burrow/deploy/railway-sing-box
2026-06-05 10:33:41 -07:00
..
Dockerfile Expand Shadowsocks runtime compatibility 2026-06-05 10:33:41 -07:00
entrypoint.sh Expand Shadowsocks runtime compatibility 2026-06-05 10:33:41 -07:00
railway.json Expand Shadowsocks runtime compatibility 2026-06-05 10:33:41 -07:00
README.md Expand Shadowsocks runtime compatibility 2026-06-05 10:33:41 -07:00

Railway sing-box Shadowsocks Test Node

This is a minimal sing-box Shadowsocks server for testing Burrow against a real internet-hosted node on Railway.

Railway public networking exposes raw TCP through TCP Proxy. That is enough for plain Shadowsocks TCP testing. It is not a full UDP validation environment, so use Burrow's local self-tests or a VPS for native UDP testing.

Deploy

  1. Create a new Railway service from this repo.

  2. Set the service root directory to:

    deploy/railway-sing-box
    
  3. Add Railway variables:

    SS_PASSWORD=<strong random password>
    SS_METHOD=chacha20-ietf-poly1305
    SS_LISTEN_HOST=0.0.0.0
    SS_LISTEN_PORT=8388
    

    SS_METHOD, SS_LISTEN_HOST, and SS_LISTEN_PORT are optional; those are the defaults.

  4. Deploy the service.

  5. In the service settings, create a TCP Proxy with internal port 8388.

  6. Railway will show an external proxy host and port, for example:

    shuttle.proxy.rlwy.net:15140
    

Burrow Test URI

Build the Shadowsocks URI with:

uv run python - <<'PY'
import base64
import urllib.parse

method = "chacha20-ietf-poly1305"
password = "<SS_PASSWORD>"
host = "<RAILWAY_TCP_PROXY_DOMAIN>"
port = "<RAILWAY_TCP_PROXY_PORT>"
name = "railway-sing-box-ss"

userinfo = base64.urlsafe_b64encode(f"{method}:{password}".encode()).decode().rstrip("=")
print(f"ss://{userinfo}@{host}:{port}#{urllib.parse.quote(name)}")
PY

Use the generated ss:// URI in a Burrow proxy subscription or local test payload.

Notes

  • Railway's TCP Proxy external port is assigned by Railway. Use that external port in the client URI, not 8388.
  • This is intentionally a plain Shadowsocks node. Once plain TCP works, add extra protocol features in separate test deployments so failures stay easy to isolate.