Add ss grcp web, and update ss wss web

Shadowsocks-Websocket-Web-TLS/Domainsocket-or-Redirect-Approach/README-CN.md

@@ -0,0 +1,58 @@
+# 这是一个使用 V2Ray 作为 ss + v2ray plugin 服务端的示例
+
+> 完整的设置还需要一个web服务器解密TLS后,将请求转发给位于127.0.0.1:10000的v2ray。由于 [https://guide.v2fly.org/advanced/wss_and_web.html#%E9%85%8D%E7%BD%AE](https://guide.v2fly.org/advanced/wss_and_web.html#%E9%85%8D%E7%BD%AE) 已经有了服务器的设置这里不再赘述，可以按需参考白话文教程里的web服务器设置。
+
+config_server_redirect.json 和 config_server_domainsocket.json 选其一
+
+如果使用domain socket需要修改`/etc/systemd/system/v2ray.service`。否则由于fhs脚本使用的nobody用户的权限不够，无法在/var/run里新建文件夹`ss-loop`而导致启动失败。
+> 如果使用fhs脚本更新版本的话，会覆盖掉service文件，所以更新版本后需要重复下面的操作。
+
+修改文件`/etc/systemd/system/v2rary.service`，在`[Service]`部分添加下面一行：
+
+```properties
+RuntimeDirectory=ss-loop 
+```
+
+`ss-loop`对应config.json里的`dsSettings`部分的path里的文件夹`/var/run/ss-loop`
+
+修改完成后需要执行
+
+```shell
+systemctl disable v2ray.service
+systemctl enable v2ray.service
+```
+
+最后重启下v2ray进程
+
+```shell
+systemctl restart v2ray
+```
+
+## 客户端配置示意
+
+你应该按照服务端的设置修改对应的参数
+
+### shadowsocks windows 客户端关键部分示例如下
+
+```properties
+Server_IP: example.com or your server ip
+Server_Port: 443
+Password: ifYouWantToKeepYourPassphraseSafeChangeThis!!
+Encryption: chacha20-ietf-poly1305
+Plugin_Program: pathToYourV2ray-plugin_windows_arch.exe
+Plugin_Options: tls;mode=websocket;path=/michi;host=example.com
+```
+
+### shadowsocks Android plugin 关键部分示例如下
+
+需安装 shadowsocks 和 v2ray plugin，并搭配一同使用
+
+```properties
+Plugin: v2ray
+Configuration:
+    Transport_mode: websocket-tls
+    Hostname: example.com
+    Path: /michi
+    Concurrent_connections: 1
+    Certificate_for_TLS_verification: Not set
+```

Shadowsocks-Websocket-Web-TLS/Domainsocket-or-Redirect-Approach/README.md

@@ -0,0 +1,61 @@
+# This is the server config.json example to utilizing V2ray as the server for Shadowsocks + V2Ray Plugin
+
+> The complete setup also requires a web server to handle the TLS and proxy pass the deciphered request to the backend v2ray server at 127.0.0.1:10000.
+> You can find the web server config example at [https://guide.v2fly.org/en_US/advanced/wss_and_web.html#server-side-configuration](https://guide.v2fly.org/en_US/advanced/wss_and_web.html#server-side-configuration)
+
+中文用户请看[这里](https://github.com/v2fly/v2ray-examples/blob/master/Shadowsocks-Websocket-Web-TLS/Domainsocket-or-Redirect-Approach/README-CN.md)
+
+Choose one of the server config config_server_redirect.json and config_server_domainsocket.json
+
+If you choose to use config_server_domainsocket.json, the following extra steps are required. Since the default service file created by fhs installation scripts is using nobody as the runtime user, this user does not have the permission to create the `ss-loop` folder in `/var/run`.
+
+Use your prefered editor to modify the systemd service file at `/etc/systemd/system/v2ray.service`.
+Add the following line to the block starting with `[Service]`
+
+```properties
+RuntimeDirectory=ss-loop 
+```
+
+`ss-loop` corresponds to the `/var/run/ss-loop` folder in the `dsSettings` inside config_server_domainsocket.json.
+
+Execute the following commands to re-enable the v2ray.service.
+
+```shell
+systemctl disable v2ray.service
+systemctl enable v2ray.service
+```
+
+Then restart the v2ray service.
+
+```shell
+systemctl restart v2ray
+```
+
+## Client configuration examples
+
+> You should change the following configurations according to your server configs
+
+### shadowsocks windows client configuration examples
+
+```properties
+Server_IP: example.com or your server IP
+Server_Port: 443
+Password: ifYouWantToKeepYourPassphraseSafeChangeThis!!
+Encryption: chacha20-ietf-poly1305
+Plugin_Program: pathToYourV2ray-plugin_windows_arch.exe
+Plugin_Options: tls;mode=websocket;path=/michi;host=example.com
+```
+
+### shadowsocks Android plugin configuration examples
+
+> Both the shadowsocks android and the V2Ray plugin android are mandatory, they are available on Google Play Store.
+
+```properties
+Plugin: v2ray
+Configuration:
+    Transport_mode: websocket-tls
+    Hostname: example.com
+    Path: /michi
+    Concurrent_connections: 1
+    Certificate_for_TLS_verification: Not set
+```

