Shadowsocks是一个快速的隧道代理,可以帮助您绕过防火墙并阻止某些网站和网络协议。它也是一个轻量级、快速且灵活的加密Socks5代理。Shadowsocks用于加密客户端和服务器通信之间的数据。
我们正在Ubuntu服务器上使用Shadowsocks libev包来设置Shadowsocks服务器。现在让我们跳到如何安装shadowsocks。
开始之前,请运行以下命令更新系统:
sudo apt update && sudo apt upgrade
安装Shadowsocks服务器
安装Ubuntu依赖
apt install -y –no-install-recommends gettext build-essential autoconf libtool libpcre3-dev \
asciidoc xmlto libev-dev libudns-dev automake libmbedtls-dev \
libsodium-dev git python3-m2crypto libc-ares-dev
将目录更改为/opt,然后下载Git上的 Shadowsocks :
cd /opt
git clone https://github.com/shadowsocks/shadowsocks-libev.git
cd shadowsocks-libev
git submodule update –init –recursive \
安装Shadowsocks-libev
apt install pkg-config
./autogen.sh
./configure
make && make install
配置 Shadowsocks 服务端
创建一个用户用于Shadowsocks
adduser –system –no-create-home –group shadowsocks
创建一个目录用于保存配置文件
mkdir -m 755 /etc/shadowsocks
创建Shadowsocks配置文件,shadowsocks.json
nano /etc/shadowsocks/shadowsocks.json
将以下内容显示的内容粘贴到文件中:
{
“server”:”your_public_IP_address”,
“server_port”:8388,
“password”:”your_password”,
“timeout”:300,
“method”:”aes-256-gcm”,
“fast_open”: true
}
优化Shadowsocks
通过运行:nano/etc/sysctl.d/local.conf创建local.conf系统优化文件
# max open files
fs.file-max = 51200
# max read buffer
net.core.rmem_max = 67108864
# max write buffer
net.core.wmem_max = 67108864
# default read buffer
net.core.rmem_default = 65536
# default write buffer
net.core.wmem_default = 65536
# max processor input queue
net.core.netdev_max_backlog = 4096
# max backlog
net.core.somaxconn = 4096
# resist SYN flood attacks
net.ipv4.tcp_syncookies = 1
# reuse timewait sockets when safe
net.ipv4.tcp_tw_reuse = 1
# turn off fast timewait sockets recycling
net.ipv4.tcp_tw_recycle = 0
# short FIN timeout
net.ipv4.tcp_fin_timeout = 30
# short keepalive time
net.ipv4.tcp_keepalive_time = 1200
# outbound port range
net.ipv4.ip_local_port_range = 10000 65000
# max SYN backlog
net.ipv4.tcp_max_syn_backlog = 4096
# max timewait sockets held by system simultaneously
net.ipv4.tcp_max_tw_buckets = 5000
# turn on TCP Fast Open on both client and server side
net.ipv4.tcp_fastopen = 3
# TCP receive buffer
net.ipv4.tcp_rmem = 4096 87380 67108864
# TCP write buffer
net.ipv4.tcp_wmem = 4096 65536 67108864
# turn on path MTU discovery
net.ipv4.tcp_mtu_probing = 1
# for high-latency network
net.ipv4.tcp_congestion_control = hybla
# for low-latency network, use cubic instead
net.ipv4.tcp_congestion_control = cubic
应用优化
sysctl –system
Shadowsocks系统服务
创建一个systemd文件shadowsocks.service,并将下面显示的内容粘贴到该文件中
nano /etc/systemd/system/shadowsocks.service
[Unit]
Description=Shadowsocks proxy server
[Service]
User=root
Group=root
Type=simple
ExecStart=/usr/local/bin/ss-server -c /etc/shadowsocks/shadowsocks.json -a shadowsocks -v start
ExecStop=/usr/local/bin/ss-server -c /etc/shadowsocks/shadowsocks.json -a shadowsocks -v stop
[Install]
WantedBy=multi-user.target
启用并开启shadowsocks.service
systemctl daemon-reload
systemctl enable shadowsocks
systemctl start shadowsocks
允许服务器防火墙中的端口8388
ufw允许prototcp到0.0.0.0/0端口8388注释“Shadowsocks”
安装Shadowsocks客户端并连接
sudo apt-get install shadowsocks-libev
sudo systemctl stop shadowsocks-libev
sudo systemctl disable shadowsocks-libev
创建客户端配置文件local-config.json并将以下内容粘贴到该文件中
nano /etc/shadowsocks-libev/local-config.json
{
“server”:”Your_Server_IP”,
“mode”:”tcp_and_udp”,
“server_port”:8388,
“local_address”:”127.0.0.1″,
“local_port”:1080,
“password”:”your-secure-password”,
“timeout”:60,
“method”:”aes-256-gcm”
}
然后,我们可以通过发出以下命令来启动/启用客户端
sudo systemctl start shadowsocks-libev-local@local-config.service
sudo systemctl enable shadowsocks-libev-local@local-config.service
检查状态
sudo systemctl status shadowsocks-libev-local@local-config.service
测试连接
您可以在终端中使用curl直接测试它
curl –proxy socks5://127.0.0.1:1080 https://ifconfig.me
您的连接详细信息将列出VPS服务器的IP地址,而不是客户端设备的IP地址。
到这里,就完成了在Ubuntu VPS上Shadowsocks服务端和客户端的安装,同时有对应的安卓APP、Windows程序等多种客户端。