- Messages
- 1,804
- Reaction score
- 59
- Points
- 113
Shadowsocks Server GNU/Linux
Requirements:
-Debian or debian based GNU/Linux (Ubuntu, Linux Mint etc.)
-Internet connection
-Router with Port Forwarding capabilities
References: https://github.com/shadowsocks/shadowsocks/wiki/Configuration-via-Config-File
1. Assuming Debian GNU/Linux gamit mo
$ sudo apt-get update
$ sudo apt-get upgrade
$ sudo apt-get dist-upgrade
2. Install shadowsocks.
$ sudo apt-get install shadowsocks wondershaper
or $ sudo apt-get install shadowsocks-libev wondershaper
Edit Configuration file
$ sudo nano /etc/shadowsocks/config.json
3. Create separate user for Shadowsocks
$ sudo useradd ssuser
Limit bandwidth to your internet source
$ sudo wondershaper eth0 10000 10000
change eth0 to your internet interface (route -a)
change 10000 to your desired limited speed (in Kilobits)
change userid for shadowsocks server, you can specify other commandline options too
$ sudo nano /etc/default/shadowsocks
4. Optimize system for concurrent tcp connections
$ sudo nano /etc/sysctl.d/local.conf
$ sudo sysctl --system
$ sudo nano /etc/security/limits.conf
5. Limit connections
$ sudo iptables -A INPUT -p tcp --syn --dport ${SHADOWSOCKS_PORT} -m connlimit --connlimit-above 32 -j REJECT --reject-with tcp-reset
$ sudo iptables -t filter -m owner --uid-owner ssuser -A OUTPUT -p tcp --dport 80 -j ACCEPT
$ sudo iptables -t filter -m owner --uid-owner ssuser -A OUTPUT -p tcp --dport 443 -j ACCEPT
$ sudo iptables -t filter -m owner --uid-owner ssuser -A OUTPUT -p tcp -j REJECT --reject-with tcp-reset
6. If you do not have a webserver nginx running.
$ sudo apt-get install nginx
Edit nginx configuration file
Redirect 80 port to nginx:
$ sudo iptables -t nat -m owner --uid-owner ssuser -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 3128
7. start shadowsocks
$ sudo systemctl start shadowsocks
view log file
$ sudo cat /var/log/shadowsocks.log
allow shadowsocks port in your firewall (if using UFW)
$ sudo ufw allow <PORT>
$ sudo ufw allow out <PORT>
8. Configure Port Forwarding to your router
https://portforward.com/
different confiuration sa diff routers
9. Connect ka sa client app mo using postern or sa official android app : https://github.com/shadowsocks/shadowsocks-android
Download link: https://github.com/shadowsocks/shad...download/v4.2.5/shadowsocks-nightly-4.2.5.apk
Requirements:
-Debian or debian based GNU/Linux (Ubuntu, Linux Mint etc.)
-Internet connection
-Router with Port Forwarding capabilities
References: https://github.com/shadowsocks/shadowsocks/wiki/Configuration-via-Config-File
