1、查看系统
[root@localhost ~]# cat /etc/issue CentOS release 6.6 (Final) [root@localhost ~]# uname -a Linux localhost.localdomain 2.6.32-042stab106.6 #1 SMP Mon Apr 20 14:48:47 MSK 2015 x86_64 x86_64 x86_64 GNU/Linux
2、安装ShadowSocks
# yum install python-setuptools && easy_install pip
# pip install shadowsocks
3、创建配置文件/etc/shadowsocks.json
[root@localhost /]# touch /etc/shadowsocks.json [root@localhost /]# vi /etc/shadowsocks.json { "server":"138.128.208.158", "server_port":443, "local_address": "127.0.0.1", "local_port":1080, "password":"MyPass", "timeout":300, "method":"rc4-md5" }
备注:加密方式官方默认使用aes-256-cfb,推荐使用rc4-md5,因为 RC4比AES速度快好几倍。
各字段说明:
server:服务器IP
server_port:服务器端口
local_port:本地端端口
password:用来加密的密码
timeout:超时时间(秒)
method:加密方法,可选择 “bf-cfb”, “aes-256-cfb”, “des-cfb”, “rc4″等
4、使用配置文件在后台运行shadowsocks服务
[root@localhost /]# ssserver -c /etc/shadowsocks.json -d start
备注:若无配置文件,在后台可以使用一下命令运行:
[root@localhost /]# ssserver -p 443 -k MyPass -m rc4-md5 -d start
5、停止服务
[root@localhost /]# ssserver -c /etc/shadowsocks.json -d stop
6、添加开机自启动服务
[root@localhost opt]# vi /etc/init.d/shadowsocks
添加如下内容:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
#!/bin/sh # chkconfig: 2345 90 10 # description: Start or stop the Shadowsocks server # ### BEGIN INIT INFO # Provides: Shadowsocks # Required-Start: $network $syslog # Required-Stop: $network # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Description: Start or stop the Shadowsocks server ### END INIT INFO # Author: xju <[email protected]> name=shadowsocks BIN= /usr/bin/ssserver conf= /etc/shadowsocks .json start(){ $BIN -c $conf -d start RETVAL=$? if [ "$RETVAL" = "0" ]; then echo "$name start success" else echo "$name start failed" fi } stop(){ pid=` ps -ef | grep - v grep | grep - v ps | grep -i "${BIN}" | awk '{print $2}' ` if [ ! -z $pid ]; then $BIN -c $conf -d stop RETVAL=$? if [ "$RETVAL" = "0" ]; then echo "$name stop success" else echo "$name stop failed" fi else echo "$name is not running" RETVAL=1 fi } status(){ pid=` ps -ef | grep - v grep | grep - v ps | grep -i "${BIN}" | awk '{print $2}' ` if [ -z $pid ]; then echo "$name is not running" RETVAL=1 else echo "$name is running with PID $pid" RETVAL=0 fi } case "$1" in 'start' ) start ;; 'stop' ) stop ;; 'status' ) status ;; 'restart' ) stop start RETVAL=$? ;; *) echo "Usage: $0 { start | stop | restart | status }" RETVAL=1 ;; esac exit $RETVAL |
添加执行权限:
1
|
[root@localhost ~] # chmod a+x /etc/init.d/shadowsocks |
添加开机自动服务:
1
2
3
4
5
6
7
8
9
|
[root@localhost ~] # chkconfig --add shadowsocks [root@localhost ~] # chkconfig --list shadowsocks Note: This output shows SysV services only and does not include native systemd services. SysV configuration data might be overridden by native systemd configuration. If you want to list systemd services use 'systemctl list-unit-files' . To see services enabled on particular target use 'systemctl list-dependencies [target]' . shadowsocks 0:off1:off2:on3:on4:on5:on6:off |
启动停止服务:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
[root@localhost ~] # service shadowsocks status shadowsocks is running with PID 507 [root@localhost ~] # shadowsocks stop - bash : shadowsocks: command not found [root@localhost ~] # service shadowsocks status shadowsocks is running with PID 507 [root@localhost ~] # service shadowsocks stop INFO: loading config from /etc/shadowsocks .json stopped shadowsocks stop success [root@localhost ~] # service shadowsocks start INFO: loading config from /etc/shadowsocks .json 2015-10-01 03:50:54 INFO loading libcrypto from libcrypto.so.10 started shadowsocks start success [root@localhost ~] # service shadowsocks restart INFO: loading config from /etc/shadowsocks .json stopped shadowsocks stop success INFO: loading config from /etc/shadowsocks .json 2015-10-01 03:51:04 INFO loading libcrypto from libcrypto.so.10 started shadowsocks start success |
