| Name | shadowsocks-manager JSON |
| Version |
0.1.17
JSON |
| download |
| home_page | https://github.com/alexzhangs/shadowsocks-manager |
| Summary | A shadowsocks manager for multi-user and traffic statistics |
| upload_time | 2024-06-30 17:17:51 |
| maintainer | None |
| docs_url | None |
| author | Alex |
| requires_python | >=2.7 |
| license | MIT License Copyright (c) 2021 Alex Zhang Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
| keywords |
shadowsocks
manager
django
web
statistics
cluster
celery
uwsgi
pypi
docker
github-actions
|
| VCS |
 |
| bugtrack_url |
|
| requirements |
No requirements were recorded.
|
| Travis-CI |
No Travis.
|
| coveralls test coverage |
No coveralls.
|
[](https://github.com/alexzhangs/shadowsocks-manager/)
[](https://github.com/alexzhangs/shadowsocks-manager/commits/master)
[](https://github.com/alexzhangs/shadowsocks-manager/issues)
[](https://github.com/alexzhangs/shadowsocks-manager/pulls)
[](https://github.com/alexzhangs/shadowsocks-manager/tags)
[](https://github.com/alexzhangs/shadowsocks-manager/actions/workflows/ci-unittest.yml)
[](https://github.com/alexzhangs/shadowsocks-manager/actions/workflows/ci-testpypi.yml)
[](https://github.com/alexzhangs/shadowsocks-manager/actions/workflows/ci-pypi.yml)
[](https://pypi.org/project/shadowsocks-manager/)
[](https://codecov.io/gh/alexzhangs/shadowsocks-manager)
[](https://www.codefactor.io/repository/github/alexzhangs/shadowsocks-manager)
[](https://github.com/alexzhangs/shadowsocks-manager/actions/workflows/ci-docker.yml)
[](https://hub.docker.com/r/alexzhangs/shadowsocks-manager)
# shadowsocks-manager
A web-based Shadowsocks management tool.
Features:
* Central user management
* Heartbeat on Shadowsocks ports(users)
* Shadowsocks multi-user API
* Shadowsocks node cluster
* Statistic for network traffic usage
* Scheduled jobs
* dns-lexicon API
* Auto-creating DNS records
* Production deployment ready
* How's the Shadowsocks supported:
* libev edition:
* Full functional.
* python edition:
* Lacks the collection of traffic statistics.
* Lacks the ability to test user port creation status.
Code in Python, base on Django, Django REST framework, Celery, and SQLite.
The development status can be found at: [project home](https://github.com/users/alexzhangs/projects/6).
## Screenshots
Shadowsocks Node List:
Add Shadowsocks Node:
Add Shadowsocks Account:
## 1. Requirements
* Python 2.7, Python 3.x
* Django 1.11.x, Django 3.x
* Docker
* [Shadowsocks-libev 3.2.0 for Linux (multi-user API is required)](https://github.com/shadowsocks/shadowsocks-libev)
## 2. Install
This project is a part of an entire VPN solution, which includes the Shadowsocks server and Shadowsocks manager. The Shadowsocks server serves the traffic, the Shadowsocks manager serves the users and the traffic statistics. The solution is designed to be deployed in the AWS cloud. If you are looking for such a solution, you can refer to the repo [aws-cfn-vpn](https://github.com/alexzhangs/aws-cfn-vpn). With `aws-cfn-vpn`, you can deploy the entire solution with a few commands.
### 2.1. Dependencies
Assume you have installed the [Docker](https://www.docker.com/) on your host.
### 2.2. Manual installation
```sh
# create a docker network
docker network create ssm-network
# run memcached, used by django cache
docker run -d --network ssm-network --name ssm-memcached memcached
# run rabbitmq, used by celery
docker run -d --network ssm-network --name ssm-rabbitmq rabbitmq
# create a directory to store the data, it will be mounted to the shadowsocks-manager container
mkdir -p ~/ssm-volume
# run the shadowsocks-manager with HTTPS and DNS API enabled
# please replace the options with your own settings
docker run -d -p 80:80 -p 443:443 -v ~/ssm-volume:/var/local/ssm \
--network ssm-network --name ssm alexzhangs/shadowsocks-manager \
-e SSM_SECRET_KEY=yourkey -e SSM_DEBUG=False \
-e SSM_MEMCACHED_HOST=ssm-memcached -e SSM_RABBITMQ_HOST=ssm-rabbitmq \
-u admin -p yourpassword -M admin@example.com \
-d admin.ss.example.com -a 127.0.0.1 -S
-E PROVIDER=namecom,LEXICON_PROVIDER_NAME=namecom,LEXICON_NAMECOM_AUTH_USERNAME=your_username,LEXICON_NAMECOM_AUTH_TOKEN=your_token
```
### 2.3. Install with script
```sh
git clone https://github.com/alexzhangs/shadowsocks-manager
bash shadowsocks-manager/install.sh -u admin -p yourpassword -M admin@example.com \
-d admin.ss.example.com -a 127.0.0.1 -S \
-E PROVIDER=namecom,LEXICON_PROVIDER_NAME=namecom,LEXICON_NAMECOM_AUTH_USERNAME=your_username,LEXICON_NAMECOM_AUTH_TOKEN=your_token
```
### 2.4. Verify the installation
If all go smoothly, the shadowsocks-manager services should have been all started. Open the web admin console in a web browser, and log on with the admin user.
Use (depends on your settings):
`https://admin.ss.example.com/admin`
or:
`https://localhost/admin`
or fall back to HTTP:
`http://localhost/admin`
If goes well, then congratulations! The installation has succeeded.
