✍️ ライティング コミュニティ
ur-wizard
匿名インターネットアクセスやVPN接続、プロキシ経由のスクレイピングを可能にし、帯域幅提供で報酬を得られる分散型プライバシーネットワークの構築を支援するSkill。
📜 元の英語説明(参考)
URnetwork Wizard - Complete decentralized privacy network skill for creating HTTPS/SOCKS/WireGuard proxies (consumer mode) and earning rewards by providing egress bandwidth (provider mode). Use when needing anonymous internet access, setting up VPN connections, scraping through proxies, or running a provider node to earn USDC. Formerly proxy-vpn, now enriched with full official documentation.
🇯🇵 日本人クリエイター向け解説
一言でいうと
匿名インターネットアクセスやVPN接続、プロキシ経由のスクレイピングを可能にし、帯域幅提供で報酬を得られる分散型プライバシーネットワークの構築を支援するSkill。
※ jpskill.com 編集部が日本のビジネス現場向けに補足した解説です。Skill本体の挙動とは独立した参考情報です。
⚡ おすすめ: コマンド1行でインストール(60秒)
下記のコマンドをコピーしてターミナル(Mac/Linux)または PowerShell(Windows)に貼り付けてください。 ダウンロード → 解凍 → 配置まで全自動。
🍎 Mac / 🐧 Linux
mkdir -p ~/.claude/skills && cd ~/.claude/skills && curl -L -o ur-wizard.zip https://jpskill.com/download/5527.zip && unzip -o ur-wizard.zip && rm ur-wizard.zip
🪟 Windows (PowerShell)
$d = "$env:USERPROFILE\.claude\skills"; ni -Force -ItemType Directory $d | Out-Null; iwr https://jpskill.com/download/5527.zip -OutFile "$d\ur-wizard.zip"; Expand-Archive "$d\ur-wizard.zip" -DestinationPath $d -Force; ri "$d\ur-wizard.zip"完了後、Claude Code を再起動 → 普通に「動画プロンプト作って」のように話しかけるだけで自動発動します。
💾 手動でダウンロードしたい(コマンドが難しい人向け)
- 1. 下の青いボタンを押して
ur-wizard.zipをダウンロード - 2. ZIPファイルをダブルクリックで解凍 →
ur-wizardフォルダができる - 3. そのフォルダを
C:\Users\あなたの名前\.claude\skills\(Win)または~/.claude/skills/(Mac)へ移動 - 4. Claude Code を再起動
⚠️ ダウンロード・利用は自己責任でお願いします。当サイトは内容・動作・安全性について責任を負いません。
🎯 このSkillでできること
下記の説明文を読むと、このSkillがあなたに何をしてくれるかが分かります。Claudeにこの分野の依頼をすると、自動で発動します。
📦 インストール方法 (3ステップ)
- 1. 上の「ダウンロード」ボタンを押して .skill ファイルを取得
- 2. ファイル名の拡張子を .skill から .zip に変えて展開(macは自動展開可)
- 3. 展開してできたフォルダを、ホームフォルダの
.claude/skills/に置く- · macOS / Linux:
~/.claude/skills/ - · Windows:
%USERPROFILE%\.claude\skills\
- · macOS / Linux:
Claude Code を再起動すれば完了。「このSkillを使って…」と話しかけなくても、関連する依頼で自動的に呼び出されます。
詳しい使い方ガイドを見る →- 最終更新
- 2026-05-17
- 取得日時
- 2026-05-17
- 同梱ファイル
- 1
📖 Skill本文(日本語訳)
※ 原文(英語/中国語)を Gemini で日本語化したものです。Claude 自身は原文を読みます。誤訳がある場合は原文をご確認ください。
[Skill 名] ur-wizard
URnetwork (proxy-vpn) スキル
URnetwork は分散型プライバシーネットワークであり、ユーザーは以下のいずれかの方法で利用できます。
- 利用する - HTTPS/SOCKS/WireGuard プロキシを介して、安全で匿名なインターネットアクセスにネットワークを使用します。
- 提供する - イグレス帯域幅を共有し、報酬(USDC 支払い)を獲得します。
公式ドキュメント: https://docs.ur.io
エンドポイント
| サービス | URL |
|---|---|
| API | https://api.bringyour.com |
| MCP サーバー | https://mcp.bringyour.com |
| API 仕様 | https://github.com/urnetwork/connect/blob/main/api/bringyour.yml |
| Web UI | https://ur.io |
認証
すべての API 呼び出しには、Authorization ヘッダーに JWT トークンが必要です。
# 人間から認証コードを取得します (https://ur.io Web UI から)
# その後、JWT と交換します。
curl -X POST https://api.bringyour.com/auth/code-login \
-d '{"auth_code": "<AUTH CODE>"}' | jq ".by_jwt"JWT を保存して再利用してください。更新するには、新しい認証コードを取得して繰り返します。
コンシューマーモード: プロキシの作成
プロキシの種類
| ユースケース | プロトコル | 設定ソース |
|---|---|---|
| Web スクレイピング/ブラウジング | HTTPS | proxy_config_result.https_proxy_url |
| 低レベルソケット/UDP | SOCKS5 | proxy_config_result.socks_proxy_url |
| システム全体/OS レベル | WireGuard | proxy_config_result.wg_config.config |
SOCKS5 の注意: access_token をユーザー名として使用し、パスワードは空にしてください。SOCKS5H(リモート DNS 解決)をサポートしています。
WireGuard の注意: auth-client リクエストで proxy_config.enable_wg: true を設定する必要があります。
方法 1: MCP スキル (推奨)
MCP スキルは、場所の検索とプロキシの作成を簡素化します。
- ユーザーに希望の場所(国/地域/都市)を尋ねます。
- MCP を介してプロキシを検索し、作成します。
- 一致するものがない場合、検索範囲を広げます(都市 → 地域 → 国)。
- それでも一致するものがない場合、利用可能な上位 10 か国を表示します。