Shadowsocks-Websocket-Web-TLS/Domainsocket-or-Redirect-Approach/config_server_domainsocket.json

@@ -40,7 +40,7 @@
             "streamSettings": {
                 "network": "ws",
                 "wsSettings": {
-                    "path": "/michi"
+                    "path": "/path"
                 }
             }
         },

Shadowsocks-Websocket-Web-TLS/Domainsocket-or-Redirect-Approach/config_server_redirect.json

@@ -40,7 +40,7 @@
             "streamSettings": {
                 "network": "ws",
                 "wsSettings": {
-                    "path": "/michi"
+                    "path": "/path"
                 }
             }
         },

Shadowsocks-Websocket-Web-TLS/README - zh-CN.md

@@ -1,42 +0,0 @@
-# 这是一个使用 V2Ray 作为 ss + v2ray plugin 服务端的示例
-> 完整的设置还需要一个web服务器解密TLS后将请求转发给后端的v2ray位于127.0.0.1:10000。由于 https://guide.v2fly.org/advanced/wss_and_web.html#%E9%85%8D%E7%BD%AE 已经有了服务器的设置这里不再赘述，可以按需参考白话文教程里的web服务器设置。
-
-**config_server_redirect.json 和 config_server_domainsocket.json 选其一**
-
-如果使用domain socket需要修改/etc/systemd/system/v2ray.service
-在[Service]部分添加
-```
-RuntimeDirectory=ss-loop 
-```
-'ss-loop'对应config.json里的"dsSettings"部分的path里的文件夹"/var/run/ss-loop"
-
-修改完成后需要执行
-```
-systemctl disable v2ray.service
-systemctl enable v2ray.service
-```
-否则由于fhs脚本使用的nobody用户的权限不够，无法在/var/run里新建文件夹'ss-loop'而导致启动失败。
-
-## 客户端配置示意
-**你应该按照服务端的设置修改对应的参数**
-### shadowsocks windows 客户端关键部分示例如下：
-```
-Server IP: example.com
-Server Port: 443
-Password: ifYouWantToKeepYourPassphraseSafeChangeThis!!
-Encryption: chacha20-ietf-poly1305
-Plugin Program: pathToYourV2ray-plugin_windows_arch.exe
-Plugin Options: tls;mode=websocket;path=/michi;host=example.com
-```
-### shadowsocks Android plugin 关键部分示例如下：
-
-**需安装 shadowsocks 和 v2ray plugin，并搭配一同使用**
-```
-Plugin: v2ray
-Configuration:
-    Transport mode: websocket-tls
-    Hostname: example.com
-    Path: /michi
-    Concurrent connections: 1
-    Certificate for TLS verification: Not set
-```

Shadowsocks-Websocket-Web-TLS/README-CN.md

@@ -0,0 +1,35 @@
+# 这个例子同样适用于Shadowsocks客户端+V2Ray-Plugins
+
+> 完整的设置还需要一个web服务器解密TLS后,将请求转发给监听在127.0.0.1:10000的v2ray。由于 [https://guide.v2fly.org/advanced/wss_and_web.html#%E9%85%8D%E7%BD%AE](https://guide.v2fly.org/advanced/wss_and_web.html#%E9%85%8D%E7%BD%AE) 已经有了服务器的设置这里不再赘述，可以按需参考白话文教程里的web服务器设置。
+
+## 客户端配置示意
+
+你应该按照服务端的设置修改对应的参数
+
+### shadowsocks windows 客户端关键部分示例如下
+
+> 必须设置 mux=0，否则无法正常连接服务器。如果需要使用mux可以参考本文件夹里的[Domainsocket or Redirect Approach](https://github.com/v2fly/v2ray-examples/blob/master/Shadowsocks-Websocket-Web-TLS/Domainsocket-or-Redirect-Approach/)的方法。
+
+```properties
+Server_IP: example.com or your server ip
+Server_Port: 443
+Password: ifYouWantToKeepYourPassphraseSafeChangeThis!!
+Encryption: chacha20-ietf-poly1305
+Plugin_Program: pathToYourV2ray-plugin_windows_arch.exe
+Plugin_Options: mux=0;tls;mode=websocket;path=/path;host=example.com
+```
+
+### Shadowsocks Android plugin 关键部分示例如下
+
+> 需安装 shadowsocks 和 v2ray plugin，并搭配一同使用。
+> Concurrent connections必须为0，否则无法连接到服务器。
+
+```properties
+Plugin: v2ray
+Configuration:
+    Transport_mode: websocket-tls
+    Hostname: example.com
+    Path: /path
+    Concurrent_connections: 0
+    Certificate_for_TLS_verification: Not set
+```

