.17.0 build 2023-10-15T02:36:35.925045219+00:00
sslocal-rust   | INFO  shadowsocks socks TCP listening on 127.0.0.1:1199
ssserver-rust  | time="2023-11-18T13:39:19Z" level=fatal msg="Configuration file error: failed to read/unmarshal configuration, path is invalid or unexpected end of JSON input"
ssserver-rust  | ERROR plugin exited with status: exit status: 1
ssserver-rust  | server aborted with server exited unexpectedly
ssserver-rust exited with code 0
ssserver-rust exited with code 70

This is my config file for cloak:

  "ProxyBook": {
    "shadowsocks": [
      "tcp",
      "127.0.0.1:8388"
    ]
  },
  "BindAddr": [
    ":443",
    ":80"
  ],
  "RedirAddr": "google.com"
}

I wanted the TLS encryption to be done by my nginx server on the host, which is why I didn't include any SSL keys.

If that was the issue, I'd atleast expect a different error message.

Why is cloak not finding the config file?

I mapped it like this:
.../container-data/ckserver.json:/etc/cloak/ckserver.json

And I can read it from within the docker container:

user@server: docker exec -it ssserver-rust cat /etc/cloak/ckserver.json

{
  "ProxyBook": {
    "shadowsocks": [
      "tcp",
      "127.0.0.1:8388"
    ]
  },
  "BindAddr": [
    ":443",
    ":80"
  ],
  "RedirAddr": "google.com"
}
@SchattenWolf2008
Copy link
Author

Ahaaa
So by running the ck-server directly from within the docker container it says that it requires a private key.

But since my TLS encryption should happen from the reverse proxy and not from cloak (since I don't want to map my certificate into an docker container and have redirect loop issues etc.)
How can I configure cloak to only serve HTTP traffic?

@SchattenWolf2008
Copy link
Author

Ahaaa
I get it now.

Its used as some sort of password rather than encryption?

Anyway I got it working now.

@SchattenWolf2008
Copy link
Author

The only help that I need now is how do I configure the path correctly?

What is the default path for the config?

Because when I start the cloak server using shadowsocks plugin settings, it does not find the file.

But the config is functional now.

This is how the plugin is currently configured.

"plugin": "/usr/bin/ck-server-linux-amd64",
"plugin_opts": "-c /etc/cloak/ckserver.json",

I also tried "plugin": "/usr/bin/ck-server-linux-amd64 -c /etc/cloak/ckserver.json",

But then the ssserver does not find it.
ssserver-rust | ERROR failed to start plugin "/usr/bin/ck-server-linux-amd64 -c /etc/cloak/ckserver.json" for server 0.0.0.0:8388, err: No such file or directory (os error 2)

@notsure2
Copy link
Contributor

notsure2 commented Nov 18, 2023 via email

@SchattenWolf2008
Copy link
Author

Cdn mode

-------- Original Message --------
On Nov 18, 2023, 4:13 PM, SchattenWolf2008 wrote: Ahaaa So by running the ck-server directly from within the docker container it says that it requires a private key. But since my TLS encryption should happen from the reverse proxy and not from cloak (since I don't want to map my certificate into an docker container and have redirect loop issues etc.) How can I configure cloak to only serve HTTP traffic? — Reply to this email directly, [view it on GitHub](#240 (comment)), or unsubscribe. You are receiving this because you are subscribed to this thread.Message ID: @.***>

I don't cleary get this.

Well I managed to get cloak server running now but

I have read about cdn in the docs and put the cloak server to listen on 0.0.0.0:80, with the docker config I changed the port from :80 to 127.0.0.1:8389 and on my nginx reverse proxy I set it to point to http://127.0.0.1:8389.

But the shadowrocket vpn client does not seem to establish an functioning connection.

I dont cleary understand what options I need to set.

On the client I configured:
My domain as address (my webserver enforces TLS SSL and port 443, HTTP 80 traffic gets redirected.
Port 443
Encryption Method: plain
Browser: chrome
Transport: cdn
Allow Insecure: No
SNI:
Proxy Method: /
Server Name:
UID:
Public Key: myKex14dg515ads
Stream Timeout: 300
Alternative Names:

I am not sure what I need to set in order to make it working.

The ShadowSocks server is not accessable from outside, only from the cloak server.

At Proxy Method in particular it had "/" just there, does that have something to do with the book thingy from cloak?

@qwerttvv
Copy link

qwerttvv commented Dec 7, 2023

https://github.com/cbeuw/Cloak/blob/master/example_config/ckserver.json
https://github.com/shadowsocks/shadowsocks-rust/tree/master#configuration

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@SchattenWolf2008 @notsure2 @qwerttvv