Expand Shadowsocks runtime compatibility

This commit is contained in:
JettChenT 2026-06-05 10:33:41 -07:00
parent d1638726ca
commit 4d1f589280
167 changed files with 57173 additions and 1640 deletions

View file

@ -0,0 +1,6 @@
FROM ghcr.io/sagernet/sing-box:v1.13.12
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]

View file

@ -0,0 +1,68 @@
# Railway sing-box Shadowsocks Test Node
This is a minimal sing-box Shadowsocks server for testing Burrow against a real
internet-hosted node on Railway.
Railway public networking exposes raw TCP through TCP Proxy. That is enough for
plain Shadowsocks TCP testing. It is not a full UDP validation environment, so
use Burrow's local self-tests or a VPS for native UDP testing.
## Deploy
1. Create a new Railway service from this repo.
2. Set the service root directory to:
```text
deploy/railway-sing-box
```
3. Add Railway variables:
```text
SS_PASSWORD=<strong random password>
SS_METHOD=chacha20-ietf-poly1305
SS_LISTEN_HOST=0.0.0.0
SS_LISTEN_PORT=8388
```
`SS_METHOD`, `SS_LISTEN_HOST`, and `SS_LISTEN_PORT` are optional; those are
the defaults.
4. Deploy the service.
5. In the service settings, create a TCP Proxy with internal port `8388`.
6. Railway will show an external proxy host and port, for example:
```text
shuttle.proxy.rlwy.net:15140
```
## Burrow Test URI
Build the Shadowsocks URI with:
```sh
uv run python - <<'PY'
import base64
import urllib.parse
method = "chacha20-ietf-poly1305"
password = "<SS_PASSWORD>"
host = "<RAILWAY_TCP_PROXY_DOMAIN>"
port = "<RAILWAY_TCP_PROXY_PORT>"
name = "railway-sing-box-ss"
userinfo = base64.urlsafe_b64encode(f"{method}:{password}".encode()).decode().rstrip("=")
print(f"ss://{userinfo}@{host}:{port}#{urllib.parse.quote(name)}")
PY
```
Use the generated `ss://` URI in a Burrow proxy subscription or local test
payload.
## Notes
- Railway's TCP Proxy external port is assigned by Railway. Use that external
port in the client URI, not `8388`.
- This is intentionally a plain Shadowsocks node. Once plain TCP works, add
extra protocol features in separate test deployments so failures stay easy to
isolate.

View file

@ -0,0 +1,47 @@
#!/bin/sh
set -eu
: "${SS_PASSWORD:?Set SS_PASSWORD to a strong test password in Railway variables}"
SS_METHOD="${SS_METHOD:-chacha20-ietf-poly1305}"
SS_LISTEN_HOST="${SS_LISTEN_HOST:-0.0.0.0}"
SS_LISTEN_PORT="${SS_LISTEN_PORT:-8388}"
LOG_LEVEL="${LOG_LEVEL:-info}"
json_escape() {
printf '%s' "$1" | sed 's/\\/\\\\/g; s/"/\\"/g'
}
SS_METHOD_JSON="$(json_escape "$SS_METHOD")"
SS_PASSWORD_JSON="$(json_escape "$SS_PASSWORD")"
LOG_LEVEL_JSON="$(json_escape "$LOG_LEVEL")"
SS_LISTEN_HOST_JSON="$(json_escape "$SS_LISTEN_HOST")"
mkdir -p /etc/sing-box
cat >/etc/sing-box/config.json <<EOF
{
"log": {
"level": "$LOG_LEVEL_JSON",
"timestamp": true
},
"inbounds": [
{
"type": "shadowsocks",
"tag": "ss-test",
"listen": "$SS_LISTEN_HOST_JSON",
"listen_port": $SS_LISTEN_PORT,
"method": "$SS_METHOD_JSON",
"password": "$SS_PASSWORD_JSON"
}
],
"outbounds": [
{
"type": "direct",
"tag": "direct"
}
]
}
EOF
echo "starting sing-box Shadowsocks test server on $SS_LISTEN_HOST:$SS_LISTEN_PORT"
exec sing-box run -c /etc/sing-box/config.json

View file

@ -0,0 +1,10 @@
{
"$schema": "https://railway.com/railway.schema.json",
"build": {
"builder": "DOCKERFILE"
},
"deploy": {
"restartPolicyType": "ON_FAILURE",
"restartPolicyMaxRetries": 10
}
}