[GH-ISSUE #240] Shadowsocks-Rust and Cloak #197

New issue

Open

opened 2026-02-26 12:34:14 +03:00 by kerem · 12 comments

kerem commented 2026-02-26 12:34:14 +03:00

Owner

Copy link

Originally created by @SchattenWolf2008 on GitHub (Nov 18, 2023).
Original GitHub issue: https://github.com/cbeuw/Cloak/issues/240

Hello.

I wanted to go for a rather simple setup with docker.

I have installed Shadowsocks-rust on docker with an docker-compose.

On the ShadowSocks-Rust Server container, I have installed cloak by having the executable file on the host system and mapped it into the container.

In the SS config I have configured it to use the plugin using the path.

This seemed to work, but cloak complained about the config file.

I then also mapped a config file into the docker container (I can also access it from inside the docker container) but it still complains.

My config for the plugin in ssserver.json is:

    "plugin": "/usr/bin/ck-server-linux-amd64", // or the correct path to the plugin
    "plugin_opts": "-c /etc/cloak/ckserver.json",

And I get this error:

docker-compose up

 ✔ Network container_default  Created                                                                                                                                                                               0.1s 
 ✔ Container sslocal-rust     Created                                                                                                                                                                               0.1s 
 ✔ Container ssserver-rust    Created                                                                                                                                                                               0.1s 
Attaching to sslocal-rust, ssserver-rust
ssserver-rust  | /usr/bin/docker-entrypoint.sh: Configuration complete; ready for start up
sslocal-rust   | /usr/bin/docker-entrypoint.sh: Configuration complete; ready for start up
ssserver-rust  | INFO  shadowsocks server 1.17.0 build 2023-10-15T02:34:53.113976544+00:00
ssserver-rust  | INFO  shadowsocks tcp server listening on 127.0.0.1:37955, inbound address 0.0.0.0:8388
ssserver-rust  | INFO  shadowsocks udp server listening on 0.0.0.0:8388, inbound address 0.0.0.0:8388
sslocal-rust   | INFO  shadowsocks local 1.17.0 build 2023-10-15T02:36:35.925045219+00:00
sslocal-rust   | INFO  shadowsocks socks TCP listening on 127.0.0.1:1199
ssserver-rust  | time="2023-11-18T13:39:19Z" level=fatal msg="Configuration file error: failed to read/unmarshal configuration, path is invalid or unexpected end of JSON input"
ssserver-rust  | ERROR plugin exited with status: exit status: 1
ssserver-rust  | server aborted with server exited unexpectedly
ssserver-rust exited with code 0
ssserver-rust exited with code 70

This is my config file for cloak:

  "ProxyBook": {
    "shadowsocks": [
      "tcp",
      "127.0.0.1:8388"
    ]
  },
  "BindAddr": [
    ":443",
    ":80"
  ],
  "RedirAddr": "google.com"
}

I wanted the TLS encryption to be done by my nginx server on the host, which is why I didn't include any SSL keys.

If that was the issue, I'd atleast expect a different error message.

Why is cloak not finding the config file?

I mapped it like this:
.../container-data/ckserver.json:/etc/cloak/ckserver.json

And I can read it from within the docker container:

user@server: docker exec -it ssserver-rust cat /etc/cloak/ckserver.json

{
  "ProxyBook": {
    "shadowsocks": [
      "tcp",
      "127.0.0.1:8388"
    ]
  },
  "BindAddr": [
    ":443",
    ":80"
  ],
  "RedirAddr": "google.com"
}

