Shadowsocks是一个快速的隧道代理，可以帮助您绕过防火墙并阻止某些网站和网络协议。它也是一个轻量级、快速且灵活的加密Socks5代理。Shadowsocks用于加密客户端和服务器通信之间的数据。

我们正在Ubuntu服务器上使用Shadowsocks libev包来设置Shadowsocks服务器。现在让我们跳到如何安装shadowsocks。

开始之前，请运行以下命令更新系统：

sudo apt update && sudo apt upgrade

安装Shadowsocks服务器

安装Ubuntu依赖

apt install -y –no-install-recommends gettext build-essential autoconf libtool libpcre3-dev \

asciidoc xmlto libev-dev libudns-dev automake libmbedtls-dev \

libsodium-dev git python3-m2crypto libc-ares-dev

将目录更改为/opt，然后下载Git上的 Shadowsocks ：

cd /opt

git clone https://github.com/shadowsocks/shadowsocks-libev.git

cd shadowsocks-libev

git submodule update –init –recursive \

安装Shadowsocks-libev

apt install pkg-config
./autogen.sh
./configure
make && make install

配置 Shadowsocks 服务端

创建一个用户用于Shadowsocks

adduser –system –no-create-home –group shadowsocks

创建一个目录用于保存配置文件

mkdir -m 755 /etc/shadowsocks

创建Shadowsocks配置文件，shadowsocks.json

nano /etc/shadowsocks/shadowsocks.json

将以下内容显示的内容粘贴到文件中：

{

“server”:”your_public_IP_address”,

“server_port”:8388,

“password”:”your_password”,

“timeout”:300,

“method”:”aes-256-gcm”,

“fast_open”: true

}

优化Shadowsocks

通过运行：nano/etc/sysctl.d/local.conf创建local.conf系统优化文件

# max open files

fs.file-max = 51200

# max read buffer

net.core.rmem_max = 67108864

# max write buffer

net.core.wmem_max = 67108864

# default read buffer

net.core.rmem_default = 65536

# default write buffer

net.core.wmem_default = 65536

# max processor input queue

net.core.netdev_max_backlog = 4096

# max backlog

net.core.somaxconn = 4096

# resist SYN flood attacks

net.ipv4.tcp_syncookies = 1

# reuse timewait sockets when safe

net.ipv4.tcp_tw_reuse = 1

# turn off fast timewait sockets recycling

net.ipv4.tcp_tw_recycle = 0

# short FIN timeout

net.ipv4.tcp_fin_timeout = 30

# short keepalive time

net.ipv4.tcp_keepalive_time = 1200

# outbound port range

net.ipv4.ip_local_port_range = 10000 65000

# max SYN backlog

net.ipv4.tcp_max_syn_backlog = 4096

# max timewait sockets held by system simultaneously

net.ipv4.tcp_max_tw_buckets = 5000

# turn on TCP Fast Open on both client and server side

net.ipv4.tcp_fastopen = 3

# TCP receive buffer

net.ipv4.tcp_rmem = 4096 87380 67108864

# TCP write buffer

net.ipv4.tcp_wmem = 4096 65536 67108864

# turn on path MTU discovery

net.ipv4.tcp_mtu_probing = 1

# for high-latency network

net.ipv4.tcp_congestion_control = hybla

# for low-latency network, use cubic instead

net.ipv4.tcp_congestion_control = cubic

应用优化

sysctl –system

Shadowsocks系统服务

创建一个systemd文件shadowsocks.service，并将下面显示的内容粘贴到该文件中

nano /etc/systemd/system/shadowsocks.service

[Unit]

Description=Shadowsocks proxy server

[Service]

User=root

Group=root

Type=simple

ExecStart=/usr/local/bin/ss-server -c /etc/shadowsocks/shadowsocks.json -a shadowsocks -v start

ExecStop=/usr/local/bin/ss-server -c /etc/shadowsocks/shadowsocks.json -a shadowsocks -v stop

[Install]

WantedBy=multi-user.target

启用并开启shadowsocks.service

systemctl daemon-reload

systemctl enable shadowsocks

systemctl start shadowsocks

允许服务器防火墙中的端口8388

ufw允许prototcp到0.0.0.0/0端口8388注释“Shadowsocks”

安装Shadowsocks客户端并连接

sudo apt-get install shadowsocks-libev

sudo systemctl stop shadowsocks-libev

sudo systemctl disable shadowsocks-libev

创建客户端配置文件local-config.json并将以下内容粘贴到该文件中

nano /etc/shadowsocks-libev/local-config.json

{

“server”:”Your_Server_IP”,

“mode”:”tcp_and_udp”,

“server_port”:8388,

“local_address”:”127.0.0.1″,

“local_port”:1080,

“password”:”your-secure-password”,

“timeout”:60,

“method”:”aes-256-gcm”

}

然后，我们可以通过发出以下命令来启动/启用客户端

sudo systemctl start shadowsocks-libev-local@local-config.service
sudo systemctl enable shadowsocks-libev-local@local-config.service

检查状态

sudo systemctl status shadowsocks-libev-local@local-config.service

测试连接

您可以在终端中使用curl直接测试它

curl –proxy socks5://127.0.0.1:1080 https://ifconfig.me

您的连接详细信息将列出VPS服务器的IP地址，而不是客户端设备的IP地址。

到这里，就完成了在Ubuntu VPS上Shadowsocks服务端和客户端的安装，同时有对应的安卓APP、Windows程序等多种客户端。