By default, the following entries are added to Django's ALLOWED_HOSTS setting:
* localhost
* 127.0.0.1
* admin.ss.example.com (whatever provided with `-d` option)
Use `-e SSM_ALLOWED_SITES_DEFAULTS_PLUS=$ip_address` to add the additional IP address (such as the private IP address of your server) to the ALLOWED_HOSTS setting.
Use `-e SSM_ALLOWED_SITES_DYNAMIC_PUBLIC_IP=True` to allow the dynamic public IP address to be added to the ALLOWED_HOSTS setting.
For more options, refer to the help message of the scripts:
```sh
bash shadowsocks-manager/install.sh -h
bash shadowsocks-manager/docker/docker-entrypoint.sh -h
bash shadowsocks-manager/bin/ssm-setup.sh -h
```
## 3. Using shadowsocks-manager
1. Shadowsocks server
First, you need to have a Shadowsocks server with the multi-user API
enabled.
Install it with docker on the same docker network with shadowsocks-manager.
```sh
# run shadowsocks-libev
MGR_PORT=6001
SS_PORTS=8381-8385
ENCRYPT=aes-256-gcm
docker run -d -p $SS_PORTS:$SS_PORTS/UDP -p $SS_PORTS:$SS_PORTS \
--network ssm-network --name ssm-ss-libev shadowsocks/shadowsocks-libev:edge \
ss-manager --manager-address 0.0.0.0:$MGR_PORT \
--executable /usr/local/bin/ss-server -m $ENCRYPT -s 0.0.0.0 -u
# Use below command to get the private IP address of the shadowsocks-libev container for later configuration.
docker inspect ssm-ss-libev | grep IPAddress
```
1. Add Shadowsocks server to shadowsocks-manager
Add the Shadowsocks server as a Node of shadowsocks-manager from
web admin console: `Home › Shadowsocks › Shadowsocks Nodes`.
For the field `Private IP`, use the IP address abtained from the previous step.
For the field `Interface` for the Shadowsocks manager, choose `Private`.
1. Create users(ports) and assign Shadowsocks Node
Create users from web admin console: `Home › Shadowsocks ›
Shadowsocks Accounts` and assign the existing nodes to them.
After a few seconds, the created user ports should be available to your
Shadowsocks client.
## 4. Sendmail (Optional)
`sendmail` is used to send account notification Email, it should
be configured on the same server with shadowsocks-manager.
About how to configure `sendmail` client to use AWS SES as SMTP server on AWS EC2 instance, refer to repo
[aws-ec2-ses](https://github.com/alexzhangs/aws-ec2-ses).
On macOS, refer to repo
[macos-aws-ses](https://github.com/alexzhangs/macos-aws-ses).
NOTE: This dependency needs the manual setup anyway, it is not handled by any installation script.
## 5. Differences from the alternation: [shadowsocks/shadowsocks-manager](https://github.com/shadowsocks/shadowsocks-manager)
**This repo Do's:**
* Serve as a nonprofit business model.
* Have central user management for multi nodes.
* Collect traffic statistic that can be viewed by account, node, and period.
* Show the existence and accessibility of ports in the admin.
* Handle the DNS records if using Name.com as nameserver.
**This repo Don'ts:**
* Handle self-serviced user registration.
* Handle bill or payment.
* Need to run an additional agent on each Shadowsocks server.
## 6. Some differences between the Shadowsocks Python edition (2.8.2) and libev edition
Version status for the Shadowsocks Python edition:
* pypi: [2.8.2](https://pypi.org/project/shadowsocks/)
* github: [3.0.0](https://github.com/shadowsocks/shadowsocks/tree/master)
Although the Shadowsocks Python edition
supports the multi-user API, but it doesn't fit this project, here's why:
* The python edition code and doc seem to be out of maintenance due to some reason. If you really need this you probably need to fork it and make your own.
* They are having different service process names and CLI interfaces which introduces the complexity of installation.
* The Python edition lacks the `list` commands. A pull request was opened years ago but never merged.
* The Python edition's `stat` command has a very different way to use, I didn't figure the usage syntax out by looking into the code.
* The Python edition's `ping` command returns a simple string `pong` rather than a list of ports.
* The Python edition's `ping` command has to be sent as the syntax: `ping:{}` in order to work if tested with `nc`. It caused by the tailing newline: `ping\n`.
So either you get some change on your own or stick with the libev edition.
## 7. Known Issues
1. The Shadowsocks Python edition's ssserver won't start on macOS.
The error message is like:
```
$ ssserver -k passw0rd
WARNING: /Users/***/.pyenv/versions/3.12.0/envs/ssm-3.12/bin/python3.12 is loading libcrypto in an unsafe way
Abort trap: 6
```
Solution:
Link the homebrew openssl library to the system library.
```sh
sudo ln -s /opt/homebrew/opt/openssl/lib/libcrypto.dylib /usr/local/lib/
sudo ln -s /opt/homebrew/opt/openssl/lib/libssl.dylib /usr/local/lib/
```
1. Install the project by source with pip under Python 2.7 get error:
```
python --version
Python 2.7.18
pip install .
```
Error message:
```
...
Collecting pyyaml
Downloading PyYAML-5.4.1.tar.gz (175 kB)
|████████████████████████████████| 175 kB 392 kB/s
Installing build dependencies ... done
Getting requirements to build wheel ... error
ERROR: Command errored out with exit status 1:
...
raise AttributeError, attr
AttributeError: cython_sources
...
```
Solution:
```sh
pip install setuptools wheel
pip install --no-build-isolation .
```
1. Install the project with pip under python 2.7 get error:
```
python --version
Python 2.7.18
pip install .
```
Error message:
```
...