Originally created by @SchattenWolf2008 on GitHub (Nov 18, 2023). Original GitHub issue: https://github.com/cbeuw/Cloak/issues/240 Hello. I wanted to go for a rather simple setup with docker. I have installed Shadowsocks-rust on docker with an docker-compose. On the ShadowSocks-Rust Server container, I have installed cloak by having the executable file on the host system and mapped it into the container. In the SS config I have configured it to use the plugin using the path. This seemed to work, but cloak complained about the config file. I then also mapped a config file into the docker container (I can also access it from inside the docker container) but it still complains. My config for the plugin in ssserver.json is: ``` "plugin": "/usr/bin/ck-server-linux-amd64", // or the correct path to the plugin "plugin_opts": "-c /etc/cloak/ckserver.json", ``` And I get this error: `docker-compose up` ```[+] Running 3/1 ✔ Network container_default Created 0.1s ✔ Container sslocal-rust Created 0.1s ✔ Container ssserver-rust Created 0.1s Attaching to sslocal-rust, ssserver-rust ssserver-rust | /usr/bin/docker-entrypoint.sh: Configuration complete; ready for start up sslocal-rust | /usr/bin/docker-entrypoint.sh: Configuration complete; ready for start up ssserver-rust | INFO shadowsocks server 1.17.0 build 2023-10-15T02:34:53.113976544+00:00 ssserver-rust | INFO shadowsocks tcp server listening on 127.0.0.1:37955, inbound address 0.0.0.0:8388 ssserver-rust | INFO shadowsocks udp server listening on 0.0.0.0:8388, inbound address 0.0.0.0:8388 sslocal-rust | INFO shadowsocks local 1.17.0 build 2023-10-15T02:36:35.925045219+00:00 sslocal-rust | INFO shadowsocks socks TCP listening on 127.0.0.1:1199 ssserver-rust | time="2023-11-18T13:39:19Z" level=fatal msg="Configuration file error: failed to read/unmarshal configuration, path is invalid or unexpected end of JSON input" ssserver-rust | ERROR plugin exited with status: exit status: 1 ssserver-rust | server aborted with server exited unexpectedly ssserver-rust exited with code 0 ssserver-rust exited with code 70 ``` This is my config file for cloak: ```{ "ProxyBook": { "shadowsocks": [ "tcp", "127.0.0.1:8388" ] }, "BindAddr": [ ":443", ":80" ], "RedirAddr": "google.com" } ``` I wanted the TLS encryption to be done by my nginx server on the host, which is why I didn't include any SSL keys. If that was the issue, I'd atleast expect a different error message. Why is cloak not finding the config file? I mapped it like this: .../container-data/ckserver.json:/etc/cloak/ckserver.json And I can read it from within the docker container: `user@server: docker exec -it ssserver-rust cat /etc/cloak/ckserver.json` ``` { "ProxyBook": { "shadowsocks": [ "tcp", "127.0.0.1:8388" ] }, "BindAddr": [ ":443", ":80" ], "RedirAddr": "google.com" } ```

kerem commented 2026-02-26 12:34:15 +03:00

Author

Owner

Copy link

@SchattenWolf2008 commented on GitHub (Nov 18, 2023):

Ahaaa
So by running the ck-server directly from within the docker container it says that it requires a private key.

But since my TLS encryption should happen from the reverse proxy and not from cloak (since I don't want to map my certificate into an docker container and have redirect loop issues etc.)
How can I configure cloak to only serve HTTP traffic?

<!-- gh-comment-id:1817519930 --> @SchattenWolf2008 commented on GitHub (Nov 18, 2023): Ahaaa So by running the ck-server directly from within the docker container it says that it requires a private key. But since my TLS encryption should happen from the reverse proxy and not from cloak (since I don't want to map my certificate into an docker container and have redirect loop issues etc.) How can I configure cloak to only serve HTTP traffic?

kerem commented 2026-02-26 12:34:15 +03:00

Author

Owner

Copy link

@SchattenWolf2008 commented on GitHub (Nov 18, 2023):

Ahaaa
I get it now.

Its used as some sort of password rather than encryption?

Anyway I got it working now.

<!-- gh-comment-id:1817520725 --> @SchattenWolf2008 commented on GitHub (Nov 18, 2023): Ahaaa I get it now. Its used as some sort of password rather than encryption? Anyway I got it working now.

kerem commented 2026-02-26 12:34:15 +03:00

Author

Owner

Copy link

@SchattenWolf2008 commented on GitHub (Nov 18, 2023):

The only help that I need now is how do I configure the path correctly?

What is the default path for the config?

Because when I start the cloak server using shadowsocks plugin settings, it does not find the file.

But the config is functional now.

This is how the plugin is currently configured.

"plugin": "/usr/bin/ck-server-linux-amd64",
"plugin_opts": "-c /etc/cloak/ckserver.json",

I also tried "plugin": "/usr/bin/ck-server-linux-amd64 -c /etc/cloak/ckserver.json",

But then the ssserver does not find it.
ssserver-rust | ERROR failed to start plugin "/usr/bin/ck-server-linux-amd64 -c /etc/cloak/ckserver.json" for server 0.0.0.0:8388, err: No such file or directory (os error 2)