方法 2: API - 国別
# ステップ 1: 場所を検索します
curl -X POST -H 'Authorization: Bearer <JWT>' \
https://api.bringyour.com/network/find-locations \
-d '{"query": "Germany"}' | jq '.locations'
# ステップ 2: country_code (例: "DE") をメモします
# ステップ 3: プロキシを作成します
curl -X POST -H 'Authorization: Bearer <JWT>' \
https://api.bringyour.com/network/auth-client \
-d '{
"proxy_config": {
"initial_device_state": {
"country_code": "DE"
}
}
}'方法 3: API - ロケーション ID 別
# ステップ 1: 場所を検索します
curl -X POST -H 'Authorization: Bearer <JWT>' \
https://api.bringyour.com/network/find-locations \
-d '{"query": "Berlin"}' | jq '.locations'
# ステップ 2: location_id をメモします
# ステップ 3: 特定の場所でプロキシを作成します
curl -X POST -H 'Authorization: Bearer <JWT>' \
https://api.bringyour.com/network/auth-client \
-d '{
"proxy_config": {
"initial_device_state": {
"location": {
"connect_location_id": {
"location_id": "<LOCATION_ID>"
}
}
}
}
}'方法 4: API - イグレス IP の列挙
ある場所で複数のプロバイダーをローテーションする場合:
# ステップ 1-2: 上記のように location_id を取得します
# ステップ 3: その場所のプロバイダー (イグレス IP) を検索します
curl -X POST -H 'Authorization: Bearer <JWT>' \
https://api.bringyour.com/network/find-providers2 \
-d '{
"specs": [{"client_id": "<CLIENT_ID>"}],
"count": 10
}' | jq '.providers'
# ステップ 4: 各 client_id のプロキシを作成します
curl -X POST -H 'Authorization: Bearer <JWT>' \
https://api.bringyour.com/network/auth-client \
-d '{
"proxy_config": {
"initial_device_state": {
"location": {
"connect_location_id": {
"client_id": "<CLIENT_ID>"
}
}
}
}
}'ロケーションの種類
検索時に location_type でフィルタリングします。
| タイプ | 説明 |
|---|---|
country |
国 |
region |
州、県、大都市圏 |
city |
都市 |
プロバイダーモード: 帯域幅を共有して稼ぐ
高度な設定: Shadowsocks プロキシを介したプロバイダー
高度な設定: SOCKS5 プロキシを介したプロバイダー (透過ルーティング)
URnetwork プロバイダーをアップストリームの SOCKS5 プロキシを介して実行し、匿名性を高めたり、特定のイグレス IP に合わせたりすることができます。
アーキテクチャ:
┌─────────────────────────────────────────┐
│ URnetwork Provider Container │
│ ┌──────────────┐ ┌──────────────┐ │
│ │ Provider │──│ Redsocks │────┼───▶ Upstream SOCKS5
│ │ (egress) │ │ (iptables) │ │ (residential/datacenter)
│ └──────────────┘ └──────────────┘ │
└─────────────────────────────────────────┘Dockerfile の設定:
FROM bringyour/community-provider:g4-latest
USER root
RUN apt-get update && apt-get install -y redsocks iptables supervisor curl
# 設定ファイルをコピーします
COPY redsocks.conf /etc/redsocks/redsocks.conf
COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
COPY start-proxied.sh /usr/local/bin/start-proxied.sh
RUN chmod +x /usr/local/bin/start-proxied.sh
EXPOSE 80
ENTRYPOINT ["/usr/local/bin/start-proxied.sh"]redsocks.conf:
base {
log_debug = off;
log_info = on;
daemon = off;
redirector = iptables;
}
redsocks {
local_ip = 0.0.0.0;
local_port = 12345;
ip = <SOCKS5_PROXY_IP>;
port = <SOCKS5_PROXY_PORT>;
type = socks5;
login = "<USERNAME>";
password = "<PASSWORD>";
}start-proxied.sh:
#!/bin/bash
set -e
# redsocks を介してすべての TCP をリダイレクトするように iptables を設定します
iptables -t nat -N REDSOCKS 2>/dev/null || true
iptables -t nat -F REDSOCKS 2>/dev/null || true
# ローカルネットワークとプロキシサーバーを除外します
iptables -t nat -A REDSOCKS -d <SOCKS5_PROXY_IP> -j RETURN
iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
# redsocks にリダイレクトします
iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345
iptables -t nat -A OUTPUT -p tcp -j REDSOCKS
# supervisor を起動します (redsocks + p を管理します)
(原文がここで切り詰められています)📜 原文 SKILL.md(Claudeが読む英語/中国語)を展開
URnetwork (proxy-vpn) Skill
URnetwork is a decentralized privacy network where users can either:
- Consume - Use the network for secure, anonymous internet access via HTTPS/SOCKS/WireGuard proxies
