Reformulated shadowsocks.md

- Reformulated - Added description for `clients` parameter - Added example for proper password generation
XTLS · Aug 19, 2023 · 763d000 · 763d000
1 parent 6b73c24
commit 763d000
Showing 1 changed file with 35 additions and 31 deletions.
diff --git a/docs/en/config/inbounds/shadowsocks.md b/docs/en/config/inbounds/shadowsocks.md
@@ -1,20 +1,20 @@
 # Shadowsocks
 
-The [Shadowsocks](https://en.wikipedia.org/wiki/Shadowsocks) protocol is compatible with most other implementations of Shadowsocks.
+The [Shadowsocks](https://en.wikipedia.org/wiki/Shadowsocks) protocol is compatible with most other implementations of Shadowsocks. The server supports TCP and UDP packet forwarding, with an option to selectively disable UDP.
 
-The current compatibility is as follows:
+### Supported Encryption Methods
+The currently supported methods are following:
 
-- Supports TCP and UDP packet forwarding, with the option to selectively disable UDP.
 - Recommended encryption methods:
-  - 2022-blake3-aes-128-gcm
-  - 2022-blake3-aes-256-gcm
-  - 2022-blake3-chacha20-poly1305
-  - Other encryption methods:
-  - aes-256-gcm
-  - aes-128-gcm
-  - chacha20-poly1305 or chacha20-ietf-poly1305
-  - xchacha20-poly1305 or xchacha20-ietf-poly1305
-  - none or plain
+  - `2022-blake3-aes-128-gcm`
+  - `2022-blake3-aes-256-gcm`
+  - `2022-blake3-chacha20-poly1305`
+- Other encryption methods:
+  - `aes-256-gcm`
+  - `aes-128-gcm`
+  - `chacha20-poly1305`/`chacha20-ietf-poly1305`
+  - `xchacha20-poly1305`/`xchacha20-ietf-poly1305`
+  - `none`/`plain`
 
 The Shadowsocks 2022 new protocol format improves performance and includes complete replay protection, addressing the following security issues in the old protocol:
 
@@ -24,14 +24,15 @@ The Shadowsocks 2022 new protocol format improves performance and includes compl
 - TCP behaviors that can be used for active probing
 
 ::: danger
-Traffic transmitted without encryption using the "none" method will be in plain text. Do not use it on public networks for security reasons.
+Traffic transmitted without encryption using the "none" method will be in plain text. **Do not use it on public networks** for security reasons.
 :::
 
 ## InboundConfigurationObject
 
 ```json
 {
   "settings": {
+    "clients": [],
     "password": "password",
     "method": "aes-256-gcm",
     "level": 0,
@@ -41,6 +42,10 @@ Traffic transmitted without encryption using the "none" method will be in plain
 }
 ```
 
+> `clients`: a list of [`ClientObject`](#clientobject), empty list considered valid
+
+The `password` parameter can be specified for the server at all, but also in the [`ClientObject`](#clientobject) being dedicated to the given user. Server-level `password` is not guaranteed to override the client-specific one.
+
 > `network`: "tcp" | "udp" | "tcp,udp"
 
 The supported network protocol type. For example, when specified as `"tcp"`, it will only handle TCP traffic. The default value is `"tcp"`.
@@ -56,31 +61,30 @@ The supported network protocol type. For example, when specified as `"tcp"`, it
 }
 ```
 
-> `method`: string
+> `method`: string, any of the [supported methods](#supportedencryptionmethods)
 
 Required.
 
 > `password`: string
 
-Required.
-
-- Shadowsocks 2022
-
-Use a pre-shared key similar to WireGuard as the password.
-
-Use `openssl rand -base64 <length>` to generate a compatible key with shadowsocks-rust, where the length depends on the encryption method used.
-
-| Encryption Method             | Key Length |
-| ----------------------------- | ---------: |
-| 2022-blake3-aes-128-gcm       |         16 |
-| 2022-blake3-aes-256-gcm       |         32 |
-| 2022-blake3-chacha20-poly1305 |         32 |
+Required. For **Shadowsocks 2022** a pre-shared `base64` random key similar to WireGuard's keys should be used as the password. The command 
+```sh
+openssl rand -base64 <length>
+```
+could used to generate a key. The length of the required key for `shadowsocks-rust` implementation depends on the encryption method:
 
-In the Go implementation, a 32-byte key always works.
+| Encryption Method               | Key Length |
+| -----------------------------   | ---------: |
+| `2022-blake3-aes-128-gcm`       |         16 |
+| `2022-blake3-aes-256-gcm`       |         32 |
+| `2022-blake3-chacha20-poly1305` |         32 |
 
-- Other encryption methods
+In the `go-shadowsocks` implementation written in Golang, a 32-byte key always works. 
 
-Any string. There is no limitation on the password length, but shorter passwords are more susceptible to cracking. It is recommended to use a password of 16 characters or longer.
+For **any other encryption method** _any string_ could be used. There is no limitation on the password length, but shorter passwords are more susceptible to cracking. It is recommended to use a random-generated password of 16 characters or longer. The following example generates 40-characters length password:
+```sh
+sudo strings /dev/urandom | grep -o '[[:alnum:]]' | head -n 40 | tr -d '\n'; echo
+```
 
 > `level`: number
 
@@ -90,4 +94,4 @@ The value of `level` corresponds to the value of `level` in the [policy](../poli
 
 > `email`: string
 
-The user's email, used to differentiate traffic from different users (logs, statistics).
+The user's email, used to differentiate traffic from different users for logs or statistics.