Building wheels for collected packages: cryptography
Building wheel for cryptography (PEP 517) ... error
ERROR: Command errored out with exit status 1:
build/temp.macosx-14.2-arm64-2.7/_openssl.c:18674:10: error: call to undeclared function 'ERR_GET_FUNC'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
return ERR_GET_FUNC(x0);
^
build/temp.macosx-14.2-arm64-2.7/_openssl.c:18690:14: error: call to undeclared function 'ERR_GET_FUNC'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
{ result = ERR_GET_FUNC(x0); }
^
build/temp.macosx-14.2-arm64-2.7/_openssl.c:23389:10: error: call to undeclared function 'FIPS_mode'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
return FIPS_mode();
^
build/temp.macosx-14.2-arm64-2.7/_openssl.c:23400:14: error: call to undeclared function 'FIPS_mode'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
{ result = FIPS_mode(); }
^
build/temp.macosx-14.2-arm64-2.7/_openssl.c:23415:10: error: call to undeclared function 'FIPS_mode_set'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
return FIPS_mode_set(x0);
^
build/temp.macosx-14.2-arm64-2.7/_openssl.c:23431:14: error: call to undeclared function 'FIPS_mode_set'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
{ result = FIPS_mode_set(x0); }
...
ERROR: Failed building wheel for cryptography
```
Solution:
```sh
brew install openssl@1.1
```
1. Domain record is not synced into DNS provider as expected.
There might be a conflict record in the DNS provider. For example, a record with the same name but different type, such as CNAME.
The sync process will be limited to the records with same type and name, it won't touched any other records.
Solution:
1. Remove the conflict record from the DNS provider by yourself.
1. Run the sync process again.
## 8. Development
The development of this project requires Python 3.x.
However, the installation of the project is compatible with both Python 2.7 and 3.x.
To keep the compatibility is difficult, but it's kept due to the historical reason.
The following files are kept only for installing the source distribution of the PyPI package under Python 2.7:
* setup.py
* setup.cfg
### 8.1. Development Environment Setup
1. Install Docker Desktop
* https://www.docker.com/products/docker-desktop/
1. Install pyenv (macOS)
```sh
brew install pyenv pyenv-virtualenv
```
1. Bootstrap the tox environment
```sh
pyenv install 3.12
pyenv virtualenv 3.12 tox
pyenv activate tox
pip install -r tox.txt
export VIRTUALENV_DISCOVERY=pyenv
tox list -q
```
To test the project with Python 2.7, need:
```sh
pyenv virtualenv 3.12 tox-27
pyenv activate tox-27
pip install -r tox-27.txt
export VIRTUALENV_DISCOVERY=pyenv
tox list -q
```
1. Install the Python versions that the project should test against
```sh
pyenv install 2.7 3.7 3.8 3.9 3.10 3.11
```
1. Clone the project code
```sh
git clone https://github.com/alexzhangs/shadowsocks-manager
cd shadowsocks-manager
```
1. Start the development environment
```sh
tox run -qe dev
```
1. Run the unit tests against all the supported Python versions
```sh
tox run -qe py37,py38,py39,py310,py311,py312
```
1. Combine the coverage data and generate the report
```sh
tox run -qe cov
```
1. Upload the coverage report to codecov
Make sure the `CODECOV_TOKEN` is exported in the environment before uploading.
```sh
export CODECOV_TOKEN=codecov_token
tox run -qe codecov
```
1. Build the PyPI package
```sh
# build source and binary distribution, equivalent to `python setup.py sdist bdist_wheel`
# universal wheel is enabled in the pyproject.toml to make the wheel compatible with both Python 2 and 3
tox run -qe pypi
```
1. Run the Github workflows ci-unittest locally
```sh
brew install act gh
act --list
export GITHUB_PAT_PUB_RO=github_pat
export CODECOV_TOKEN=codecov_token
export PRIVATE_IP=$(ipconfig getifaddr en0 2>/dev/null || hostname -i | cut -d " " -f1 2>/dev/null)
tox run -qe act-ci-unittest
# multiple Python versions
tox run -qe act-ci-unittest -- --matrix python-version:3.7 --matrix python-version:3.8
```
1. Build the Docker images and run the containers
```sh
# optional environment variables:
export DOCKER_BUILD_ARGS_PROXY='--build-arg https_proxy=http://host.docker.internal:1086'
export SSM_DEV_BAR_OPTIONS='-p -P'
export SSM_DEV_DOCKER_RUN_CMD_OPTIONS='-d admin.ss.example.com -t A -a 127.0.0.1 -S -E PROVIDER=namecom,LEXICON_PROVIDER_NAME=namecom,LEXICON_NAMECOM_AUTH_USERNAME=your_username,LEXICON_NAMECOM_AUTH_TOKEN=your_token'
tox run -qe bar
```
1. Run a full test locally, including all the above steps:
Make sure all the environment variables are set before running the full test.
```sh
tox run -q
```
1. Upload the PyPI package
Set the ~/.pypirc file with the API token from the TestPyPI and PyPI before uploading.
```sh
pip install twine
# upload the package to TestPyPI
python -m twine upload --repository testpypi dist/*
# upload the package to PyPI
python -m twine upload dist/*
```
1. Test the PyPI package
```sh
# install the package from TestPyPI
# --no-deps is used to skip installing dependencies for the TestPyPI environment
pip install -i https://test.pypi.org/simple/ --no-deps shadowsocks-manager
# install the package from PyPI
# --no-binary is used to force building the package from the source
# --use-pep517 is used together to make sure the PEP 517 is tested
pip install --no-binary shadowsocks-manager --use-pep517 shadowsocks-manager
```
### 8.2. CI/CD
Github Actions is currently used for the CI/CD.
Travis CI is removed due to the limitation of the free plan.