- Provide - Share egress bandwidth and earn rewards (USDC payouts)
Official Docs: https://docs.ur.io
Endpoints
| Service | URL |
|---|---|
| API | https://api.bringyour.com |
| MCP Server | https://mcp.bringyour.com |
| API Spec | https://github.com/urnetwork/connect/blob/main/api/bringyour.yml |
| Web UI | https://ur.io |
Authentication
All API calls require a JWT token in the Authorization header:
# Get auth code from human (from https://ur.io web UI)
# Then exchange for JWT:
curl -X POST https://api.bringyour.com/auth/code-login \
-d '{"auth_code": "<AUTH CODE>"}' | jq ".by_jwt"Store the JWT and reuse. To refresh, get a new auth code and repeat.
Consumer Mode: Creating Proxies
Proxy Types
| Use Case | Protocol | Config Source |
|---|---|---|
| Web Scraping/Browsing | HTTPS | proxy_config_result.https_proxy_url |
| Low-level Sockets/UDP | SOCKS5 | proxy_config_result.socks_proxy_url |
| System-wide/OS Level | WireGuard | proxy_config_result.wg_config.config |
SOCKS5 Note: Use access_token as username, empty password. Supports SOCKS5H (remote DNS resolution).
WireGuard Note: Must set proxy_config.enable_wg: true in the auth-client request.
Method 1: MCP Skill (Recommended)
The MCP skill simplifies location search and proxy creation:
- Ask user for desired location (country/region/city)
- Search and create proxy via MCP
- If no matches, broaden search (city → region → country)
- If still no matches, show top 10 available countries
Method 2: API - By Country
# Step 1: Find locations
curl -X POST -H 'Authorization: Bearer <JWT>' \
https://api.bringyour.com/network/find-locations \
-d '{"query": "Germany"}' | jq '.locations'
# Step 2: Note country_code (e.g., "DE")
# Step 3: Create proxy
curl -X POST -H 'Authorization: Bearer <JWT>' \
https://api.bringyour.com/network/auth-client \
-d '{
"proxy_config": {
"initial_device_state": {
"country_code": "DE"
}
}
}'Method 3: API - By Location ID
# Step 1: Find locations
curl -X POST -H 'Authorization: Bearer <JWT>' \
https://api.bringyour.com/network/find-locations \
-d '{"query": "Berlin"}' | jq '.locations'
# Step 2: Note location_id
# Step 3: Create proxy with specific location
curl -X POST -H 'Authorization: Bearer <JWT>' \
https://api.bringyour.com/network/auth-client \
-d '{
"proxy_config": {
"initial_device_state": {
"location": {
"connect_location_id": {
"location_id": "<LOCATION_ID>"
}
}
}
}
}'Method 4: API - Enumerate Egress IPs
For rotating through multiple providers in a location:
# Step 1-2: Get location_id as above
# Step 3: Find providers (egress IPs) for location
curl -X POST -H 'Authorization: Bearer <JWT>' \
https://api.bringyour.com/network/find-providers2 \
-d '{
"specs": [{"client_id": "<CLIENT_ID>"}],
"count": 10
}' | jq '.providers'
# Step 4: Create proxy for each client_id
curl -X POST -H 'Authorization: Bearer <JWT>' \
https://api.bringyour.com/network/auth-client \
-d '{
"proxy_config": {
"initial_device_state": {
"location": {
"connect_location_id": {
"client_id": "<CLIENT_ID>"
}
}
}
}
}'Location Types
When searching, filter by location_type:
| Type | Description |
|---|---|
country |
Countries |
region |
States, provinces, metro areas |
city |
Cities |
Provider Mode: Earning by Sharing Bandwidth
Advanced: Providers Through Shadowsocks Proxy
Advanced: Providers Through SOCKS5 Proxy (Transparent Routing)
Run URnetwork providers through an upstream SOCKS5 proxy for added anonymity or to match specific egress IPs.
