-
Notifications
You must be signed in to change notification settings - Fork 7
/
config.conf
142 lines (108 loc) · 4.47 KB
/
config.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
# Vee Security OÜ. SOCKS5 Engine.
#
# A highly-customizable lightweight SOCKS5-server supporting RADIUS, Redis,
# subnet whitelisting and blacklisting, session counting.
#
# We advise that you set this up as a system service.
# If you are willing to use RADIUS for authentication, we highly recommend running Redis for caching.
# No matter what authentication scheme you choose, it makes sense to run Redis to keep track of your users' sessions.
#
# For SOCKS5 protocol specification, consult https://www.ietf.org/rfc/rfc1928.txt.
# For details on username/password SOCKS5 authentication, consult https://tools.ietf.org/html/rfc1929.
# This version of SOCKS5 Engine supports username/password authentication (METHOD 02) and no authentication (METHOD 01).
# It supports CONNECT and UDP ASSOCIATE (fragmentation is not implemented) requests.
#
# To run SOCKS5 Engine, specify the -conf=<full path to this config> flag.
# /etc/vee-socks5/config.conf is assumed to be the default config location.
#
# SOCKS5 Engine listens for SIGUSR1 signals and displays data about idle workers and the connection queue on SIGUSR1.
#
# Use the -h flag to see this configuration file.
# Use the -v flag to see the version of your build.
#
# If any input from this config is found to be invalid, it will be changed to a corresponding default value.
#
#
# GENERAL
#
# port: port to listen on.
port = 1080
# authenticators: number of workers for user authentication.
authenticators = 100
# reqHandlers: number of workers for establishing a connection between a server and a client.
reqHandlers = 100
# connectionQueue: capacity of the queue that is used to queue requests when no workers are idle.
connectionQueue = 500
# localIP: IPv4 address of the node. It is needed for the UDP ASSOCIATE command. If not provided, SOCKS5 Engine tries to detect it automatically.
# If RADIUS is used for authentication, the localIP value will be used as NAS-IP-Address.
localIP = ""
#
# MODES
#
# dev: turns off authentication.
dev = true
# logging: logs errors. Useful for debugging.
logging = true
#
# PERFORMANCE
#
# GC: garbage collection is run when the ratio of newly allocated data to data left after previous collection reaches this percentage.
# Set to a negative number to disable garbage collection.
GC = 100
# NumProcesses is the max number of OS threads running user-level code. Non-user-level syscalls may make the limit be exceeded.
processes = 100
# buffer is the size of the buffer allocated for each connection, in KB. Correlates positively with mem usage and negatively with CPU load.
buffer = 5
#
# TIMEOUTS
#
# connLifetime sets the timeout for client and server connection, in seconds.
connLifetime = 900
# handshakeStepTimeout is the timeout for each Read/Write operation when establishing a proxy connection, in seconds.
handshakeStepTimeout = 1
#
# SUBNET LIMITING
# if both whitelist and blacklist are specified, only whitelist is used.
subnetWhitelist = [
#"0.0.0.0/32"
]
subnetBlacklist = [
]
#
# AUTH
#
# auth: authentication mode. Can be "RADIUS", "explicit", or "none".
# If set to "RADIUS", SOCKS5 Engine will use data from the respecting section below to contact a RADIUS server.
# If set to "explicit", SOCKS5 Engine will be using data from the AuthFile for authentication.
auth = "explicit"
# noauth: If set to true, SOCKS5 Engine will support the "no authentication" SOCKS5 method in addition to the username/password authentication.
noauth = true
# authFile: full path to the file with authentication credentials. Consult VeeProxyEngine.auth for syntax.
authFile = "/etc/vee-socks5/users.auth"
#
# RADIUS
# For more info on RADIUS, consult https://tools.ietf.org/html/rfc2865. Accounting is not supported.
# radiusIP: IP-address of the RADIUS server.
radiusIP = ""
# radiusKey: Secret key for the RADIUS server.
radiusKey = ""
#
# REDIS
#
# redis: if true, Redis will be used to cache passwords. Plaintext.
# flushdb is run on start-up.
redis = false
# redisTimeout: the time after which a password cache expires, in seconds.
cacheTimeout = 172800
# sessionTracking: if set to true, Redis will be used to keep track of proxy sessions being run by each user.
sessionTracking = false
# sessionLimit: if sessionTrack is set to true, users will be rejected when trying to open new sessions after hitting the limit.
sessionLimit = 20
# redisIP: IP-address of the Redis server.
redisIP = "127.0.0.1"
# redisPort: port of the Redis server.
redisPort = 6379
# redisDB: the Redis database.
redisDB = 0
# redisPassword: redis password.
redisPassword = ""