<!-- gh-comment-id:1817521712 --> @SchattenWolf2008 commented on GitHub (Nov 18, 2023): The only help that I need now is how do I configure the path correctly? What is the default path for the config? Because when I start the cloak server using shadowsocks plugin settings, it does not find the file. But the config is functional now. This is how the plugin is currently configured. "plugin": "/usr/bin/ck-server-linux-amd64", "plugin_opts": "-c /etc/cloak/ckserver.json", I also tried "plugin": "/usr/bin/ck-server-linux-amd64 -c /etc/cloak/ckserver.json", But then the ssserver does not find it. ssserver-rust | ERROR failed to start plugin "/usr/bin/ck-server-linux-amd64 -c /etc/cloak/ckserver.json" for server 0.0.0.0:8388, err: No such file or directory (os error 2)

kerem commented 2026-02-26 12:34:15 +03:00

Author

Owner

Copy link

@notsure2 commented on GitHub (Nov 18, 2023):

Cdn mode

-------- Original Message --------
On Nov 18, 2023, 4:13 PM, SchattenWolf2008 wrote:

Ahaaa
So by running the ck-server directly from within the docker container it says that it requires a private key.

But since my TLS encryption should happen from the reverse proxy and not from cloak (since I don't want to map my certificate into an docker container and have redirect loop issues etc.)
How can I configure cloak to only serve HTTP traffic?

—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: @.***>

<!-- gh-comment-id:1817522506 --> @notsure2 commented on GitHub (Nov 18, 2023): Cdn mode -------- Original Message -------- On Nov 18, 2023, 4:13 PM, SchattenWolf2008 wrote: > Ahaaa > So by running the ck-server directly from within the docker container it says that it requires a private key. > > But since my TLS encryption should happen from the reverse proxy and not from cloak (since I don't want to map my certificate into an docker container and have redirect loop issues etc.) > How can I configure cloak to only serve HTTP traffic? > > — > Reply to this email directly, [view it on GitHub](https://github.com/cbeuw/Cloak/issues/240#issuecomment-1817519930), or [unsubscribe](https://github.com/notifications/unsubscribe-auth/AIOIVHYVLZY7IXVOOM3WBGTYFC7AFAVCNFSM6AAAAAA7Q7YJMSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMJXGUYTSOJTGA). > You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

kerem commented 2026-02-26 12:34:15 +03:00

Author

Owner

Copy link

@SchattenWolf2008 commented on GitHub (Nov 18, 2023):

Cdn mode
…
-------- Original Message --------
On Nov 18, 2023, 4:13 PM, SchattenWolf2008 wrote: Ahaaa So by running the ck-server directly from within the docker container it says that it requires a private key. But since my TLS encryption should happen from the reverse proxy and not from cloak (since I don't want to map my certificate into an docker container and have redirect loop issues etc.) How can I configure cloak to only serve HTTP traffic? — Reply to this email directly, [view it on GitHub](#240 (comment)), or unsubscribe. You are receiving this because you are subscribed to this thread.Message ID: @.***>

I don't cleary get this.

Well I managed to get cloak server running now but

I have read about cdn in the docs and put the cloak server to listen on 0.0.0.0:80, with the docker config I changed the port from :80 to 127.0.0.1:8389 and on my nginx reverse proxy I set it to point to http://127.0.0.1:8389.

But the shadowrocket vpn client does not seem to establish an functioning connection.

I dont cleary understand what options I need to set.

On the client I configured:
My domain as address (my webserver enforces TLS SSL and port 443, HTTP 80 traffic gets redirected.
Port 443
Encryption Method: plain
Browser: chrome
Transport: cdn
Allow Insecure: No
SNI:
Proxy Method: /
Server Name:
UID:
Public Key: myKex14dg515ads
Stream Timeout: 300
Alternative Names:

I am not sure what I need to set in order to make it working.

The ShadowSocks server is not accessable from outside, only from the cloak server.

At Proxy Method in particular it had "/" just there, does that have something to do with the book thingy from cloak?