Shadowsocks-Websocket-Web-TLS/README.md

@@ -1,45 +1,38 @@
-# This is the server config.json example to utilizing V2ray as the server for Shadowsocks + V2Ray Plugin
-> The complete setup also requires a web server to handle the TLS and proxy pass the deciphered request to the backend v2ray server at 127.0.0.1:10000.
-> You can find the web server example at https://guide.v2fly.org/en_US/advanced/wss_and_web.html#server-side-configuration 
+# These settings are also compatible with Shadowsocks client + V2Ray-plugin
 
-中文用户请看 Readme - zh-CN. md
+> The complete setup also requires a web server to handle the TLS and proxy pass the deciphered request to the backend v2ray server listeing on 127.0.0.1:10000.
+> You can find the web server config examples at [https://guide.v2fly.org/en_US/advanced/wss_and_web.html#server-side-configuration](https://guide.v2fly.org/en_US/advanced/wss_and_web.html#server-side-configuration)
 
-**Choose either one of config_server_redirect.json and config_server_domainsocket.json**
+中文用户请看[这里](https://github.com/v2fly/v2ray-examples/blob/master/Shadowsocks-Websocket-Web-TLS/README-CN.md)
 
-If you choose to use config_server_domainsocket.json remember to modify the systemd service file @ /etc/systemd/system/v2ray.service.
+## Shadowsocks client configuration examples
 
-Add the following line to the block starting with [Service]
-```
-RuntimeDirectory=ss-loop 
-```
-'ss-loop' corresponds to the "/var/run/ss-loop" folder in the "dsSettings" part of the config.json.
+> You should change the following configurations according to your server configs
 
-Execute the following commands to re-enable the v2ray.service.
-```
-systemctl disable v2ray.service
-systemctl enable v2ray.service
-```
-Since nobody user does not have the right permission to create the 'ss-loop' folder in /var/run.
-## Client configuration examples
-**You should change the parameters according to your server configs**
-### shadowsocks windows client configuration examples：
-```
-Server IP: example.com
-Server Port: 443
+### Shadowsocks windows client configuration examples
+
+> mux=0 is indispensable when connecting with V2Ray-plugin, if you wish to use mux you need to try the [Domainsocket or Redirect Approach](https://github.com/v2fly/v2ray-examples/blob/master/Shadowsocks-Websocket-Web-TLS/Domainsocket-or-Redirect-Approach/)
+
+```properties
+Server_IP: example.com or your server IP
+Server_Port: 443
 Password: ifYouWantToKeepYourPassphraseSafeChangeThis!!
 Encryption: chacha20-ietf-poly1305
-Plugin Program: pathToYourV2ray-plugin_windows_arch.exe
-Plugin Options: tls;mode=websocket;path=/michi;host=example.com
+Plugin_Program: pathToYourV2ray-plugin_windows_arch.exe
+Plugin_Options: mux=0;tls;mode=websocket;path=/path;host=example.com
 ```
-### shadowsocks Android plugin configuration examples：
+
+### shadowsocks Android plugin configuration examples
 
 > Both the shadowsocks android and the V2Ray plugin android are mandatory, they are available on Google Play Store.
-```
+*Concurrent connections must be 0*
+
+```properties
 Plugin: v2ray
 Configuration:
-    Transport mode: websocket-tls
+    Transport_mode: websocket-tls
     Hostname: example.com
-    Path: /michi
-    Concurrent connections: 1
-    Certificate for TLS verification: Not set
+    Path: /path
+    Concurrent_connections: 0 
+    Certificate_for_TLS_verification: Not set
 ```

