shoes
shoes is a multi-protocol proxy server written in Rust.
Supported protocols
- HTTP/HTTPS (TCP, QUIC)
- SOCKS5 (TCP, QUIC)
- Vmess (TCP, QUIC, UDP-over-TCP)
- AEAD and Legacy modes
- Supported ciphers:
- aes-128-gcm
- chacha20-poly1305
- Vless (TCP, QUIC)
- Snell v3 (TCP, QUIC, UDP-over-TCP)
- Supported ciphers:
- aes-128-gcm
- aes-256-gcm
- chacha20-ietf-poly1305
- Shadowsocks (TCP, QUIC)
- Supported ciphers:
- aes-128-gcm
- aes-256-gcm
- chacha20-ietf-poly1305
- 2022-blake3-aes-128-gcm
- 2022-blake3-aes-256-gcm
- 2022-blake3-chacha20-ietf-poly1305
- Trojan (TCP, QUIC)
- Supported ciphers:
- aes-128-gcm
- aes-256-gcm
- chacha20-ietf-poly1305
Features
All supported protocols can be combined with the following features:
- TLS support with SNI based forwarding
- Websocket obfs (Shadowsocks SIP003)
- Upstream proxy support: route connections through other proxy servers
- Forwarding rules (allowlists/blocklists): Block or redirect connections based on IP or hostname
- Hot reloading: Updated configs are automatically reloaded
- Netmask and proxy groups
Examples
Here's an example of running a WSS vmess and shadowsocks server, with all requests routed through a SOCKS proxy:
```yaml
Listen on all IPv4 interfaces, port 443 (HTTPS)
- address: 0.0.0.0:443
transport: tcp
# Use TLS as the first protocol layer
protocol:
type: tls
# Set a default target, for any (or no) SNI
defaulttarget:
cert: cert.pem
key: key.pem
# ..which goes to a websocket server
protocol:
type: ws
# .. where we have different supported proxy protocols, based on HTTP request path and headers.
targets:
- matchingpath: /vmess
matchingheaders:
X-Secret-Key: "secret"
protocol:
type: vmess
# allow any cipher, which means: none, aes-128-gcm, or chacha20-poly1305.
cipher: any
userid: b0e80a62-8a51-47f0-91f1-f0f7faf8d9d4
- matchingpath: /shadowsocks
protocol:
type: shadowsocks
cipher: 2022-blake3-aes-256-gcm
password: Hax8btYlNao5qcaN/l/NUl9JgbwapfqG5QyAtH+aKPg=
rules:
# Allow clients to connect to all IPs
- mask: 0.0.0.0/0
action: allow
# Forward all requests through a local SOCKS server.
client
proxy:
address: 127.0.0.1:5000
protocol:
type: socks
username: socksuser
password: secretpass
```
For other YAML config examples, see the examples directory.
Installation
Precompiled binaries for x86_64 and Apple aarch64 are available on Github Releases.
Else, if you have a fairly recent Rust and cargo installation on your system, shoes can be installed with cargo.
bash
cargo install shoes
Usage
```
shoes [OPTIONS] [YAML CONFIG PATH] [..]
OPTIONS:
-t, --threads NUM
Set the number of worker threads. This usually defaults to the number of CPUs.
-d, --dry-run
Parse the config and exit.
```
Config format
Sorry, formal documentation for the YAML config format have not yet been written. You can refer to the examples, or open an issue if you need help.
Roadmap
- Proxy client chaining
- SOCKS and Shadowsocks UDP support
Similar projects