SHADOWSOCKS_METHOD environment variable (#117)

Dockerfile

@@ -77,7 +77,8 @@ ENV VPNSP=pia \
     SHADOWSOCKS=off \
     SHADOWSOCKS_LOG=off \
     SHADOWSOCKS_PORT=8388 \
-    SHADOWSOCKS_PASSWORD=
+    SHADOWSOCKS_PASSWORD= \
+    SHADOWSOCKS_METHOD=chacha20-ietf-poly1305
 ENTRYPOINT /entrypoint
 EXPOSE 8888/tcp 8388/tcp 8388/udp
 HEALTHCHECK --interval=3m --timeout=3s --start-period=20s --retries=1 CMD /entrypoint healthcheck

README.md

@@ -164,6 +164,7 @@ docker run --rm --network=container:pia alpine:3.11 wget -qO- https://ipinfo.io
 | `SHADOWSOCKS_LOG` | `off` | `on` or `off` to enable logging for Shadowsocks  |
 | `SHADOWSOCKS_PORT` | `8388` | `1024` to `65535` internal port for SOCKS5 proxy |
 | `SHADOWSOCKS_PASSWORD` | | Passsword to use to connect to the SOCKS5 proxy |
+| `SHADOWSOCKS_METHOD` | `chacha20-ietf-poly1305` | Methods to use for Shadowsocks |
 | `TZ` | | Specify a timezone to use i.e. `Europe/London` |
 | `OPENVPN_VERBOSITY` | `1` | Openvpn verbosity level from 0 to 6 |
 | `OPENVPN_ROOT` | `no` | Run OpenVPN as root, `yes` or `no` |
@@ -219,7 +220,7 @@ There are various ways to achieve this, depending on your use case.
         - Enter the Docker host (i.e. `192.168.1.10`) as the server IP
         - Enter port TCP (and UDP, if available) `8388` as the server port
         - Use the password you have set with `SHADOWSOCKS_PASSWORD`
-        - Choose the encryption method/algorithm `chacha20-ietf-poly1305`
+        - Choose the encryption method/algorithm to the method you specified in `SHADOWSOCKS_METHOD`
     1. If you set `SHADOWSOCKS_LOG` to `on`, (a lot) more information will be logged in the Docker logs
 
     </p></details>

cmd/main.go

@@ -231,6 +231,7 @@ func main() {
 		err = shadowsocksConf.MakeConf(
 			allSettings.ShadowSocks.Port,
 			allSettings.ShadowSocks.Password,
+			allSettings.ShadowSocks.Method,
 			allSettings.UID,
 			allSettings.GID)
 		e.FatalOnError(err)

internal/params/params.go

@@ -66,6 +66,7 @@ type ParamsReader interface {
 	GetShadowSocksLog() (activated bool, err error)
 	GetShadowSocksPort() (port uint16, err error)
 	GetShadowSocksPassword() (password string, err error)
+	GetShadowSocksMethod() (method string, err error)
 
 	// Tinyproxy getters
 	GetTinyProxy() (activated bool, err error)

internal/params/shadowsocks.go

@@ -38,3 +38,9 @@ func (p *paramsReader) GetShadowSocksPassword() (password string, err error) {
 	defer p.unsetEnv("SHADOWSOCKS_PASSWORD")
 	return p.envParams.GetEnv("SHADOWSOCKS_PASSWORD", libparams.CaseSensitiveValue())
 }
+
+// GetShadowSocksMethod obtains the ShadowSocks method to use from the environment variable
+// SHADOWSOCKS_METHOD
+func (p *paramsReader) GetShadowSocksMethod() (method string, err error) {
+	return p.envParams.GetEnv("SHADOWSOCKS_METHOD", libparams.Default("chacha20-ietf-poly1305"))
+}

internal/settings/shadowsocks.go

@@ -13,15 +13,23 @@ type ShadowSocks struct {
 	Password string
 	Log      bool
 	Port     uint16
+	Method   string
 }
 
 func (s *ShadowSocks) String() string {
 	if !s.Enabled {
 		return "ShadowSocks settings: disabled"
 	}
+	log := "disabled"
+	if s.Log {
+		log = "enabled"
+	}
 	settingsList := []string{
 		"ShadowSocks settings:",
+		"Password: [redacted]",
+		"Log: " + log,
 		fmt.Sprintf("Port: %d", s.Port),
+		"Method: " + s.Method,
 	}
 	return strings.Join(settingsList, "\n |--")
 }
@@ -44,5 +52,9 @@ func GetShadowSocksSettings(params params.ParamsReader) (settings ShadowSocks, e
 	if err != nil {
 		return settings, err
 	}
+	settings.Method, err = params.GetShadowSocksMethod()
+	if err != nil {
+		return settings, err
+	}
 	return settings, nil
 }

internal/shadowsocks/conf.go

@@ -8,9 +8,9 @@ import (
 	"github.com/qdm12/private-internet-access-docker/internal/constants"
 )
 
-func (c *configurator) MakeConf(port uint16, password string, uid, gid int) (err error) {
+func (c *configurator) MakeConf(port uint16, password, method string, uid, gid int) (err error) {
 	c.logger.Info("%s: generating configuration file", logPrefix)
-	data := generateConf(port, password)
+	data := generateConf(port, password, method)
 	return c.fileManager.WriteToFile(
 		string(constants.ShadowsocksConf),
 		data,
@@ -18,7 +18,7 @@ func (c *configurator) MakeConf(port uint16, password string, uid, gid int) (err
 		files.Permissions(0400))
 }
 
-func generateConf(port uint16, password string) (data []byte) {
+func generateConf(port uint16, password, method string) (data []byte) {
 	conf := struct {
 		Server       string            `json:"server"`
 		User         string            `json:"user"`
@@ -33,7 +33,7 @@ func generateConf(port uint16, password string) (data []byte) {
 	}{
 		Server:   "0.0.0.0",
 		User:     "nonrootuser",
-		Method:   "chacha20-ietf-poly1305",
+		Method:   method,
 		Timeout:  30,
 		FastOpen: false,
 		Mode:     "tcp_and_udp",

internal/shadowsocks/conf_test.go

@@ -32,7 +32,7 @@ func Test_generateConf(t *testing.T) {
 		tc := tc
 		t.Run(name, func(t *testing.T) {
 			t.Parallel()
-			data := generateConf(tc.port, tc.password)
+			data := generateConf(tc.port, tc.password, "chacha20-ietf-poly1305")
 			assert.Equal(t, tc.data, data)
 		})
 	}
@@ -65,7 +65,7 @@ func Test_MakeConf(t *testing.T) {
 			).
 				Return(tc.writeErr).Once()
 			c := &configurator{logger: logger, fileManager: fileManager}
-			err := c.MakeConf(2000, "abcde", 1000, 1001)
+			err := c.MakeConf(2000, "abcde", "chacha20-ietf-poly1305", 1000, 1001)
 			if tc.err != nil {
 				require.Error(t, err)
 				assert.Equal(t, tc.err.Error(), err.Error())

internal/shadowsocks/shadowsocks.go

@@ -12,7 +12,7 @@ const logPrefix = "shadowsocks configurator"
 
 type Configurator interface {
 	Version() (string, error)
-	MakeConf(port uint16, password string, uid, gid int) (err error)
+	MakeConf(port uint16, password, method string, uid, gid int) (err error)
 	Start(server string, port uint16, password string, log bool) (stdout io.ReadCloser, waitFn func() error, err error)
 }