The CI/CD workflows are defined in the `.github/workflows` directory.
* ci-unittest.yml: Run the unit tests.
* ci-testpypi.yml: Build and upload the package to TestPyPI.
* ci-pypi.yml: Build and upload the package to PyPI. It can be triggered by the tag: `ci-pypi` or `ci-pypi-(major|minor|patch|suffx)`.
* ci-docker.yml: Build and push the docker image to Docker Hub. It can be triggered by the Github release.
## 9. Troubleshooting
1. Docker
```
# containers
docker ps -a
# network
docker network ls
# logs
docker logs <container_id>
```
1. Check the logs (inside container)
```
# supervisor (debian)
cat /var/log/supervisor/supervisord.log
# supervisor (alpine)
cat /var/log/supervisord.log
# uWSGI
cat /var/log/ssm-uwsgi.log
# Celery
cat /var/log/ssm-cerlery*
```
1. Check the services (inside container)
```
# nginx
nginx -s {stop|quit|reopen|reload}
# supervisor
supervisorctl reload
supervisorctl start all
# uWSGI
supervisorctl start ssm-uwsgi
# Celery
supervisorctl start ssm-celery-worker
supervisorctl start ssm-celery-beat
# acme.sh
acme.sh --list
crontab -l
ls -l /root/.acme.sh
# volume data
ls -la /var/local/ssm
# setup done files
ls -la /var/local/ssm/.*done
ls -la /root/.*done
```
1. Check the listening ports and processes (Linux)
```
# TCP
netstat -tanp
# UDP
netstat -uanp
```
1. Check the listening ports (MacOS)
```
# TCP
netstat -anp tcp
# UDP
netstat -anp udp
# find the process by port
lsof -i :80 -P
```
## 10. Security Considerations
1. Never run the shadowsocks-manager service with the Django 'DEBUG' mode enabled in production or even for evaluation.
Especially when the default password is used, the debug mode will expose your env in the error page.
This option should be enabled only for the development on the local machine.
* The 'DEBUG' mode is disabled by default in the docker image.
* The 'DEBUG' mode is enabled by default in the pypi package, it should be disabled if not for development.
1. Never run the shadowsocks-manager service with the default password on the network other than the localhost.
1. Never run the shadowsocks-manager service without HTTPS enabled on the network other than the localhost.
Otherwise, the password will be sent in plain text over public or private networks.
1. Never run the shadowsocks-manager service and the ss-manager service across the untrusted network without the firewall enabled, such as Internet, untrusted private network, etc.
The ss-manager service does not support authentication. Anyone who can access the service port can control the Shadowsocks server, including creating, deleting, and listing user ports and passwords.
To secure the ss-manager service, you can consider the following methods:
- Use VPC, VPN, or a private network to isolate the ss-manager service from the public network.
- Use VPC peering connection or DC gateway to connect the shadowsocks-manager service and the ss-manager service if they are in different VPCs.
- Ensure that the network traffic between the shadowsocks-manager service and the ss-manager service cannot be sniffed by untrusted parties.
- Use firewall rules to limit access to the ss-manager service port only from the shadowsocks-manager service.
Please note that the running infrastructure and deploying architecture may vary, so it's important to pay extra attention to this issue.
Raw data
{
"_id": null,
"home_page": "https://github.com/alexzhangs/shadowsocks-manager",
"name": "shadowsocks-manager",
"maintainer": null,
"docs_url": null,
"requires_python": ">=2.7",
"maintainer_email": null,
"keywords": "shadowsocks, manager, django, web, statistics, cluster, celery, uwsgi, pypi, docker, github-actions",
"author": "Alex",
"author_email": "Alex <alexzhangs@gmail.com>",
"download_url": "https://files.pythonhosted.org/packages/84/e3/16d0a31821a325c23e48f2dd59f4484dc34b6999413c32ba5116dc0d4cac/shadowsocks_manager-0.1.17.tar.gz",
"platform": null,
"description": "[](https://github.com/alexzhangs/shadowsocks-manager/)\n[](https://github.com/alexzhangs/shadowsocks-manager/commits/master)\n[](https://github.com/alexzhangs/shadowsocks-manager/issues)\n[](https://github.com/alexzhangs/shadowsocks-manager/pulls)\n[](https://github.com/alexzhangs/shadowsocks-manager/tags)\n\n[](https://github.com/alexzhangs/shadowsocks-manager/actions/workflows/ci-unittest.yml)\n[](https://github.com/alexzhangs/shadowsocks-manager/actions/workflows/ci-testpypi.yml)\n[](https://github.com/alexzhangs/shadowsocks-manager/actions/workflows/ci-pypi.yml)\n[](https://pypi.org/project/shadowsocks-manager/)\n[](https://codecov.io/gh/alexzhangs/shadowsocks-manager)\n[](https://www.codefactor.io/repository/github/alexzhangs/shadowsocks-manager)\n\n[](https://github.com/alexzhangs/shadowsocks-manager/actions/workflows/ci-docker.yml)\n[](https://hub.docker.com/r/alexzhangs/shadowsocks-manager)\n\n# shadowsocks-manager\n\nA web-based Shadowsocks management tool.\n\nFeatures:\n\n* Central user management\n* Heartbeat on Shadowsocks ports(users)\n* Shadowsocks multi-user API\n* Shadowsocks node cluster\n* Statistic for network traffic usage\n* Scheduled jobs\n* dns-lexicon API\n* Auto-creating DNS records\n* Production deployment ready\n* How's the Shadowsocks supported:\n * libev edition:\n * Full functional.