Architecture:
┌─────────────────────────────────────────┐
│ URnetwork Provider Container │
│ ┌──────────────┐ ┌──────────────┐ │
│ │ Provider │──│ Redsocks │────┼───▶ Upstream SOCKS5
│ │ (egress) │ │ (iptables) │ │ (residential/datacenter)
│ └──────────────┘ └──────────────┘ │
└─────────────────────────────────────────┘Dockerfile Setup:
FROM bringyour/community-provider:g4-latest
USER root
RUN apt-get update && apt-get install -y redsocks iptables supervisor curl
# Copy configs
COPY redsocks.conf /etc/redsocks/redsocks.conf
COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
COPY start-proxied.sh /usr/local/bin/start-proxied.sh
RUN chmod +x /usr/local/bin/start-proxied.sh
EXPOSE 80
ENTRYPOINT ["/usr/local/bin/start-proxied.sh"]redsocks.conf:
base {
log_debug = off;
log_info = on;
daemon = off;
redirector = iptables;
}
redsocks {
local_ip = 0.0.0.0;
local_port = 12345;
ip = <SOCKS5_PROXY_IP>;
port = <SOCKS5_PROXY_PORT>;
type = socks5;
login = "<USERNAME>";
password = "<PASSWORD>";
}start-proxied.sh:
#!/bin/bash
set -e
# Configure iptables to redirect all TCP through redsocks
iptables -t nat -N REDSOCKS 2>/dev/null || true
iptables -t nat -F REDSOCKS 2>/dev/null || true
# Exclude local networks and proxy server
iptables -t nat -A REDSOCKS -d <SOCKS5_PROXY_IP> -j RETURN
iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
# Redirect to redsocks
iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345
iptables -t nat -A OUTPUT -p tcp -j REDSOCKS
# Start supervisor (manages redsocks + provider)
exec /usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.confRun Container:
docker run --name urnetwork-proxied \
--cap-add=NET_ADMIN \
--mount type=bind,source=$HOME/.urnetwork,target=/root/.urnetwork \
--restart always \
-d urnetwork-proxied:latestRequirements:
--cap-add=NET_ADMIN(required for iptables)- Same JWT file mounted at
/root/.urnetwork/jwt - Container uses supervisor to manage redsocks + provider
Verification:
# Check egress IP from inside container
docker exec urnetwork-proxied curl -s http://ipinfo.io/ip
# Should match your SOCKS5 proxy IPResilience:
- Provider auto-restarts on failure
- Redsocks auto-restarts via supervisor
- Container
--restart alwaysfor boot persistence - Retry wrapper handles proxy outages gracefully
Standard Provider Mode: Earning by Sharing Bandwidth
What is a Provider?
A provider shares egress capacity (internet connection) with the URnetwork. Users connect through providers to access the internet securely. Providers earn USDC payouts for participating.