1. Assuming Debian GNU/Linux gamit mo
$ sudo apt-get update
$ sudo apt-get upgrade
$ sudo apt-get dist-upgrade
2. Install shadowsocks.
$ sudo apt-get install shadowsocks wondershaper
or $ sudo apt-get install shadowsocks-libev wondershaper
Edit Configuration file
$ sudo nano /etc/shadowsocks/config.json
Code:
{
"server":"YOURCURRENTIP or just 0.0.0.0",
"server_port":8388,
"local_address": "127.0.0.1",
"local_port":1080,
"password":"YOURUNIQUEPASSWORD",
"timeout":300,
"method":"aes-256-cfb",
"fast_open": false,
"workers": 1,
"prefer_ipv6": false,
}3. Create separate user for Shadowsocks
$ sudo useradd ssuser
Limit bandwidth to your internet source
$ sudo wondershaper eth0 10000 10000
change eth0 to your internet interface (route -a)
change 10000 to your desired limited speed (in Kilobits)
change userid for shadowsocks server, you can specify other commandline options too
$ sudo nano /etc/default/shadowsocks
Code:
USERID="ssuser"
DAEMON_OPTS="-q -c /etc/shadowsocks/config.json forbidden-ip 127.0.0.1,::1 --user ssuser "4. Optimize system for concurrent tcp connections
$ sudo nano /etc/sysctl.d/local.conf
Code:
# max open files
fs.file-max = 51200
# max read buffer
net.core.rmem_max = 67108864
# max write buffer
net.core.wmem_max = 67108864
# default read buffer
net.core.rmem_default = 65536
# default write buffer
net.core.wmem_default = 65536
# max processor input queue
net.core.netdev_max_backlog = 4096
# max backlog
net.core.somaxconn = 4096
# resist SYN flood attacks
net.ipv4.tcp_syncookies = 1
# reuse timewait sockets when safe
net.ipv4.tcp_tw_reuse = 1
# turn off fast timewait sockets recycling
#net.ipv4.tcp_tw_recycle = 0
# short FIN timeout
net.ipv4.tcp_fin_timeout = 30
# short keepalive time
net.ipv4.tcp_keepalive_time = 1200
# outbound port range
net.ipv4.ip_local_port_range = 10000 65000
# max SYN backlog
net.ipv4.tcp_max_syn_backlog = 4096
# max timewait sockets held by system simultaneously
net.ipv4.tcp_max_tw_buckets = 5000
# turn on TCP Fast Open on both client and server side
net.ipv4.tcp_fastopen = 3
# TCP receive buffer
net.ipv4.tcp_rmem = 4096 87380 67108864
# TCP write buffer
net.ipv4.tcp_wmem = 4096 65536 67108864
# turn on path MTU discovery
net.ipv4.tcp_mtu_probing = 1
# for high-latency network
net.ipv4.tcp_congestion_control = hybla
# for low-latency network, use cubic instead
# net.ipv4.tcp_congestion_control = cubic$ sudo nano /etc/security/limits.conf
Code:
#https://shadowsocks.org/en/config/advanced.html
* soft nofile 51200
* hard nofile 512005. Limit connections
$ sudo iptables -A INPUT -p tcp --syn --dport ${SHADOWSOCKS_PORT} -m connlimit --connlimit-above 32 -j REJECT --reject-with tcp-reset
$ sudo iptables -t filter -m owner --uid-owner ssuser -A OUTPUT -p tcp --dport 80 -j ACCEPT
$ sudo iptables -t filter -m owner --uid-owner ssuser -A OUTPUT -p tcp --dport 443 -j ACCEPT
$ sudo iptables -t filter -m owner --uid-owner ssuser -A OUTPUT -p tcp -j REJECT --reject-with tcp-reset
6. If you do not have a webserver nginx running.
$ sudo apt-get install nginx
Edit nginx configuration file
Code:
server {
listen 0.0.0.0:3128;
resolver 8.8.8.8;
location / {
set $upstream_host $host;
if ($request_uri ~ "^/announce.*") {
return 403;
}
if ($request_uri ~ "^.*torrent.*") {
return 403;
}
proxy_set_header Host $upstream_host;
proxy_pass http://$upstream_host;
proxy_buffering off;
}
}$ sudo iptables -t nat -m owner --uid-owner ssuser -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 3128
7. start shadowsocks
$ sudo systemctl start shadowsocks
view log file
$ sudo cat /var/log/shadowsocks.log
allow shadowsocks port in your firewall (if using UFW)
$ sudo ufw allow <PORT>
$ sudo ufw allow out <PORT>
8. Configure Port Forwarding to your router
https://portforward.com/
different confiuration sa diff routers
9. Connect ka sa client app mo using postern or sa official android app : https://github.com/shadowsocks/shadowsocks-android
Download link: https://github.com/shadowsocks/shad...download/v4.2.5/shadowsocks-nightly-4.2.5.apk
