docker-compose.yml
version: '3.3'
services:
socks5:
image: registry.cn-hangzhou.aliyuncs.com/study-namespace/socks5
container_name: socks5
restart: always
ports:
- 16688:1080
entrypoint: [ "bash", "-c", "/usr/sbin/ss5 && tail -100f /var/log/ss5/ss5.log"]
volumes:
- ./ss5.conf:/etc/opt/ss5/ss5.conf:ro
- ./ss5.passwd:/etc/opt/ss5/ss5.passwd:ro
ss5.conf
当前配置是需要用户验证的, 如果不想要用户验证时,修改如下
auth 0.0.0.0/0 - -
permit - 0.0.0.0/0 - 0.0.0.0/0 - - - - -
#
# TAG: external_auth_program
#
# external_auth_program program name and path
#
# Some examples:
#
# Use shell file to autheticate user via ldap query
# external_auth_program /usr/local/bin/ldap.sh
#
# TAG: RADIUS authentication could be used setting SS5_RADIUS_AUTH option and
# configuring the following attributes:
#
# radius_ip (radius address)
# radius_bck_ip (radius secondary address)
# radius_auth_port (radius authentication port, DFAULT = 1812)
# radius_acct_port (radius authorization port, DFAULT = 1813)
# radius_secret (secret password betw
#
#
#
# ///////////////////////////////////////////////////////////////////////////////////
# SHost SPort Authentication
#
#auth 0.0.0.0/0 - -
auth 0.0.0.0/0 - u
#
# SECTION <bandwidth>
# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
#
# TAG: bandwidth
#
# bandwidth group, max number of connections, bandwidth, session timeout
#
# Some examples:
#
# Limit connections to 2 for group Admin
# bandwidth Admin 2 - -
#
# Limit bandwidth to 100k for group Users
# bandwidth Users - 102400 -
#
# note: if you enable bandwith profiling per user, SS5 use this value instead of
# value specified into permit directive.
#
# ///////////////////////////////////////////////////////////////////////////////////
# Group MaxCons Bandwidth Session timeout
# bandwidth grp1 5 - -
#
# SECTION <proxies>
# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
#
# TAG: proxy/noproxy
#
# proxy/noproxy dst host/network, dst port, socks proxy address, port address, ver
#
# Some examples:
#
# Proxy request for 172.0.0.0 network to socks server 10.253.9.240 on port 1081:
#
# if authentication is request, downstream socks server have to check it;
# if resolution is request, downstream socks server does it before proxying
# the request toward the upstream socks server.
# proxy 172.0.0.0/16 - 10.253.9.240 1081
#
# SS5 makes direct connection to 10.253.0.0 network (in this case, port value is not
# verified) without using upstream proxy server
# noproxy 0.0.0.0/0 - 10.253.0.0/16 1080 -
#
# ///////////////////////////////////////////////////////////////////////////////////
# DHost/Net DPort DProxyip DProxyPort SocksVer
#
# proxy 0.0.0.0/0 - 1.1.1.1 - -
#
# SECTION <dump>
# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
#
# TAG: dump
#
# dump host/network, port, s/d (s=source d=destination), dump mode (r=rx, t=tx, b=rx+tx)
#
# Some examples:
#
# Dump traffic for 172.30.1.0 network on port 1521:
#
# if authentication is request, downstream socks server have to check it;
# if resolution is request, downstream socks server does it before proxying
# the request toward the upstream socks server.
# dump 172.30.1.0/24 1521 d b
#
# ///////////////////////////////////////////////////////////////////////////////////
# DHost/Net DPort Dir Dump mode (r=rx,t=tx,b=rx+tx)
#
# dump 0.0.0.0/0 - d t
#
# SECTION <access control="">
# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
#
# TAG: permit/deny
# permit/deny src auth flag, host/network, src port, dst host/network, dst port,
# fixup, group, bandwidth (from 256 bytes per second to 2147483647), expdate
#
# Some examples:
#
# FTP Control + Passive Mode
# permit - 0.0.0.0/0 - 172.0.0.0/8 21 - - - -
#
# FTP DATA Active Mode
# permit - 0.0.0.0/0 - 172.0.0.0/8 21 - - - -
# permit - 172.0.0.0/8 - 0.0.0.0/0 - - - - -
#
# Query DNS
# permit - 0.0.0.0/0 - 172.30.0.1/32 53 - - - -
#
# Http + fixup
# permit - 0.0.0.0/0 - www.example.com 80 http - - -
#
# Http + fixup + profile + bandwidth (bytes x second)
# permit - 0.0.0.0/0 - www.example.com 80 http admin 10240 -
#
# Sftp + profile + bandwidth (bytes x second)
# permit - 0.0.0.0/0 - sftp.example.com 22 - developer 102400 -
#
# Http + fixup
# permit - 0.0.0.0/0 - web.example.com 80 - - - -
#
# Http + fixup + user autentication required with expiration date to 31/12/2006
# permit u 0.0.0.0/0 - web.example.com 80 - - - 31-12-2006
#
# Deny all connection to web.example.com
# deny - 0.0.0.0/0 - web.example.com - - - - -
#
#
# /////////////////////////////////////////////////////////////////////////////////////////////////
# Auth SHost SPort DHost DPort Fixup Group Band ExpDate
#
#permit - 0.0.0.0/0 - 0.0.0.0/0 - - - - -