备注:(1)开机自启动服务可以简单设置:
# vi /etc/rc.local
ssserver -c /etc/shadowsocks.json -d start
(2)若要配置多个用户,可以添加配置文件如/etc/shadowsocks1.json,设置不同的端口号(如:444)就行。
7、优化服务
7.1 increase the maximum number of open file descriptors
# vi /etc/security/limits.conf
* soft nofile 51200 * hard nofile 51200
执行:
1
|
# ulimit -n 51200 |
7.2 Tune the kernel parameters
1
|
# vi /etc/sysctl.conf |
fs.file-max = 51200
net.core.rmem_max = 67108864
net.core.wmem_max = 67108864
net.core.netdev_max_backlog = 250000
net.core.somaxconn = 4096
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 10000 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_fastopen = 3
net.ipv4.tcp_mem = 25600 51200 102400
net.ipv4.tcp_rmem = 4096 87380 67108864
net.ipv4.tcp_wmem = 4096 65536 67108864
net.ipv4.tcp_mtu_probing = 1
net.ipv4.tcp_congestion_control = hybla
执行:
1
|
# sysctl -p |
重启shadowsocks服务:
1
|
# servie shadowsocks restart |
备注:若要配置多用户模式,只需修改配置文件:
1
2
3
4
5
6
7
8
9
10
11
12
13
|
[root@localhost ~] # cat /etc/shadowsocks.json { "server" : "145.78.20.216" , "port_password" :{ "9000" : "MyPass1" , "9001" : "MyPass2" , "9002" : "MyPass3" }, "local_address" : "127.0.0.1" , "local_port" :1080, "timeout" :300, "method" : "rc4-md5" } |
参考文献:
http://shadowsocks.org/en/index.html
https://github.com/shadowsocks/shadowsocks/wiki/Shadowsocks-使用说明
http://wuchong.me/blog/2015/02/02/shadowsocks-install-and-optimize/
http://shadowsocks.org/en/config/advanced.html
Ref: http://qing0991.blog.51cto.com/1640542/1649922
2017/3/6 补充Ubuntu Service文件
- Create the service file in /etc/init.d/shadowsocks
- chmod 700 /etc/init.d/shadowsocks
- update-rc.d shadowsocks defaults.
- update-rc.d shadowsocks enable.
#!/bin/sh ### BEGIN INIT INFO # Provides: shadowsocks # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: start shadowsocks # Description: start shadowsocks ### END INIT INFO start(){ ssserver -c /etc/shadowsocks.json -d start } stop(){ ssserver -c /etc/shadowsocks.json -d stop } case "$1" in start) start ;; stop) stop ;; reload) stop start ;; *) echo "Usage: $0 {start|reload|stop}" exit 1 ;; esac
如果用的是Ubuntu 16.04以上的话,可以编辑 /etc/systemd/system/shadowsocks.service
[Unit] Description=Daemon to start shadowsocks server Wants=network-online.target After=network.target [Service] Type=simple ExecStart=/usr/local/bin/ssserver -c /etc/shadowsocks.json -qq User=nobody [Install] WantedBy=multi-user.target
sudo systemctl enable shadowsocks
sudo systemctl start shadowsocks
9/23/2019 Update:
Since python version of Shadowsocks was deprecated. It is better to use Shadowsocks-libev instead.
To install Shadowsocks-libev in Ubuntu 16.04. Can follow the below steps:
sudo apt install software-properties-common -y sudo add-apt-repository ppa:max-c-lv/shadowsocks-libev -y sudo apt update sudo apt install shadowsocks-libev
The configuration file is located at /etc/shadowsocks-libev/config.json
start shadowsocks-libev service.
sudo systemctl start shadowsocks-libev.service
Enable auto-start at boot time.
sudo systemctl enable shadowsocks-libev.service
Refer: https://www.linuxbabe.com/ubuntu/shadowsocks-libev-proxy-server-ubuntu-16-04-17-10