<!-- gh-comment-id:1817663639 --> @SchattenWolf2008 commented on GitHub (Nov 18, 2023): > Cdn mode > […](#) > -------- Original Message -------- > On Nov 18, 2023, 4:13 PM, SchattenWolf2008 wrote: Ahaaa So by running the ck-server directly from within the docker container it says that it requires a private key. But since my TLS encryption should happen from the reverse proxy and not from cloak (since I don't want to map my certificate into an docker container and have redirect loop issues etc.) How can I configure cloak to only serve HTTP traffic? — Reply to this email directly, [view it on GitHub]([#240 (comment)](https://github.com/cbeuw/Cloak/issues/240#issuecomment-1817519930)), or [unsubscribe](https://github.com/notifications/unsubscribe-auth/AIOIVHYVLZY7IXVOOM3WBGTYFC7AFAVCNFSM6AAAAAA7Q7YJMSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMJXGUYTSOJTGA). You are receiving this because you are subscribed to this thread.Message ID: ***@***.***> I don't cleary get this. Well I managed to get cloak server running now but I have read about cdn in the docs and put the cloak server to listen on 0.0.0.0:80, with the docker config I changed the port from :80 to 127.0.0.1:8389 and on my nginx reverse proxy I set it to point to http://127.0.0.1:8389. But the shadowrocket vpn client does not seem to establish an functioning connection. I dont cleary understand what options I need to set. On the client I configured: My domain as address (my webserver enforces TLS SSL and port 443, HTTP 80 traffic gets redirected. Port 443 Encryption Method: plain Browser: chrome Transport: cdn Allow Insecure: No SNI: Proxy Method: / Server Name: UID: Public Key: myKex14dg515ads Stream Timeout: 300 Alternative Names: I am not sure what I need to set in order to make it working. The ShadowSocks server is not accessable from outside, only from the cloak server. At Proxy Method in particular it had "/" just there, does that have something to do with the book thingy from cloak?

kerem commented 2026-02-26 12:34:15 +03:00

Author

Owner

Copy link

@qwerttvv commented on GitHub (Dec 7, 2023):

https://github.com/cbeuw/Cloak/blob/master/example_config/ckserver.json
https://github.com/shadowsocks/shadowsocks-rust/tree/master#configuration

<!-- gh-comment-id:1845563202 --> @qwerttvv commented on GitHub (Dec 7, 2023): https://github.com/cbeuw/Cloak/blob/master/example_config/ckserver.json https://github.com/shadowsocks/shadowsocks-rust/tree/master#configuration

kerem commented 2026-02-26 12:34:15 +03:00

Author

Owner

Copy link

@yaqub2003 commented on GitHub (Aug 11, 2024):

Hello, I have the same problem. I set up a reverse proxy with Nginx, and the connection works on Windows and Android, but when I try to connect with Shadowrocket, I can't. There isn't even anything in the server log showing that I'm trying to connect. I think this is a problem with the Shadowrocket client because no logs appear on the server at all. I can also say that when I just enter the URL in a browser and make any connection to the Cloak server, something appears in the logs, but not with the Shadowrocket connection. I think we need to report this to the Shadowrocket developer.

<!-- gh-comment-id:2282701513 --> @yaqub2003 commented on GitHub (Aug 11, 2024): Hello, I have the same problem. I set up a reverse proxy with Nginx, and the connection works on Windows and Android, but when I try to connect with Shadowrocket, I can't. There isn't even anything in the server log showing that I'm trying to connect. I think this is a problem with the Shadowrocket client because no logs appear on the server at all. I can also say that when I just enter the URL in a browser and make any connection to the Cloak server, something appears in the logs, but not with the Shadowrocket connection. I think we need to report this to the Shadowrocket developer.

kerem commented 2026-02-26 12:34:15 +03:00

Author

Owner

Copy link

@SchattenWolf2008 commented on GitHub (Aug 11, 2024):

Hello, I have the same problem. I set up a reverse proxy with Nginx, and the connection works on Windows and Android, but when I try to connect with Shadowrocket, I can't. There isn't even anything in the server log showing that I'm trying to connect. I think this is a problem with the Shadowrocket client because no logs appear on the server at all. I can also say that when I just enter the URL in a browser and make any connection to the Cloak server, something appears in the logs, but not with the Shadowrocket connection. I think we need to report this to the Shadowrocket developer.

Yeah at this point I have already dropped the project and removed the server.
But if shadowrocket actually does this, it might be considerable for me and many others to launch a server.

<!-- gh-comment-id:2282722339 --> @SchattenWolf2008 commented on GitHub (Aug 11, 2024): > Hello, I have the same problem. I set up a reverse proxy with Nginx, and the connection works on Windows and Android, but when I try to connect with Shadowrocket, I can't. There isn't even anything in the server log showing that I'm trying to connect. I think this is a problem with the Shadowrocket client because no logs appear on the server at all. I can also say that when I just enter the URL in a browser and make any connection to the Cloak server, something appears in the logs, but not with the Shadowrocket connection. I think we need to report this to the Shadowrocket developer. Yeah at this point I have already dropped the project and removed the server. But if shadowrocket actually does this, it might be considerable for me and many others to launch a server.