Payout Structure:
- 10% of premium revenue + $0.10 minimum per MAU (Monthly Active User)
- Referral bonus: 50% of referred user's earnings + 50% of their referral bonus
- Payouts in USDC on Polygon or Solana
- Weekly payout sweeps
Installation Methods
Option 1: One-line Install (Linux)
curl -fSsL https://raw.githubusercontent.com/urnetwork/connect/refs/heads/main/scripts/Provider_Install_Linux.sh | shUninstall:
curl -fSsL https://raw.githubusercontent.com/urnetwork/connect/refs/heads/main/scripts/Provider_Uninstall_Linux.sh | shOption 2: Windows (PowerShell)
powershell -c "irm https://raw.githubusercontent.com/urnetwork/connect/refs/heads/main/scripts/Provider_Install_Win32.ps1 | iex"Uninstall:
powershell -c "irm https://raw.githubusercontent.com/urnetwork/connect/refs/heads/main/scripts/Provider_Uninstall_Win32.ps1 | iex"Option 3: Build from Source
mkdir urnetwork && cd urnetwork
git clone https://github.com/urnetwork/connect
git clone https://github.com/urnetwork/protocol
cd connect/provider
go build # Binary at ./providerOption 4: Docker Container
Images: bringyour/community-provider:g1-latest through g4-latest (g4 = most stable)
# Initialize (first time)
docker run --mount type=bind,source=$HOME/.urnetwork,target=/root/.urnetwork \
bringyour/community-provider:g4-latest auth
# Run provider
docker run --mount type=bind,source=$HOME/.urnetwork,target=/root/.urnetwork \
--restart no -d bringyour/community-provider:g4-latest provideSetting Up a Provider
-
Get auth code:
- Visit https://ur.io
- Create/login to network
- Click "Copy an Auth Code"
-
Authenticate:
./provider auth # Paste auth code when prompted # Saved to ~/.urnetwork/jwt -
Run provider:
./provider provide # "Provider XXX started" -
Set up wallet in app for payouts (USDC on Polygon/Solana)
Running as Background Service
Linux (systemd):
systemctl --user start urnetwork # Start
systemctl --user stop urnetwork # Stop
systemctl --user enable urnetwork # Auto-start on login
systemctl --user disable urnetwork # Disable auto-startmacOS (launchd):
# Download launchd template from GitHub
# Edit paths and user
sudo cp urnetwork-provider.plist /Library/LaunchAgents/
sudo launchctl load /Library/LaunchAgents/urnetwork-provider.plist
sudo launchctl start /Library/LaunchAgents/urnetwork-provider.plist
# Check logs
tail -f /var/log/system.log | grep -i providerWindows:
- Installer asks about startup programs
- Or run manually in background:
powershell -NoProfile -WindowStyle Hidden -Command \ "Start-Process urnetwork.exe -ArgumentList 'provide' -WindowStyle Hidden"
Multi-Platform Builds
Build for multiple architectures:
cd connect/provider
make build
# Outputs to:
# build/darwin/amd64/provider
# build/darwin/arm64/provider
# build/linux/amd64/provider
# build/linux/arm64/provider
# build/linux/arm/provider
# build/linux/386/provider
# build/windows/amd64/provider
# build/windows/arm64/providerOr download pre-built binaries from nightly releases.
Additional CLIs
| CLI | Purpose |
|---|---|
provider |
Run egress provider (earn rewards) |
tether |
Network interfaces and protocol servers (packet routing) |
bringyourctl |
Manage your own network space deployment |
warpctl |
Continuous deployment into network space |
Trust and Safety
- Providers follow trust and safety rules
- Network is free with data cap
- Supporters get higher data cap + priority speeds
- Supports email, SMS, Google, Apple auth
- Aggressive deletion of user info after payout (1 week retention)
Economic Model Summary
For Users:
- Free tier with data cap
- Premium: ~$5/month for higher cap + priority
For Providers:
- 10% of premium revenue + $0.10/MAU minimum
- Up to 20% of premium revenue paid to community
- 50% referral bonus on referred users
- Target margins: 70-80% at scale
Company Phases:
- Phase 0: Build scalable network
- Phase 1: Break-even at 4% premium conversion
- Phase 2: Scale with fixed costs
- Phase 3: Profitable expansion
Quick Reference
Get JWT:
curl -X POST https://api.bringyour.com/auth/code-login \
-d '{"auth_code": "<CODE>"}' | jq ".by_jwt"Find Locations:
curl -X POST -H 'Authorization: Bearer <JWT>' \
https://api.bringyour.com/network/find-locations \
-d '{"query": "Germany"}' | jq '.locations'Create Proxy:
curl -X POST -H 'Authorization: Bearer <JWT>' \
https://api.bringyour.com/network/auth-client \
-d '{"proxy_config": {"initial_device_state": {"country_code": "DE"}}}'Install Provider:
curl -fSsL https://raw.githubusercontent.com/urnetwork/connect/refs/heads/main/scripts/Provider_Install_Linux.sh | shRouter/IoT Platforms
- Raspberry Pi: See docs
- Ubiquiti EdgeOS: See docs
- MikroTik RouterOS: See docs
All support provider binary deployment.