\n * python edition:\n * Lacks the collection of traffic statistics.\n * Lacks the ability to test user port creation status.\n\nCode in Python, base on Django, Django REST framework, Celery, and SQLite.\n\nThe development status can be found at: [project home](https://github.com/users/alexzhangs/projects/6).\n\n\n## Screenshots\n\nShadowsocks Node List:\n\n\nAdd Shadowsocks Node:\n\n\nAdd Shadowsocks Account:\n\n\n\n## 1. Requirements\n\n* Python 2.7, Python 3.x\n* Django 1.11.x, Django 3.x\n* Docker\n* [Shadowsocks-libev 3.2.0 for Linux (multi-user API is required)](https://github.com/shadowsocks/shadowsocks-libev)\n\n\n## 2. Install\n\nThis project is a part of an entire VPN solution, which includes the Shadowsocks server and Shadowsocks manager. The Shadowsocks server serves the traffic, the Shadowsocks manager serves the users and the traffic statistics. The solution is designed to be deployed in the AWS cloud. If you are looking for such a solution, you can refer to the repo [aws-cfn-vpn](https://github.com/alexzhangs/aws-cfn-vpn). With `aws-cfn-vpn`, you can deploy the entire solution with a few commands.\n\n### 2.1. Dependencies\n\nAssume you have installed the [Docker](https://www.docker.com/) on your host.\n\n### 2.2. Manual installation\n\n```sh\n# create a docker network\ndocker network create ssm-network\n\n# run memcached, used by django cache\ndocker run -d --network ssm-network --name ssm-memcached memcached\n\n# run rabbitmq, used by celery\ndocker run -d --network ssm-network --name ssm-rabbitmq rabbitmq\n\n# create a directory to store the data, it will be mounted to the shadowsocks-manager container\nmkdir -p ~/ssm-volume\n\n# run the shadowsocks-manager with HTTPS and DNS API enabled\n# please replace the options with your own settings\ndocker run -d -p 80:80 -p 443:443 -v ~/ssm-volume:/var/local/ssm \\\n --network ssm-network --name ssm alexzhangs/shadowsocks-manager \\\n -e SSM_SECRET_KEY=yourkey -e SSM_DEBUG=False \\\n -e SSM_MEMCACHED_HOST=ssm-memcached -e SSM_RABBITMQ_HOST=ssm-rabbitmq \\\n -u admin -p yourpassword -M admin@example.com \\\n -d admin.ss.example.com -a 127.0.0.1 -S\n -E PROVIDER=namecom,LEXICON_PROVIDER_NAME=namecom,LEXICON_NAMECOM_AUTH_USERNAME=your_username,LEXICON_NAMECOM_AUTH_TOKEN=your_token\n```\n\n### 2.3. Install with script\n\n```sh\ngit clone https://github.com/alexzhangs/shadowsocks-manager\nbash shadowsocks-manager/install.sh -u admin -p yourpassword -M admin@example.com \\\n -d admin.ss.example.com -a 127.0.0.1 -S \\\n -E PROVIDER=namecom,LEXICON_PROVIDER_NAME=namecom,LEXICON_NAMECOM_AUTH_USERNAME=your_username,LEXICON_NAMECOM_AUTH_TOKEN=your_token\n```\n\n### 2.4. Verify the installation\n\nIf all go smoothly, the shadowsocks-manager services should have been all started. Open the web admin console in a web browser, and log on with the admin user.\n\nUse (depends on your settings):\n\n`https://admin.ss.example.com/admin`\n\nor:\n\n`https://localhost/admin`\n\nor fall back to HTTP:\n\n`http://localhost/admin`\n\nIf goes well, then congratulations! The installation has succeeded.\n\nBy default, the following entries are added to Django's ALLOWED_HOSTS setting:\n\n* localhost\n* 127.0.0.1\n* admin.ss.example.com (whatever provided with `-d` option)\n\nUse `-e SSM_ALLOWED_SITES_DEFAULTS_PLUS=$ip_address` to add the additional IP address (such as the private IP address of your server) to the ALLOWED_HOSTS setting.\n\nUse `-e SSM_ALLOWED_SITES_DYNAMIC_PUBLIC_IP=True` to allow the dynamic public IP address to be added to the ALLOWED_HOSTS setting.\n\nFor more options, refer to the help message of the scripts:\n\n```sh\nbash shadowsocks-manager/install.sh -h\nbash shadowsocks-manager/docker/docker-entrypoint.sh -h\nbash shadowsocks-manager/bin/ssm-setup.sh -h\n```\n\n## 3. Using shadowsocks-manager\n\n1. Shadowsocks server\n\n First, you need to have a Shadowsocks server with the multi-user API\nenabled.\n\n Install it with docker on the same docker network with shadowsocks-manager.\n\n ```sh\n # run shadowsocks-libev\n MGR_PORT=6001\n SS_PORTS=8381-8385\n ENCRYPT=aes-256-gcm\n docker run -d -p $SS_PORTS:$SS_PORTS/UDP -p $SS_PORTS:$SS_PORTS \\\n --network ssm-network --name ssm-ss-libev shadowsocks/shadowsocks-libev:edge \\\n ss-manager --manager-address 0.0.0.0:$MGR_PORT \\\n --executable /usr/local/bin/ss-server -m $ENCRYPT -s 0.0.0.0 -u\n\n # Use below command to get the private IP address of the shadowsocks-libev container for later configuration.\n docker inspect ssm-ss-libev | grep IPAddress\n ```\n\n1. Add Shadowsocks server to shadowsocks-manager\n\n Add the Shadowsocks server as a Node of shadowsocks-manager from\nweb admin console: `Home \u203a Shadowsocks \u203a Shadowsocks Nodes`.\n\n For the field `Private IP`, use the IP address abtained from the previous step.\n For the field `Interface` for the Shadowsocks manager, choose `Private`.\n\n1. Create users(ports) and assign Shadowsocks Node\n\n Create users from web admin console: `Home \u203a Shadowsocks \u203a\nShadowsocks Accounts` and assign the existing nodes to them.