kerem commented 2026-02-26 12:34:15 +03:00

Author

Owner

Copy link

@yaqub2003 commented on GitHub (Aug 11, 2024):

Okey, but i am trying for myself. I alredy write developer via email, if he answer. I will write here so that all other people know, but I'm sure that the problem is in shadowrocket, because all other clients are working

<!-- gh-comment-id:2282724143 --> @yaqub2003 commented on GitHub (Aug 11, 2024): Okey, but i am trying for myself. I alredy write developer via email, if he answer. I will write here so that all other people know, but I'm sure that the problem is in shadowrocket, because all other clients are working

kerem commented 2026-02-26 12:34:15 +03:00

Author

Owner

Copy link

@yaqub2003 commented on GitHub (Aug 14, 2024):

Hello. I found a way to make nginx and Cloak, xtls-reality or anything else work on port 443. To do this, you need to make sure that nginx understands where to redirect requests via SNI for this you need to add the configurations written below
/etc/nginx/nginx.conf

stream {
        include /etc/nginx/stream-enabled/proxy.conf;
}

/etc/nginx/stream-enabled/proxy.conf

map $ssl_preread_server_name $sni_name {
    hostnames;
    aleko.sytes.net       		www;
    *.example.com         	       www;
    test.az                    	       www;
    default                               cloak;
    www.google.com              cloak;
}

upstream cloak {
    server 127.0.0.1:8443;
}

upstream www {
    server 127.0.0.1:7443;
}

server {
    listen          443;
    proxy_pass      $sni_name;
    ssl_preread     on;
}

After that you need to change the all your websites ports from 443 to 7443
/etc/nginx/sites-enabled/aleko.sytes.net

listen 7443 ssl;

And the last change cloak config BindAddr to only one port 8443:

{
 "ProxyBook": {
   "shadowsocks": [
     "tcp",
     "127.0.0.1:1080"
   ],
   "shadowsocks": [
     "udp",
     "127.0.0.1:1080"
   ]
 },
 "BindAddr": [
   ":8443"
 ],
 "RedirAddr": "www.google.com",
 "PrivateKey": "<Key>",
 "AdminUID": "<UID>"
}

After all of this you can use direct Transport in Cloak with 443 port and also all your sites will work at 443 port and in the proxy.conf file change the sites to yours

<!-- gh-comment-id:2288551137 --> @yaqub2003 commented on GitHub (Aug 14, 2024): Hello. I found a way to make nginx and Cloak, xtls-reality or anything else work on port 443. To do this, you need to make sure that nginx understands where to redirect requests via SNI for this you need to add the configurations written below /etc/nginx/nginx.conf ``` stream { include /etc/nginx/stream-enabled/proxy.conf; } ``` /etc/nginx/stream-enabled/proxy.conf ``` map $ssl_preread_server_name $sni_name { hostnames; aleko.sytes.net www; *.example.com www; test.az www; default cloak; www.google.com cloak; } upstream cloak { server 127.0.0.1:8443; } upstream www { server 127.0.0.1:7443; } server { listen 443; proxy_pass $sni_name; ssl_preread on; } ``` After that you need to change the all your websites ports from 443 to 7443 /etc/nginx/sites-enabled/aleko.sytes.net ``` listen 7443 ssl; ``` And the last change cloak config BindAddr to only one port 8443: ``` { "ProxyBook": { "shadowsocks": [ "tcp", "127.0.0.1:1080" ], "shadowsocks": [ "udp", "127.0.0.1:1080" ] }, "BindAddr": [ ":8443" ], "RedirAddr": "www.google.com", "PrivateKey": "<Key>", "AdminUID": "<UID>" } ``` After all of this you can use direct Transport in Cloak with 443 port and also all your sites will work at 443 port and in the proxy.conf file change the sites to yours

kerem commented 2026-02-26 12:34:15 +03:00

Author

Owner

Copy link

@yaqub2003 commented on GitHub (Aug 14, 2024):

And about CDN mode using reverse proxy through nginx. I wrote to the developer he fixed the bug in shadowrocket, now it connects, but for now only in beta version, I think in a month he will release 2.2.55 version an update in which reverse proxy through Cloak CDN transport will work, but you can not wait for the update, and do everything by the method described above.