Shadowsocks-Websocket-Web-TLS/config_client.json

@@ -0,0 +1,61 @@
+{
+    "log": {
+        "loglevel": "warning"
+    },
+    "routing": {
+        "domainStrategy": "AsIs",
+        "rules": [
+            {
+                "type": "field",
+                "ip": [
+                    "geoip:private"
+                ],
+                "outboundTag": "direct"
+            }
+        ]
+    },
+    "inbounds": [
+        {
+            "listen": "127.0.0.1",
+            "port": "1080",
+            "protocol": "socks",
+            "settings": {
+                "auth": "noauth",
+                "udp": true,
+                "ip": "127.0.0.1"
+            }
+        },
+        {
+            "listen": "127.0.0.1",
+            "port": "1081",
+            "protocol": "http"
+        }
+    ],
+    "outbounds": [
+        {
+            "protocol": "vmess",
+            "settings": {
+                "servers": [
+                    {
+                        "address": "{{ host }}",
+                        "port": 443,
+                        "method": "chacha20-ietf-poly1305",
+                        "password": "{{ password }}"
+                    }
+                ]
+            },
+            "streamSettings": {
+                "network": "ws",
+                "security": "tls",
+                "wsSettings": {
+                    "path": "/path"
+                }
+            },
+            "tag": "proxy"
+        },
+        {
+            "protocol": "freedom",
+            "tag": "direct"
+        }
+    ]
+}

Shadowsocks-Websocket-Web-TLS/config_server.json

@@ -0,0 +1,42 @@
+{
+    "log": {
+        "loglevel": "warning"
+    },
+    "routing": {
+        "domainStrategy": "AsIs",
+        "rules": [
+            {
+                "type": "field",
+                "ip": [
+                    "geoip:private"
+                ],
+                "outboundTag": "block"
+            }
+        ]
+    },
+    "inbounds": [
+        {
+            "listen": "127.0.0.1",
+            "port": 10000,
+            "protocol": "shadowsocks",
+            "settings": {
+                "method": "chacha20-ietf-poly1305",
+                "password": "{{ password }}"
+            },
+            "streamSettings": {
+                "network": "ws",
+                "path": "/path"
+            }
+        }
+    ],
+    "outbounds": [
+        {
+            "protocol": "freedom",
+            "tag": "direct"
+        },
+        {
+            "protocol": "blackhole",
+            "tag": "block"
+        }
+    ]
+}

Shadowsocks-gRPC-Web-TLS/README-CN.md

@@ -0,0 +1,26 @@
+# 最低版本要求
+
+NGINX的最低版本要求为 1.13.10:\
+[https://www.nginx.com/blog/nginx-1-13-10-grpc/](https://www.nginx.com/blog/nginx-1-13-10-grpc/)
+
+V2Ray-core的最低版本要求为 v4.36.0:\
+[https://www.v2fly.org/config/transport/grpc.html#grpcobject](https://www.v2fly.org/config/transport/grpc.html#grpcobject)
+
+## 本设置同样适用于Shadowsocks客户端搭配V2Ray-plugin使用
+
+*你需要一个兼容gRPC的v2ray-plugin程序。
+例如由[TeddySun](https://github.com/teddysun)维护的v2ray-plugin叉子: \
+[https://github.com/teddysun/v2ray-plugin](https://github.com/teddysun/v2ray-plugin)*
+
+### 客户端设置
+
+Shadowsocks Windows设置示例:
+
+```properties
+Server_IP: mydomain.me OR your server IP
+Server_Port: 443
+Password: ifYouWantToKeepYourPassphraseSafeChangeThis!!
+Encryption: chacha20-ietf-poly1305
+Plugin_Program: pathToYourV2ray-plugin_windows_arch.exe
+Plugin_Options: tls;mode=grpc;serviceName=/michi;host=mydomain.me
+```

Shadowsocks-gRPC-Web-TLS/README.md

@@ -0,0 +1,28 @@
+# Minimum Versions
+
+中文用户请看[这里](https://github.com/v2fly/v2ray-examples/blob/master/Shadowsocks-gRPC-Web-TLS/README-CN.md)
+
+Minimum NGINX version is 1.13.10:\
+[https://www.nginx.com/blog/nginx-1-13-10-grpc/](https://www.nginx.com/blog/nginx-1-13-10-grpc/)
+
+Minimum V2Ray-Core version is v4.36.0:\
+[https://www.v2fly.org/config/transport/grpc.html#grpcobject](https://www.v2fly.org/config/transport/grpc.html#grpcobject)
+
+## These settings are also compatible with shadowsocks + v2ray-plugins
+
+*You need a grpc compatible v2ray-plugin program to use with shadowsocks client.
+For example the one maintained by [TeddySun](https://github.com/teddysun): \
+[https://github.com/teddysun/v2ray-plugin](https://github.com/teddysun/v2ray-plugin)*
+
+### Client Configurations
+
+Shadowsocks Windows Example Config:
+
+```properties
+Server_IP: mydomain.me OR your server IP
+Server_Port: 443
+Password: ifYouWantToKeepYourPassphraseSafeChangeThis!!
+Encryption: chacha20-ietf-poly1305
+Plugin_Program: pathToYourV2ray-plugin_windows_arch.exe
+Plugin_Options: tls;mode=grpc;serviceName=/michi;host=mydomain.me
+```