\n\n After a few seconds, the created user ports should be available to your\nShadowsocks client.\n\n\n## 4. Sendmail (Optional)\n\n`sendmail` is used to send account notification Email, it should\nbe configured on the same server with shadowsocks-manager.\n\nAbout how to configure `sendmail` client to use AWS SES as SMTP server on AWS EC2 instance, refer to repo\n[aws-ec2-ses](https://github.com/alexzhangs/aws-ec2-ses).\n\nOn macOS, refer to repo\n[macos-aws-ses](https://github.com/alexzhangs/macos-aws-ses).\n\nNOTE: This dependency needs the manual setup anyway, it is not handled by any installation script.\n\n\n## 5. Differences from the alternation: [shadowsocks/shadowsocks-manager](https://github.com/shadowsocks/shadowsocks-manager)\n\n**This repo Do's:**\n\n* Serve as a nonprofit business model.\n* Have central user management for multi nodes.\n* Collect traffic statistic that can be viewed by account, node, and period.\n* Show the existence and accessibility of ports in the admin.\n* Handle the DNS records if using Name.com as nameserver.\n\n**This repo Don'ts:**\n\n* Handle self-serviced user registration.\n* Handle bill or payment.\n* Need to run an additional agent on each Shadowsocks server.\n\n\n## 6. Some differences between the Shadowsocks Python edition (2.8.2) and libev edition\n\nVersion status for the Shadowsocks Python edition:\n* pypi: [2.8.2](https://pypi.org/project/shadowsocks/)\n* github: [3.0.0](https://github.com/shadowsocks/shadowsocks/tree/master)\n\nAlthough the Shadowsocks Python edition\nsupports the multi-user API, but it doesn't fit this project, here's why:\n\n* The python edition code and doc seem to be out of maintenance due to some reason. If you really need this you probably need to fork it and make your own.\n* They are having different service process names and CLI interfaces which introduces the complexity of installation.\n* The Python edition lacks the `list` commands. A pull request was opened years ago but never merged.\n* The Python edition's `stat` command has a very different way to use, I didn't figure the usage syntax out by looking into the code.\n* The Python edition's `ping` command returns a simple string `pong` rather than a list of ports.\n* The Python edition's `ping` command has to be sent as the syntax: `ping:{}` in order to work if tested with `nc`. It caused by the tailing newline: `ping\\n`.\n\nSo either you get some change on your own or stick with the libev edition.\n\n\n## 7. Known Issues\n\n1. The Shadowsocks Python edition's ssserver won't start on macOS.\n The error message is like:\n ```\n $ ssserver -k passw0rd\n WARNING: /Users/***/.pyenv/versions/3.12.0/envs/ssm-3.12/bin/python3.12 is loading libcrypto in an unsafe way\n Abort trap: 6\n ```\n\n Solution:\n Link the homebrew openssl library to the system library.\n ```sh\n sudo ln -s /opt/homebrew/opt/openssl/lib/libcrypto.dylib /usr/local/lib/\n sudo ln -s /opt/homebrew/opt/openssl/lib/libssl.dylib /usr/local/lib/\n ```\n\n1. Install the project by source with pip under Python 2.7 get error:\n ```\n python --version\n Python 2.7.18\n\n pip install .\n ```\n\n Error message:\n ```\n ...\n Collecting pyyaml\n Downloading PyYAML-5.4.1.tar.gz (175 kB)\n |\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588| 175 kB 392 kB/s \n Installing build dependencies ... done\n Getting requirements to build wheel ... error\n ERROR: Command errored out with exit status 1:\n ...\n raise AttributeError, attr\n AttributeError: cython_sources\n ...\n ```\n\n Solution:\n ```sh\n pip install setuptools wheel\n pip install --no-build-isolation .\n ```\n\n1. Install the project with pip under python 2.7 get error:\n ```\n python --version\n Python 2.7.18\n\n pip install .\n ```\n\n Error message:\n ```\n ...\n Building wheels for collected packages: cryptography\n Building wheel for cryptography (PEP 517) ... error\n ERROR: Command errored out with exit status 1:\n\n build/temp.macosx-14.2-arm64-2.7/_openssl.c:18674:10: error: call to undeclared function 'ERR_GET_FUNC'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]\n return ERR_GET_FUNC(x0);\n ^\n build/temp.macosx-14.2-arm64-2.7/_openssl.c:18690:14: error: call to undeclared function 'ERR_GET_FUNC'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]\n { result = ERR_GET_FUNC(x0); }\n ^\n build/temp.macosx-14.2-arm64-2.7/_openssl.c:23389:10: error: call to undeclared function 'FIPS_mode'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]\n return FIPS_mode();\n ^\n build/temp.macosx-14.2-arm64-2.7/_openssl.c:23400:14: error: call to undeclared function 'FIPS_mode'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]\n { result = FIPS_mode(); }\n ^\n build/temp.macosx-14.2-arm64-2.7/_openssl.c:23415:10: error: call to undeclared function 'FIPS_mode_set'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]\n return FIPS_mode_set(x0);\n ^\n build/temp.macosx-14.2-arm64-2.7/_openssl.c:23431:14: error: call to undeclared function 'FIPS_mode_set'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]\n { result = FIPS_mode_set(x0); }\n ...\n ERROR: Failed building wheel for cryptography\n ```\n\n Solution:\n ```sh\n brew install openssl@1.1\n ```\n\n1. Domain record is not synced into DNS provider as expected.