[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-81717":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":9,"language":10,"languages":9,"totalLinesOfCode":9,"stars":11,"forks":12,"watchers":11,"openIssues":13,"contributorsCount":13,"subscribersCount":13,"size":13,"stars1d":13,"stars7d":13,"stars30d":13,"stars90d":13,"forks30d":13,"starsTrendScore":13,"compositeScore":14,"rankGlobal":9,"rankLanguage":9,"license":15,"archived":16,"fork":16,"defaultBranch":17,"hasWiki":16,"hasPages":16,"topics":18,"createdAt":9,"pushedAt":9,"updatedAt":25,"readmeContent":26,"aiSummary":27,"trendingCount":13,"starSnapshotCount":13,"syncStatus":28,"lastSyncTime":29,"discoverSource":30},81717,"cuocuo","nyarime\u002Fcuocuo","nyarime","Encrypted tunnel relay (XChaCha20-Poly1305 + Protobuf)",null,"Go",39,11,0,43.24,"GNU Affero General Public License v3.0",false,"main",[19,20,21,22,23,24],"encryption","golang","proxy","relay","tunnel","xchacha20","2026-06-12 04:01:35","# cuocuo\n\n[![Go Version](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fgo-mod\u002Fgo-version\u002FNyarime\u002Fcuocuo)](https:\u002F\u002Fgo.dev\u002F)\n[![License: AGPL-3.0](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-AGPL--3.0-blue.svg)](https:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fagpl-3.0)\n[![Release](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fv\u002Frelease\u002FNyarime\u002Fcuocuo)](https:\u002F\u002Fgithub.com\u002FNyarime\u002Fcuocuo\u002Freleases)\n\n加密隧道中继工具，基于 XChaCha20-Poly1305。\n\nEncrypted tunnel relay tool built on XChaCha20-Poly1305.\n\n> **致敬 \u002F Tribute**: cuocuo v5.0.0 致敬 [ryzen.moe](https:\u002F\u002Fryzen.moe)（WeChat Updates）的 cuocuo 隧道项目，配置文件格式向下兼容 v4.x。\n>\n> v5.0.0 is a tribute to the original cuocuo tunnel by [ryzen.moe](https:\u002F\u002Fryzen.moe) (WeChat Updates). Configuration format is backward-compatible with v4.x.\n\n## 与 v4.x 的区别 \u002F Changes from v4.x\n\n- 🔓 **去除授权验证** — 不再需要 license，开箱即用\n- 🔁 **配置文件兼容** — v4.x 的 JSON 配置文件可直接使用，无需修改\n- 🧹 **纯净重写** — 基于 Go 重新实现，代码简洁，无历史包袱\n- 📖 **完全开源** — AGPL-3.0，欢迎贡献\n\n## 架构 \u002F Architecture\n\n```\n┌──────────┐           ┌───────────────┐           ┌──────────┐\n│  Client   │◄─────────►│  Relay Node   │◆─────────►│  Target   │\n│  客户端   │  XChaCha20 │  中继节点      │   Forward  │  目标服务  │\n└──────────┘  Encrypted  └───────────────┘            └──────────┘\n                          ▲ Pool (20 conn)\n                          │ Load Balance\n                   ┌──────┴──────┐\n                   │ Upstream(s) │\n                   │ 上游节点组   │\n                   └─────────────┘\n```\n\n## 特性 \u002F Features\n\n- **三种传输 \u002F Three Transports**: TCP \u002F TLS \u002F WebSocket\n- **XChaCha20-Poly1305** AEAD 端到端加密\n- **连接池 \u002F Connection Pool**: 预建 20 个持久连接，自动重连\n- **负载均衡 \u002F Load Balancing**: 多上游轮询 (`fucks` 组)\n- **Proxy Protocol v1\u002Fv2**: 透传真实客户端 IP\n- **TLS Offload**: 入口终止 TLS，支持自定义证书\n- **HTTP 伪装 \u002F HTTP Camouflage**: 自定义 User-Agent \u002F Referer \u002F Server 头\n- **自动重启 \u002F Auto Restart**: 随机 24-48h 防内存泄漏\n\n## 安装 \u002F Install\n\n从 [Releases](https:\u002F\u002Fgithub.com\u002FNyarime\u002Fcuocuo\u002Freleases) 下载预编译二进制，或从源码编译：\n\n```bash\n# 从源码编译\ngit clone https:\u002F\u002Fgithub.com\u002FNyarime\u002Fcuocuo.git\ncd cuocuo && make all\n\n# 或直接 go install\ngo install github.com\u002FNyarime\u002Fcuocuo\u002Fcmd\u002Fserver@latest\ngo install github.com\u002FNyarime\u002Fcuocuo\u002Fcmd\u002Fclient@latest\n```\n\n## 快速开始 \u002F Quick Start\n\n### 1. 