Shadowsocks-gRPC-Web-TLS/config_client.json

@@ -0,0 +1,61 @@
+{
+    "log": {
+        "loglevel": "warning"
+    },
+    "routing": {
+        "domainStrategy": "AsIs",
+        "rules": [
+            {
+                "type": "field",
+                "ip": [
+                    "geoip:private"
+                ],
+                "outboundTag": "direct"
+            }
+        ]
+    },
+    "inbounds": [
+        {
+            "listen": "127.0.0.1",
+            "port": "1080",
+            "protocol": "socks",
+            "settings": {
+                "auth": "noauth",
+                "udp": true,
+                "ip": "127.0.0.1"
+            }
+        },
+        {
+            "listen": "127.0.0.1",
+            "port": "1081",
+            "protocol": "http"
+        }
+    ],
+    "outbounds": [
+        {
+            "protocol": "shadowsocks",
+            "settings": {
+                "servers": [
+                    {
+                        "address": "{{ host }}",
+                        "port": 443,
+                        "method": "chacha20-ietf-poly1305",
+                        "password": "{{ password }}"
+                    }
+                ]
+            },
+            "streamSettings": {
+                "network": "grpc",
+                "security": "tls",
+                "grcpSettings": {
+                    "serviceName": "michi"
+                }
+            },
+            "tag": "proxy"
+        },
+        {
+            "protocol": "freedom",
+            "tag": "direct"
+        }
+    ]
+}

Shadowsocks-gRPC-Web-TLS/config_server.json

@@ -0,0 +1,44 @@
+{
+    "log": {
+        "loglevel": "warning"
+    },
+    "routing": {
+        "domainStrategy": "AsIs",
+        "rules": [
+            {
+                "type": "field",
+                "ip": [
+                    "geoip:private"
+                ],
+                "outboundTag": "block"
+            }
+        ]
+    },
+    "inbounds": [
+        {
+            "listen": "127.0.0.1",
+            "port": 12345,
+            "protocol": "shadowsocks",
+            "settings": {
+                "method": "chacha20-ietf-poly1305",
+                "password": "{{ password }}"
+            },
+            "streamSettings": {
+                "network": "grpc",
+                "grpcSettings": {
+                    "serviceName": "michi"
+                }
+            }
+        }
+    ],
+    "outbounds": [
+        {
+            "protocol": "freedom",
+            "tag": "direct"
+        },
+        {
+            "protocol": "blackhole",
+            "tag": "block"
+        }
+    ]
+}

Shadowsocks-gRPC-Web-TLS/nginx_proxy.conf

@@ -0,0 +1,32 @@
+server {
+  listen 443 ssl;
+  listen [::]:443 ssl;
+  
+  ssl_certificate       /etc/v2ray/v2ray.crt;
+  ssl_certificate_key   /etc/v2ray/v2ray.key;
+  ssl_session_timeout 1d;
+  ssl_session_cache shared:MozSSL:10m;
+  ssl_session_tickets off;
+  
+  ssl_protocols         TLSv1.2 TLSv1.3;
+  ssl_ciphers           ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+  ssl_prefer_server_ciphers off;
+  
+  server_name           mydomain.me;
+  location /michi { # This michi shall in consistent with the grpc serviceName in v2ray config.json
+  
+    if ($request_method != "POST") { # if the request method is not POST for this location, return 404
+        return 404;
+    }
+
+    grpc_socket_keepalive on;
+    grpc_intercept_errors on;
+    grpc_pass grpc://127.0.0.1:12345; # presume v2ray is listening on port 12345 
+    grpc_set_header Upgrade $http_upgrade;
+    grpc_set_header Connection "upgrade";
+    grpc_set_header Host $host;
+    # Show real IP in v2ray access.log
+    grpc_set_header X-Real-IP $remote_addr;
+    grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  }
+}