Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
SS-MANAGER(1)		   Shadowsocks-libev Manual		 SS-MANAGER(1)

       ss-manager - ss-server controller for multi-user	management and traffic

       ss-manager [-AuUv] [-h|--help] [-s _server_host_] [-p _server_port_]
       [-l _local_port_] [-k _password_] [-m _encrypt_method_] [-f _pid_file_]
       [-t _timeout_] [-c _config_file_] [-i _interface_] [-b _local_addr_]
       [-a _user_name_]	[-D _path_] [--manager-address _path_to_unix_domain_]
       [--executable _path_to_server_executable_] [--fast-open]	[--reuse-port]
       [--plugin _plugin_name_]	[--plugin-opts _plugin_options_]

       Shadowsocks-libev is a lightweight and secure socks5 proxy. It is a
       port of the original shadowsocks	created	by clowwindy.
       Shadowsocks-libev is written in pure C and takes	advantage of libev to
       achieve both high performance and low resource consumption.

       Shadowsocks-libev consists of five components. ss-manager(1) is a
       controller for multi-user management and	traffic	statistics, using UNIX
       domain socket to	talk with ss-server(1).	Also, it provides a UNIX
       domain socket or	IP based API for other software. About the details of
       this API, please	refer to the following PROTOCOL	section.

       -s _server_host_
	   Set the server's hostname or	IP.

       -k _password_
	   Set the password. The server	and the	client should use the same

       -m _encrypt_method_
	   Set the cipher.

	   Shadowsocks-libev accepts 18	different ciphers:

	   aes-128-gcm,	aes-192-gcm, aes-256-gcm, rc4-md5, aes-128-cfb,
	   aes-192-cfb,	aes-256-cfb, aes-128-ctr, aes-192-ctr, aes-256-ctr,
	   bf-cfb, camellia-128-cfb, camellia-192-cfb, camellia-256-cfb,
	   chacha20-ietf-poly1305, salsa20, chacha20 and chacha20-ietf.

	   The default cipher is chacha20-ietf-poly1305.

	   If built with PolarSSL or custom OpenSSL libraries, some of these
	   ciphers may not work.

       -a _user_name_
	   Run as a specific user.

       -f _pid_file_
	   Start shadowsocks as	a daemon with specific pid file.

       -t _timeout_
	   Set the socket timeout in seconds. The default value	is 60.

       -c _config_file_
	   Use a configuration file.

	   You may use "port_password" field inside this configuration file to
	   bring up multiple ss-server instances together.

       -i _interface_
	   Send	traffic	through	specific network interface.

	   For example,	there are three	interfaces in your device, which is lo
	   (,	eth0 ( and eth1 ( Meanwhile,
	   you configure ss-local to listen on and	bind to	eth1.
	   That	results	the traffic go out through eth1, but not lo nor	eth0.
	   This	option is useful to control traffic in multi-interface

	   Enable UDP relay.

	   Enable UDP relay and	disable	TCP relay.

	   Enable onetime authentication.

       -d _addr_
	   Setup name servers for internal DNS resolver	(libc-ares). The
	   default server is fetched from /etc/resolv.conf.

	   Enable TCP fast open.

	   Only	available with Linux kernel > 3.7.0.

	   Enable port reuse.

	   Only	available with Linux kernel > 3.9.0.

       --acl _acl_config_
	   Enable ACL (Access Control List) and	specify	config file.

       --manager-address _path_to_unix_domain_
	   Specify UNIX	domain socket address for the communication between
	   ss-manager(1) and ss-server(1).

	   Only	available in server and	manager	mode.

       --executable _path_to_server_executable_
	   Specify the executable path of ss-server.

	   Only	available in manager mode.

       --executable _path_to_server_executable_
	   Specify the working directory of ss-manager.

	   Only	available in manager mode.

       --plugin	_plugin_name_
	   Enable SIP003 plugin. (Experimental)

       --plugin-opts _plugin_options_
	   Set SIP003 plugin options. (Experimental)

	   Enable verbose mode.

	   Print help message.

       ss-manager(1) provides several APIs through UDP protocol:

       Send UDP	commands in the	following format to the	manager-address
       provided	to ss-manager(1):
	   command: [JSON data]

       To add a	port:
	   add:	{"server_port":	8001, "password":"7cd308cc059"}

       To remove a port:
	   remove: {"server_port": 8001}

       To receive the traffic statistics:

       The format of the traffic statistics:
	   stat: {"8001":11370}

       There is	no way to reset	the traffic statistics,	unless you remove the
       port and	add it again

       To use ss-manager(1), First start it and	specify	necessary information.

       Then communicate	with ss-manager(1) through UNIX	Domain Socket using
       UDP protocol:

	   # Start the manager.	Arguments for ss-server	will be	passed to generated
	   # ss-server process(es) respectively.
	   ss-manager --manager-address	/tmp/manager.sock --executable $(which ss-server) -s -m aes-256-cfb	-c /path/to/config.json

	   # Connect to	the socket. Using netcat-openbsd as an example.
	   # You should	use scripts or other programs for further management.
	   nc -Uu /tmp/manager.sock

       After that, you may communicate with ss-manager(1) as described above
       in the PROTOCOL section.

       ss-local(1), ss-server(1), ss-tunnel(1),	ss-redir(1),
       shadowsocks-libev(8), iptables(8), /etc/shadowsocks-libev/config.json

Shadowsocks-libev 3.3.2		  08/10/2020			 SS-MANAGER(1)


Want to link to this manual page? Use this URL:

home | help