Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct { // Enabled controls whether the API server is enabled. Enabled bool `json:"enabled"` // DebugPprof enables pprof endpoints for debugging and profiling. DebugPprof bool `json:"debugPprof,omitzero"` // TrustedProxies specifies the IP address prefixes of trusted proxies. // Requests from these proxies will be trusted to contain the real IP address // in the specified header field. // If empty, all proxies are trusted. TrustedProxies []netip.Prefix `json:"trustedProxies,omitzero"` // RealIPHeaderKey specifies the header field to use for determining // the client's real IP address when the request is from a trusted proxy. // If empty, the real IP address is not appended to [http.Request.RemoteAddr]. RealIPHeaderKey string `json:"realIPHeaderKey,omitzero"` // StaticPath is the path where static files are served from. // If empty, static file serving is disabled. StaticPath string `json:"staticPath,omitzero"` // SecretPath adds a secret path prefix to API and pprof endpoints. // Static files are not affected. If empty, no secret path is added. SecretPath string `json:"secretPath,omitzero"` // Listeners is the list of server listeners. Listeners []ListenerConfig `json:"listeners"` }
Config stores the configuration for the RESTful API.
type EncryptedClientHelloKey ¶ added in v1.13.0
type EncryptedClientHelloKey struct { // Config should be a marshalled ECHConfig associated with PrivateKey. This // must match the config provided to clients byte-for-byte. The config // should only specify the DHKEM(X25519, HKDF-SHA256) KEM ID (0x0020), the // HKDF-SHA256 KDF ID (0x0001), and a subset of the following AEAD IDs: // AES-128-GCM (0x0000), AES-256-GCM (0x0001), ChaCha20Poly1305 (0x0002). Config []byte `json:"config"` // PrivateKey should be a marshalled private key. Currently, we expect // this to be the output of [ecdh.PrivateKey.Bytes]. PrivateKey []byte `json:"privateKey"` // SendAsRetry indicates if Config should be sent as part of the list of // retry configs when ECH is requested by the client but rejected by the // server. SendAsRetry bool `json:"sendAsRetry"` }
EncryptedClientHelloKey holds a private key that is associated with a specific ECH config known to a client.
type ListenerConfig ¶ added in v1.13.0
type ListenerConfig struct { // Network is the network type. Network string `json:"network"` // Address is the address to listen on. Address string `json:"address"` // Fwmark sets the listener's fwmark on Linux, or user cookie on FreeBSD. // // Available on Linux and FreeBSD. Fwmark int `json:"fwmark,omitzero"` // TrafficClass sets the traffic class of the listener. // // Available on most platforms except Windows. TrafficClass int `json:"trafficClass,omitzero"` // FastOpenBacklog specifies the maximum number of pending TFO connections on Linux. // If the value is 0, Go std's listen(2) backlog is used. // // On other platforms, a non-negative value is ignored, as they do not have the option to set the TFO backlog. // // On all platforms, a negative value disables TFO. FastOpenBacklog int `json:"fastOpenBacklog,omitzero"` // DeferAcceptSecs sets TCP_DEFER_ACCEPT to the given number of seconds on the listener. // // Available on Linux. DeferAcceptSecs int `json:"deferAcceptSecs,omitzero"` // UserTimeoutMsecs sets TCP_USER_TIMEOUT to the given number of milliseconds on the listener. // // Available on Linux. UserTimeoutMsecs int `json:"userTimeoutMsecs,omitzero"` // CertList is the name of the certificate list in the certificate store, // used as the server certificate for HTTPS. CertList string `json:"certList,omitzero"` // ClientCAs is the name of the X.509 certificate pool in the certificate store, // used as the root CA set for verifying client certificates. ClientCAs string `json:"clientCAs,omitzero"` // EncryptedClientHelloKeys are the ECH keys to use when a client attempts ECH. EncryptedClientHelloKeys []EncryptedClientHelloKey `json:"encryptedClientHelloKeys,omitzero"` // EnableTLS controls whether to enable TLS. EnableTLS bool `json:"enableTLS,omitzero"` // RequireAndVerifyClientCert controls whether to require and verify client certificates. RequireAndVerifyClientCert bool `json:"requireAndVerifyClientCert,omitzero"` // ReusePort enables SO_REUSEPORT on the listener. // // Available on Linux and the BSDs. ReusePort bool `json:"reusePort,omitzero"` // FastOpen enables TCP Fast Open on the listener. // // Available on Linux, macOS, FreeBSD, and Windows. FastOpen bool `json:"fastOpen,omitzero"` // FastOpenFallback enables runtime detection of TCP Fast Open support on the listener. // // When enabled, the listener will start without TFO if TFO is not available on the system. // When disabled, the listener will abort if TFO cannot be enabled on the socket. // // Available on all platforms. FastOpenFallback bool `json:"fastOpenFallback,omitzero"` // Multipath enables multipath TCP on the listener. // // Unlike Go std, we make MPTCP strictly opt-in. // That is, if this field is false, MPTCP will be explicitly disabled. // This ensures that if Go std suddenly decides to enable MPTCP by default, // existing configurations won't encounter issues due to missing features in the kernel MPTCP stack, // such as TCP keepalive (as of Linux 6.5), and failed connect attempts won't always be retried once. // // Available on platforms supported by Go std's MPTCP implementation. Multipath bool `json:"multipath,omitzero"` }
ListenerConfig is the configuration for a server listener.
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server is the RESTful API server.
Directories
¶
Path | Synopsis |
---|---|
Package certmgr provides a REST API for managing TLS certificates.
|
Package certmgr provides a REST API for managing TLS certificates. |
internal
|
|
Package ssm implements the Shadowsocks Server Management API v1.
|
Package ssm implements the Shadowsocks Server Management API v1. |
Click to show internal directories.
Click to hide internal directories.