Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
// Enabled controls whether the API server is enabled.
Enabled bool `json:"enabled"`
// DebugPprof enables pprof endpoints for debugging and profiling.
DebugPprof bool `json:"debugPprof,omitzero"`
// TrustedProxies specifies the IP address prefixes of trusted proxies.
// Requests from these proxies will be trusted to contain the real IP address
// in the specified header field.
// If empty, all proxies are trusted.
TrustedProxies []netip.Prefix `json:"trustedProxies,omitzero"`
// RealIPHeaderKey specifies the header field to use for determining
// the client's real IP address when the request is from a trusted proxy.
// If empty, the real IP address is not appended to [http.Request.RemoteAddr].
RealIPHeaderKey string `json:"realIPHeaderKey,omitzero"`
// StaticPath is the path where static files are served from.
// If empty, static file serving is disabled.
StaticPath string `json:"staticPath,omitzero"`
// SecretPath adds a secret path prefix to API and pprof endpoints.
// Static files are not affected. If empty, no secret path is added.
SecretPath string `json:"secretPath,omitzero"`
// Listeners is the list of server listeners.
Listeners []ListenerConfig `json:"listeners"`
}
Config stores the configuration for the RESTful API.
type EncryptedClientHelloKey ¶ added in v1.13.0
type EncryptedClientHelloKey struct {
// Config should be a marshalled ECHConfig associated with PrivateKey. This
// must match the config provided to clients byte-for-byte. The config
// should only specify the DHKEM(X25519, HKDF-SHA256) KEM ID (0x0020), the
// HKDF-SHA256 KDF ID (0x0001), and a subset of the following AEAD IDs:
// AES-128-GCM (0x0000), AES-256-GCM (0x0001), ChaCha20Poly1305 (0x0002).
Config []byte `json:"config"`
// PrivateKey should be a marshalled private key. Currently, we expect
// this to be the output of [ecdh.PrivateKey.Bytes].
PrivateKey []byte `json:"privateKey"`
// SendAsRetry indicates if Config should be sent as part of the list of
// retry configs when ECH is requested by the client but rejected by the
// server.
SendAsRetry bool `json:"sendAsRetry"`
}
EncryptedClientHelloKey holds a private key that is associated with a specific ECH config known to a client.
type ListenerConfig ¶ added in v1.13.0
type ListenerConfig struct {
// Network is the network type.
Network string `json:"network"`
// Address is the address to listen on.
Address string `json:"address"`
// Fwmark sets the listener's fwmark on Linux, or user cookie on FreeBSD.
//
// Available on Linux and FreeBSD.
Fwmark int `json:"fwmark,omitzero"`
// TrafficClass sets the traffic class of the listener.
//
// Available on most platforms except Windows.
TrafficClass int `json:"trafficClass,omitzero"`
// FastOpenBacklog specifies the maximum number of pending TFO connections on Linux.
// If the value is 0, Go std's listen(2) backlog is used.
//
// On other platforms, a non-negative value is ignored, as they do not have the option to set the TFO backlog.
//
// On all platforms, a negative value disables TFO.
FastOpenBacklog int `json:"fastOpenBacklog,omitzero"`
// DeferAcceptSecs sets TCP_DEFER_ACCEPT to the given number of seconds on the listener.
//
// Available on Linux.
DeferAcceptSecs int `json:"deferAcceptSecs,omitzero"`
// UserTimeoutMsecs sets TCP_USER_TIMEOUT to the given number of milliseconds on the listener.
//
// Available on Linux.
UserTimeoutMsecs int `json:"userTimeoutMsecs,omitzero"`
// CertList is the name of the certificate list in the certificate store,
// used as the server certificate for HTTPS.
CertList string `json:"certList,omitzero"`
// ClientCAs is the name of the X.509 certificate pool in the certificate store,
// used as the root CA set for verifying client certificates.
ClientCAs string `json:"clientCAs,omitzero"`
// EncryptedClientHelloKeys are the ECH keys to use when a client attempts ECH.
EncryptedClientHelloKeys []EncryptedClientHelloKey `json:"encryptedClientHelloKeys,omitzero"`
// EnableTLS controls whether to enable TLS.
EnableTLS bool `json:"enableTLS,omitzero"`
// RequireAndVerifyClientCert controls whether to require and verify client certificates.
RequireAndVerifyClientCert bool `json:"requireAndVerifyClientCert,omitzero"`
// ReusePort enables SO_REUSEPORT on the listener.
//
// Available on Linux and the BSDs.
ReusePort bool `json:"reusePort,omitzero"`
// FastOpen enables TCP Fast Open on the listener.
//
// Available on Linux, macOS, FreeBSD, and Windows.
FastOpen bool `json:"fastOpen,omitzero"`
// FastOpenFallback enables runtime detection of TCP Fast Open support on the listener.
//
// When enabled, the listener will start without TFO if TFO is not available on the system.
// When disabled, the listener will abort if TFO cannot be enabled on the socket.
//
// Available on all platforms.
FastOpenFallback bool `json:"fastOpenFallback,omitzero"`
// Multipath enables multipath TCP on the listener.
//
// Unlike Go std, we make MPTCP strictly opt-in.
// That is, if this field is false, MPTCP will be explicitly disabled.
// This ensures that if Go std suddenly decides to enable MPTCP by default,
// existing configurations won't encounter issues due to missing features in the kernel MPTCP stack,
// such as TCP keepalive (as of Linux 6.5), and failed connect attempts won't always be retried once.
//
// Available on platforms supported by Go std's MPTCP implementation.
Multipath bool `json:"multipath,omitzero"`
}
ListenerConfig is the configuration for a server listener.
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server is the RESTful API server.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package certmgr provides a REST API for managing TLS certificates.
|
Package certmgr provides a REST API for managing TLS certificates. |
|
internal
|
|
|
Package ssm implements the Shadowsocks Server Management API v1.
|
Package ssm implements the Shadowsocks Server Management API v1. |
Click to show internal directories.
Click to hide internal directories.