Xray-core
Xray-core copied to clipboard
XTLS
Extra config required for reverse proxy shadowsocks inbound
When using a reverse proxy for Shadowsocks, there's a small problem. To set up users, you need to define a Shadowsocks inbound and specify them in the 'clients' section. Oddly, it only works if you also define a root user outside 'clients', even though you don't actually need it. I mentioned the extra fields (that shouldn't be required) in the config below.
{
"inbounds": [
{
"listen": "0.0.0.0",
"port": 2001,
"protocol": "shadowsocks",
"settings": {
"clients": [
{
"password": "password",
"method": "chacha20-ietf-poly1305",
"email": "[email protected]"
}
],
"network": "tcp,udp",
"method": "chacha20-ietf-poly1305", // You have to define this to let clients work!
"password": "root-user-password" // You have to define this to let clients work!
},
"tag": "shadowsocks"
},
{
"listen": "0.0.0.0",
"port": 1000,
"protocol": "shadowsocks",
"settings": {
"network": "tcp,udp",
"method": "2022-blake3-aes-256-gcm",
"password": "password"
},
"tag": "reverse"
}
],
"routing": {
"domainStrategy": "AsIs",
"settings": {
"rules": [
{
"inboundTag": [
"shadowsocks"
],
"outboundTag": "portal",
"type": "field"
},
{
"inboundTag": [
"reverse"
],
"outboundTag": "portal",
"type": "field"
}
]
}
},
"reverse": {
"portals": [
{
"tag": "portal",
"domain": "s1.google.com"
}
]
}
}
When using a reverse proxy for Shadowsocks, there's a small problem. To set up users, you need to define a Shadowsocks inbound and specify them in the 'clients' section. Oddly, it only works if you also define a root user outside 'clients', even though you don't actually need it. I mentioned the extra fields (that shouldn't be required) in the config below.
{ "inbounds": [ { "listen": "0.0.0.0", "port": 2001, "protocol": "shadowsocks", "settings": { "clients": [ { "password": "password", "method": "chacha20-ietf-poly1305", "email": "[email protected]" } ], "network": "tcp,udp", "method": "chacha20-ietf-poly1305", // You have to define this to let clients work! "password": "root-user-password" // You have to define this to let clients work! }, "tag": "shadowsocks" }, { "listen": "0.0.0.0", "port": 1000, "protocol": "shadowsocks", "settings": { "network": "tcp,udp", "method": "2022-blake3-aes-256-gcm", "password": "password" }, "tag": "reverse" } ], "routing": { "domainStrategy": "AsIs", "settings": { "rules": [ { "inboundTag": [ "shadowsocks" ], "outboundTag": "portal", "type": "field" }, { "inboundTag": [ "reverse" ], "outboundTag": "portal", "type": "field" } ] } }, "reverse": { "portals": [ { "tag": "portal", "domain": "s1.google.com" } ] } }
https://github.com/XTLS/Xray-examples/blob/main/Shadowsocks-2022/README.ENG.md
@maoxikun But I don't use Shadowsocks2022 and the inbound without server user (the user outside of the clients section) works fine when it's not a reverse proxy.
