.. | ||
README.md |
Configuration
Auto Generate Configs
You can use the following command to generate blinksocks.client.json
and blinksocks.server.json
:
$ blinksocks init
KEY | DESCRIPTION | OPTIONAL | DEFAULT | REMARKS |
---|---|---|---|---|
host | local hostname or ip address | - | - | - |
port | local port | - | - | - |
transport | the transport layer, "tcp" or "tls" | Yes | "tcp" | - |
servers | a list of server | Yes | - | CLIENT ONLY |
servers[i].enabled | allow to use this server or not | - | - | - |
servers[i].host | server hostname or ip address | - | - | - |
servers[i].port | server port | - | - | - |
servers[i].key | server key for encryption | - | - | - |
presets | preset list in order | - | - | see presets |
presets[i].name | preset name | - | - | - |
presets[i].params | preset params | - | - | - |
tls_key | private key for TLS | - | - | required on server if "transport" is "tls" |
tls_cert | server certificate | - | - | required on both client and server if "transport" is "tls" |
timeout | timeout for each connection | Yes | 600 | in seconds |
redirect | target to redirect when preset fail | Yes | "" | : |
workers | the number of sub-process | Yes | 0 | cluster mode when workers > 0 |
dns | an ip list of DNS server | Yes | [] | - |
dns_expire | DNS cache expiration time | Yes | 3600 | in seconds |
log_path | log file path | Yes | "bs-[type].log" | a directory or a file |
log_level | log level | Yes | "info" | ['error', 'warn', 'info', 'verbose', 'debug', 'silly'] |
Servers(Client Side Only)
servers
is a list of blinksocks/shadowsocks servers. Each server consist of enabled
, host
, port
, key
and presets
.
You can temporary disable a server by setting enabled: false
.
Blinksocks will detect which server is the fastest in intervals using balancer.js.
Presets
presets
is a list of procedures, each preset is defined as:
{
"name": "preset-name",
"params": {
"key": "value"
}
}
presets
are chaining from the first to the last, and are almost free to compose.
For more information about presets, please check out presets.
blinksocks over TLS
By default, blinksocks use "tcp" as transport, but you can also take advantage of TLS technology to protect your data. To use blinksocks over TLS, you should:
- Generate
key.pem
andcert.pem
on server
// self-signed
$ openssl req -x509 -newkey rsa:4096 -nodes -keyout key.pem -out cert.pem -days 365
NOTE: Remember the Common Name you entered in the command prompt.
- Server config
{
...
"transport": "tls",
"tls_key": "key.pem",
"tls_cert": "cert.pem",
...
}
- Client config
{
...
"servers": [{
...
"host": "Common Name", // note here
...
"transport": "tls",
"tls_cert": "cert.pem",
...
}],
...
}
- How about presets?
You don't have to use extra encryption when transport is "tls", your data is already protected by TLS, so just set "base" preset:
{
"presets": [{"name": "ss-base"}]
// or "presets": [{"name": "exp-base-with-padding", "params": {"salt": "any string"}}]
// or "presets": [{"name": "exp-base-auth-stream", "params": {"method": "aes-256-ctr"}}]
}
Log Path
Specify a relative or absolute path to store log file, if no log_path
provided, log file named bs-[type].log
will be stored in the working directory.
Log Levels
The logging library winston use npm logging levels by default, you can choose one of them demand:
{ error: 0, warn: 1, info: 2, verbose: 3, debug: 4, silly: 5 }
Custom DNS servers
If you encounter ENOTFOUND every now and then, you would better custom dns servers via dns
options:
{
...
"dns": ["8.8.8.8"]
...
}
If no dns
option or no ip provided in dns
, blinksocks use system dns settings as usual.
See: https://github.com/blinksocks/blinksocks/issues/66
Cluster Mode
You can enable cluster mode by setting workers
greater than zero, cluster mode can take advantage of multi-core systems to handle the load.
workers
is usually set to the number of cpu cores:
{
...
"workers": 2
...
}