Skip to content

cfal/shoes

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

327 Commits
.cargo
.cargo
 
 
.github/workflows
.github/workflows
 
 
examples
examples
 
 
src
src
 
 
.gitignore
.gitignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
CONFIG.md
CONFIG.md
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

shoes

shoes is a high-performance multi-protocol proxy server written in Rust.

Supported Protocols

Proxy Protocols

  • HTTP/HTTPS
  • SOCKS5 (with UDP ASSOCIATE)
  • Mixed (auto-detect HTTP/SOCKS5)
  • VMess AEAD
  • VLESS (with fallback support)
  • Shadowsocks
  • Trojan
  • Snell v3
  • Hysteria2
  • TUIC v5
  • AnyTLS
  • NaiveProxy
  • H2MUX (supported with VMess, VLESS, Trojan, Shadowsocks, Snell)

Transport Protocols

All server protocols plus:

  • SagerNet UDP over TCP (for Shadowsocks, SOCKS5, AnyTLS, NaiveProxy)
  • ShadowTLS v3
  • TLS
  • WebSocket (Shadowsocks SIP003)
  • XTLS Reality
  • XTLS Vision (for VLESS)

TUN/VPN Mode

  • TUN device support - Layer 3 VPN for transparent proxying
  • Supported platforms: Linux, Android, iOS

Supported Ciphers

  • VMess: aes-128-gcm, chacha20-poly1305, none
  • Shadowsocks: aes-128-gcm, aes-256-gcm, chacha20-ietf-poly1305, 2022-blake3-aes-128-gcm, 2022-blake3-aes-256-gcm, 2022-blake3-chacha20-ietf-poly1305
  • Snell v3: aes-128-gcm, aes-256-gcm, chacha20-ietf-poly1305

Features

  • Multi-transport: TCP or QUIC for all protocols
  • TLS with SNI routing: Route by Server Name Indication
  • Upstream proxy chaining: Multi-hop chains with load balancing
  • Rule-based routing: Route by IP/CIDR or hostname masks
  • Named PEM certificates: Define once, reference everywhere
  • TLS fingerprint authentication: Certificate pinning for TLS/QUIC
  • Hot reloading: Apply config changes without restart
  • Unix socket support: Bind to Unix domain sockets

For advanced access control (IP allowlist/blocklists), see tobaru.

Installation

Precompiled binaries for x86_64 and Apple aarch64 are available on Github Releases.

Or install with cargo:

cargo install shoes

Usage

shoes [OPTIONS] <config.yaml> [config.yaml...] OPTIONS: -t, --threads NUM Set the number of worker threads (default: CPU count) -d, --dry-run Parse the config and exit --no-reload Disable automatic config reloading on file changes COMMANDS: generate-reality-keypair Generate a new Reality X25519 keypair generate-shadowsocks-2022-password <cipher> Generate a Shadowsocks password

Examples

# Run with a single config file shoes config.yaml # Run with multiple config files shoes server1.yaml server2.yaml rules.yaml # Run with custom thread count shoes --threads 8 config.yaml # Validate configuration without starting shoes --dry-run config.yaml # Run without hot-reloading shoes --no-reload config.yaml # Generate Reality keypair shoes generate-reality-keypair # Generate Shadowsocks 2022 cipher password shoes generate-shadowsocks-2022-password 2022-blake3-aes-256-gcm

Configuration

See CONFIG.md for the complete YAML configuration reference.

Examples

See the examples directory for all examples.

Basic VMess Server

- address: 0.0.0.0:16823 protocol: type: vmess cipher: chacha20-poly1305 user_id: b0e80a62-8a51-47f0-91f1-f0f7faf8d9d4 udp_enabled: true

VLESS with Vision over TLS

- address: 0.0.0.0:443 protocol: type: tls tls_targets: "vless.example.com": cert: cert.pem key: key.pem vision: true alpn_protocols: ["http/1.1"] protocol: type: vless user_id: b85798ef-e9dc-46a4-9a87-8da4499d36d0 udp_enabled: true

Reality Server

- address: 0.0.0.0:443 protocol: type: tls reality_targets: "www.example.com": private_key: "YOUR_BASE64URL_PRIVATE_KEY" short_ids: ["0123456789abcdef", ""] dest: "www.example.com:443" protocol: type: vless user_id: b85798ef-e9dc-46a4-9a87-8da4499d36d0 udp_enabled: true

Reality Client

- address: 127.0.0.1:1080 protocol: type: socks rules: - masks: "0.0.0.0/0" action: allow client_chain: address: "server.example.com:443" protocol: type: reality public_key: "SERVER_PUBLIC_KEY" short_id: "0123456789abcdef" sni_hostname: "www.example.com" protocol: type: vless user_id: b85798ef-e9dc-46a4-9a87-8da4499d36d0

Hysteria2 Server

- address: 0.0.0.0:443 transport: quic quic_settings: cert: cert.pem key: key.pem alpn_protocols: ["h3"] protocol: type: hysteria2 password: supersecret udp_enabled: true

TUIC v5 Server

- address: 0.0.0.0:443 transport: quic quic_settings: cert: cert.pem key: key.pem protocol: type: tuic uuid: d685aef3-b3c4-4932-9a9d-d0c2f6727dfa password: supersecret

Mixed HTTP/SOCKS5 Server

- address: 0.0.0.0:7890 protocol: type: mixed username: myuser password: mypassword

AnyTLS Server

- address: 0.0.0.0:443 protocol: type: tls tls_targets: "anytls.example.com": cert: cert.pem key: key.pem protocol: type: anytls users: - name: user1 password: secret123 udp_enabled: true

NaiveProxy Server

- address: 0.0.0.0:443 protocol: type: tls tls_targets: "naive.example.com": cert: cert.pem key: key.pem alpn_protocols: ["h2"] protocol: type: naiveproxy users: - username: user1 password: secret123 padding: true

TUN VPN

- device_name: tun0 address: 10.0.0.1 netmask: 255.255.255.0 mtu: 1500 tcp_enabled: true udp_enabled: true rules: - masks: "0.0.0.0/0" action: allow client_chain: address: "proxy.example.com:443" protocol: type: tls protocol: type: vless user_id: b85798ef-e9dc-46a4-9a87-8da4499d36d0

Similar Projects

About

A multi-protocol proxy server written in Rust (HTTP, SOCKS5, Vmess, Vless, Shadowsocks, Trojan, Snell, Hysteria2, TUIC v5, AnyTLS, Naiveproxy, XTLS)

Topics

rust proxy socks5 shadowsocks vpn trojan quic v2ray vmess snell naiveproxy vless xtls shadowtls tuic-v5 hysteria2 anytls

Resources

Readme

License

MIT license
Activity

Stars

981 stars

Watchers

7 watching

Forks

86 forks
Report repository

Releases 10

v0.2.7 Latest
Jan 22, 2026
+ 9 releases

Packages

 
 
 

Contributors 4

Languages