permit u 0.0.0.0/0 - 0.0.0.0/0 - - - - -
#
# SECTION <profiling>
# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
#
# 1) File profiling:
#
# ss5 look for a file name specified in permit line in the /etc/ss5 directory.
# This file must contain user members. File profiling is the default option.
#
# 2) Ldap profiling:
#
# ldap_profile_ip (directory internet address)
# ldap_profile_port (directory port)
# ldap_profile_base (ss5 replaces % with "group specified in permit line"
# if SS5LDAP_BASE if specified, otherwise if
# SS5LDAP_FILTER is specified, it uses base and search
# for group as attribute in user entry; see examples)
# ldap_profile_filter (ss5 uses filter for search operation)
# ldap_profile_dn (directory manager or another user authorized to
# query the directory)
# ldap_profile_pass ("dn" password)
# ldap_netbios_domain (If SS5_NETBIOS_DOMAIN option is set, ss5 map netbios
# domain user in authentication request with his configured
# directory sever. Otherwise no match is done and
# directory are contacted in order of configuration)
#
# 3) Mysql profiling:
#
# mysql_profile_ip (mysql server internet address)
# mysql_profile_db (mysql db )
# mysql_profile_user (mysql username )
# mysql_profile_pass (mysql password )
# mysql_profile_sqlstring (sql base string for query. DEFAULT 'SELECT uname FROM grp WHERE gname like' )
#
# Some examples:
#
# Directory configuration for ldap profiling with SS5_LDAP_BASE option:
# in this case, ss5 look for attribute uid="username" with base ou="group",
# dc=example,dc=com where group is specified in permit line as
# "permit - - - - - group - -
#
# Note: in this case, attribute value is not userd
#
# ldap_profile_ip 10.10.10.1
# ldap_profile_port 389
# ldap_profile_base ou=%,dc=example,dc=com
# ldap_profile_filter uid
# ldap_profile_attribute gid
# ldap_profile_dn cn=root,dc=example,dc=com
# ldap_profile_pass secret
# ldap_netbios_domain dir
#
# Directory configuration for ldap profiling with SS5_LDAP_FILTER option:
# in this case, ss5 look for attributes uid="username" & "gid=group" with
# base dc=example,dc=com where group is specified in permit line as
# "permit - - - - - group - -
#
# Note: you can also use a base like "ou=%,dc=example,dc=com", where %
# will be replace with "group".
#
# ldap_profile_ip 10.10.10.1
# ldap_profile_port 389
# ldap_profile_base ou=Users,dc=example,dc=com
# ldap_profile_filter uid
# ldap_profile_attribute gecos
# ldap_profile_dn cn=root,dc=example,dc=com
# ldap_profile_pass secret
# ldap_domain_domain dir
#
# Sample OpenLdap log:
# conn=304 op=0 BIND dn="cn=root,dc=example,dc=com" mech=simple ssf=0
# conn=304 op=0 RESULT tag=97 err=0 text=
# conn=304 op=1 SRCH base="ou=Users,dc=example,dc=com" scope=1 filter="(&(uid=usr1)(gecos=Users))"
# conn=304 op=1 SRCH attr=gecos
#
# where ldap entry is:
# dn: uid=usr1,ou=Users,dc=example,dc=com
# uid: usr1
# cn: usr1
# objectClass: account
# objectClass: posixAccount
# objectClass: top
# userPassword:: dXNyMQ==
# loginShell: /bin/bash
# homeDirectory: /home/usr1
# uidNumber: 1
# gidNumber: 1
# gecos: Users
#
# SECTION <server balance="">
# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
#
# TAG: virtual
#
# virtual virtual identification (vid), real ip server
#
# Some examples:
#
# Two vip balancing on three real server each one
# virtual 1 172.30.1.1
# virtual 1 172.30.1.2
# virtual 1 172.30.1.3
#
# virtual 2 172.30.1.6
# virtual 2 172.30.1.7
# virtual 2 172.30.1.8
#
# Note: Server balancing only works with -t option, (threaded mode) and ONLY
# with "connect" operation.
#
# ///////////////////////////////////////////////////////////////////////////////////
# Vid Real ip
#
#vitual - -
ss5.passwd
用户名和密码之间用空格隔开;多个账户时另起一行
zyy %UihU^32p%h8bfaioWR58CWBc
test sljdf232l3jlsdf0612uoilk
启动容器
docker-compose up -d