Advanced: Providers Through Shadowsocks Proxy
Run URnetwork providers through a Shadowsocks proxy for enhanced privacy or specific egress routing.
Shadowsocks vs SOCKS5:
- Shadowsocks uses encryption (AES-256-GCM, etc.) — harder to detect/block
- Better for bypassing firewalls (e.g., China, corporate networks)
- Slightly more overhead than plain SOCKS5
Architecture:
┌─────────────────────────────────────────┐
│ URnetwork Provider Container │
│ ┌──────────────┐ ┌──────────────┐ │
│ │ Provider │──│ ss-local │────┼───▶ Shadowsocks Server
│ │ (egress) │ │ (SOCKS5:1080)│ │ (encrypted tunnel)
│ └──────────────┘ └──────────────┘ │
└─────────────────────────────────────────┘Shadowsocks Config Format:
Shadowsocks/proxy/server/port/method/country/password
Example:
Shadowsocks/proxy/138.249.106.2/64619/aes-256-gcm/France/NedyYDqpDockerfile Setup:
FROM bringyour/community-provider:g4-latest
# Install shadowsocks-libev
RUN apt-get update && apt-get install -y \
shadowsocks-libev \
&& rm -rf /var/lib/apt/lists/*
# Copy config
COPY shadowsocks.json /etc/shadowsocks-libev/config.json
# Copy startup script
COPY start-shadowsocks.sh /start-shadowsocks.sh
RUN chmod +x /start-shadowsocks.sh
EXPOSE 1080
ENTRYPOINT ["/start-shadowsocks.sh"]shadowsocks.json:
{
"server": "YOURIP",
"server_port": YOURPORT,
"local_port": YOURPORT,
"local_address": "YOURIP",
"password": "YOURpass",
"timeout": 300,
"method": "YOURMETHOD"
}start-shadowsocks.sh:
#!/bin/bash
set -e
# Start shadowsocks client
ss-local -c /etc/shadowsocks-libev/config.json &
SS_PID=$!
echo "Shadowsocks client started (PID: $SS_PID)"
# Wait for shadowsocks to be ready
sleep 3
# Verify shadowsocks is listening
if ! netstat -tlnp 2>/dev/null | grep -q ':1080' && \
! ss -tlnp 2>/dev/null | grep -q ':1080'; then
if ! pgrep -x "ss-local" > /dev/null; then
echo "ERROR: Shadowsocks not running"
exit 1
fi
fi
echo "Shadowsocks proxy ready on 127.0.0.1:1080"
# Start URnetwork provider with proxy environment
export HTTP_PROXY="socks5://127.0.0.1:1080"
export HTTPS_PROXY="socks5://127.0.0.1:1080"
export ALL_PROXY="socks5://127.0.0.1:1080"
exec /usr/local/sbin/bringyour-provider provideBuild Image:
docker build -t urnetwork-shadowsocks:latest .Run Shadowsocks Provider:
# Create JWT directory
mkdir -p ~/.urnetwork-ss-1
echo "<JWT>" > ~/.urnetwork-ss-1/jwt
# Run container
docker run -d \
--name urnetwork-shadowsocks-1 \
--restart always \
-v ~/.urnetwork-ss-1:/root/.urnetwork \
-e WARP_ENV=community \
urnetwork-shadowsocks:latestScale to Multiple Providers:
JWT="<YOUR_JWT>"
for i in $(seq 1 10); do
mkdir -p ~/.urnetwork-ss-$i
echo "$JWT" > ~/.urnetwork-ss-$i/jwt
docker run -d \
--name urnetwork-shadowsocks-$i \
--restart always \
-v ~/.urnetwork-ss-$i:/root/.urnetwork \
-e WARP_ENV=community \
urnetwork-shadowsocks:latest
doneVerification:
# Check container status
docker ps --filter "name=urnetwork-shadowsocks"
# Check shadowsocks logs
docker logs urnetwork-shadowsocks-1 | grep "listening"
# Should show: "listening at 0.0.0.0:1080"
# Check provider logs
docker logs urnetwork-shadowsocks-1 | grep "Provider"
# Should show: "Provider XXX started"Common Shadowsocks Methods:
| Method | Description |
|--------|-------------|
| aes-256-gcm | Recommended, hardware-accelerated |
| aes-128-gcm | Faster, slightly less secure |
| chacha20-ietf-poly1305 | Good for mobile/ARM devices |
Troubleshooting:
- 401 Unauthorized: URnetwork API issue (not Shadowsocks-related)
- Connection refused: Check Shadowsocks server IP/port