\n\n There might be a conflict record in the DNS provider. For example, a record with the same name but different type, such as CNAME.\n The sync process will be limited to the records with same type and name, it won't touched any other records.\n\n Solution:\n 1. Remove the conflict record from the DNS provider by yourself.\n 1. Run the sync process again.\n\n\n## 8. Development\n\nThe development of this project requires Python 3.x.\n\nHowever, the installation of the project is compatible with both Python 2.7 and 3.x.\nTo keep the compatibility is difficult, but it's kept due to the historical reason.\nThe following files are kept only for installing the source distribution of the PyPI package under Python 2.7:\n\n* setup.py\n* setup.cfg\n\n### 8.1. Development Environment Setup\n\n1. Install Docker Desktop\n\n* https://www.docker.com/products/docker-desktop/\n\n1. Install pyenv (macOS)\n\n ```sh\n brew install pyenv pyenv-virtualenv\n ```\n\n1. Bootstrap the tox environment\n\n ```sh\n pyenv install 3.12\n pyenv virtualenv 3.12 tox\n pyenv activate tox\n pip install -r tox.txt\n export VIRTUALENV_DISCOVERY=pyenv\n tox list -q\n ```\n\n To test the project with Python 2.7, need:\n\n ```sh\n pyenv virtualenv 3.12 tox-27\n pyenv activate tox-27\n pip install -r tox-27.txt\n export VIRTUALENV_DISCOVERY=pyenv\n tox list -q\n ```\n\n1. Install the Python versions that the project should test against\n\n ```sh\n pyenv install 2.7 3.7 3.8 3.9 3.10 3.11\n ```\n\n1. Clone the project code\n\n ```sh\n git clone https://github.com/alexzhangs/shadowsocks-manager\n cd shadowsocks-manager\n ```\n\n1. Start the development environment\n\n ```sh\n tox run -qe dev\n ```\n\n1. Run the unit tests against all the supported Python versions\n\n ```sh\n tox run -qe py37,py38,py39,py310,py311,py312\n ```\n\n1. Combine the coverage data and generate the report\n\n ```sh\n tox run -qe cov\n ```\n\n1. Upload the coverage report to codecov\n\n Make sure the `CODECOV_TOKEN` is exported in the environment before uploading.\n\n ```sh\n export CODECOV_TOKEN=codecov_token\n tox run -qe codecov\n ```\n\n1. Build the PyPI package\n\n ```sh\n # build source and binary distribution, equivalent to `python setup.py sdist bdist_wheel`\n # universal wheel is enabled in the pyproject.toml to make the wheel compatible with both Python 2 and 3\n tox run -qe pypi\n ```\n\n1. Run the Github workflows ci-unittest locally\n\n ```sh\n brew install act gh\n act --list\n\n export GITHUB_PAT_PUB_RO=github_pat\n export CODECOV_TOKEN=codecov_token\n export PRIVATE_IP=$(ipconfig getifaddr en0 2>/dev/null || hostname -i | cut -d \" \" -f1 2>/dev/null)\n\n tox run -qe act-ci-unittest\n\n # multiple Python versions\n tox run -qe act-ci-unittest -- --matrix python-version:3.7 --matrix python-version:3.8\n ```\n\n1. Build the Docker images and run the containers\n\n ```sh\n # optional environment variables:\n export DOCKER_BUILD_ARGS_PROXY='--build-arg https_proxy=http://host.docker.internal:1086'\n export SSM_DEV_BAR_OPTIONS='-p -P'\n export SSM_DEV_DOCKER_RUN_CMD_OPTIONS='-d admin.ss.example.com -t A -a 127.0.0.1 -S -E PROVIDER=namecom,LEXICON_PROVIDER_NAME=namecom,LEXICON_NAMECOM_AUTH_USERNAME=your_username,LEXICON_NAMECOM_AUTH_TOKEN=your_token'\n\n tox run -qe bar\n ```\n\n1. Run a full test locally, including all the above steps:\n\n Make sure all the environment variables are set before running the full test.\n\n ```sh\n tox run -q\n ```\n\n1. Upload the PyPI package\n\n Set the ~/.pypirc file with the API token from the TestPyPI and PyPI before uploading.\n\n ```sh\n pip install twine\n\n # upload the package to TestPyPI\n python -m twine upload --repository testpypi dist/*\n\n # upload the package to PyPI\n python -m twine upload dist/*\n ```\n\n1. Test the PyPI package\n\n ```sh\n # install the package from TestPyPI\n # --no-deps is used to skip installing dependencies for the TestPyPI environment\n pip install -i https://test.pypi.org/simple/ --no-deps shadowsocks-manager\n\n # install the package from PyPI\n # --no-binary is used to force building the package from the source\n # --use-pep517 is used together to make sure the PEP 517 is tested\n pip install --no-binary shadowsocks-manager --use-pep517 shadowsocks-manager\n ```\n\n### 8.2. CI/CD\n\nGithub Actions is currently used for the CI/CD.\nTravis CI is removed due to the limitation of the free plan.\n\nThe CI/CD workflows are defined in the `.github/workflows` directory.\n\n* ci-unittest.yml: Run the unit tests.\n* ci-testpypi.yml: Build and upload the package to TestPyPI.\n* ci-pypi.yml: Build and upload the package to PyPI. It can be triggered by the tag: `ci-pypi` or `ci-pypi-(major|minor|patch|suffx)`.\n* ci-docker.yml: Build and push the docker image to Docker Hub. It can be triggered by the Github release.