<!-- gh-comment-id:2288571720 --> @yaqub2003 commented on GitHub (Aug 14, 2024): And about CDN mode using reverse proxy through nginx. I wrote to the developer he fixed the bug in shadowrocket, now it connects, but for now only in beta version, I think in a month he will release 2.2.55 version an update in which reverse proxy through Cloak CDN transport will work, but you can not wait for the update, and do everything by the method described above.

kerem commented 2026-02-26 12:34:15 +03:00

Author

Owner

Copy link

@SchattenWolf2008 commented on GitHub (Aug 14, 2024):

Hello. I found a way to make nginx and Cloak, xtls-reality or anything else work on port 443. To do this, you need to make sure that nginx understands where to redirect requests via SNI for this you need to add the configurations written below /etc/nginx/nginx.conf

stream {
        include /etc/nginx/stream-enabled/proxy.conf;
}

/etc/nginx/stream-enabled/proxy.conf

map $ssl_preread_server_name $sni_name {
    hostnames;
    aleko.sytes.net       		www;
    *.example.com         	       www;
    test.az                    	       www;
    default                               cloak;
    www.google.com              cloak;
}

upstream cloak {
    server 127.0.0.1:8443;
}

upstream www {
    server 127.0.0.1:7443;
}

server {
    listen          443;
    proxy_pass      $sni_name;
    ssl_preread     on;
}

After that you need to change the all your websites ports from 443 to 7443 /etc/nginx/sites-enabled/aleko.sytes.net

listen 7443 ssl;

And the last change cloak config BindAddr to only one port 8443:

{
 "ProxyBook": {
   "shadowsocks": [
     "tcp",
     "127.0.0.1:1080"
   ],
   "shadowsocks": [
     "udp",
     "127.0.0.1:1080"
   ]
 },
 "BindAddr": [
   ":8443"
 ],
 "RedirAddr": "www.google.com",
 "PrivateKey": "<Key>",
 "AdminUID": "<UID>"
}

After all of this you can use direct Transport in Cloak with 443 port and also all your sites will work at 443 port and in the proxy.conf file change the sites to yours

This is awesome!

I will give it a shot! :)

-- keeping threat open if questions follow

<!-- gh-comment-id:2288938085 --> @SchattenWolf2008 commented on GitHub (Aug 14, 2024): > Hello. I found a way to make nginx and Cloak, xtls-reality or anything else work on port 443. To do this, you need to make sure that nginx understands where to redirect requests via SNI for this you need to add the configurations written below /etc/nginx/nginx.conf > > ``` > stream { > include /etc/nginx/stream-enabled/proxy.conf; > } > ``` > > /etc/nginx/stream-enabled/proxy.conf > > ``` > map $ssl_preread_server_name $sni_name { > hostnames; > aleko.sytes.net www; > *.example.com www; > test.az www; > default cloak; > www.google.com cloak; > } > > upstream cloak { > server 127.0.0.1:8443; > } > > upstream www { > server 127.0.0.1:7443; > } > > server { > listen 443; > proxy_pass $sni_name; > ssl_preread on; > } > ``` > > After that you need to change the all your websites ports from 443 to 7443 /etc/nginx/sites-enabled/aleko.sytes.net > > ``` > listen 7443 ssl; > ``` > > And the last change cloak config BindAddr to only one port 8443: > > ``` > { > "ProxyBook": { > "shadowsocks": [ > "tcp", > "127.0.0.1:1080" > ], > "shadowsocks": [ > "udp", > "127.0.0.1:1080" > ] > }, > "BindAddr": [ > ":8443" > ], > "RedirAddr": "www.google.com", > "PrivateKey": "<Key>", > "AdminUID": "<UID>" > } > ``` > > After all of this you can use direct Transport in Cloak with 443 port and also all your sites will work at 443 port and in the proxy.conf file change the sites to yours This is awesome! I will give it a shot! :) -- keeping threat open if questions follow

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

renovate/go-github.com-refraction-networking-utls-vulnerability

dependabot/go_modules/golang.org/x/crypto-0.45.0

utls-1.7.0

deps-20250430

padding

docker-tests

ptspec

legacy-v1

v2.12.0

v2.11.0

v2.10.0

v2.9.0

v2.8.0

v2.7.1-pre

v2.7.0

v2.6.1

v2.6.0

v2.5.5

v2.5.4

v2.5.3

v2.5.2

v2.5.1

v2.5.0

v2.4.1

v2.4.0

v2.3.2

v2.3.1

v2.3.0

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.3

v2.1.2

v2.1.1

v2.1.0

v2.0.2

v2.0.1

v2.0.0

v1.1.2

v1.1.1

v1.1.0

v1.0.0

v0.2.0

v0.1.0

Labels

Clear labels   

pull-request

Mirrored from GitHub Pull Request

No labels

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/Cloak#197

No description provided.