- Method not supported: Ensure method matches server config
Quick Reference: Proxied Provider
Build Image:
docker build -t urnetwork-proxied:latest .Run Proxied Provider:
docker run --name urnetwork-proxied \
--cap-add=NET_ADMIN \
--mount type=bind,source=$HOME/.urnetwork,target=/root/.urnetwork \
--restart always \
-d urnetwork-proxied:latestVerify Egress IP:
docker exec urnetwork-proxied curl -s http://ipinfo.io/ipFiles Needed:
Dockerfile- extends provider image with redsocks/iptablesredsocks.conf- SOCKS5 proxy configurationstart-proxied.sh- iptables setup + supervisor launchsupervisord.conf- manages redsocks + provider
Proxy Format:
socks5/45.91.198.75:7778/username/passwordQuick Reference: Shadowsocks Provider
Build Image:
docker build -t urnetwork-shadowsocks:latest .Run Shadowsocks Provider:
docker run -d \
--name urnetwork-shadowsocks-1 \
--restart always \
-v ~/.urnetwork-ss-1:/root/.urnetwork \
-e WARP_ENV=community \
urnetwork-shadowsocks:latestShadowsocks Config Format:
Shadowsocks/proxy/server/port/method/country/password
Example:
Shadowsocks/proxy/138.249.106.2/64619/aes-256-gcm/France/NedyYDqpFiles Needed:
Dockerfile- extends provider image with shadowsocks-libevshadowsocks.json- Shadowsocks client configstart-shadowsocks.sh- starts ss-local + provider
Provider Monitoring
Quick Status Check
# All URnetwork containers
docker ps --format "table {{.Names}}\t{{.Status}}" | grep urnetwork
# Count by type
docker ps --format "{{.Names}}" | grep -c "urnetwork-provider"
docker ps --format "{{.Names}}" | grep -c "urnetwork-proxied"
docker ps --format "{{.Names}}" | grep -c "urnetwork-shadowsocks"Verify Actually Providing vs Restarting
Check for authentication errors:
# Count "Unauthorized" errors in logs
docker logs urnetwork-provider-1 2>&1 | grep -c "Unauthorized"
# Check recent restarts
docker ps --format "table {{.Names}}\t{{.Status}}" | grep urnetwork-provider
# "Up X minutes" = healthy, "Restarting" = auth/connection issuesCheck provider logs for success:
# Good: "Provider XXX started" without errors
docker logs urnetwork-proxied-1 2>&1 | grep "Provider.*started"
# Bad: Stack traces with "401 Unauthorized"
docker logs urnetwork-provider-1 2>&1 | tail -20Provider Health Summary Script
#!/bin/bash
echo "=== URnetwork Provider Health ==="
for container in $(docker ps -a --format "{{.Names}}" | grep urnetwork | sort); do
status=$(docker ps --filter "name=$container" --format "{{.Status}}")
errors=$(docker logs $container 2>&1 | grep -c "Unauthorized" || echo "0")
if echo "$status" | grep -q "Restarting"; then
echo "❌ $container: $status (Errors: $errors)"
else
echo "✅ $container: $status"
fi
doneMulti-VPS Deployment
Architecture Pattern
┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ VPS 1 (Host) │ │ VPS 2 (DE) │ │ VPS 3 (US) │
│ ┌───────────┐ │ │ ┌───────────┐ │ │ ┌───────────┐ │
│ │ Providers │ │ │ │ Providers │ │ │ │ Providers │ │
│ │ (10 reg) │ │ │ │ (10 reg) │ │ │ │ (10 reg) │ │
│ └───────────┘ │ │ └───────────┘ │ │ └───────────┘ │
│ ┌───────────┐ │ │ │ │ │
│ │ Proxied │ │ │ │ │ │
│ │ (10 sock) │ │ │ │ │ │
│ └───────────┘ │ │ │ │ │
└─────────────────┘ └─────────────────┘ └─────────────────┘
│ │ │
└────────────────────┴────────────────────┘
│
Single JWT on each VPS
/root/.urnetwork/jwtDeployment Steps
1. Prepare JWT on Host VPS:
# Host VPS (source of truth)
mkdir -p /root/.urnetwork
echo "<VALID_JWT>" > /root/.urnetwork/jwt2. Deploy to Remote VPS:
VPS_IP="YOURIP"
VPS_USER="YOURuser"
VPS_PASS="YOURpassword"