\n\n\n## 9. Troubleshooting\n\n1. Docker\n\n ```\n # containers\n docker ps -a\n\n # network\n docker network ls\n\n # logs\n docker logs <container_id>\n ```\n\n1. Check the logs (inside container)\n\n ```\n # supervisor (debian)\n cat /var/log/supervisor/supervisord.log \n\n # supervisor (alpine)\n cat /var/log/supervisord.log\n\n # uWSGI\n cat /var/log/ssm-uwsgi.log\n\n # Celery\n cat /var/log/ssm-cerlery*\n ```\n\n1. Check the services (inside container)\n\n ```\n # nginx\n nginx -s {stop|quit|reopen|reload}\n\n # supervisor\n supervisorctl reload\n supervisorctl start all\n\n # uWSGI\n supervisorctl start ssm-uwsgi\n\n # Celery\n supervisorctl start ssm-celery-worker\n supervisorctl start ssm-celery-beat\n\n # acme.sh\n acme.sh --list\n crontab -l\n ls -l /root/.acme.sh\n\n # volume data\n ls -la /var/local/ssm\n\n # setup done files\n ls -la /var/local/ssm/.*done\n ls -la /root/.*done\n ```\n\n1. Check the listening ports and processes (Linux)\n\n ```\n # TCP\n netstat -tanp\n\n # UDP\n netstat -uanp\n ```\n\n1. Check the listening ports (MacOS)\n\n ```\n # TCP\n netstat -anp tcp\n\n # UDP\n netstat -anp udp\n\n # find the process by port\n lsof -i :80 -P\n ```\n\n\n## 10. Security Considerations\n\n1. Never run the shadowsocks-manager service with the Django 'DEBUG' mode enabled in production or even for evaluation.\nEspecially when the default password is used, the debug mode will expose your env in the error page.\nThis option should be enabled only for the development on the local machine.\n\n * The 'DEBUG' mode is disabled by default in the docker image.\n * The 'DEBUG' mode is enabled by default in the pypi package, it should be disabled if not for development.\n\n1. Never run the shadowsocks-manager service with the default password on the network other than the localhost.\n\n1. Never run the shadowsocks-manager service without HTTPS enabled on the network other than the localhost.\nOtherwise, the password will be sent in plain text over public or private networks.\n\n1. Never run the shadowsocks-manager service and the ss-manager service across the untrusted network without the firewall enabled, such as Internet, untrusted private network, etc.\n\n The ss-manager service does not support authentication. Anyone who can access the service port can control the Shadowsocks server, including creating, deleting, and listing user ports and passwords.\n\n To secure the ss-manager service, you can consider the following methods:\n\n - Use VPC, VPN, or a private network to isolate the ss-manager service from the public network.\n - Use VPC peering connection or DC gateway to connect the shadowsocks-manager service and the ss-manager service if they are in different VPCs.\n - Ensure that the network traffic between the shadowsocks-manager service and the ss-manager service cannot be sniffed by untrusted parties.\n - Use firewall rules to limit access to the ss-manager service port only from the shadowsocks-manager service.\n\n Please note that the running infrastructure and deploying architecture may vary, so it's important to pay extra attention to this issue.\n",
"bugtrack_url": null,
"license": "MIT License Copyright (c) 2021 Alex Zhang Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ",
"summary": "A shadowsocks manager for multi-user and traffic statistics",
"version": "0.1.17",
"project_urls": {
"Homepage": "https://github.com/alexzhangs/shadowsocks-manager",
"homepage": "https://www.0xbeta.com/shadowsocks-manager/",
"issues": "https://github.com/alexzhangs/shadowsocks-manager/issues",
"repository": "https://github.com/alexzhangs/shadowsocks-manager"
},
"split_keywords": [
"shadowsocks",
" manager",
" django",
" web",
" statistics",
" cluster",
" celery",
" uwsgi",
" pypi",
" docker",
" github-actions"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "8d30fc09b7d9763f32cb9aa403b5ca2063e9c8de4afb8371c3431344aa5bedbe",
"md5": "ebdd73fdc86d1baf234ef4cb638464dd",
"sha256": "ca65f0f5eb55f65a62bff917f234971146b4d77d7e94d4a131d2113ef5d27163"
},
"downloads": -1,
"filename": "shadowsocks_manager-0.1.17-py2.py3-none-any.whl",
"has_sig": false,
"md5_digest": "ebdd73fdc86d1baf234ef4cb638464dd",
"packagetype": "bdist_wheel",
"python_version": "py2.py3",
"requires_python": ">=2.7",
"size": 95632,
"upload_time": "2024-06-30T17:17:49",
"upload_time_iso_8601": "2024-06-30T17:17:49.729085Z",
"url": "https://files.pythonhosted.org/packages/8d/30/fc09b7d9763f32cb9aa403b5ca2063e9c8de4afb8371c3431344aa5bedbe/shadowsocks_manager-0.1.17-py2.py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "84e316d0a31821a325c23e48f2dd59f4484dc34b6999413c32ba5116dc0d4cac",
"md5": "7b21c3267662cabb740099ab60d3aee2",
"sha256": "c287c4671ce50ff3f763bddc62bd0a9e0e906202f1771d597b8029eb91cb66ce"
},
"downloads": -1,
"filename": "shadowsocks_manager-0.1.17.tar.gz",
"has_sig": false,
"md5_digest": "7b21c3267662cabb740099ab60d3aee2",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=2.7",
"size": 74356,
"upload_time": "2024-06-30T17:17:51",
"upload_time_iso_8601": "2024-06-30T17:17:51.636822Z",
"url": "https://files.pythonhosted.org/packages/84/e3/16d0a31821a325c23e48f2dd59f4484dc34b6999413c32ba5116dc0d4cac/shadowsocks_manager-0.1.17.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-06-30 17:17:51",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "alexzhangs",
"github_project": "shadowsocks-manager",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"tox": true,
"lcname": "shadowsocks-manager"
}