生成加密密钥\n\n```bash\n# 生成随机 token（服务端和客户端必须一致）\nexport CUOCUO_ENCRYPTION_TOKEN=$(openssl rand -base64 48)\nexport CUOCUO_ENCRYPTION_NONCE=$(openssl rand -base64 48)\necho \"CUOCUO_ENCRYPTION_TOKEN=$CUOCUO_ENCRYPTION_TOKEN\"\necho \"CUOCUO_ENCRYPTION_NONCE=$CUOCUO_ENCRYPTION_NONCE\"\n```\n\n服务端和客户端必须使用**相同的密钥对**。\n\n### 2. 服务端配置\n\n```json\n[\n    {\"type\": \"TCP\", \"listen\": \"0.0.0.0\", \"remote\": \"1000\", \"option\": \"Premium=1\"},\n    {\"type\": \"TLS\", \"listen\": \"0.0.0.0\", \"remote\": \"1001\", \"option\": \"Premium=1;Host=example.com;Crt=server.crt;Sec=server.key\"},\n    {\"type\": \"WebSocket\", \"listen\": \"0.0.0.0\", \"remote\": \"1002\", \"option\": \"Premium=1;Host=example.com;Path=ws-path;Server=nginx\u002F1.21.5\"}\n]\n```\n\n```bash\n.\u002Fcuocuo-server -c server.json\n```\n\n### 3. 客户端配置\n\n```json\n{\n    \"nexts\": [\n        {\"id\": \"node-1\", \"type\": \"TCP\", \"remote\": \"your-server:1000\", \"option\": \"Premium=1\"},\n        {\"id\": \"node-2\", \"type\": \"TLS\", \"remote\": \"your-server:1001\", \"option\": \"Premium=1;Host=example.com;Insecure=1\"}\n    ],\n    \"fucks\": [\n        {\"id\": \"lb-group\", \"next\": [\"node-1\", \"node-2\"], \"mode\": \"default\"}\n    ],\n    \"rules\": [\n        {\n            \"id\": \"forward-443\",\n            \"dialer\": \"lb-group\",\n            \"listen_addr\": \"0.0.0.0\",\n            \"listen_port\": \"10443\",\n            \"remote_addr\": \"target.com\",\n            \"remote_port\": \"443\",\n            \"mode\": \"tcp_and_udp\"\n        }\n    ]\n}\n```\n\n```bash\n.\u002Fcuocuo-client -c client.json\n```\n\n### 4. 验证\n\n```bash\ncurl https:\u002F\u002Ftarget.com --connect-to target.com:443:127.0.0.1:10443\n```\n\n## 配置参考 \u002F Configuration Reference\n\n### Server Options\n\n| 字段 | 说明 |\n|------|------|\n| `type` | 传输类型: `TCP` \u002F `TLS` \u002F `WebSocket` |\n| `listen` | 监听地址 |\n| `remote` | 监听端口 |\n| `option` | 分号分隔选项: `Premium=1`, `Host=`, `Crt=`, `Sec=`, `Path=`, `Server=` |\n\n### Client — nexts（上游节点）\n\n| 字段 | 说明 |\n|------|------|\n| `id` | 节点标识符 |\n| `type` | 传输类型: `TCP` \u002F `TLS` \u002F `WebSocket` |\n| `remote` | 服务器地址 `host:port` |\n| `option` | 同 server，额外支持 `Insecure=1`（跳过 TLS 验证） |\n\n### Client — fucks（负载均衡组）\n\n| 字段 | 说明 |\n|------|------|\n| `id` | 组标识符 |\n| `next` | 节点 ID 列表 |\n| `mode` | `default`（轮询） |\n\n### Client — rules（转发规则）\n\n| 字段 | 说明 |\n|------|------|\n| `dialer` | 使用的节点或组 ID |\n| `listen_addr` \u002F `listen_port` | 本地监听 |\n| `remote_addr` \u002F `remote_port` | 远程目标 |\n| `mode` | `tcp_and_udp` \u002F `tcp` \u002F `tls` |\n| `trueip` | Proxy Protocol v1 |\n| `truev2` | Proxy Protocol v2 |\n| `proxyp` | 接收端解析 Proxy Protocol |\n\n## systemd\n\n```bash\ncp systemd\u002Fcuocuo-server@.service \u002Fetc\u002Fsystemd\u002Fsystem\u002F\ncp systemd\u002Fcuocuo-client@.service \u002Fetc\u002Fsystemd\u002Fsystem\u002F\n\n# 配置文件放在 \u002Fetc\u002Fcuocuo-server\u002F 和 \u002Fetc\u002Fcuocuo-client\u002F\nsystemctl enable --now cuocuo-server@default\nsystemctl enable --now cuocuo-client@default\n```\n\n## 环境变量\n\n| 变量 | 说明 |\n|------|------|\n| `CUOCUO_ENCRYPTION_TOKEN` | 加密 token（由 keygen 生成） |\n| `CUOCUO_ENCRYPTION_NONCE` | 加密 nonce（由 keygen 生成） |\n\n## 贡献 \u002F Contributing\n\n欢迎贡献！请阅读 [CONTRIBUTING.md](CONTRIBUTING.md)。\n\n## 许可证 \u002F License\n\n[AGPL-3.0](LICENSE) — © 2026 [Naixi Networks](https:\u002F\u002Fnaixi.net)\n\n## 联系 \u002F Contact\n\n- **Email**: nyarime@naixi.net\n- **Forum**: [forum.naixi.net](https:\u002F\u002Fforum.naixi.net)\n","cuocuo 是一个基于 XChaCha20-Poly1305 加密的隧道中继工具，用于在客户端和目标服务之间建立安全的数据传输通道。该项目使用 Go 语言编写，支持 TCP、TLS 和 WebSocket 三种传输协议，并采用 AEAD 端到端加密技术确保数据的安全性。此外，它还具备连接池、负载均衡、自动重启等功能，能够有效提升连接稳定性和资源利用率。适用于需要对敏感信息进行保护的网络通信场景，如企业内部系统间的远程访问或个人隐私保护等。",2,"2026-06-11 04:06:06","CREATED_QUERY"]