# Copy JWT to remote
sshpass -p "$VPS_PASS" scp /root/.urnetwork/jwt $VPS_USER@$VPS_IP:/home/$VPS_USER/.urnetwork/jwt
# SSH and create /root/.urnetwork (if needed)
sshpass -p "$VPS_PASS" ssh $VPS_USER@$VPS_IP 'sudo mkdir -p /root/.urnetwork && sudo cp /home/'$VPS_USER'/.urnetwork/jwt /root/.urnetwork/jwt'
# Launch providers on remote
sshpass -p "$VPS_PASS" ssh $VPS_USER@$VPS_IP '
for i in $(seq 1 10); do
docker run -d --name urnetwork-provider-vps-$i \
-v /root/.urnetwork:/root/.urnetwork \
--restart always \
bringyour/community-provider:g4-latest provide
done
'3. Scale Pattern:
# Launch N providers on current host
launch_providers() {
local count=$1
local prefix=$2
for i in $(seq 1 $count); do
docker run -d --name ${prefix}-$i \
-v /root/.urnetwork:/root/.urnetwork \
--restart always \
bringyour/community-provider:g4-latest provide
done
}
# Usage
launch_providers 10 "urnetwork-provider"
launch_providers 10 "urnetwork-proxied"Troubleshooting Guide
401 Unauthorized Errors
Symptoms:
- Container status shows "Restarting"
- Logs contain:
"401 Unauthorized: Not authorized" - Provider never stays up for more than a few seconds
Causes & Fixes:
| Cause | Fix |
|---|---|
| JWT expired | Get fresh auth code from https://ur.io |
| JWT malformed | Re-copy JWT, ensure no extra whitespace |
| Wrong JWT location | Verify mounted at /root/.urnetwork/jwt |
| JWT permissions | Ensure readable: chmod 644 /root/.urnetwork/jwt |
Quick Fix:
# 1. Get new auth code from https://ur.io
# 2. Exchange for JWT
curl -X POST https://api.bringyour.com/auth/code-login \
-d '{"auth_code": "YOUR_CODE"}' | jq -r ".by_jwt" > /root/.urnetwork/jwt
# 3. Restart all providers
docker restart $(docker ps -q --filter "name=urnetwork")Restart Loops
Check restart count:
docker ps --format "table {{.Names}}\t{{.Status}}" | grep urnetworkCommon causes:
| Pattern | Likely Cause | Solution |
|---|---|---|
| Restarting every 5-10s | 401 Unauthorized | Refresh JWT |
| Restarting every 30s | Proxy connection issue | Check SOCKS5/Shadowsocks server |
| Up for hours then restart | Network instability | Check --restart always is set |
Debug restart loop:
# Watch real-time logs
docker logs -f urnetwork-provider-1
# Check exit code
docker inspect urnetwork-provider-1 --format='{{.State.ExitCode}}'Proxy Connection Issues (Proxied Providers)
Symptoms:
- Shadowsocks logs show connection refused
- Redsocks can't connect to upstream
- Egress IP doesn't match expected proxy IP
Diagnose:
# Test SOCKS5 proxy manually
curl -x socks5://username:password@proxy_ip:port http://ipinfo.io/ip
# Check shadowsocks is listening
docker exec urnetwork-shadowsocks-1 ss -tlnp | grep 1080
# Verify iptables rules (for proxied containers)
docker exec urnetwork-proxied-1 iptables -t nat -L REDSOCKSFix proxy config:
# Update shadowsocks.json and rebuild
docker build -t urnetwork-shadowsocks:latest .
docker restart urnetwork-shadowsocks-{1..10}Container Won't Start
Check:
# Port conflicts
docker logs urnetwork-provider-1 2>&1 | grep "bind"
# Mount issues
docker logs urnetwork-provider-1 2>&1 | grep "mount"
# Disk space
df -h
# Docker daemon
docker system infoMass Operations
Restart all providers:
docker restart $(docker ps -q --filter "name=urnetwork")Stop all providers:
docker stop $(docker ps -q --filter "name=urnetwork")Remove all providers (destructive):
docker rm -f $(docker ps -aq --filter "name=urnetwork")View all logs:
for c in $(docker ps --format "{{.Names}}" | grep urnetwork); do
echo "=== $c ==="
docker logs $c 2>&1 | tail -5
doneFull docs: https://docs.ur.io